This action might not be possible to undo. Are you sure you want to continue?
by Wes White
A Capstone Project for 68-595-K-FA12 Within the Graduate Program Discipline of
Master of Science in Information Security at Lewis University in Romeoville, Illinois
Little to nothing is known about the goals, objectives, or humble beginnings of SDN (Software Defined Networking) in the mainstream media at the moment. Although the networking computing culture and enterprise business world are overwhelmingly ecstatic over its implications, SDN and OpenFlow have yet to break household headlines at present. Yet there is much anticipation and fervor that the SDN architecture will relieve and surpass the networking technology of today. Most in the networking field who know of SDN are embracing it, while some are doing their best to ignore and/or impede its progress. “Those companies that are committed to open architectures will be our partners. Those that aren’t, won’t .” Nevertheless, with the climbing utilization of virtualization of computing datacenters for enterprise/large/medium sized businesses which will eventually make its way to the small business and consumer market, the ever increasing global interest in remote/mobile computing, the continual sophistication and implementations of “smart” robotics like self-driving cars using real-time sensor monitoring , and the approaching change over to IPv6, a stable and reliable networking infrastructure, format, and transition with the foresight, planning, collaboration and implementation to direct and perpetuate increasingly high network traffic efficiency with low latency seems most prudent and wise. Figure 1 indicates how cumbersome and vulnerable network traffic patterns have become as a result of virtualization, big data, wireless and BYOD in relation to its established era’s network traffic rules.
Figure 1. A Large Hermit Crab in a Bottle Top Home- A Metaphor of
Conventional Networking Practices Compared to its Traffic
This paper reports on the mechanics of the theoretical, experimental, and prototype implementations of OpenFlow and SDNs (Software Defined Networks), the stated advantages and disadvantages from supporters and detractors of SDNs, the potential for an impending revolution in networking efficiency through SDNs, and some of the foreseen security implications of the OpenFlow protocol suite as it applies to large/medium scale networking business entities and academic institutions.
. . . . . . Figure 2: North/South Alignment and Proximity Alignment Models . . . . . . . . . Figure 3: Encapsulation Sequence in the TCP/IP Protocol Stack . . . 53 LIST OF FIGURES Figure 1: SDN Metaphor. . iii . . . . 50 Chapter 9: Bibliography . . . . 47 Chapter 8: Implications of SDN for the Immediate and Distant Future . . . Cautions and Security Risks of SDNs . . . . . .Large Hermit Crab in a Bottle Top Home . . . . . . . Chapter 2: SDN Terminology . . 9 . . . 41 . . . . . Chapter 3: What does SDN Mean to Some of the Core SDN Members? . . . . . . 30 Chapter 6: Some Concerns. 10 Page iv . . . ii 1 6 Chapter 1: Some Important Milestones of Network Communications . . . . 24 Chapter 5: A Few Current SDN Industry Models and Implementations . . .TABLE OF CONTENTS Abstract . . 16 Chapter 4: Some Background of the OpenFlow Protocol and the ONF . . . . . . . . Chapter 7: Marketing Predictions Surrounding SDNs . . . .
. . . . Figure 14: NEC Client Genesis Hosting Solutions Customer Capacity . . .Tiny Crab in Big Shell . . . . . . . . . . . 26 . . . . . 28 30 Figure 8: Evolution of SDN/OpenFlow . . . . . . . . . Figure 15: Plexxi Control Primary Functions . . . . . . . 52 Figure 21: SDN Metaphor. 36 . . . . .BNC. . 11 . & BT . . . 31 . . . Figure 19: So Many Doors to Secure in a Medium/Large and/or Distributed Network . . . . . . . . . . . . . . . . . . . . . . . . Figure 16: Big Switch Network’s Product Suite. . . Figure 7: SDN-Powered Network . . . . 32 . . . . 52 Page v . . . . . Figure 17: Nicira’s Network Virtualization Platform . . . 21 . 38 . . . . . . . 12 . . . Figure 18: Google’s 100% OpenFlow Software Defined WAN . 34 Figure 13: LineRate’s Proxy L4-7 Services . . . . . 35 . . Figure 9: Current ONF Membership . . . . . . .Figure 4: Scalable OpenFlow network MAC Based Routing . Figure 12: Oracle’s Xsigo Product Overview . . . Figure 10: HP Continues OpenFlow Technology Leadership. Figure 11: HP’s FlexNetwork Architecture . . . . . . 21 . . . . . . .Happy Harry in LegoHome . . . . . . . . . . . . 34 . BVS. 39 . Figure 5: The 7 Layers of the OSI Model Figure 6: Today’s Networks . . 45 Figure 20: SDN Metaphor. . . . . .
and load balancing as primary networking objectives. and program/application information to ensure proper delivery as each segmented packet traveled through the routers and hubs (the digital message block operators) to reach its destination. Packet-switched networks have become the backbone of the Internet because packets can traverse the globe as a result of the publicly utilized TCP/IP protocols (Transmission Control Protocol/Internet Protocol). 40. One inherent issue with circuit-switched networks is the reservation and holding of all connections between each end user until both parties release the communicating telephone lines’ (networking) resources. to understand the sender’s entire digital message. there has been a dramatic shift in the ways computers are utilized around the world. redundant throughput. packet-switched networks. Prior to the implementation of packet-switched networks. to be properly reassembled and interpreted by the receiving end user’s device. and even 80 years ago with the advent of digital technology.R Page 1 . This segmentation and encapsulation of a message allowed for a rapid store-andforward networking design between routers over long and short distances with path determination. Packet-switched networks enabled the voice and/or digital media to become segmented “message blocks” and encapsulated with source/destination addressing. electrical distance communications mainly relied on circuit-switched networks like telephone infrastructures when two people/entities wished to communicate with each other through voice and/or digital media. and the dot-com explosion.CHAPTER 1: Some Important Milestones of Network Communications Within the past few years. Much of the progress that can be seen in the present day are a direct result of concepts that were formed and developed 20.C. which was conceived and developed by pioneers such as J.
YouTube. Donald Davies. and Robert Kahn. which can both be said to mirror the virtualization of device IP addresses. the power of virtualization has become clearly evident to the business. eBay.Licklider. Subnet masks allow host clients of an IP address to borrow bits from the registered IP address to create subnetworks within the IP address. with many of these being proprietary and exchanging information exclusively within its company’s intranet. Amazon. After the effects of the dot-com explosion and stabilization took hold during the 1990searly/mid 2000s. web applications. to name a few . growing popularity and inclusion of Internet accessible MDs (Mobile Devices) has also added to the complexity of IP addressing and packet delivery over the existing network. Developed in the 1980s. online gaming. Presently. and consumer worlds as platforms for an abundant variety of corporate and medical virtual client computer OSs. Google. a couple more IP address routing technologies were also developed in the last 30 years including subnet masks and NAT (Network Address Translation). it may need to be forwarded to the destination device which actually has a different IP and MAC (Media Access Page 2 . facebook. Recently. Yahoo!. As a packet reaches a destination IP address’ router or switch. Around the same time. Paul Baran. depending on the amount of storage and memory available on the physical machine. virtualization is a program/application that can run multiple independent and varied OSs (Operating Systems) on a single computer. the introduction. Vinton Cerf. another new software technology called virtualization gained wide popularity in the mid-2000s. a single computer on the consumer market has the capacity to run 8-64 VMs (Virtual Machines) independently and simultaneously. Leonard Kleinrock. stock predictors. technology. servers. to name a few. To build on TCP/IP. and enterprise/medium size business/consumer cloud database storage services.
Control) address than the packet was intended to be addressed to through a NAT switch/router
. An overwhelming number of IP addresses results when temporary, NAT and subnet
masked physical and virtual end device IP addresses are included, which would severely overflow the IPv4 addressing allotment (around 4.3 billion unique addresses around the world), cause duplicate IP addresses and endless packet collisions/dropped packets within the existing present day physical networking structure under the protocols of TCP/IP alone. As virtualization continues to grow the number of end devices and the exhaustion of registerable IPv4 addresses draws nearer, addressing packet traffic and network security concerns has also continued to gain attention. One of the solutions that has emerged and continues to build considerable traction is SDN (Software Defined Networking). SDNs utilize the advantages of virtual devices to deploy virtual switches on top of the physical routers and switches to process and forward packets addressed to other virtual end user/server/switch devices. Traditional SDN implements a protocol suite named OpenFlow, which like TCP/IP, is meant to be available as a free and shared protocol global standard approved by the IETF (Internet Engineering Task Force) that encapsulates standard TCP/IP packets with additional application header information geared toward VMs including proposed overlay protocols like OpenStack, VXLAN (Virtual eXtensible LAN), NV-GRE (Network Virtualization using Generic Routing Encapsulation) to ensure appropriate packet addressing, and STT (Stateless Transport Tunneling) to ensure appropriate packet security. SDN has become extremely important in the Enterprise business sector as more processes occur dynamically between their proprietary VMs, their corporate identified physical network
nodes, and their employee’s MDs to access its data, causing huge QoS (Quality of Service) individualized granularity and security concerns, driving the need for a versatile, well organized, and accurately automated application based network-wide policy. The bulk of today’s applications are accessing different databases and servers, which are creating increasing “east-west” upper layer application traffic between machines within the same company before returning data to the end user device the classic “north-south” TCP/IP stack network traffic pattern. These companies need hyperscale networks that can provide highperformance, low-cost connectivity among hundreds of thousands, and eventually millions, of physical and virtual servers. “Handling today’s ‘big data’ or mega datasets requires massive parallel processing on thousands of servers, all of which need direct connections to each other which are pushing the demands and boundaries for additional network capacity and scalability in the data center. MD carriers face similar challenges as demand for mobility and bandwidth continues to climb .” SDN (Software Defined Networking) is an emerging network architecture where network control is decoupled from the TCP/IP forwarding protocols and is directly programmable. Network intelligence is centralized in software-based SDN controllers/switches, which maintain a global view of the network topology to abstract applications and network services, improve network management and operations, while reducing operating and processing resources. “By centralizing the network state in the control layer, SDN gives network managers the flexibility to configure, manage, secure, and optimize network resources via dynamic, custom, and automated SDN programs… across wired and wireless, physical and virtual connections on a campus .” This paper reports on the mechanics of the theoretical, experimental, and prototype implementations of OpenFlow and SDNs (Software Defined Networks), the stated advantages
and disadvantages from supporters and detractors of SDNs, the potential for an impending revolution in networking efficiency through SDNs, and some of the foreseen security implications of the OpenFlow protocol suite as it applies to large/medium scale networking business entities and academic institutions. In the proceeding chapters, this paper will explain some basic SDN terminology, give perspectives of what SDN means from some of its core members, give some background of the OpenFlow Protocol and the Open Networking Foundation, illustrate a few SDN implementations, explain some of the inherent security risks of SDN, reveal some marketing predictions in regards to the SDN architecture, and close with a few implications that SDN will likely hold for the immediate and distant future.
