Dev Dives: Streamline document processing with UiPath Studio Web
Software defined networks and openflow protocol
1. Software Defined Networks
and Open flow Protocol
Mahesh M
11/27/2015Software Defined Networks and Open Flow Protocol
1
2. Introduction to SDN
An innovative approach to network architecture that provides the ability to
create a whole new class of functionality
Experimental
Separates the data plane and the control plane of nodes
Nodes will only be forwarding the information
11/27/2015Software Defined Networks and Open Flow Protocol
2
3. Why SDN?
Network – Core element of an organization’s technology service
Current Scenario
Several discrete network devices require manual configuration and
management
These devices will be closed, proprietary units that limit innovation
Hence extensibility close to zero
Need for a New network?
Change in traffic patterns
The “consumerisation of IT”
Rise of cloud services
Big Data => requirement of more bandwidth
11/27/2015Software Defined Networks and Open Flow Protocol
3
4. Transition to SDN…
11/27/2015Software Defined Networks and Open Flow Protocol
4
Features Features
Operating System
Specialized
packet
forwarding
hardware
Features Features
Operating System
Specialized
packet
forwarding
hardware
Features Features
Operating System
Specialized
packet
forwarding
hardware
5. Transition to SDN…
11/27/2015Software Defined Networks and Open Flow Protocol
5
packet forwarding
Features Features
Network Operating System
Control Plane
Data Plane
Open Flow Protocol
packet forwarding
packet forwarding
6. What is SDN?
A flexible network architecture
Control plane and Data plane – core components of a network switch
Current devices have both control and data plane residing on the
physical switch
SDN - Control plane separated from the data plane and placed on a
server
Software application – provides direction to data plane
Interaction between controller and data plane – using Open Flow protocol
11/27/2015Software Defined Networks and Open Flow Protocol
6
7. Open Flow Protocol
TCP based
Maintained by the open networking foundation
Provides numerous functions and commands for
Communication of data
Status and management of the devices
11/27/2015Software Defined Networks and Open Flow Protocol
7
8. Open Flow Protocol
Basic idea – use of flow tables as in Ethernet switches
Flow Tables – vendor specific
OFP : provides an open protocol to program the flow table in different switches
and routers
In a OFP : data path consists of flow table
An action will be associated with a flow entry
Set of actions supported by the open flow is extensible
11/27/2015Software Defined Networks and Open Flow Protocol
8
9. The Open Flow Switch Consists of at least 3 parts
A flow table – an action associated with each
flow entry
A secure channel – connects the switch to a
remote control process(controller)
Open Flow Protocol – Open and standard way
for a controller to communicate with a switch
Types
Dedicated OF switches
Open Flow Enabled switches
11/27/2015Software Defined Networks and Open Flow Protocol
9
10. OFP – How it works?
11/27/2015Software Defined Networks and Open Flow Protocol
10
Controller
Node 4
Node 2
Node 3
Flow
Table
If matchfield : forward message to node 4
If matchfield : change header and forward to node 2
11. Flow Table
Consists of flow entries
Each flow entry has
Match fields
Counters – update the number of matching packets
Set of instructions to apply to matching packets
Matching starts from 1st flow table and may continue to other flow tables
Matching done in priority order – first match is used
If no match – may continue to next flow table or may be forwarded to the
controller via OFP or packet can be dropped – depends on the switch configuration
11/27/2015Software Defined Networks and Open Flow Protocol
11
13. Instructions
Each flow entry include set of instructions that are executed when a packet
matches the entry
Supported instructions
Apply-Actions action
Clear-Action
Write-Action actions
11/27/2015Software Defined Networks and Open Flow Protocol
13
14. Open Flow Channel
Connects each open flow switch to the controller
Usually encrypted using TLS, but may be run directly over TCP
PROTOCOL OVERVIEW
Support 3 messages
Controller to switch
Asynchronous
symmetric
11/27/2015Software Defined Networks and Open Flow Protocol
14
15. Controller to Switch
Initiated by the controller
Message types
Features : Controller may request for the features of the switch – expects a features reply with
available capabilities of the switch
Configuration : controller set/query conffig parameters
Modify State : manages state on the switches – mainly to add/delete/modify flow entries
Read State : to collect sttistics from the switch
Packet-out : used to send packets out of a specied port on the switch, and to forward packets
received via Packet-in messages
Barrier : to ensure message dependencies have been met or to receive notications for
completed operations
11/27/2015Software Defined Networks and Open Flow Protocol
15
16. Asynchronous
Switches send these to indicate packet arrival, switch state change or error
Message types:
Packet In : For all packets that do not have a matching row entry, a packet-in event may
