ASSIGNMENT

ON

SOFTWARE DEFINED NETWORKING (SDN)

Submitted By
Rosemelyne Wartde
(20MTechIT02)
MTech IT 2nd Semester
Subject: Advanced Computer Network (IT A02)

Department of Information Technology

School of Technology
North-Eastern Hill University, Shillong-22
April - July 2021
 Software Defined Networking (SDN)

1. Introduction

Software Defined Networking (SDN) is an architectural approach that

optimizes and simplifies network operations by more closely binding the interaction (i.e.,
provisioning, messaging, and alarming) among applications and network services and devices,
whether they be real or virtualized. It often is achieved by employing a point of logically
centralized network control which is often realized as an SDN controller which then
orchestrates, mediates, and facilitates communication between applications wishing to interact
with network elements and network elements wishing to convey information to those
applications. The controller then exposes and abstracts network functions and operations via
modern, application-friendly and bidirectional programmatic interfaces.
Software-defined, software-driven, and programmable networks come with a rich and
complex set of historical lineage, challenges, and a variety of solutions to those problems. It is
the success of the technologies that preceded software-defined, software-driven, and
programmable networks that makes advancing technology based on those things possible. The
fact of the matter is that most of the world’snetworks—includingthe Internet operate on the basis
of IP, BGP,MPLS, andEthernet.
Virtualization technology today is based on the technologies started by VMware and
continues to be the basis on which it and other products are based. Network attached storage
enjoys a similarly rich history.I2RS has a similar future ahead of it insofar as solving the
problems of network, compute, and storage virtualization as well as those of the
programmability, accessibility, location, and relocation of the applications that execute within
these hyper virtualized environments.

1.1. Basic Concepts of SDN

Open Networking Foundation (ONF) is a user-driven organization dedicated to the
promotion and adoption of SDN through open standards development. ONF white paper in
2012 defined the concept of SDN and its standard protocol OpenFlow. It pointed out the three
goals of SDN:

1) Demonstrate the generality of SDN architecture and its ability to enable innovation;.

2) Enable large scale experiment with campus production networks.

3) Enable multiple concurrent experiments using slicing and virtualization on the same
physical SDN infrastructure.

DEPARTMENT OF INFORMATION TECHNOLOGY, NEHU, SHILLONG-22 Page 1

 Software Defined Networking (SDN)

2. SDN Architecture
Software Defined Networking is a new architecture that has been designed to enable
more agile and cost-effective networks. The Open Networking Foundation (ONF) [6] is
taking the lead in SDN standardization, and has defined an SDN architecture model as
depicted in Figure 2.1.

Fig. 2.1: Software Defined Networking Architecture

The SDN architecture consists of three distinct layers that are accessible through open APIs:

 The Application Layer: consists of the end-user business applications that consume
the SDN communications services. The boundary between the Application Layer and
the Control Layer is traversed by the northbound API.

 The Control Layer: provides the consolidated control functionality that supervises
the network forwarding behavior through an open interface.

 The Infrastructure Layer: consists of the network elements (NE) and devices that
provide packet switching and forwarding.

DEPARTMENT OF INFORMATION TECHNOLOGY, NEHU, SHILLONG-22 Page 2

 Software Defined Networking (SDN)

According to this model, an SDN architecture is characterized by three key attributes:

1) Logically centralized intelligence: In an SDN architecture, network control is

distributed from forwarding using a standardized southbound interface: OpenFlow. By
centralizing network intelligence, decision-making is facilitated based on a global (or
domain) view of the network, as opposed to today’s networks, which are built on an
autonomous system view where nodes are unaware of the overall state of the network.

2) Programmability: SDN networks are inherently controlled by software functionality,

which may be provided by vendors or the network operators themselves. Such
programmability enables the management paradigm to be replaced by automation,
influenced by rapid adoption of the cloud. By providing open APIs for applications to
interact with the network, SDN networks can achieve unprecedented innovation and
differentiation.

3) Abstraction: In an SDN network, the business applications that consume SDN services
are abstracted from the underlying network technologies. Network devices are also
abstracted from the SDN Control Layer to ensure portability and future- proofing of
investments in network services, the network software resident in the Control Layer

2.1. Application Program Interfaces (APIs)

To communicate between these layers, SDN uses northbound and southbound

application program interfaces (APIs) where the northbound API communicates between the
application and the control layers and the southbound API communicates between the
infrastructure and control layers.