Dell. and Routing Information Service are all current functioning protocols that OpenFlow and OpenStack are using to overlay its features onto and form SDN working models from. OSPF. SPB. Enhanced Interior Gateway Routing Protocol. NVGRE. EIGRP. support for virtual machine mobility independent of the physical network. RIS. Routing Information Protocol. Multiple Protocol Label Switching.Border Gateway Protocol. Intel. here are a few protocols and terms that will be used throughout this paper: SDN RELEVANT PROTOCOLS: BGP. TRILL. It uses the established GRE tunnel format rather than defining a new one. decouple the virtual topology provided by the tunnels from the physical topology of the network. support for essentially unlimited numbers of virtual networks (in contrast to Page 6 . Broadcom and Arista authored the IETF draft . Open Shortest Path First. Microsoft. Shortest Path Bridging. DCB. Fiber Channel over Ethernet.“STT (Stateless Transport Tunneling) is a tunnel encapsulation that enables overlay networks to be built in virtualized data center networks… to: manage overlapping addresses between multiple tenants. TRansparent Interconnection of Lots of Links. and to better explain what its intentions are.” STT. MPLS. VEPA.CHAPTER 2: SDN Terminology To provide a clearer idea of what SDN is capable of.Data Center Bridging. RIP. FCoE.Network Virtualization using Generic Routing Encapsulation “is a tunnel protocol (similar to VXLAN) used to create VLANs that span Layers 2 and 3 for multi-tenant cloud networks. and Virtual Ethernet Port Aggregator are all protocols that SDN based switches and controllers implement to accurately optimize and speed up network traffic transmissions.
isolate the physical network from the addressing of the virtual networks. as it utilizes the capabilities of standard NIC (network interface cards) to improve performance .g. One of the biggest advantages of VLANs is that when a computer is physically moved to another location.” “VLAN specifications only allow for up to 4. for example).096 network IDs to be assigned at any given time .“Short for virtual LAN [Local Area Network]. VXLAN will make it easier for network engineers to scale out a cloud computing environment while logically isolating cloud apps and tenants…. decouple the network service provided to servers from the technology used in the physical network (e.“Virtual Extensible LAN (VXLAN) is a proposed encapsulation protocol for running an overlay network on existing Layer 3 infrastructure. The VXLAN segment ID in each frame differentiates individual logical networks so millions of isolated Layer 2 VXLAN networks can co-exist on a common Layer 3 infrastructure. providing an L2 service over an L3 fabric). VLANs are configured through software rather than hardware. The primary goal of VXLAN is to extend the virtual LAN (VLAN) address space by adding a 24-bit segment ID and increasing the number of available IDs to 16 million. it can stay on the same VLAN without any hardware reconfiguration . which makes them extremely flexible. a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN.” VLAN.” VXLAN. only virtual machines (VMs) within the same logical network can communicate with each other . thus avoiding issues such as MAC table size in physical switches….VLANs.” Page 7 . STT is particularly useful when some tunnel endpoints are in end-systems. An overlay network is a virtual network that is built on top of existing network Layer 2 and Layer 3 technologies to support elastic compute architectures. As with VLANs.
protocols. and tools for building software applications. For example. A system can have several abstraction layers whereby different meanings and amounts of detail are exposed to the programmer.” Abstraction. Abstraction tries to reduce and factor out details so that the programmer can focus on a few concepts at a time.” Cloud. A public cloud sells services to anyone on the Internet. (Currently. A good API makes it easier to develop a program by providing all the building blocks. A programmer then puts the blocks together .API is an abbreviation for Application Programming Interface.) A private cloud is a proprietary network or a data center that supplies hosted services to a limited number of people. and more recently Anything/Everything-as-a-Service (XaaS)]. The name cloud computing was inspired by the cloud symbol that's often used to represent the Internet in flowcharts and diagrams…. When a service provider uses public cloud resources to create their private cloud. Abstraction captures only those details about an object that are relevant to the current perspective . the result is called a virtual private cloud.“In computer science. Private or Page 8 . while hiding away the implementation details. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS). “An API is a set of routines. Amazon Web Services is the largest public cloud provider. abstraction is the process by which data and programs are defined with a representation similar in form to its meaning (semantics). Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS)[. low-level abstraction layers expose details of the computer hardware where the program is run.Quite often. A cloud can be private or public. the cloud is the Internet. while high-level layers deal with the business logic of the program…. “Cloud computing is a general term for anything that involves delivering hosted services over the Internet.SDN RELEVANT TERMS: API.
” Data Center. the goal of cloud computing is to provide easy.” East/West. scalable access to computing resources and IT services . In the days of large. North/South Alignment. Figure 2. centralized IT operations. this department and all the systems resided in one physical place.public.“The data center is the department in an enterprise that houses and maintains back-end information technology (IT) systems and data stores—its mainframes. servers and databases. hence the name data center .” East/West alignment refers to the implementation of using SDN based controllers (network aware switches) that allows two network hosts to bypass the accessdistribution-core-distribution-access model (North/South) which routes its traffic directly to specific destination network hosts through the most efficient amount of network hops. As more East/West controllers are implemented in a network. Figure 2 illustrates how traffic can bypass the North/South alignment model to gauge and distribute traffic according to network proximity.North/South alignment refers to the current use of a typical Spanning Tree Protocol where traffic flows are “predominantly Server to LAN core to WAN Edge to Client . North/South Alignment and Proximity Alignment Models Page 9 .
Encapsulation. L2 information could be ‘recreated’ at the penultimate destination. encapsulation is a method of designing modular communication protocols in which logically separate functions in the network are abstracted from their underlying structures by inclusion or information hiding within higher level objects….“One of the key requirements of any fabric solution is that you present the source and destination with accurate L2 and L3 information about each other. VXLAN. In discussions of encapsulation. thereby sparing the rest of the Page 10 . A number of solutions are using this method. Encapsulation Sequence in the TCP/IP Protocol Stack Fabric Solution. and NVGRE to architect and ‘overlay network’ on top of your physical network.” Figure 3 illustrates how data is encapsulated with header information at each layer on the left as it is prepared for transmission and decapsulated at each layer after it reaches its destination device. including LISP. the more abstract layer is often called the upper layer protocol while the more specific layer is called the lower layer protocol .“In computer networking. With OpenFlow. Figure 3. The easiest way to do this today is to carry the L2/L3 headers all the way across the network using some form of tunneling.
In the OSI (Open Systems Interconnection) model. internetworking.” Figure 4. In the example below each switch is assigned a MAC address by the SDN controller. and eliminating the need for tunneling within a data center. congestion control and packet sequencing [for encapsulation to Layer 2]. known as virtual circuits. as well as addressing. error handling. creating logical paths. Because the controller knows the location of the source. for transmitting data from node to node. destination and every switch in between simple rules can be programmed to ensure the packet gets from Host-A to Host-B. without the aggregation switch (Switch-2 in this example) learning any host MAC addresses using MAC rewrite (which can be done in hardware at line rate) . Data Link Layer (L2) packets are encoded and decoded into bits Page 11 . Scalable OpenFlow Network MAC Based Routing L2.network from learning every MAC address. L3. the Network Layer (L3) “provides switching and routing technologies. Routing and forwarding are functions of this layer.
received and understood between Physical Layer (L1) components].[that can be transmitted. It furnishes transmission protocol knowledge and management and handles errors in the physical layer. Layers 2 & 3 are used most often when packets are in transit between the source and destination devices. The 7 Layers of the OSI Model Page 12 .” Figure 5 describes the 7 layers of the OSI model. Figure 5. flow control and frame synchronization . Layers 2 & 3 are identified in orange and red.
The Controller “is responsible for authenticating users and hosts.“Network virtualization decouples and isolates virtual networks from the underlying network hardware. by giving a remote controller the power to modify the behavior of network devices. switches. through a well-defined ‘forwarding instruction set…’ [through] routers. The OpenFlow Switch and Controller communicate via the OpenFlow protocol . and deciding who can connect to these services.” OpenFlow. such as packet-received. virtual switches. advertising services that are available. and get-stats….Network Virtualization. The topology is constructed on the basis Page 13 . while high-level routing decisions are moved to a separate controller. The controller keeps a complete view of the network topology so that it can compute routes. like server virtualization decouples and isolates virtual machines from the underlying server hardware.” “In a classical router or switch.” OpenFlow Controller. An OpenFlow Switch separates these two functions. modify-forwarding-table. It allows hosts to communicate by handing out capabilities [or ACLs (Access Control Lists)]… and will typically be physically replicated [to prevent a SPOF (Single Point of Failure)]….“OpenFlow helps automate the network for better support of mobile devices and mobile applications . the physical network is used only for packet forwarding and treated as an IP backplane. The data path portion still resides on the switch. typically a standard server…. the fast packet forwarding (data path) and the high level routing decisions (control path) occur on the same device. send-packet-out. Once virtualized. offering the same features and guarantees of a physical network. yet with the operational benefits and hardware independence of virtual machines . [The] OpenFlow [protocol] enables networks to evolve.A Controller is basically a network aware authentication server. and access points… [to perform router functions that] define messages. Virtual networks are then programmatically created and operate completely decoupled from the underlying hardware.
