This document provides an overview of software defined networking (SDN). It discusses how SDN enables data center teams to use software to efficiently control network resources, compared to traditional network switches. The document outlines several SDN topics and related technologies, including SDN standards, network function virtualization, use cases, sample projects, surveys, case studies, online courses, and software tools. It also includes sections on SDN architecture and how SDN is important for virtual environments and VM mobility.
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
1. SDN: Software Defined Networking
Technology that enables data center team to use software to
efficiently control network resources
SAMeh Zaghloul
Technology Manager @ IBM
+2 0100 6066012
zaghloul@eg.ibm.com
9/1/2014 SDN 101 1
2. • SDN Overview
• SDN Standards
• NFV – Network Function Virtualization
• SDN Scenarios and Use Cases
• SDN Sample Research Projects
• SDN Technology Survey
• SDN Case Study
• SDN Online Courses
• SDN Lab SW Tools
1. OpenStack Framework
2. OpenDayLighyt – SDN Controller
3. FloodLight – SDN Controller
4. Open vSwitch – Virtual Switch
5. MiniNet – Virtual Network: OpenFlow Switches, SDN Controllers, and Servers/Hosts
6. OMNet++ Network Simulator
7. Avior – Sample FloodLight Java Application
8. NOX/POX - C++/ Python OpenFlow API for building network control applications
9. Pyretic = Python + Frenetic - Enables network programmers and operators to write
modular network applications by providing powerful abstractions
10. Resonance - Event-Driven Control for Software-Defined Networks (written in Pyretic)
11. Trema - Full-Stack OpenFlow Framework in Ruby and C
12. FlowScale - Project to divide and distribute traffic over multiple physical switch ports.
13. SNAC - Open source OpenFlow controller for LANs with a graphical user interface.
• SDN Project
Note: slides contain Hyperlinks to external resources – run in “Presentation” mode
9/1/2014 2
4. What is Software Defined Environment?
4
With Software Defined Environment,
infrastructure is fully programmable to rapidly
deploy workloads on optimal resources and to
instantly respond to changing business
demands
7. Software Defined and Managed Environment
Flexible, Efficient and Software-controlled
Workloads
Web 2.0
Traditional
3 - Tier
Software Defined
Environment
Big Data
Workload Definition, Orchestration,
Resource Abstraction & Optimization
Virtual
Compute
Physical
Virtual
Network
Physical
Virtual
Storage
Physical
& Optimization
Open Industry APIs
Server Network Storage
Policies
Continuous
Optimization
Solution Definition
Software Pattern
Infrastructure Pattern
Software Defined
Infrastructure
(SDI)
Software Defined view of IT Virtualization…
• Workload aware; tops down
• Server, storage and network integration (SDI)
• Heterogeneous compute federation
• Managing pools of systems as a single system
• Using virtualization to manage IT
• Managed by advanced programmed automation
Traditional view of IT Virtualization…
• Hardware centric; bottoms up
• Server, storage and network silos
• Homogeneous compute silos
• Managing large numbers of individual systems
• Managing virtual resources like hardware
• Managed with extensive manual process intervention
8. Analogy between Server Virtualization/Hypervisor and Network
Virtualization/Controler/Hypervisor
9/1/2014 SDN 101 8
9. Preparing for SDE
Virtualize, optimize and automate within domains
Today: Multiple Heterogeneous Platforms
Individual platforms managed by individual tools
Client actions to address needs
1.Virtualize compute
• Transform bare-metal deployments to VMs
• Optimize workload configurations within VMs
• Consolidate workloads and define groups/teams/pools
• Implement workload mobility for resource optimization and
HA
2.Virtualize storage
3.Virtualize networking
4.Integrate management of physical and virtualized resources
SDC SDS SDN
10. Open Networking Foundation Pursues New SDN Standards
The members of the
Open Networking
Foundation will
include: Broadcom,
Brocade, Ciena, Cisco,
Citrix, Dell, Deutsche
Telekom, Ericsson,
Facebook, Force10,
Google, Hewlett-
Packard, I.B.M.,
Juniper, Marvell,
Microsoft, NEC,
Netgear, NTT,
Riverbed Technology,
Verizon, VMWare and
Yahoo.