 Northbound APIs: Applications using an SDN rely on the controller to tell them what
the status of the network infrastructure is so that they can know what resources are
available. Additionally, the SDN controller can automatically ensure application traffic
is routed according to policies established by network administrators. The applications
talk to the control layer via the northbound APIs and tell the layer what resources the
applications need, and their destination. The control layer orchestrates how the
applications are given the resources available in the network. It also uses its intelligence
to find the optimal path for the application in the context of its latency and security

DEPARTMENT OF INFORMATION TECHNOLOGY, NEHU, SHILLONG-22 Page 3

 Software Defined Networking (SDN)

needs. Northbound APIs are often RESTful APIs. Orchestration is automated and not
manually configured.

 Southbound APIs: The SDN controller communicates with the network infrastructure,
such as routers and switches, through southbound APIs. The network infrastructure is
told what path the application data must take as decided by the controller. In real time,
the controller can change how the routers and switches are moving data. The data no
longer relies on the devices and routing tables to determine where the data goes.
Instead, the controller’s intelligence makes informed decisions that optimize the data’s
path.

2.2. SDN Controllers

An SDN controller is the software that provides a centralized view of and control over
the entire network. Network administrators use the controller to govern how the underlying
infrastructure’s forwarding plane should handle the traffic. The controller is also used to
enforce policies that dictate network behaviour. Network administrators establish policies that
are uniformly applied to multiple nodes in the network. Network policies are rules that are
applied to traffic that determines what level of access it has to the network, how much resources
it is allowed, or what priority it is assigned. Having a centralized view of the network and the
policies in place makes for simpler management of the network that is more uniform and
consistent.

2.3. OpenFlow

SDN (Software-Defined Networking) technology is generating huge interest in

networking industry due to its ability to add higher agility and scalability for networks. At the
core of the SDN technology is the OpenFlow protocol, and SDN with OpenFlow switch
promises flexibility and fast configuration of communication networks.

OpenFlow is a network communications protocol that gives access to the data plane
of a network switch or router. It operates on Ethernet switches, with an internal flow-table and
a standardized interface to add and remove flow entries. Figure below illustrates a simplified
OpenFlow Switch.

DEPARTMENT OF INFORMATION TECHNOLOGY, NEHU, SHILLONG-22 Page 4

 Software Defined Networking (SDN)

Fig. 2.2: OpenFlow Switch Design

An OpenFlow switch supports three functionalities: flow table operations, a secure

channel and the OpenFlow protocol.

1. Flow table: OpenFlow matches and processes network packets through user-defined or
preset rules, which constitute the OpenFlow flow table. Instead of the usual IP quintuple
routing entry, each flow table entry consists of three elements, namely the header field, action,
and stats. Packets are matched by their header fields and then processed in accordance with the
action (also named instructions) in the flow entry. Stats indicate the network status, including
priority, counters, timeouts, cookie and other fields. Since each field of the header can be used
for pattern matching, network operators can implement flow control in various granularities.
For example, if the operator wants to manipulate the packets with specific destination IP, a
wildcard can be used for all fields except the field of destination IP. In order to support various
OpenFlow functions, the size of the flow table could grow quickly. Borrowing from the concept
of multi-level page table in memory management, OpenFlow pipeline technology is used in
updated OpenFlow standard to save storage space.

2. Secure Channel: A secure channel is used to connect controllers to switches. All secure
channels must comply with the OpenFlow protocol. Controllers can configure and manage
switches, which receive event notifications and forward packets.

3. OpenFlow Protocol: the OpenFlow protocol supports three types of messages: controller-
to-switch message, asynchronous message and symmetric message. Each message has multiple
sub message types. Controller-to-switch messages are initiated by the controller to manage or

DEPARTMENT OF INFORMATION TECHNOLOGY, NEHU, SHILLONG-22 Page 5

 Software Defined Networking (SDN)

query switches. Asynchronous messages are initiated by the switch to send the network events
or switch state changes to the controller. Symmetric messages can be initiated by the switch or
controller, including echo requests, echo replies, and keep-alive messages to help checking
latency, measuring bandwidth or verifying network availability between the controller and the
switch.

When a packet arrives at a switch, the switch inspects if there is a flow entry (named
rule in the rest of the paper) in the flow table that matches the header fields of the packet. If so,
the packet will be forwarded based on the matched rule. Otherwise, the switch generates an
asynchronous message to the controller. The controller passes the message to the appropriate
control application(s) as an event based on programmed policies. The applications process the
event and send back a message with actions if necessary.

