Professional Documents
Culture Documents
ON
Submitted By
Rosemelyne Wartde
(20MTechIT02)
MTech IT 2nd Semester
Subject: Advanced Computer Network (IT A02)
1. Introduction
1) Demonstrate the generality of SDN architecture and its ability to enable innovation;.
3) Enable multiple concurrent experiments using slicing and virtualization on the same
physical SDN infrastructure.
2. SDN Architecture
Software Defined Networking is a new architecture that has been designed to enable
more agile and cost-effective networks. The Open Networking Foundation (ONF) [6] is
taking the lead in SDN standardization, and has defined an SDN architecture model as
depicted in Figure 2.1.
The SDN architecture consists of three distinct layers that are accessible through open APIs:
The Application Layer: consists of the end-user business applications that consume
the SDN communications services. The boundary between the Application Layer and
the Control Layer is traversed by the northbound API.
The Control Layer: provides the consolidated control functionality that supervises
the network forwarding behavior through an open interface.
The Infrastructure Layer: consists of the network elements (NE) and devices that
provide packet switching and forwarding.
3) Abstraction: In an SDN network, the business applications that consume SDN services
are abstracted from the underlying network technologies. Network devices are also
abstracted from the SDN Control Layer to ensure portability and future- proofing of
investments in network services, the network software resident in the Control Layer
Northbound APIs: Applications using an SDN rely on the controller to tell them what
the status of the network infrastructure is so that they can know what resources are
available. Additionally, the SDN controller can automatically ensure application traffic
is routed according to policies established by network administrators. The applications
talk to the control layer via the northbound APIs and tell the layer what resources the
applications need, and their destination. The control layer orchestrates how the
applications are given the resources available in the network. It also uses its intelligence
to find the optimal path for the application in the context of its latency and security
needs. Northbound APIs are often RESTful APIs. Orchestration is automated and not
manually configured.
Southbound APIs: The SDN controller communicates with the network infrastructure,
such as routers and switches, through southbound APIs. The network infrastructure is
told what path the application data must take as decided by the controller. In real time,
the controller can change how the routers and switches are moving data. The data no
longer relies on the devices and routing tables to determine where the data goes.
Instead, the controller’s intelligence makes informed decisions that optimize the data’s
path.
2.3. OpenFlow
OpenFlow is a network communications protocol that gives access to the data plane
of a network switch or router. It operates on Ethernet switches, with an internal flow-table and
a standardized interface to add and remove flow entries. Figure below illustrates a simplified
OpenFlow Switch.
1. Flow table: OpenFlow matches and processes network packets through user-defined or
preset rules, which constitute the OpenFlow flow table. Instead of the usual IP quintuple
routing entry, each flow table entry consists of three elements, namely the header field, action,
and stats. Packets are matched by their header fields and then processed in accordance with the
action (also named instructions) in the flow entry. Stats indicate the network status, including
priority, counters, timeouts, cookie and other fields. Since each field of the header can be used
for pattern matching, network operators can implement flow control in various granularities.
For example, if the operator wants to manipulate the packets with specific destination IP, a
wildcard can be used for all fields except the field of destination IP. In order to support various
OpenFlow functions, the size of the flow table could grow quickly. Borrowing from the concept
of multi-level page table in memory management, OpenFlow pipeline technology is used in
updated OpenFlow standard to save storage space.
2. Secure Channel: A secure channel is used to connect controllers to switches. All secure
channels must comply with the OpenFlow protocol. Controllers can configure and manage
switches, which receive event notifications and forward packets.
3. OpenFlow Protocol: the OpenFlow protocol supports three types of messages: controller-
to-switch message, asynchronous message and symmetric message. Each message has multiple
sub message types. Controller-to-switch messages are initiated by the controller to manage or
query switches. Asynchronous messages are initiated by the switch to send the network events
or switch state changes to the controller. Symmetric messages can be initiated by the switch or
controller, including echo requests, echo replies, and keep-alive messages to help checking
latency, measuring bandwidth or verifying network availability between the controller and the
switch.
When a packet arrives at a switch, the switch inspects if there is a flow entry (named
rule in the rest of the paper) in the flow table that matches the header fields of the packet. If so,
the packet will be forwarded based on the matched rule. Otherwise, the switch generates an
asynchronous message to the controller. The controller passes the message to the appropriate
control application(s) as an event based on programmed policies. The applications process the
event and send back a message with actions if necessary.