9/1/2014 SDN 101 10
11. What is SDN?
• Recent trends in communications
networking have made it possible to
control the behavior of entire networks
from a single, high-level software
program.
• This trend, called software-defined
networking (SDN), is reshaping the way
networks are designed, managed, and
secured.
• This new field of networking is still
evolving for OpenFlow
Switches/Controllers (NOX, FloodLight,
and OpenDayLight).
• Cloud (OpenStack) and SDN (OpenFlow)
integration is: “Network Connectivity as
a Service – NaaS” (Quantum/Neutron)
9/1/2014 SDN 101 11
14. App App App
Specialized Packet
Forwarding Hardware
App App App
Specialized Packet
Forwarding Hardware
App App App
Specialized Packet
Forwarding Hardware
App App App
Specialized Packet
Forwarding Hardware
App App App
Specialized Packet
Forwarding Hardware
Operating
System
Operating
System
Operating
System
Operating
System
Operating
System
14
Current Network
Closed to Innovations in the Infrastructure
Closed
9/1/2014 SDN 101
15. “Software Defined Networking” approach
App App App
Specialized Packet
Forwarding Hardware
to open it
App App App
Network Operating System
App App App
Specialized Packet
Forwarding Hardware
App App App
Specialized Packet
Forwarding Hardware
App App App
Specialized Packet
Forwarding Hardware
App App App
Specialized Packet
Forwarding Hardware
Operating
System
Operating
System
Operating
System
Operating
System
Operating
System
9/1/2014 SDN 101 15
16. The “Software-defined Network”
App
Simple Packet
Forwarding
Hardware
App App
Simple Packet
Forwarding
Hardware Simple Packet
Simple Packet
Forwarding
Hardware
Simple Packet
Forwarding
Hardware
Forwarding
Hardware
Network Operating System
1. Open interface to hardware
3. Well-defined open API
2. At least one good operating system
Extensible, possibly open-source
9/1/2014 SDN 101 16
21. Open Data Center Interoperable Network (ODIN)
• Traditional networks are designed
for North-South traffic flows
(which traverse multiple network
tiers (i.e. latency and degrading
performance)
• ODIN promotes a flat, 2 tier
network optimized for East-West
traffic (layer-2) between servers.
• ODIN promotes scaling the
network to thousands of physical
ports at 10/40/100 GbE each, and
tens of thousands of virtual
machines.
• ODIN promotes software defined
networking and virtualized
network overlays (wire-once).
• ODIN describes equal cost
multipath spine-leaf architectures.
9/1/2014 SDN 101 21
22. Network Subscription Level
Network Subscription Level is the
difference between:
1. The input bandwidth (north)
for each layer of switching in
the network (or, number of
downlinks)
2. The output bandwidth (south)
for each layer of switching in
the network (or, number of
uplinks)
Fully-subscribed North-South network:
downlinks = uplinks
Oversubscribed switch:
downlink > uplink
Undersubscribed:
uplink > downlink
New 40GbE and 100GbE
Interfaces/Ports for Switches and
Servers
9/1/2014 SDN 101 22
25. Comparison Classical Networks SDN
Network topology
-Network consists of many tiers, where each layer duplicates
many of the IP/Ethernet packets, this adds cumulative end-to-end
latency and requires significant amounts of processing
and memory
- data traffic between racks of servers and storage needs to
travel up and down a logical tree structure which will add
latency and potentially creates congestion on inter-switch
links (ISLs)
-Network loops are prevented by using Spanning Tree
Protocol (STP) which allows only one active path between any
two switches. This means that ISL bandwidth is limited to a
single logical connection, which may lead to ISL bottlenecks.
removing tiers from a traditional hierarchical data center
network and collapses into a two tier network (access switches,
also known as top of rack (TOR) switches, and core
switches),connected devices can communicate with each other
without using an intermediate router
-Flatter networks also include elimination of STP. Replacing the
STP protocol allows the network to support a fabric topology
(tree, ring, mesh, or core/edge) while avoiding ISL bottlenecks
Scaling Up & Down
Do not scale in a cost effective or performance effective
manner. Scaling requires adding more tiers to the network,
more physical switches, and more physical service appliances
Fabrics use multiple least cost paths for high performance and
reliability, and are more elastic (scaling up or down as required)
Capex & Opex
Installation and maintenance of this physical compute model
requires both high capital expense and high operating
expense. The high capital expense is due to the large number
of underutilized servers and multiple interconnect networks.