” OpenStack has a modular architecture that is a cloud computing fabric interface which is compatible with Amazon EC2 and Amazon S3 for many client applications written for Amazon Web Services. which can be thought of as simplified Ethernet switches.” RESTful API.“All packet forwarding is done by the switches. Switches forward packets along the encrypted source route carried in each packet. similar to the location VLANs occupy… using the symmetric keys (to switches and hosts) established by the authentication service . They also send link-state updates to the Controller so that it knows the network topology . “OpenStack helps set-up and configure key network elements in ways that don't require a lot of manpower . Capabilities are created… [and] encrypted in layers both to prove that they originated from the Controller and to hide topology. and an action (such as send-out-port. allowing for minimal porting effort and increased network efficiency. Programmability. Programmability generally refers to program logic (business rules).REpresentational State Transfer Application Programming Interface “facilitates the transactions between web servers by allowing loose coupling between different Page 14 . each flow table entry contains a set of packet fields to match. buttons and dialogs . but it also refers to designing the user interface which includes the choices of menus.” OpenFlow Switch. or drop) . Capabilities are included in a header in all data packets… between the Ethernet and IP headers.” “The data path of an OpenFlow Switch presents a clean flow table abstraction.of link-state updates generated by authenticated switches. modify-field.Programmability is “the capability within hardware and software to change and accept a new set of instructions which alters its behavior.” OpenStack.OpenStack was launched by NASA and Rackspace Hosting as an open source cloud initiative in July 2010.
real system. Interjecting virtualizing software between abstraction layers near the HW/SW interface forms a virtual machine that allows otherwise incompatible subsystems to work together. a computer) that executes programs like a physical machine . replication by virtualization enables more flexible and efficient and efficient use of hardware resources . Page 15 . or an I/O device.” Now that some of the key terms and ideas surrounding SDN have been presented and explained.e.SDK (Software Development Kit) is “a programming package that enables a programmer to develop applications for a specific platform.services while governing the proper behavior of participants….such as a processor.” Virtual Machine. and documentation . while others translate from one instruction set to another. Virtualizing a system or component. the next chapter will explore some basic concepts of SDN from a few well-known developers.” “A virtual machine can support individual processes or a complete system depending on the abstraction level where virtualization occurs.at a given abstraction level maps its interface and visible resources onto the interface and resources of an underlying. well-defined interface and other built-in capabilities provided by the chosen network protocol. Consequently. RESTful applications maximize the use of the existing. the real system appears as a different virtual system or even as multiple virtual systems. Some VMs support flexible hardware usage and software isolation.” SDK.A virtual machine (VM) is “a software implementation of a machine (i. memory. and minimize the addition of new application-specific features on top of it . possibly different. programming tools. Further. Typically an SDK includes one or more APIs.
We need to introduce a layer in the network that concentrates on the service delivery. The network perimeter was clearly defined and well-protected. The explosion of the cloud creates new opportunities and a new set of challenges.IRF (Intelligent Resilient Framework) can create a single control plane that manages multiple boxes or pieces of infrastructure as one device. The goal is to enable applications to remain ignorant of this distribution. to create a larger end-to-end control plane .” “We need to stop focusing on manual configuration of the infrastructure. the matching of those services to applications and the applications to users…. Two of Hewlett-Packard representatives reference SDN in these terms: “Traditionally. The University places SDN in this perspective: “In order to achieve the necessary scale and resilience. the network was largely set-and-forget. a fragmented security perimeter. Planning for growth in users and applications was met by over-provisioning the network.” Stanford’s OpenStack is an industry standard. the SDN stack must be distributed. The key here is to understand more fully the consistency requirements at each level of the SDN stack and employ the appropriate coordination techniques to provide that level of consistency. Networks must be faster and more flexible to support the needs of diverse mobile users. This next chapter will provide insight to the concept as a few of the developing industry leaders see it.CHAPTER 3: What Does SDN Mean to Some of the Core SDN Members? To better understand what SDN (Software Defined Networking) is and what it can do. and a constantly changing set of applications and devices . Virtualized Chasses. but to Page 16 . The infrastructure now needs to become automated. one configuration file. Network devices were configured individually and changes were few. one interface. it seems only fitting to see what the SDN pioneering experts think.
transforming the way we’ve built and operated networks for decades. or the ability both to automate network management and operations. or the ability to change and update packet forwarding and manipulation logic in real-time from outside the box (using something like OpenFlow). At Brocade. One of the exciting promises of cloud-based datacenter architectures is Page 17 . and to compose network services as a component of a larger service across compute. our SDN strategy is composed of three distinct elements: Network Virtualization.” Vyatta describes its implementation with the following statements: “Software-Defined Networking (SDN) allows you to design. SDN is fast becoming an important building block for public and private clouds.” Two Brocade references of SDN include: “Software-Defined Networking (SDN) is a new technology that provides the potential to change the game. The top reason to move to SDN. given by 52 percent of respondents.provide simple ‘design patterns’ that enable them to tolerate transient inconsistencies that arise  . The combination of these three things will break apart the traditional vertically-integrated network stack. enabling operators to efficiently use their network and operational resources to increase revenue from highly customized and ‘sticky’ services…. coupled with end-user-driven applications and needs. and networking. Programmable Networking.” “SDN has the potential to be an inflection point in networking. giving more choice to network operators and providing new platforms for innovation. since it enables direct programmatic control of the network. provision and scale Layer 2 (L2) networks to meet rapidly changing business needs…. It’s an exciting time to be in networking . was to simplify the way they provision and create network services and virtual networks—and to do so in ways that are not always possible with existing technologies . storage. Cloud Management. or the ability to create arbitrary L2 segments on top of an L2/3 transport layer.
Juniper’s vision for SDN includes bi-directional interaction between the network and applications and a real-time feedback loop to ensure an optimal outcome for all elements and a predictable experience for users. many in the networking industry are optimistic about the possibility of deep programmability of network infrastructures for quickly modifying network behavior and providing more sophisticated policy controls through rich applications .” Juniper also adds to the SDN conversation. More broadly.‘agility’ – the ability to quickly respond to business needs by deploying compute and storage capacity with a few mouse clicks.” Cisco has been apprehensive and oppositional about the potential of SDN in the past. stating that “SDN provides an abstracted. Although still in its infancy. Until today. there is a great deal of optimism that SDN will make networks more flexible. Emerging SDN products allow users to allocate groups of servers on-the-fly – an important advancement in the datacenter . considering that it has established much of the networking technology in use today. networking has been left behind – requiring a call to the networking team to reassign VLANs or even rack new gear and run cables – impairing the ability of IT to be responsive…. SDN is a loosely defined term in the industry. while greatly simplifying operational complexity… [that has] a broad vision around extending network capabilities and extracting greater intelligence from network traffic…. logical view of the network with externalized software-based control and reduced control points for better network control and simplified network operations. and cost-efficient. generally referring to the concept of programming network behavior and network devices through separation of control and data planes to optimize the performance of certain traffic patterns and use cases. Cisco now refers to SDN as “an evolutionary approach to network design and functionality based on the ability to programmatically modify the behavior of network devices. This Page 18 . dynamic.
OpenFlow is a protocol that defines an abstracted software interface that enables the programming of how packets are forwarded in a switched network.” Markets and Markets. and has the ability to select specific traffic paths . and management. industry consolidation is set to happen in the near future. the “online intersection of serious technology buyers.” TechTarget. a full service market research company. driving better adoption with concentrated messaging among enterprises. Some of SDN’s key attributes include a logically centralized control plane akin to the network operating system. In a softwaredefined network. The OpenFlow controller is a software application that ‘programs’ the network by being able to control the forwarding tables on network infrastructure. To implement SDN using VXLAN. While the SDN & network virtualization market currently stands at a nascent stage. In a conventional network.” has described SDN as “an emerging architecture that allows a server or controller to tell network switches where to send packets. each switch has proprietary software that tells it what to do. a feature that makes the technology financially attractive .capability is transparent allowing customers to augment their existing network infrastructures to be SDN-enabled . packet-moving decisions are centralized and network traffic flow can be programmed independently of individual switches and data center gear. targeted technical content and technology providers worldwide . ultimately resulting in significant cost savings that can be redirected to drive core business goals. administrators can use existing hardware and software.” “OpenFlow increases network functionality while lowering operating costs through simplified hardware. which in turn facilitates logical mapping of the network to control Page 19 . says that “Software Defined Networking (SDN) is a first of its kind networking concept that… directly helps communication providers to redirect network traffic and ease network congestion. software.
and/or reduce capital & operational costs . when an AP link state becomes congested or goes down. the Central Network Controller is notified and the network traffic is rerouted according to available paths and bandwidth well before the next hop. technologies.” SDNCentral’s Wiretap keeps a constant pulse on all things SDN and submits another succinct and brief definition: “Software-defined Networking… allows network operators more control of their infrastructure. Also. This feature essentially allows logical manipulation of a particular slice in the network. Software Defined Networking (SDN) also brings with it a pool of exclusive capabilities such as slicing and virtualization of underlying networks. which optimizes configuration implementation and eases network congestion. Figure 7 shows how the SDN-Powered Network separates the data plane and control plane of each packet so that the routing tables and link states are centralized.applications and services implemented over it. thereby increasing network flexibility . SDNCentral indicates how a Central Network Controller/Network Operating System can accurately and automatically simplify the global network configuration topology while monitoring and directing network traffic routing. products & services. These network services have the potential to drive new business models. These APs (Access Points) must constantly communicate with each other for routing tables and link states to realize a portion of the global network topology and forward its network traffic. Page 20 .” Figure 6 shows how each packet forwarding device maintains its own OS (Operating System) and acts independently of each other. after being manually and individually configured to do so. allowing customization and optimization that enables invention and delivery of new types of network services. With the comparison of Figures 6 & 7. yet duplicated in each AP which increases efficiency and optimization of the packet-forwarding hardware.