Reduced capex: SDN potentially limits the need to purchase purpose-built, ASIC-
based networking hardware, and instead supports pay-as-you-grow models with its
scaling capabilities. Most switches on the market support SDN capabilities and
software like OpenFlow (an SDN communications protocol). Whether it is in a data
centre or other network, if the infrastructure contains switches with SDN capabilities,
they simply need to have the option activated. A massive truck roll is not needed to rip
and replace the infrastructure.
Reduced opex: The ability to automate the updates to the network’s software means
there is no need to rip and replace the whole infrastructure when business needs or
network demand necessitate a change. Additionally, policies can be uniformly spread
network wide, reducing the chance for human error when updating the network.
Automation takes over the monotonous tasks from network administrators and
operators, which reduces the overall network management time.
Agility and flexibility: SDN can help organizations rapidly deploy new applications,
services, and infrastructure to quickly meet changing business goals and objectives
because whenever something new is created, a simple update deploys it network-wide.
SDN separates the control and data planes to enable centralized control, allow
automation, and to create a programmable network. Essentially, NFV virtualizes the
components of the network and SDN centralizes the control of those components. While SDN
and NFV are not dependent on each other, combined, they take a traditional networking
approach and replace it with one where software operates, manages, and secures everything.
2. SDN separates control plane and data 2. NFV helps service providers or operators
forwarding plane by centralizing control to virtualize functions like load balancing,
and programmability of network. routing, and policy management by
transferring network functions from
dedicated appliances to virtual servers.
8. SDN reduces cost of network because 8. NFV increases scalability and agility as
now there is no need of expensive switches well as speed up time-to-market as it
and routers. dynamically allot hardware a level of
capacity to network functions needed at a
particular time.
9. Application of SDN: 9. Application of NFV:
Networking Routers, firewalls, gateways
Cloud orchestration WAN accelerators
SLA assurance
Video Servers
Content Delivery Networks (CDN)
The data center of the future is emerging as a highly virtualized environment that must
address a diverse set of user needs, including anytime, anywhere access to their data, the
consumerization of IT (BYOD) and increased reliance on cloud services. Security concerns are
consistently identified as a major barrier to this data center transformation. While protecting
user data is of paramount importance, mobility and virtualization pose new threats that must
be understood and secured.
The main goals and requirements of the proposed security methods are as follows:
1) Allowing the transfer of flow table entries form one network equipment to another,in a
way that prevents any malicious user form obtaining any information related to that flow
entry or disclosing its contents. And thus preventing any malicious user from obtaining
any knowledge about the network or its operation or control.
2) Enabling a smooth operation of the distributed control of SDN. This requires, the
security methods to be able to protect the distributed control’s protocol, so that no
attack could be charged to jeopardize the operation of the SDN’s distributed
behavior.
3) Protecting the whole SDN network from any attack that might use the distributed
control to affect the normal operation of the SDN. The importance of this requirement
is obvious, since the original design of the centralized (central controller to any
equipment) the OpenFlow is secured by using Transport Layer Security (TLS). And
thus, any propose to extend the centralized control model must be able to maintain the
security of the whole network.
6. Conclusion
Providing future Internet with technologies that enable it to play its role is extremely
important. Because of that, many researchers are studying technologies to be the future Internet
enabling technologies. SDN is one of the candidate future Internet technologies, as it provides
compelling functionalities that enable smarter applications to be built. However, there have
been many concerns regarding its scalability; as well as of its key enabler OpenFlow, especially,
due to its dependence on a central controller. And thus, many efforts were done to overcome this
problem.
1) https://silo.tips/download/1-introduction-securing-the-sdn
2) https://en.wikipedia.org/wiki/Software-defined_networking
3) https://www.sdxcentral.com/networking/sdn/definitions/what-the-definition-of-
software-defined-networking-sdn/
4) https://www.cisco.com/c/en/us/solutions/software-defined-networking/overview.html
5) https://www.geeksforgeeks.org/difference-between-sdn-and-nfv/
6) https://www.researchgate.net/publication/284019515_A_survey_on_software_defined
_networking_and_its_applications
**********************************************************************************