High operational expense is driven by high maintenance and
energy consumption of poorly utilized servers, high levels of
manual network and systems administration
Flattening the network reduces capital expense through the
elimination of dedicated storage, cluster and management
adapters and their associated switches, and the elimination of
traditional networking tiers. Operating expense is also reduced
through management simplification by enabling a single console
to manage the resulting converged fabric
Network
Management
conventional data centers use several tools to manage their
server, storage, network and hypervisor elements
Converging and flattening the network leads to simplified
physical network management
Network
Subscription Level
Network was over-provisioned most of the time. This
approach provided an acceptable user experience, but it does
not scale in a cost effective manner.
To be able to provide a network which is “ any-to-any”
connectivity,” fairness”, and “non-blocking”, which will help in
subscription levels
Virtualization
environment
Conventional data centers have consisted of lightly utilized
servers running a bare metal operating system or a hypervisor
with a small number of virtual machines (VMs)
High virtualized, which will leads to high availability and better
performance.
9/1/2014 SDN 101 25
27. SDN: Software Defined Networking
Technology that enables data center team to use software to efficiently control network resources
Traditional switch design OpenFlow design
Comparison of different controller architectures
9/1/2014 SDN 101 27
28. Why SDN is important for Virtual Environments and VM Mobility (1/5)
9/1/2014 SDN 101 28
29. Why SDN is important for Virtual Environments and VM Mobility (2/5)
9/1/2014 SDN 101 29
30. Why SDN is important for Virtual Environments and VM Mobility (3/5)
9/1/2014 SDN 101 30
31. Why SDN is important for Virtual Environments and VM Mobility (4/5)
Software Defined Network for Virtual Environments
Software Defined Networking (SDN) offers a next-generation
alternative to networking in the data center using network
virtualization and separation of control plane and data plane
techniques.
Software Defined Network for Virtual Environments (SDN
VE) creates a virtual network for virtual machines (VMs).
This virtual network is decoupled and isolated from the
physical network, much like VMs are separated from the
host server hardware. This approach enables virtual
networks to be created without any changes to the existing
network –meaning it can be wired once.
Provisioning and administration are simplified and
automated, and IP and MAC addresses can be reused,
permitting logical separation of networks for multi-tenancy.
OpenFlow-enabled switches and a programmable network
controller provide centralized control. SDN VE incorporates
open source components to enable an ecosystem of
network services.
32. Why SDN is important for Virtual Environments and VM Mobility (5/5)
9/1/2014 SDN 101 32
33. Software Defined and Managed Virtual Network
Flexible, Efficient and Software-controlled
Traditional view of Network
• Independent network switches
• Network OS runs on the switch
• Switches oblivious to application requirements
• “one size fits all” configurations and policies
• Poor utilization of available resources
• Responds to changes (load, failures, …) slowly
• Vendor-proprietary extensions
• Clients locked into static, closed market
• Switches: run full protocol suite (complex, hard to upgrade)
Software Defined view of Network Virtualization
• SDN controller programs switches:
• Network OS runs on server cluster
• Applications reconfigure network to match requirements and
global resource conditions
• High utilization of available resources
• Responds to changes quickly and globally
• Common SDN core, but vendors can innovate SDN controller
features and network applications
The client value
• Enables multi-tier virtual system patterns with automated linkages
between compute tiers & network appliances
• Allows networks to react rapidly in response to changing
workloads
• Allows SDN software applications to replace hardware appliances
(e.g. firewall)
• Allows cloud administrators to improve service delivery, lower
operational costs
• Configure once physical fabric (less prone to human error)
34. SDN Market Potential
Domains
• Data centers
• Public clouds
• Enterprise/campus
• Cellular
• Enterprise WiFi
• WANs
• Home networks
Products
• Switches, routers:
About 15 vendors
• Software: 8-10 vendors
and startups
New startups. Lots of hiring in networking.