SDN-Powered Network SDN is most conceptually visible through the international organization of ONF (Open Networking Foundation). Today’s Networks Figure 7.Figure 6. “The ONF is a non-profit industry consortium that is leading the Page 21 .
and the underlying network infrastructure is abstracted from the applications. but the core of the idea has remained the same. network intelligence and state are logically centralized.advancement of SDN and standardizing critical elements of the SDN architecture such as the OpenFlow protocol. SDN encompasses the idea of: (1) an aware global network that is accomplished through duplicate programs. As a result. and network control. efficiently. that constantly update link states with each other while authenticating and encrypting data. . “Software defined by itself is meaningless. In the SDN architecture. OpenFlow is the first standard interface designed specifically for SDN. ” As this chapter demonstrates. which structures communication between the control and data planes of supported network devices. automation. and quickly through the controller’s current rule set. the ESG (Enterprise Strategy Group) offers why there is so much fascination with SDN. enabling them to build highly scalable. (2) switches that can interpret and direct network traffic appropriately. flexible networks that readily adapt to changing business needs. which are collectively referred to as an SDN Controller. (3) APIs that are customizable and interchangeable so that rapid deployment of updated services and configurations can be implemented to the controllers automatically within minutes Page 22 . granular traffic control across multiple vendors’ network devices…. providing high-performance. The ability to control the outcome is what matters – and you can’t control the outcome unless your underlying infrastructure is smart enough to adapt to changing requirements– to adapt appropriately to application demands. enterprises and carriers gain unprecedented programmability.” To put things into a clearer perspective. Defining application requirements and having infrastructure dynamically adapt to those requirements to guarantee service levels is what matters. there are many different perspectives and ideas about what SDN means and what it should do. the control and data planes are decoupled.
SDN refers to a network infrastructure where the network controllers are the authentication servers and routing protocol managers which optimize accurate and swift network performance for its switches and end user nodes.without the need to shut down productivity for network engineers to reconfigure network settings. Page 23 . Simply put.
Nick McKeown and Dan Boneh. and Michael Freedman . led a research team of Post-Graduate Stanford University students who worked tirelessly and relentlessly to develop “SANE [Secure Architecture for the Networked Enterprises]: An Idealized Network Architecture ” as a theory of implementation. Like SANE. flexible and robust architecture to include the “following significant differences: Security Follows Management. CA and in the thick of Silicon Valley) along with Scott Shenker. Aditya Akella.CHAPTER 4: Some Background of the OpenFlow Protocol and the ONF This chapter will focus on some of the earliest stages of SDN. The team of students for the SANE project of 2006 at Stanford consisted of “Martin Casado. along with the results of their pioneering ideas. Modified Policy Model. Also like SANE. Tal Garfinkel. experiments and implementations. and a Significant Deployment Experience…. the Controller imposes permission checks per-flow and has control over routes when granting access to communicate. and is declared over highlevel names. can restrict movement on the network. the policy is topology independent. Yet Ethane [was]… implemented in both software and hardware (special-purpose Gigabit Ethernet switches) and was deployed… within the Ethane network at Stanford. some of its most influential developers.” Ethane had built on the concepts of SANE over one year to achieve a more secure. and used to manage traffic from roughly 300 hosts for over 4 months . Today’s version of the OpenFlow protocol has come a long way over the past 6 years. Computer Science Professor at UC Berkeley.” Professors McKeown and Shenker continued to help shape the students’ progress at Stanford University as the network architecture of SANE became “Ethane: A Deployable Architecture . practical. Computer Science Professors at Stanford University (near Palo Alto. Flow-Based.” Ethane’s dedicated research Page 24 .
26 billion in July 2012 . While Nicira was enlisting additional talent to apply the technology in the virtual network realm. And. Nicira has recently sold their company to VMware for $1. also in 2007.” For example. They are both so extremely dedicated to delivering the promise of an OpenFlow network infrastructure that Big Switch Networks has contributed “their core controller platform. and Jianying Luo  ” in 2007.team at Stanford consisted of “Martin Casado. that is evidenced through the uniquely broad support of BSN large ecosystem of partners that are mutually committed to this Open SDN architecture. and Martin Casado (soon to become a Philosophy Ph. Interestingly enough. Professors McKeown and Shenker. which they named Nicira. Justin Pettit. Period . Appenzeller deeply participated with the OpenFlow infrastructure and transitioned to co-found BSN (Big Switch Networks) along with Kyle Forster in 2010. Guido Appenzeller.D. Dr. No other SDN vendor is as committed to embracing an Open SDN architecture. Michael Freedman. Page 25 . took over the development of Ethane to OpenFlow while being a Stanford University Professor and researcher in 2008. the financial giants Goldman Sachs and Fidelity Investments are investors in BSN and customers of the BSN infrastructure products . to the open source community with an Apache open source license [to encourage widespread app development]…. As a result of the successful innovation and trial run that Ethane accomplished. Appenzeller had helped Google founders Larry Page and Sergey Brin write their business plan back when all three of them were attending Stanford University in 1998 . Floodlight. An open and standards-based architecture provides our customers and partners assurance that our platform will always remain independent and open. Dr. another Stanford graduate. graduate) proceeded to create their own networking company. As the overseer of OpenFlow development during his tenure.
” Figure 8 highlights a few key individuals and companies of SDN and shows the progression of SDN from its roots to the OpenFlow protocol and Open Networking Foundation.After Casado’s departure from Stanford in December 2007. Figure 8. ONRC’s current research toward a modern SDN stack “effort involves three separate thrusts: abstractions. McKeown and Shenker. have continued to develop a sustainable model with additional features like the NOX OpenFlow controller. and debugging . research. and results toward an all-inclusive SDN global revolution in much the same way TCP/IP had accomplished decades earlier. the developing POX OpenFlow controller. and the OpenFlow message forwarding specification. Evolution of SDN/OpenFlow Page 26 . creating a Stanford team and a UC Berkeley team  to assure scientifically fresh OpenFlow Networking concepts. distribution. through the efforts of Stanford University and UC Berkeley students. Professors McKeown and Shenker continued to collaborate with their respective university’s faculty and students to eventually form the ONRC (Open Network Research Center). perspectives.
and whether they result in harmful loops or deadends . For instance. where control programs with a global network view have them compute their desired configuration as a function of this view. [and a] test harness [that] allows users to investigate how the system responds to different network event streams… [while] detecting whether the inconsistencies that are found by the correspondence checker are transient or long-lived. which is still in development.Three key abstractions have been identified as “core to a modern SDN stack: a Global network view. while applications are shielded from the details of the fabric internals during transit. Forwarding.” The final thrust of debugging. the specification abstraction should provide each tenant’s application with a view of their abstract network . and Specification. allowing fabric vendors to incorporate a variety of innovations that are not supported in the canonical OpenFlow model. in a multitenant network.” The ONRC is Page 27 . will “provide tools to validate the SDN stack… that detects when physical switch configurations produce behaviors that are inconsistent with the high-level configurations specified by the control program… requiring… a correspondence checker [that] verifies [SDN stack configuration and behavior consistency]… specified by the control program. providing a ‘fabric’ interface for end-to-end control supported only at the edge of the fabric. where applications need provide only the minimal amount of information required to specify their desires.” The next thrust of distribution focuses on understanding “more fully the consistency requirements at each level of the SDN stack and employ the appropriate coordination techniques to provide that level of consistency with the goal of enabling applications to remain ignorant of this distribution. causing the control programs to be we tuned to the ‘eventual consistency’ model that most controllers adopt. allowing for an ‘abstract’ view of the network to applications. but to provide simple ‘design patterns’ that enable them to tolerate transient inconsistencies that arise .
facebook. among other SDN objectives . as it is predicted to be a “major trend”  in cloud computing next year. Microsoft. and users. Google. both hardware.” Figure 9 includes a list of international and regional ONF membership which currently has over 80 members worldwide.currently working on developing a POX OpenFlow controller. The OpenFlow protocol is the first standard interface specifically designed for SDN and is already being deployed in a variety of networks and networking products. As SDN and OpenFlow started to come into its own on the international stage between 2010 and 2011.and software-based. and a version of SDN MPLS and VPN traffic. services. Current ONF Board Members Current ONF Members Page 28 . The ONF membership list is sure to grow next year as SDN gains traction in the enterprise sector. ONF (the Open Network Foundation) “was launched in 2011 by Deutsche Telekom. Verizon. and Yahoo! ONF is dedicated to rethinking networking. and quickly and collaboratively bringing to market SDN standards and solutions. applications. customers. The standard enables networks to evolve by giving logically centralized control software the power to modify the behavior of network devices through a well-defined ‘forwarding instruction set’ . ONF is accelerating the delivery and commercialization of SDN and fostering a vibrant market of products. wireless and mobile device SDN traffic.
and the international support of OpenFlow by the ONF. its open-sourced OpenFlow Protocol.Figure 9. revolutionize the way networking is done within an organization. Page 29 . it is clear that SDN continues to gain an overwhelming influence in the networking community and could quite possibly. Current ONF Membership With so much momentum behind the idea of SDN. the extremely successful spin-off start-ups by its original developers.
vendor specific SDN based architecture and protocol implementations of OpenFlow have begun to flourish as well as the ONF (Open Network Foundation). a few very notable players are mentioned in this chapter. Figure 10. HP has been a firm original supporter of and champion for SDN architecture while also being a strong player in its implementation from SDN’s start during 2007’s Ethane version.CHAPTER 5: A Few Current SDN Industry Models and Implementations So many top IT hardware and software corporations as well as their enterprise business customers have realized the potential benefits of SDN to publicly endorse and support it over the last 2-5 years that many unique. HP’s Longstanding Commitment to OpenFlow Technology Page 30 . While this is by no means a complete list of SDN vendors or products. Figure 10 below illustrates HP’s long-standing commitment to an SDN transition and era.
HP has released at least 25 OpenFlow-enabled switches and applications  in what they call VANs (Virtual Application Networks) within their FlexNetwork Architecture  that encompasses an entire business’ WANs (Wide Area Networks) and LANs (Local Area Networks). and their SDN compatible switches.from the corporate headquarters to each campus and branch office’s end devices. Figure 11. The Control Plane represents the SDN Controller programs that provide the authentication and packet forwarding direction rule set while the VANs are the customizable APIs that enhance the network abstraction and ACL (Access Control List) granularity of specific services available throughout each FlexBranch and the FlexCampus. The FlexBranch represents each LAN (Local Area Network) office department end node while the FlexCampus represents an organization’s MAN (Metropolitan Area Network) and WAN (Wide Area Network). HP’s FlexNetwork Architecture Page 31 . The FlexFabric represents the different layers of resources and services available to each FlexBranch throughout the organization’s FlexCampus. Figure 11 illustrates how SDN is implemented according to their terminology.