An OpenFlow-enabled switch is a traditional switch with added flow table, security

channel and OpenFlow protocol supports.

2.4. SDN Benefits

SDN offers a centralized, programmable network that can dynamically provision
network resources so as to address the changing needs of businesses. It also provides the
following technical and business benefits:

 Direct programmability: SDN network policy is directly programmable because the

control functions are decoupled from forwarding functions, which enables the network
to be programmatically configured by proprietary or open source automation tools,
including OpenStack, Puppet, Salt, Ansible, and Chef.

 Centralized management: Network intelligence is logically centralized in SDN

controller software that maintains a global view of the network, which appears to
applications and SDN network policy engines as a single, logical switch.

 Reduced capex: SDN potentially limits the need to purchase purpose-built, ASIC-
based networking hardware, and instead supports pay-as-you-grow models with its
scaling capabilities. Most switches on the market support SDN capabilities and
software like OpenFlow (an SDN communications protocol). Whether it is in a data
centre or other network, if the infrastructure contains switches with SDN capabilities,

DEPARTMENT OF INFORMATION TECHNOLOGY, NEHU, SHILLONG-22 Page 6

 Software Defined Networking (SDN)

they simply need to have the option activated. A massive truck roll is not needed to rip
and replace the infrastructure.

 Reduced opex: The ability to automate the updates to the network’s software means
there is no need to rip and replace the whole infrastructure when business needs or
network demand necessitate a change. Additionally, policies can be uniformly spread
network wide, reducing the chance for human error when updating the network.
Automation takes over the monotonous tasks from network administrators and
operators, which reduces the overall network management time.

 Agility and flexibility: SDN can help organizations rapidly deploy new applications,
services, and infrastructure to quickly meet changing business goals and objectives
because whenever something new is created, a simple update deploys it network-wide.

3. The Influence of SDN on Networking Technology

The virtualization wave that SDN has been a part of is continuing to move forward.
Vendors and their offerings that have learned from SDN and NFV principles are growing in
number. SD-WAN, SD-branch, Secure Access Service Edge (SASE), and the cloud are all
examples of this. In 5G networks, the control of the network core is centralized, like in SDN.
The cloud also uses centralized control and policies learned from SDN.

3.1 Compared to NFV

NFV is a network architecture which aims to accelerate service deployment for
network operators and reduce cost by separating functions like firewall or encryption from
dedicated hardware and moving them to virtual servers, collapsing various functions into a
physical server, which ultimately reduces overall cost. NFV allows various network operators
to implement network policy without being taken care of where to place functions in network
and how to route traffic through these functions.

SDN separates the control and data planes to enable centralized control, allow
automation, and to create a programmable network. Essentially, NFV virtualizes the
components of the network and SDN centralizes the control of those components. While SDN
and NFV are not dependent on each other, combined, they take a traditional networking
approach and replace it with one where software operates, manages, and secures everything.

DEPARTMENT OF INFORMATION TECHNOLOGY, NEHU, SHILLONG-22 Page 7

 Software Defined Networking (SDN)

Table 3.1. Comparison between SDN and NFV

Software Defined Networking (SDN) Network Functions Virtualization (NFV)

1. SDN architecture mainly focuses on data 1. NFV is targeted at service providers or

centers operators

2. SDN separates control plane and data 2. NFV helps service providers or operators
forwarding plane by centralizing control to virtualize functions like load balancing,
and programmability of network. routing, and policy management by
transferring network functions from
dedicated appliances to virtual servers.

3. SDN uses OpenFlow as a communication 3. There is no protocol determined yet for

protocol NFV.

4. SDN supports Open Networking 4. NFV is driven by ETSI NFV Working

Foundation. group.

5. Various enterprise networking software 5. Telecom service providers or operators

and hardware vendors are initiative are prime initiative supporters of NFV.
supporters of SDN.

6. Corporate IT act as a Business initiator 6. Service providers or operators act as a

for SDN. Business initiator for NFV.

7. SDN applications run on industry- 7. NFV applications run on industry-

standard servers or switches. standard servers.