9/1/2014 SDN 101 34
44. OpenFlow Forwarding Abstraction
Control Program A Control Program B
Network OS
Packet
Forwarding
Packet
Forwarding
“If header = p, send to port 4”
“If header = q, overwrite header with r,
add header s, and send to ports 5,6”
“If header = ?, send to me”
Packet
Forwarding
Flow
Table(s)
9/1/2014 SDN 101 44
45. Communication in OpenFlow Network
Controller
Flow Table:
Match Field Action
empty empty
Host 1
MAC address
08-00-20-3A-00-4F
OpenFlow
Switch
Src: 08-00-20-3A-00-4F
Dst: 08-00-2A-0B-FE-FD
1 2
Packet-in: unmatched frame
with MAC 08-00-2A-0B-FE-FD
MAC table:
MAC address Ingress port
08-00-20-3A-00-4F 1
Packet-out: flood on all ports
except ingress port
Host 2
MAC address
08-00-2A-0B-FE-FD
9/1/2014 SDN 101 45
46. Communication in OpenFlow Network
Flow Table:
Match Field Action
Src: 08-00-2A-0B-FE-FD
Dst: 08-00-20-3A-00-4F
Forward on
port 1
Src: 08-00-20-3A-00-4F
Dst: 08-00-2A-0B-FE-FD
Forward on
port 2
Host 1
MAC address
08-00-20-3A-00-4F
OpenFlow
Switch
Controller
1 2
Packet-in: unmatched frame with
MAC 08-00-20-3A-00-4F
Packet-out: forward on port 1
MAC table:
MAC address Ingress port
08-00-20-3A-00-4F 1
08-00-2A-0B-FE-FD 2
Host 2
MAC address
08-00-2A-0B-FE-FD
Match Action
Src: 08-00-2A-0B-FE-FD
Dst: 08-00-20-3A-00-4F
Forward on
port 1
Match Action
Src: 08-00-20-3A-00-4F
Dst: 08-00-2A-0B-FE-FD
Forward on
port 2
Src: 08-00-2A-0B-FE-FD
Dst: 08-00-20-3A-00-4F
Flow-mod messages:
9/1/2014 SDN 101 46
57. Use Case – What Location Why SDN Needed Benefits Achieved
Network
Virtualization– Multi-
Tenant Networks
Datacenter To dynamically create segregated
topologically-equivalent networks
across a datacenter, scaling beyond
typical limits of VLANs today at 4K
Better utilization of datacenter resources,
claimed 20-30% better use of resources.
Faster turnaround times in creating
segregated network, from weeks to
minutes via automation APIs.
Network
Virtualization –
Stretched Networks
Datacenter To create location-agnostic networks,
across racks or across datacenters,
with VM mobility and dynamic
reallocation of resources
Simplified applications that can be made
more resilient without complicated coding,
better use of resources as VMs are
transparently moved to consolidate
workloads. Improved recovery times in
disasters.
Service Insertion (or
Service Chaining)
Datacenter/
Service Provider
DMZ/WAN
To create dynamic chains of L4-7
services on a per tenant basis to
accommodate self-service L4-7
service selection or policy-based L4-
7 (e.g. turning on DDoS protection in
response to attacks, self-service
firewall, IPS services in hosting
environments, DPI in mobile WAN
environments)
Provisioning times reduced from weeks to
minutes, improved agility and self-service
allows for new revenue and service
opportunities with substantially lower
costs to service
Tap Aggregation Datacenter/campus
access networks
Provide visibility and troubleshooting
capabilities on any port in a multi-switch
deployment without use of
numerous expensive network packet
brokers (NPB).
Dramatic savings and cost reduction,
savings of $50-100K per 24 to 48
switches in the infrastructure. Less
overhead in initial deployment, reducing
need to run extra cables from NPBs to
every switch.