“Vyatta provides many of the advantages of SDN today…. and the Fabric Manager. vPlane provides the ability to massively scale the router’s data plane while Page 32 . Figure 12. which was recently acquired in July 2012. cloud resources. the Fabric Director and Fabric Accelerator are both software-defined links between two resources that dynamically connect VMs and servers to networks. has a line of products that includes the Fabric Director. Through their vPlane technology.Oracle’s Xsigo. the Fabric Accelerator. In Figure 12. storage and other VMs through Xsigo’s Private Virtual Interconnect while the Fabric Manager is the SDN Controller  . Oracle’s Xsigo Product Overview Vyatta has developed their vPlane technology which is a distributed L3 forwarding plane that that runs in a VM and is architecturally separate from Vyatta’s Network OS network controller. By separating control and forwarding planes instead of having them in one integrated piece of hardware.
streaming mobile video.preparing for a central controller in the future . Vyatta’s SDN-Based Network Operating System LineRate is able to showcase increasing automation. and the internet-of-things all using HTTP (TCP port 80) as their underlying transport . Figure 13 illustrates LineRate’s focus on their API and Controller upper layers services.” Figure 12 showcases Vyatta’s Network OS Controller capabilities.” LineRate’s LROS is their network operating system SDN Controller. This explosive growth of data traffic is driven by the rapid adoption of smartphones. Figure 12. granularity and agility through a “dynamic traffic management and steering ” customizable API product for the upper L4-L7+ that is a called LineRate Proxy. Page 33 . “The volume of traffic steerable only by Layer 7+ (application) inspection is rapidly approaching 95% of all data.
LineRate Proxy’s L4-7 Services NEC has also been a longstanding player “as the first major commercial vendor to provide comprehensive OpenFlow based solutions . NEC exhibits some of the benefits associated with using an SDN controlled network in their IP address conference hosting product. Figure 14. that more than doubles their capacity for distributing their IP addresses among their clients. Genesis. NEC Client Genesis Hosting Solutions Customer Capacity Page 34 .Figure 13.” In Figure 14.
2012 with Plexxi LightRail switches. and customizable Workload and Network APIs. Plexxi Controller programs that identify network traffic relationships based on “Affinities ”. BNC manages and maintains the underlying network topology and state. Massachusetts and saturated with MIT graduates. Their BNC (Big Network Controller) is the network application platform Controller on top of which other SDN APIs can automate and granulate specific network services. has developed a fully capable SDN line and recently came out of stealth on December 5. Plexxi Control Primary Functions Big Switch Networks has recently rolled out a new product line that is currently implemented within some of the largest data centers in the world like financial giants Fidelity Investments and Goldman Sachs.Plexxi. “Big Virtual Switch is a data center network virtualization Page 35 . Figure 15. Figure 15 gives some depth into the capabilities of Plexxi Control in the virtual networking realm. and it provides programmable interfaces for northbound applications to make forwarding decisions. BVS (Big Virtual Switch) and BT (Big Tap) are Big Switch’s SDN APIs that are available for customer deployment. a company located in Cambridge.
application that dynamically provisions Virtual Network Segments associated with cloud workloads to make the data center network as agile and flexible as cloud workloads. Figure 16. Big Switch Network’s Product Suite. & BT Page 36 .” Figure 16 presents another view at how SDN technology is orchestrated and implemented through the Big Switch Networks products. BVS. Big Tap is a network monitoring application that delivers ubiquitous and continuous network visibility utilizing standard OpenFlow-enabled Ethernet switches .BNC.
The time it takes to deploy secure applications in the cloud goes from weeks to minutes and the process goes from manual to automatic. which started the ball rolling for SDN. NVP (Network Virtualization Platform). specifically within the major hypervisor virtual networks. each of which maintains its own address space.’ Virtual networks allow workload mobility across subnets and availability zones while maintaining L2 adjacency. like physical servers. has their own complete SDN lineup. scalable multi-tenant isolation and the ability to repurpose physical infrastructure on demand. IP fabric that can be provided by any hardware vendor . becomes a shared pool of network capacity that can be consumed and repurposed on demand.” Figure 17 gives another interesting SDN perspective by illustrating how Nicira’s interchangeable SDN based network architecture looks. “NVP allows the programmatic creation of isolated virtual networks.” OVSs (Open vSwitches).” and an SDN API solution. that are “software designed for remote control and operate in server hypervisors . Page 37 . rack-once-wire-once. a simple to manage. Decoupling virtual networks from the physical network dramatically reduces the complexity of the physical network. and other higher-level network services . QoS.” “Virtualizing the network ‘changes the laws of network physics. The physical network. security configurations. including: a Controller Cluster that “exposes a RESTful web services API and defines virtual networks . statistics counters.VMware’s Nicira.
it was clear that this was the way to go. “Their Internet-facing network was already the second largest network in the world at the end of 2010. Urs Holzle of Google said. That’s BIG.Figure 17. But once we looked at OpenFlow. Why invent your own if you don’t have to? ” Holzle announced OpenFlow success within its global WAN (Wide Area Network) during ONS reporting that “the transition from traditional to Page 38 . it’s very plausible that Google’s backend. Nicira’s Network Virtualization Platform Google is a founding member of ONF and has intensively been conducting SDN research and implementation since 2010. but their backend network is even BIGGER than that. Thus. “We were already going down that path. inter-datacenter network is the BIGGEST network in the world. and it’s 100% SDN/OpenFlow! ” At the ONS (Open Network Summit) April 2012 keynote address. working on an inferior way of doing softwaredefined networking. accounting for somewhere between 6-10% of all Internet traffic.
” Figure 18 shows over a dozen of Google’s disclosed global WAN sites.OpenFlow networks was nearly seamless and they encountered far fewer challenges than expected. Much of what made this possible was the ability to very easily simulate backbonescale network environments virtually. at which point the old network created new adjacencies and discovered what appeared to the legacy network simply as new routers. allowing a graceful migration as they simply started steering flows over to the new network . illustrating the daunting challenges Google must have faced during the early phases of their transitional SDN WAN process. including the ability to mirror production event streams in testing environments. Figure 18.” “The process to transition from the old to the new network was essentially to bring the new network up. which allowed Google to identify and fix all the bugs in advance . Google’s 100% OpenFlow Software Defined WAN Page 39 .
switches. Some were sets of Controllers. while others focused more on user interfaces. and APIs. When Google updates or creates a new service. OpenFlow moves the control functions to servers. while others had Controllers and switches and still others had Controllers and APIs. millions of backup copies of user Gmail) from one place to another. but it faces difficulties in traffic engineering.“The internal backbone… has wild swings in demand — it is ‘bursty’ rather than steady. it wants it available worldwide in a timely fashion — and it wants to be able to predict accurately how quickly the process will take…. No matter what the focus was. Some were more focused on virtual databases and cloud infrastructures. Often Google has to move many petabytes of data (indexes of the entire web. efficiency and flexibility .” This chapter presented many vendor technology and applications of SDN-based architecture. they all use network traffic abstraction to simplify the provisioning and management of network services toward the extremely efficient flow of a network’s resources with decisive success. allowing for more complexity. Google found an answer in OpenFlow [which]… gives network operators a dramatically increased level of control by separating the two functions of networking equipment: packet switching and management. Google is in control of scheduling internal traffic. Page 40 .
Even more valid and important points of concern regarding emerging SDN-based architecture and implementation have been made by Charles Crawford. SDN Controllers and APIs are duplicated throughout a network’s infrastructure to establish a global network topology and update link states. A skeptic of SDN and likely a network engineer comments and questions the validity SDN as a viable replacement to the way networks are handled today and asks if SDN has a central point of failure. automating service delivery thereby possibly reducing human error…. and what mechanisms SDN employs to keep the network safer from internal and external accidental and malicious attacks. means nothing to for its applicability to the WAN…. addressing BYOD. if not the biggest WAN in the world. Just because this runs in datacenters and between datacenters (LAN).CHAPTER 6: Some Concerns. “Will there be a central point of control?. You don’t just come along with vague nonsense of how it all will be replaced with SDN because some supposed super genius says the Internet is now Obsolete….. NCira aren’t going to be replacing us Network engineers…. Google has already proved SDN’s worth on one of the biggest.. Mr. appropriately matching service and security levels to the user and service being consumed. Cautions and Security Risks of SDNs This chapter will confront some of the security concerns regarding the still developing SDN-based architecture. I would not trust any system that tries to put all the ‘brains’ into one vulnerable SPOF [Single Point Of Failure] . which is now acclaimed as North America’s largest information security provider. delivering enhanced services to users while addressing mobility concerns. explore the validity of the concerns. Also. What happens to our compliance regarding areas like PCI.” First of all. Crawford reminds his audience that security risk management “examples abound: NAC (Network Access Control)-type solutions. CISO of FishNet Security. SOX or HIPAA? Page 41 .
Again. we need to look at how they apply in wherever we are applying this new technology and then look at possible new risks. The AAA (authentication. What is the business objective that we are trying to accomplish? Are we aligned properly from a technical perspective to be successful? What benefit does SDN provide to our environment? Let’s not forget the various ISO standards we have become familiar with. since this really can be seen as a core foundation for SDN to work in a practical environment. there are new risks. After all. it is Page 42 . TOGAF [The Open Group Architecture Framework for developing an enterprise architecture] comes to mind as a great place to start. these standards are completely applicable. ISO 27001.… Identity Management and SIEM. if a user requests a service that triggers the controller to create a route and cause packets to traverse that route. access. Let’s not recreate the wheel. With the introduction of possible new services. “What this means is provisioning. auto policy creation. “It’s most important that we don’t forget all of the lessons learned and hard work everyone has done to put together standards and frameworks. That part of security has not changed with the onset of SDN…. ” Many more business and compliance issues are also raised. QoS. As such. quality and service management. finally. there is COBIT. accountability. 9001 and 20000 all helped us address security. arguably even more so in the new SDN environments. authorization and accounting) of security comes into play once again. And. processes and even services we can now deliver and how well we can deliver them.What about our firewalls? Is the security model of defense in-depth gone? Where do we start?  ” The FishNet Security CISO then mentions the network engineer’s satisfactory user experience as an important concern. you want to ensure the user is authorized to do so and that your environment can account for that activity. the governance of our environment. authorization.