8. SDN reduces cost of network because 8. NFV increases scalability and agility as
now there is no need of expensive switches well as speed up time-to-market as it
and routers. dynamically allot hardware a level of
capacity to network functions needed at a
particular time.
9. Application of SDN: 9. Application of NFV:
 Networking  Routers, firewalls, gateways
 Cloud orchestration  WAN accelerators
 SLA assurance
 Video Servers
 Content Delivery Networks (CDN)

DEPARTMENT OF INFORMATION TECHNOLOGY, NEHU, SHILLONG-22 Page 8

 Software Defined Networking (SDN)

4. Security Issues in SDN

4.1 Network Security Challenges

IT infrastructure is rapidly moving to the cloud, creating a dramatic technology shift in

the data center. This shift has significantly influenced user behavior: end users now expect
anytime, anywhere access to all their data. Additionally, network operations are being
transformed from operator-intensive management towards greater automation.

The data center of the future is emerging as a highly virtualized environment that must
address a diverse set of user needs, including anytime, anywhere access to their data, the
consumerization of IT (BYOD) and increased reliance on cloud services. Security concerns are
consistently identified as a major barrier to this data center transformation. While protecting
user data is of paramount importance, mobility and virtualization pose new threats that must
be understood and secured.

4.2 Threat model

The proposed distributed control security methods seeks to provide robust

protection against both insider threats (authenticated network equipment), and outsider
threats (end hosts or an unauthenticated network equipment). We also assume that an
attacker might be able to use different points within the same network to charge his attack.

4.3 Security Requirements/Goals

The main goals and requirements of the proposed security methods are as follows:

1) Allowing the transfer of flow table entries form one network equipment to another,in a
way that prevents any malicious user form obtaining any information related to that flow
entry or disclosing its contents. And thus preventing any malicious user from obtaining
any knowledge about the network or its operation or control.
2) Enabling a smooth operation of the distributed control of SDN. This requires, the
security methods to be able to protect the distributed control’s protocol, so that no
attack could be charged to jeopardize the operation of the SDN’s distributed
behavior.
3) Protecting the whole SDN network from any attack that might use the distributed

DEPARTMENT OF INFORMATION TECHNOLOGY, NEHU, SHILLONG-22 Page 9

 Software Defined Networking (SDN)

control to affect the normal operation of the SDN. The importance of this requirement
is obvious, since the original design of the centralized (central controller to any
equipment) the OpenFlow is secured by using Transport Layer Security (TLS). And
thus, any propose to extend the centralized control model must be able to maintain the
security of the whole network.

5. Research Directions of SDN

Currently SDN has been deployed in campus network, enterprise data centers (such as
Google) and even some carrier networks. The adoption of SDN accelerates in recent years.
The idea of separating control and data plane is not new, but there are inherent reasons for
such network architecture to be deployed. First of all, the mass-production of multi-core
technology not only lowers the cost of network equipment, but also enable the option to utilize
general-purpose CPU for network policy computation and packet forwarding. Secondly, the
growing number of heterogeneous networks (IPv6, optical networks, wireless) with different
functions requires flexible network devices for interoperability. Thirdly, the booming of
virtualization and cloud computing has raised new demands in network management,
including flow monitoring as well as traffic scheduling. With the open and standard features
from SDN, applications can fully utilize the network processing power, monitor network
status precisely, and automatically manage network operations to meet the current network
trends of mobility and virtualization.

6. Conclusion
Providing future Internet with technologies that enable it to play its role is extremely
important. Because of that, many researchers are studying technologies to be the future Internet
enabling technologies. SDN is one of the candidate future Internet technologies, as it provides
compelling functionalities that enable smarter applications to be built. However, there have
been many concerns regarding its scalability; as well as of its key enabler OpenFlow, especially,
due to its dependence on a central controller. And thus, many efforts were done to overcome this
problem.

DEPARTMENT OF INFORMATION TECHNOLOGY, NEHU, SHILLONG-22 Page 10

Reference:

1) https://silo.tips/download/1-introduction-securing-the-sdn
2) https://en.wikipedia.org/wiki/Software-defined_networking
3) https://www.sdxcentral.com/networking/sdn/definitions/what-the-definition-of-
software-defined-networking-sdn/
4) https://www.cisco.com/c/en/us/solutions/software-defined-networking/overview.html
5) https://www.geeksforgeeks.org/difference-between-sdn-and-nfv/
6) https://www.researchgate.net/publication/284019515_A_survey_on_software_defined
_networking_and_its_applications

**********************************************************************************