be sent to the controller
Flow removed
Port status
Error
11/27/2015Software Defined Networks and Open Flow Protocol
16
17. Synchronous
sent without solicitation, in either direction
Hello: Hello messages are exchanged between the switch and controller upon connection
startup
Echo : used to measure the latency or bandwidth of a controller-switch connection, as
well as verify its liveness
11/27/2015Software Defined Networks and Open Flow Protocol
17
18. Open Flow Channel Connection setup
Switch must be able to connect to a known IP via a user specified port
If IP is known – switch initiates a TLS or TCP connection to the controller
After connection is established each side should send a OFTP_Hello message with
the version number
If version supported connection proceeds
Else – reply OFPT_Error with
with a type field of OFPET_HELLO_FAILED,
a code field of OFPHFC_COMPATIBLE, and
optionally an ASCII string explaining the situation in data,
And terminate the connection
11/27/2015Software Defined Networks and Open Flow Protocol
18
19. Connection Interruption
Switch may lose connection due to
Echo request timeout
TLS session timeout
Or other disconnections
Switch should contact one or more backup controllers – not specified in the
protocol
Two modes
Fail Secure – packets and messages destined to current controller is dropped
Fail standalone – Switch act as a legacy Ethernet switch or router – processes all the
packets by itself
11/27/2015Software Defined Networks and Open Flow Protocol
19
20. Encryption and Message Handling
Encryption
Communication through TLS connection
TLS initiated by switch during the startup
Controller and switch mutually authenticate using certificates
Controller Certificate
Switch Certificate
Message Handling
OFP provide reliable message delivery and processing
Does not provide automatic acknowledgements
11/27/2015Software Defined Networks and Open Flow Protocol
20
21. Benefits of Open flow SDN
Centralized control of multi-vendor environments
Reduced complexity through automation
Higher rate of innovation
Increased network reliability and security
More granular network control
Better user experience
11/27/2015Software Defined Networks and Open Flow Protocol
21
22. Summary
Current networks - less extensible
Solution - Software Defined Networking and Open Flow protocol
SDN – Emerging technology
Separates data and control planes
Makes the network control centralized
Network devices are only packet forwarding objects
11/27/2015Software Defined Networks and Open Flow Protocol
22
23. References
OpenFlow Switch Specication, Version 1.1.0 Implemented (Wire Protocol 0x02 ),
February 28, 2011 – The Open Networking Foundation
Software-Defined Networking: The New Norm for Networks, ONF White Paper, April 13,
2012
Zanna, P.; Hosseini, S.; Radcliffe, P.; O'Neill, B., "The challenges of deploying a software
defined network," in Telecommunication Networks and Applications Conference
(ATNAC), 2014 Australasian , vol., no., pp.111-116, 26-28 Nov. 2014
doi: 10.1109/ATNAC.2014.7020883
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7020883&isnumber=7
020854
Jian-Quan Wang; Haijing Fu; Chang Cao, "Software defined networking for telecom
operators: Architecture and applications," in Communications and Networking in China
(CHINACOM), 2013 8th International ICST Conference on , vol., no., pp.828-833, 14-16
Aug. 2013
doi: 10.1109/ChinaCom.2013.6694710
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6694710&isnumber=6
694549
11/27/2015Software Defined Networks and Open Flow Protocol
23
Difficult to manage a large network
2.1 *
2.2 vendor dependence
2.3 inability to scale
3.1 client server apps – communication between one client and one server only – now – commn. With many servers while fetching a data
3.2 increase in use of mobile devices – these need to be iincorporated into the network while securing the corporate data – eg; amritanet
3.3 everythning in cloud now – both public and private clouds – access from anywhere – elastic scaling, storage n/w resoources etc.
3.4 need to maintain any to any connection without broke
Other features may be routing, Traffic Engineering, bandwidth allocation
Data plane on physical switch
*
*
Network admin can partition the trffic into research and production => researchers can control their own flows => try mew protocols etc.
1.
2.
3. OFP – using this can add, delete and/or update the flow entries both reactively(in response to the packets) and proactively
Action Set
AA Action - Applies the specic action(s) immediately, without any change to the
Action Set. This instruction may be used to modify the packet between two tables or to execute
multiple actions of the same type.
WA Action - Merges the specied action(s) into the current action set (see 4.7). If an
action of the given type exists in the current set, overwrite it, otherwise add it.
Message handling
Message delivery
Message processing – if connection fail send error
Message ordering done through barrier message – if barrier absent randomly reorder for maximum performance
Message before a barrier should be processed completely including sending replies or errors
Barrier then processed and a barrier reply sent
Process message after the barrier