9/1/2014 SDN 101 57
58. Use Case – What Location Why SDN Needed Benefits Achieved
Dynamic WAN
reroute –move large
amounts of trusted
data bypassing
expensive inspection
devices
Service Provider/
Enterprise Edge
Provide dynamic yet authenticated
programmable access to flow-level
bypass using APIs to network
switches and routers
Savings of hundreds of thousands of
dollars unnecessary investment in
10Gbps or 100Gbps L4-7 firewalls, load-balancers,
IPS/IDS that process
unnecessary traffic.
Dynamic WAN
interconnects
Service Provider To create dynamic interconnects at
Internet interchanges between
enterprise links or between service
providers using cost-effective high-performance
switches.
Ability to instantly connect Reduces the
operational expense in creating cross-organization
interconnects, providing
ability to enable self-service.
Bandwidth on
Demand
Service Provider Enable programmatic controls on
carrier links to request extra
bandwidth when needed (e.g. DR,
backups)
Reduced operational expense allowing
self-service by customers and increased
agility saving weeks of manual
provisioning.
Virtual Edge –
Residential and
Business
Service Provider
Access Networks
In combination with NFV initiatives,
replace existing Customer Premises
Equipment (CPE) at residences and
businesses with lightweight versions,
moving common functions and
complex traffic handling into POP
(points-of-presence) or SP
datacenter.
Increased usable lifespan of on-premises
equipment, improved troubleshooting,
less truck rolls, flexibility to sell new
services to business and residential
customers.
9/1/2014 SDN 101 58
79. z
IBM
Controller
Platforms
Network
Virtualization
OpenFlow
Physical
Switches
SDN
DVS 5000V
Controller
GA 10/2012
IBM PNC
(OF Ctrl)
SDN
IBM SDN-VE
NFV
standards-compliant
layer-2 virtual switch
NFV
DOVE:
multi-tenant
network
virtualization
• Advanced Connectivity
Service with Application
chaining
• Additional Hypervisor
vSwitches
OpenFlow
OF 1.0
10GE switch
• Additional OpenFlow enabled
IBM Switches
• OpenFlowSpec Currency Release
OF 1.3.1
9/1/2014 SDN 101 79
80. IBM SDN-VE: A hypervisor for the network
• SDN for Virtual Environments (SDN-VE) is based on IBM’s
Distributed Overlay Virtual Ethernet (DOVE) networking technology
• SDE-VE uses existing IP infrastructure: No change to existing network
• Provides server-based connectivity for virtual workloads
9/1/2014 SDN 101 80
81. IBM Software Defined Networking
OpenStack based SDE framework for storage, compute & networking
IBM SmartCloud Stack
Multi-tier workload patterns
Monitoring & service assurance
SmartCloud Orchestration
Cinder Storage APIs OpenStack Quantum API NOVA Compute APIs
Storage Quantum
NOVA
PowerVM zHyp
KVM
VMware Hyper-V
Driver Driver
SDN-VE (Open Daylight based)
OpenFlow
1.0, 1.3.1
DOVE / vSwitch other std I/F
OpenStack Quantum Enhancements
Service & middleware configuration
Service connectivity
Service templates
Service connectivity patterns
Intrusion
Prevention
Firewall
Web
Servers
Application
Server
Firewall
Load
Balancer
Database
Cluster
9/1/2014 SDN 101 81
82. IBM SmartCloud Foundations & OpenStack
Supporting both Vertically Integrated and Horizontal solutions
• Open, common, standards based architecture
• Simple 3 tier structure, with increased Client Value
at each tier
• Clean upgrade paths
• Significant customer benefits above and
beyond base OpenStack
Related Standards & Organizations
TOSCA
CIMI &
OVF
CCRA
SmartCloud Orchestration – Orchestrate Services across multiple environments and domains
OSLC
Key:
Common
Cloud Stack
Factory
Integrated
Bundle
Option
SmartCloud Provisioning
Automate Optimized
Workloads
SmartCloud Entry
Automate IT Delivery
SmartCloud Provisioning
Automate Optimized
Workloads
SmartCloud Entry
Automate IT Delivery
Customer integrated
hardware
PureFlex System
Automate Optimized
Workloads
PureApplication
System
9/1/2014 SDN 101 82
83. Checklist of Key SDN Controller Functionality
OpenFlow Support
IT organizations need to understand the OpenFlow functionality that the controller currently
supports, including support for optional features and extensions to the protocol. IT organizations
also need to understand the vendor’s roadmap to implement new versions of OpenFlow.