For instance. With proper logging and authorization in place. a firewall would no longer be seen as a barrier to admins and users alike.” FireMon’s President Gary Fish echoes FishNet’s CISO by spelling out some crucial points of access into an SDN with “the need for security professionals to consider three components when it comes to using OpenFlow help secure the network: (1) Enterprise-wide monitoring: A model of the complete. This allows us to implement security controls in processes that have normally been human-initiated. we have a new opportunity with SDN to deliver services to our users in a more transparent and agile way. What if we can have firewall rules created dynamically based on user roles? The ACLs can be provisioned and deprovisioned on the fly and logged based on user or service roles and access rights.” All of these issues presented by FishNet and Page 43 . again without having to reintroduce security barriers. Thin client. VDI and other virtual ways to deliver to services can also be taken advantage of in this new SDN era. The decision engine will grant or reject access based on the current threats and potential impact of the new access. we have a way to implement security like never before. we can actually have better accountability of what happened and better troubleshooting tools if something goes wrong .much like we had in our existing security and technology architectures . and (3) Open APIs: Open APIs are central to the concepts behind SDN and are critical for systems joining the SDN ecosystem . With this opportunity. but while integrating security through the service delivery aspect.” “At the core.important we have proper oversight. (2) Real-time. current network security infrastructure forms the basis for providing immediate results regarding the impact of a new access path. Automation is a huge opportunity with SDN. risk-based decision engine: Granting access through the network will be a risk-based decision. especially running multiple firewalls with different rule sets.
NEC. efficiency and even security of that network. Assuming they are on their way. two months later in April 2012.Firemon highlight the need to plan how to secure and manage network risk while meeting industry and government compliance regulations to network operators before asking for budgets to deploy an SDN and OpenFlow-based infrastructure. That’s the key. Provided that network risk and compliance issues are planned for. This excerpt from an article was written in February 2012: “By separating the control plane from the data plane. some practical and working solutions will be presented. Next. from vendors such as IBM. at the Second ONS (Open Network Summit) attendants experienced a shell-shock of excitement when the keynote speaker representing Google announced that it had been using 100% SDN starting in early 2010 for its internal WAN backbone with nearly 100% utilization!  This news is particularly exciting when considering that the industry standard is between 30 and 40 percent network utilization a reasonable payload . the myth that OpenFlow is not secure enough for production can be dispelled like Google has done. which essentially removes and then centralizes the “brains” from the “muscle” of the network. Commercially available solutions that enable you to realize the potential of SDN are simply not there yet. Nicira. Big Switch. it’s important to think through some of the security implications of this new architecture  . optimize and prioritize traffic. HP. and scale services or capacity up or down with just a few clicks. As mentioned in the preceding chapter. met and implemented on the current network architecture. you can quickly make changes to improve the speed. and still unknown/unannounced players.” Many concerns. that is in theory. without the transition being noticed by Google staff or its Page 44 . issues and cautions have been raised up to this point. reliability. so you can define and distribute loads. You control the network’s layout and flow.
all have to be coordinated carefully in order to ensure no leakage .000 virtual workloads. Holzle [of Google] reasoned that a single router being compromised in a backbone is already disastrous. Figure 19. Consider a datacenter that has 500 servers. The problem is a traditional distributed network has so many ‘doors’ to secure. So many different protocols.000 attributes. Figure 19 illustrates the daunting and tedious tasks network engineers currently have manually configuring each workload. as is the current practice.” So many doors to secure in a traditional network. and most of those doors need to be secured with manual inputs throughout each network. that equals 10. decoupled control plane can actually be made more secure than a traditional distributed network. which equals 50. so many different layers. If these CLs are entered manually. that equals 250. Big Switch Networks makes the following assertions based on Google’s SDN WAN implementation announcement: “A centralized.outside networks. Each of those interfaces have 5 network attributes. If each of those attributes require 5 lines of CLI (Command Line Interface).000 lines of CLs to update and manage the network. and each of those servers have 20 virtualized workloads. So Many Doors to Secure in a Medium/Large and/or Distributed Network Page 45 . the odds of error are statistically challenging and could take weeks to months to implement after the idea and approval has been given. so many different devices.
and risks associated with network security as it relates to current practices. The distributed switches themselves now have only one protocol or ‘door’ to secure – the OpenFlow protocol.we have a lot of expertise in hardening/securing those. SDN and OpenFlow offer a decoupled control plane that has far fewer nodes to secure. and subnetwork. LAN. the SDN/OpenFlow network can be made more secure and can be maintained as more secure than a traditional network . gives SDN a network security pass with an exclamation point! Page 46 . This chapter presented many of the concerns.” Since SDN’s Controllers can dynamically assign network attributes with authentication. issues. typing. and correcting code to make mundane to important changes to individual nodes or entire networks. The best part is that SDN Controllers and open APIs can manage and update network attributes in minutes through automated “intelligence” given through an OpenFlow implementation. and agile granularity because an awareness of the entire network infrastructure. troubleshooting. So in the end. and they’re effectively server nodes. as opposed to weeks or months of manually locating each interface.“On the other hand. and through Google’s WAN being 100% OpenFlow for months before giving the announcement in April. it stands to reason in theory and in fact that the SDN-based architecture and technology does improve the security and compliance features which are chosen and established for each WAN. These nodes are not in the data plane. encryption.
IDC acclaims to be “the premier global provider of market intelligence. TechWorld publications as well as more than 700 technology-related events. tracking more than 10 industries. Business Models.” IDC is directly affiliated with CIO. This intelligence database comprising of about 400 reports a year. M&M published similar findings in their “SDN and Network Virtualization MarketGlobal Advancements. Although IDC does not sell or publish a detailed description of their SDN marketing predictions. locating marketing predictions regarding SDN technology is scarcely available. NetworkWorld. Forecasts & Analysis (20122017) ” June 2012 report which consists of 219 pages. InfoWorld. ComputerWorld. Technology Roadmap. advisory services. Two sources were found that are reputed to have very reliable predictions. “Founded in 2001. and events for the information technology. PCWorld. telecommunications and consumer technology markets .Chapter 7: Marketing Predictions Surrounding SDNs This chapter examines the potential impact SDN will have in the marketing sector over the next five years. will form one of the world's largest business intelligence resources worldwide . MacWorld. full-length reports a year. it was quoted in May 2012 as forecasting the SDN market to be worth $2billion annually by 2016 while the worldwide cloud services revenue will reach $73billion annually in 2016 . strategically analyzed. GamePro.” Page 47 .the IDC (International Data Corporation and M&M (Markets&Markets). Since SDN and OpenFlow have only recently gained traction in the public sector with the launching of the Open Networking Foundation and its Open Network Summits as of 2011. CSO. M&M is a full service market research company and consulting firm that produces 400 high-level.
10 billion in 2017. including “SDN is a Solution Sell. Software Defined Networking is expected to become highly pervasive across telecom and enterprise networks…. Plexxi and Vyatta. and CAPEX (Capital Expenditure). there is obviously a lot of money trading hands to make sure the electronics in use today and tomorrow work appropriately which can effectively and efficiently communicate with each other in years/decades to come. LineRate. all these SDN upstarts like Big Switch Networks. Revolutionizing Network Utilization.43% from 2012 to 2017 . or there is some very powerful sustainability in the promise and execution of the SDN and OpenFlow architecture for today’s business. a sold out conference for next year’s Open Networking Summit in April. Transitioning for Competitive Advantage. This represents a CAGR (Compound Annual Growth Rate) of 60. the global SDN market is estimated to grow from $198 million in 2012 to $2. [and] Venture Capital Funding . BYOD (Bring-Your-Own-Device). either SDN is just an awful lot of hype with some very ridiculous jokes being played. SDN Inevitable. At the same time. With Google successfully hiding the fact that they had internally become SDN over an 18 month period.650 for a single user license of the M&M report. academic and consumer worlds! M&M’s subsidiary.26bn. SDN Overcomes the ‘Rip and Replace’ Strategy. and the dire need for reduction in carrier and data center OPEX (Operating Expenditure). In terms of revenue. opportunities in controller applications and VARs (ValueAdded Resellers) will benefit the growth in this market.” “Over the next five years. Not a Box Sell. Early Standardization. R&R (Reports & Reports) lists a table of contents that spells out some compelling components.” M&M describes in their summary page that the “major forces driving the SDN market include the need for mobility.At $4. Software Defined Networking (SDN) is a Page 48 . Brocade acquiring Vyatta and Oracle acquiring Xsigo. VMware’s acquisition of Nicira for $1.
hence reducing their overall capital and operational costs . SDN promises to give more infrastructural control to data centers and network operators. ultimately resulting in significant cost savings that can be redirected to drive core business goals. technology.first of its kind networking concept that has picked up significant market traction over the last year. and customizable implementations develop and become much more of a networking household name within the large/medium enterprise and business industries.” This chapter found two research firms that did independent market analyses regarding SDN and concluded that the SDN market is estimated to reach over $2billion between 20162017 as the architecture. driving better adoption with concentrated messaging among enterprises…. industry consolidation is set to happen in the near future. Page 49 . While the SDN & network virtualization market currently stands at a nascent stage. by allowing enhanced optimization and customization. The technology directly helps communication providers to redirect network traffic and ease network congestion.
where an application just has to guess by probing. Casado mentions “I actually think the real Nirvana. Nicira co-founder and “father of SDN. Then we filter traffic through these choke points with the operation we've configured. and we configure them at these choke points. it will be consumed. Network World’s Art Fewell talked with Martin Casado. And if there is available bandwidth. and you actually build Page 50 . and all of the policy states in the networks.and a lot of these are imposed by choke points that are put in place because we have to configure the networks by hand. and information isn't available so the applications have to get at it. the Shangri-La. applications want to communicate and they'll pop up and they'll start communicating.” “The worst is where we are right now. Today we kind of have the worst of both worlds.CHAPTER 8: Implications of SDN for the Immediate and Distant Future “Game Changing” is a phrase that has been used by many developers and distributors to describe the doubling of efficiency ratings that SDN technology brings to the table. The network is often partitioned or has bottlenecks . we have issues with them. But I think the best is when the applications don't worry about it at all. They would just worry about communicating and not somehow degrading their performance. In an August 2012 conversation style interview. I think that the way that we get to this perfect place is if you remove all of the manual configuration states. If I could have my wish. is for the applications to be totally oblivious to the network. This chapter will explore the potential and the possibilities that the SDN role has to play in today’s and tomorrow’s information age. we have networks that are over-subscribed.” Mr. So because we have the substandard fabric. So I think that we will see the industry moving from worst towards best . I think a little bit better than that is to get more information from the network so the application actually has some real visibility. I would be like.
You look at the problem.” [Jason] Matlof [of Big Switch Networks] said.” “The point [to the idea of SDN and OpenFlow] is to make networking a peer of the open computing environment. just like computing. you build up your physical network in a way that is redundant. just like the mobile world. national and international corporations are actively looking for a new virtual. SDN allows networks to be a lot more flexible and customizable. As a platform that encourages open source application development and implementation. connectivity. and what you can do now . fast. that doesn't have choke points.” The idea of customizable APIs on top of customizable SDN Controllers allows for a similar transformation for networking. the business community is now ready. and access from each end device to each individual network’s resources that continue to overload today’s networks and their related security policies. Like a hermit crab that has outgrown its shell. regional. affordable and customizable throughout the IPv6 transition. “Look back five years at what you could and couldn’t do with a smartphone. as well as the exhaustion of IPv4 addresses. and then you have many less problems to worry about in the physical network. authentication. Page 51 . secure. OpenFlow’s timing could not have been better. software driven home to grow healthy in. Then you should have pretty much whole cross-sectional bandwidth no matter where the communication goes . and will allow companies to build their own custom applications to manage their networks in ways they see most fitting for what they need to do. and almost desperate. for a way to transition into a larger and deeper scale information age that can granularly handle the plethora of devices which require encryption. SDN and OpenFlow has proven to be replicable while ensuring that user capabilities and services will remain accurate. With the explosion of virtualization and mobile computing.good fabrics.
Page 52 . SDN Metaphors. discussion venues. which is a metaphor of the conventional and stationary networking practices of the 1970s compared to the growth of today’s network devices and their traffic. Figures 20 & 21 revisit that metaphor to include SDNs. ultimately revolutionizing network utilization and becoming inevitable. deliberate. Figures 20 & 21.SDN has already proven itself worthy in many networks. Recall the first figure from the Abstract where the large hermit crab had to cram its midsection into a bottle top home. and debate arenas. leaving most of the rest of its body exposed to the elements and predators.Tiny Crab in Big Shell and Happy Harry in LegoHome It seems clear that the future for Software Defined Networking will evolve gradually over the next 5-10 years from being standards-driven to become a function of software development. efficient and more robust resource and user environment. SDN optimizes many aspects of the CIA and AAA triads along with optimizing network resources efficiently and automatically. which allows a network to grow in a much safer. which heightens network security features dynamically and intentionally.
” March 2011. “Abstraction (computer science). “API. http://en.” 2012.techtarget. “Meet Big Switch. https://www. September 1995. New York. http://www.” Crossroads.html  Wikipedia. Greg.ietf. http://searchcloudcomputing. “Sebastian Thrun: Google’s driverless car.webopedia.opennetworking.pdfs.com/northboundapi-southbound-api-eastnorth-lan-navigation-in-an-openflow-world-and-an-sdn-compass/ Page 53 .org/html/draft-davie-stt-01  Webopedia.webopedia. http://www. 2012.sdncentral.com/sdn-technologies/  Internet Engineering Task Force.” 2012.com/it-glossary/data-center/  Ferro.techtarget. “The Internet's History and Development: From Wartime Tool to FishCam.com/TERM/V/VLAN.org/internet/internet-51/history-internet/brief-history-internet  Open Network Foundation. al. 2-4. “Cloud Computing. 2012. “Northbound API. “A Stateless Transport Tunneling Protocol for Network Virtualization (STT) draft-davie-stt-01.” March 2012.” October 2012. NY. http://www.ted.com/20121113/meet-big-switch-the-company-thatwants-to-help-you-rebuild-your-network/#  Thrun. and webpages were retrieved between September and November 2012.com/talks/sebastian_thrun_google_s_driverless_car. “VXLAN (Virtual Extensible LAN).org/images/stories/downloads/whitepapers/wp-sdn-newnorm.” 2012. http://www.CHAPTER 9: Bibliography All documents.” 2012. “Software Defined Networking Technologies. Southbound API.  Appenzeller. http://etherealmind. “Brief History of the Internet.” 2012. “Software-Defined Networking: The New Norm for Networks. pp. Sebastian. .html  Ruthfield. http://tools.com/definition/VXLAN  Webopedia.” Pages 7-8. “VLAN. Scott.org/wiki/Abstraction_%28computer_science%29  Margaret Rouse. http://www.  Cerf.LAN Navigation in an OpenFlow World and an SDN Compass. November 2012.” December 2010.com/TERM/A/API. Volume 2 Issue 1.wikipedia. http://www.” November 2012. http://allthingsd. Stan. Guido.pdf  SDNCentral.com/definition/cloud-computing  Gartner.internetsociety. Vint et.html  Gibilisco. April. the Company That Wants to Help You Rebuild Your Network. http://whatis. East/North. “Data Center.gartner.” August 21.
” November 2012.” 2012.” Page 4.aspx  Open Networking Foundation. “Mark Pearson. “SDK.” November 2012.wikipedia. Mark. http://encyclopedia2. http://en. “Intro to OpenFlow.networkworld. 2012. “The Architecture of Virtual Machines.webopedia.asp  Nicira. http://www.edu/~casado/sane.html Page 54 .” May 2005.” Page 9. 2012. http://virtualnow.ieee.org/xpl/articleDetails.” @4:30 & @6:50.org/standards/intro-to-openflow  Casado.stanford. August 2006. http://onrc.webopedia. 2012. “Encapsulation (networking).” November 23.” April.thefreedictionary. http://www.com/en/networkvirtualization-platform  Extreme Networks. Dan. http://www. HP Networking. http://solutioncenters. “Modern SDN Stack. Hong Kong.org/wiki/Representational_state_transfer  Webopedia. Wikipedia.com/solutions/datacenter_sdn.extremenetworks. “Virtual Machine. OpenFlow. “The 7 Layers of the OSI Model.” 2012.wikipedia.com/programmability  Wikipedia.com/TERM/S/SDK.” 2012.wikipedia. SDN and the Road Ahead. April 2012. http://www. “Representational State Transfer.edu/research_modern_sdn_stack.stanford. http://en. “Building a Scalable OpenFlow Network with MAC Based Routing.org/wiki/Virtual_machine  Smith. “Network Virtualization Platform.com/data_center_challenge_2012/  Pearson.sdncentral.pdf  Farlex. The Evolution of the Programmable Network. http://nicira. Robin.jsp?arnumber=1430629  Layland. Martin.html  Wikipedia. “OpenStack.” 2011.org/wiki/Encapsulation_%28networking%29  Hersey. http://yuba.E. J.opennetworking. http://en. https://www.” November 2012.” 2012.” 2012. Keynotes at NetEvents.com/sdn-videos/  Open Networking Research Center. “SANE: A Protection Architecture for Enterprise Networks. http://ieeexplore.com/quick_ref/OSI_Layers. “The 2012 Data Center Switching Challenge. “Programmability.net/2012/04/23/building-a-scalable-openflow-network-with-mac-basedrouting/  Webopedia.
http://www.com/archives/2012/12/06/plexxi-launchesa-smarter-software-defined-networking-system/  Casado.edu/~casado/sane. “Brocade’s Keith Stewart on OpenFlow and SDN-Featured Interview.com/en/US/prod/collateral/iosswrel/content/white_paper_c11-707978.html  Palmer.sdncentral.edu/~casado/mcthesis.pdf  Casado. “Vyatta and the Software Defined Network. “SDN and Network Virtualization Market.opennetworking.” 2012.” June.” Page 2.org/images/stories/downloads/white-papers/wp-sdn-newnorm.pdf  Chua. http://www.stanford.cisco.” September 2012. http://yuba. December 2007. “Plexxi Launches a Smarter Approach to SDN Networking. April 2012.vyatta. October 2012. “Software Defined Networking. http://www. “Cisco Open Network Environment: Network Programmability and Virtual Network Overlays.” 2012. Martin.net/content/jdn/en/learn/technologies/openflow.” page 1.html  TechTarget.” December 6. http://forums. Forecasts & Analysis (2012-2017). Technology Roadmap.brocade. “The Business Case for Software Defined Networking. August 2007.stanford.” Page 1. 2006.techtarget. https://developer. “About Tech Target.” Pages 13. 2012. Business Models. “Ethane: Taking Control of the Enterprise.net/t5/Data-Center-Directions-Michael/Juniper-s-Vision-for-SDN-EnablesNetwork-Innovation/ba-p/146972  Juniper Networks. “The Revolution of Software Defined Networks. “Juniper’s Vision for SDN Enables Network Innovation. Roy. Brocade. Matt.pdf Page 55 .edu/~casado/ethane-sigcomm07.” Page 2. Martin et al. “SANE: A Protection Architecture for Enterprise Networks.pdf  Leonard.sdncentral.” June.stanford.Global Advancements. “OpenFlow. “Architectural Support for Security Management of Enterprise networks. http://yuba.juniper. 2012. http://www.” Page 3.juniper.com/download-slides-from-the-revolution-of-software-defined-networks/  Open Networking Foundation. http://www.com/downloads/documents/white_papers/business-case-for-sdn-wp. https://www. Michael.marketsandmarkets. 2012.” 2012. http://www. http://yuba. Martin et al.pdf  Data Center Knowledge.com/learn/vyatta-and-software-defined-networks  Cisco. August 2012.com/sdn-blog/brocade-keith-stewart-interview/2012/09/  Vyatta. June 2012. http://www.36-38. August.pdf  Casado. http://www.com/Market-Reports/software-defined-networking-sdn-market655.datacenterknowledge. The New Norm for Networks.com/#5  Markets and Markets.” Page 1.