Network Virtualization
It must be possible to dynamically create policy-based virtual networks to meet a range of
requirements. These virtual networks must abstract and pool network resources in a manner
similar to how server virtualization abstracts and pools compute resources.
Network Functionality
This includes the ability to discover multiple paths from origin to destination and to split the
traffic across multiple links. It also includes the ability to utilize a rich set of constructs that
enable the creation of L2 and L3 networks within a tenant-specific virtual network.
Scalability
An SDN controller should be able to support a minimum of 100 switches. It must also be able to
mitigate the impact of network broadcast overhead and the proliferation of flow table entries.
Performance
An SDN controller must be able to pre-populate the flow tables to the degree possible and it
must have processing and I/O capabilities that ensure that the controller is not a bottleneck in
the creation of flow entries.
9/1/2014 SDN 101 83
84. Checklist of Key SDN Controller Functionality
Network Programmability
It must be possible to apply sophisticated filters to packets. The SDN controller should provide
templates that enable the creation of scriptable CLIs that allow for the dynamic programming of
the network.
Reliability
It must be possible to have multiple network paths from origin to destination. The SDN controller
should also be built using both hardware and software redundancy features and it must be
possible to cluster the controllers.
Security of the Network
It must be possible to apply enterprise class authentication and authorization and to completely
isolate each virtual network. The SDN controller must be able to rate limit the control
communications.
Centralized Management and Visualization
An SDN controller should enable the IT organization to choose the classes of traffic that it
monitors and it should present to the IT organization a visualization of both the physical network
and the multiple virtual networks that run on top of it.
The SDN Controller Vendor
The vendor must demonstrate that it has the financial and technical resources to support the
ongoing development that will be associated with SDN. The vendor must also demonstrate its
long-term position and momentum in the SDN marketplace.
9/1/2014 SDN 101 84
86. Case Study
Marist College (a member of Internet2), which currently includes
several academic partners (Columbia University, City University
of New York, and State University of New York), as well as
corporate partners (IBM, ADVA, NEC, and BigSwitch).
9/1/2014 SDN 101 86
87. • SDN/NFV test bed constructed as part of the New York State
Center for Cloud Computing and Analytics SDN Innovation Lab.
Established in 2013.
• This center is a consortium based at Marist College (a member of
Internet2), which currently includes several academic partners
(Columbia University, City University of New York, and State
University of New York)
• as well as corporate partners (IBM, ADVA, NEC, and BigSwitch).
• The goals of this test bed include demonstrating practical use
cases for SDN/NFV network abstractions, promoting standards-based,
open source development communities, and developing
new academic curricula for networking professionals.
9/1/2014 SDN 101 87
116. NOX - C++ OpenFlow API for building network control applications
POX - Python OpenFlow API for building network control applications
9/1/2014 SDN 101 116
117. Pyretic = Python + Frenetic
Enables network programmers and operators to write modular network
applications by providing powerful abstractions
9/1/2014 SDN 101 117
123. 1st Project
Network Virtualization–
Multi-Tenant Networks
To dynamically create
segregated topologically-equivalent
networks across a
datacenter, scaling beyond
typical limits of VLANs today
at 4K
Better utilization of
datacenter resources,
claimed 20-30% better use of
resources. Faster turnaround
times in creating segregated
network, from weeks to
minutes via automation APIs.
9/1/2014 SDN 101 123
124. 2nd Project
SDN Integration with
Multiple Hypervisors
Integrate VMWare SDN
Solution (NSX) with multiple
Hypervisors:
• VMWare
• Hyper-V
• Cetrix Xen
• KVM
Automating VM-to-VLAN
association/provisioning.
Test SDN capabilities in VM
Fault-Tolerant Solutions, with
VM/VLAN Fail-Over and/or
Fall-Back.
9/1/2014 SDN 101 124