” http://onrc. “Hybrid Clouds. Christine. September 2012.” November 2012.edu/research_modern_sdn_stack. http://www. “A Brief History: OpenFlow. “About.” December 7. Big Data. Cade. Extends Oracle’s Virtualization Capabilities with Leading Software-Defined Networking Technology for Cloud Environments.html Open Network Research Center. “Google Foretells Big Switch to Networks of the Future. “LineRate for Service Providers.opennetworking.com/t5/HP-Networking/A-brief-history-OpenFlowSDNs-and-Virtual-Application-Networks/ba-p/122091  Oracle. Steve. http://www.” November 2012. “Modern SDN Stack.” 2012.bigswitch. Jim. “Research Projects. http://www. Metz.com/company/overview  Open Network Research Center.wired.stanford. Cloud Brokers.” 2012. SDN Predicted to be the Major Trends in Cloud Computing in 2013. “LineRate Software Defined Network Services. http://www. “People.www3.com/learn/road-to-SDN  LineRate Systems.computerworld. SDNs and Virtual Application Networks.” http://onrc.org/about  Burns.com/  LineRate Systems.” November 2012.in/feature/2013-year-hybrid-cloud-49392012  Duffy.com/wiredenterprise/2012/11/big-switch/  Big Switch Networks. “OpenFlow Startup Takes Aim at Cisco.” September 2012.com/us/corporate/acquisitions/xsigo/general-presentation-1720526.hp.edu/people. http://www. “Transforming Networking with Open SDN. https://www. http://www.” 2012.” http://onrc. “VMware Pays $1.pdf  Vyatta. Cade.edu/research. “Oracle Buys Xsigo. http://lineratesystems.html  Open Network Research Center.networkworld.html?page=1  Brar.26B for the Future of Networking. http://www.com/products-solutions/for-service-providers/ Page 56 .stanford.” July 2012. http://h30507. “The Road to Software-Defined Networking. November 2012.com/wiredenterprise/2012/07/vmware-buys-nicira/  Metz.wired.” Bottom of page.stanford. http://lineratesystems.html  Open Networking Foundation.” Page 5.oracle.com/news/2012/111312-bigswitch-openflow-264198.vyatta. 2012.
marketsandmarkets. Fewell.sdncentral.com/company/overview  Baldonado.” November 2012.enterprisenetworkingplanet. http://www.html Page 57 . http://www.sdncentral.wired. TX Market Research Company and Consulting Firm. “About IDC.idc. 2012.” April 2012. Steven. “Don’t let SDN just be Security Defined Networking!!!” October 2012. http://www.” 2012. Art.sdncentral. http://www. Matthew. “OpenFlow MythBusting by Google.” Comment Section: April.wired. http://www. http://www.” page 1. “Featured Topic: FireMon Heats up SDN Security with OpenFlow Security Management.com/wiredenterprise/2012/04/going-with-the-flowgoogle/all/  Kerner. “Going With the Flow: Google’s Secret Switch to the Next Wave of Networking.” April.bigswitch.” April 2012. http://www.” 2010. http://www.networkworld.wired. April 2012.bigswitch.” October 2012. http://www. part 1.com/datacenter/idc-sdn-a-2-billion-market-by-2016. “Google Showcases OpenFlow Network. Charles.UMZ1_3eTuX1  Markets and Markets. “Open Networking Summit 2012 Day 1 Recap.com/guest-blog-posts/dont-let-sdn-just-be-security-definednetworking/2012/10/  Palmer.com/wiredenterprise/2012/04/going-with-the-flowgoogle/all/  Fewell. Thomas. http://www. http://www.com/community/blog/open-networking-summit-2012-day-1-recappart-1  Plexxi. 2012.com/register-for-sdn-security-white-paper/  Levy. 2012.” December 2012.com/community/blog/google-pwns-networking-part-1?page=0%2C1  Casey. Steven.networkworld. http://www. “Going With the Flow: Google’s Secret Switch to the Next Wave of Networking.html  IDC Corporate USA. Sean.com/AboutUs-8. “ICD: SDN a $2 Billion Market by 2016.” May 9.” April. http://www.com/about/about. Omar. “The Product: Plexxi Control.com/wiredenterprise/2012/04/google-andnicira/  Crawford.” Page 2. February 2012.plexxi. Art.jsp#. “Dallas. “The Big Switch Networks Product Suite. “Vanishing Webpage Links Google to Network Maverick Nicira.com/sdn-blog/firemon-heats-upsdn-security-with-openflow-security-management/2012/10/  “Security Implications of Software-Defined Networks.com/#product  Big Switch Networks. 2012. http://www.com/blog/2012/04/30/openflow-mythbusting-by-google  Levy.
Southbound API.” April.com/info/primer/prim05. [Figure 1] Petit.reportsnreports. Art. http://www.sdncentral. http://www. the Company That Wants to Help You Rebuild Your Network.novell.com/community/blog/day-vmware-ate-cisco-part-2-deep-dive-niciraco-founder-and-father-sdn-martin-casado?page=0%2C0  Matlof. Dan.pdf Page 58 . “SDN and Network Virtualization Market.LAN Navigation in an OpenFlow World and an SDN Compass.html [Figures 6-8] Palmer. http://allthingsd. 2012.” 2012. http://www. 2009.stumbleupon.networkworld. October 2012.html  Fewell.” August 21.com/su/2uxT5a/laughingsquid. Forecasts & Analysis (2012-2017). 2012. http://etherealmind. “Network Model Illustration. “Northbound API. Business Models. http://www. “Novell’s Networking Primer. “Project Shellter: Can the Maker Bot Community Save Hermit Crabs?” October 2011.Global Advancements.com/20121113/meet-big-switch-the-company-thatwants-to-help-you-rebuild-your-network/# Bibliography: Figures All figures and pictures were retrieved between September and December 2012.com/wpcontent/uploads/2012/10/201210109_vLAB.com/northboundapi-southbound-api-eastnorth-lan-navigation-in-an-openflow-world-and-an-sdn-compass/ [Figure 3] The-Network Model Housebrooks. “Meet Big Switch. Reports and Reports. http://www. 2012.” June.network-model.info/2009/07/network-model-osi-model.” July. http://virtualnow. http://www. Martin Casado.” August 2012.” Slides 6-8. Jason.html [Figure 4] Hersey. “The Day VMware ate Cisco part 2: A Deep Dive with Nicira Co-Founder and the Father of SDN. Bre.” November 2012.net/2012/04/23/building-a-scalable-openflow-network-with-macbased-routing/ [Figure 6] Novell.com/reports/166733-software-defined-networking-sdn-and-networkvirtualization-market-global-advancements-business-models-technology-roadmap-forecastsanalysis-2012-2017. Matt. Technology Roadmap. “SDNCentral: The Independent Community for Network Virtualization. “Building a Scalable OpenFlow Network with MAC Based Routing. East/North. Greg.com/project-shellter-3dprinting-shells-to-ease-hermit-crab-shell-shortage/ [Figure 2] Ferro.
http://h30507.” April 2012. John. LineRate Proxy. “Open Networking Summit 2012 Day 1 Recap.” 2012. http://www.” April 2012. Art. Keynotes at NetEvents. “Open Networking Summit 2012 Day 1 Recap. “A Tiny Hermit Crab Close-up. part 1. SDNs and Virtual Application Networks. “Bricks and Water: Lego Loving Crab Nabs a Plush Pad in His Pond. http://twistedsifter. http://www.com/our-first-software-defined-networkservices-product-linerate-proxy-replaces-proprietary-hardware/ [Figure 14] NEC.” September 2012. 2012. “Oracle Buys Xsigo.com/community/blog/open-networking-summit-2012-day-1-recappart-1 [Figure 19] Big Switch Networks.opennetworking. http://lineratesystems.” @12:30.com/2012/10/tiny-hermit-crab-close-up-macro/ [Figure 21] Sheils. http://www.plexxi. on Flickr via imsozzy on Reddit via TwistedSifter.networkworld. replaces Proprietary Hardware.” April 2012.networkworld.sdncentral. 2012. Conor.mirror. http://www.bigswitch.com/t5/HP-Networking/A-brief-history-OpenFlowSDNs-and-Virtual-Application-Networks/ba-p/122091 [Figure 12] Oracle. “Networking.com/community/blog/open-networking-summit-2012-day-1-recappart-1 [Figure 15] Plexxi.org/membership/members [Figure 10] Pearson.” 2012.” April. “Our First SDN Services Product.com/wpcontent/themes/plexxi/assets/pdf/Plexxi_Affinity_Networking_Solution_Brief_Dec_2012.pdf [Figure 16] Big Switch Networks. http://nicira.hp. “Products: The Open SDN Product Suite. 2012.www3. Extends Oracle’s Virtualization Capabilities with Leading Software-Defined Networking Technology for Cloud Environments. September 2012.com/products [Figure 17] Nicira.com/sdn-videos/ [Figure 11] Brar.co.uk/news/weird-news/harry-the-crab-moves-into-a-lego-pad779461 Page 59 .” Page 5.com/en/networkvirtualization-platform [Figure 18] Fewell. “Network Virtualization Platform.” 2012.com/us/corporate/acquisitions/xsigo/general-presentation1720526.oracle.” December. part 1. http://www.[Figure 9] Open Networking Foundation.” https://www. http://www.bigswitch. http://www. “OpenFlow MythBusting by Google. “Members. http://www. April 2012.” 2008. Steve.pdf [Figure 13] Giacomoni. Mark.com/blog/2012/04/30/openflow-mythbusting-by-google [Figure 20] sleepychinchilla. “A Brief History: OpenFlow. “Affinity Networking for Data Centers and Clouds Solutions Overview.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.