UNIT-II

IoT and M2M

 Software defined Networking

In order to understand software defined networks, we need to

understand the various planes involved in networking.

Data plane: All the activities involving as well as resulting from data
packets sent by the end user belong to this plane. This includes:
• Forwarding of packets
• Segmentation and reassembly of data
• Replication of packets for multicasting

Control plane: All activities necessary to perform data plane activities

but do not involve end user data packets belong to this plane. In
other words, this is the brain of the network. The activities of the
control plane include:
• Making routing tables
• Setting packet handling policies
• Software defined networking (SDN) is an approach via which we
take the control plane away from the switch and assign it to a
centralised unit called the SDN controller.

• Hence, a network administrator can shape traffic via a centralised

console without having to touch the individual switches.

• The data plane still resides in the switch and when a packet enters a
switch, its forwarding activity is decided based on the entries of
flow tables, which are pre-assigned by the controller.

• A flow table consists of match fields (like input port number and
packet header) and instructions.

• The packet is first matched against the match fields of the flow table
entries.
• A typical SDN architecture consists of three layers.

• Application layer: It contains the typical network applications

like intrusion detection, firewall, and load balancing.

• Control layer: It consists of the SDN controller which acts as the

brain of the network. It also allows hardware abstraction to the
applications written on top of it.

• Infrastructure layer: This consists of physical switches which forms

the data plane and carries out actual movement of data packets.

• The layers communicate via a set of interfaces called the

northbound APIs(between application and control layer) and
southbound APIs(between control and infrastructure layer).
 SDN architecture:

• Advantages of SDN:

• Network is programmable hence can easily be modified via the controller rather
than individual switches.

• Switch hardware becomes cheaper since each switch only needs a data plane.

• Hardware is abstracted, hence applications can be written on top of controller

independent of switch vendor.

• Provides better security since the controller can monitor traffic and deploy
security policies. For example, if the controller detects suspicious activity in
network traffic, it can reroute or drop the packets.

• Disadvantages of SDN:

• The central dependency of the network means single point of failure, i.e. if the
controller gets corrupted, the entire network will be affected.
Network functions virtualization (NFV)
• Network functions virtualization (NFV) is the
replacement of network appliance hardware
with virtual machines.

• The virtual machines use a hypervisor to run

networking software and processes such as
routing and load balancing
 Why Network Functions Virtualization
• NFV allows for the separation of communication services from dedicated hardware,
such as routers and firewalls.

• This separation means network operations can provide new services dynamically and
without installing new hardware.

• Deploying network components with network functions virtualization takes hours

instead of months like with traditional networking. Also, the virtualized services can run
on less expensive, generic servers instead of proprietary hardware.

• Additional reasons to use network functions virtualization include:

• Pay-as-you-go: Pay-as-you-go NFV models can reduce costs because businesses pay
only for what they need.

• Fewer appliances: Because NFV runs on virtual machines instead of physical machines,
fewer appliances are necessary and operational costs are lower.

• Scalability: Scaling the network architecture with virtual machines is faster and easier,
and it does not require purchasing additional hardware.
 NFV architecture

• In a traditional network architecture, individual proprietary hardware devices such

as routers, switches, gateways, firewalls, load balancers and intrusion detection
systems all carry out different networking tasks. A virtualized network replaces
these pieces of equipment with software applications that run on virtual machines
to perform networking tasks.

• An NFV architecture consists of three parts:

• Centralized virtual network infrastructure: An NFV infrastructure may be based on
either a container management platform or a hypervisor that abstracts the
compute, storage and network resources. 

• Software applications: Software replaces the hardware components of a

traditional network architecture to deliver the different types of network
functionality (virtualized network functions). 

• Framework: A framework (often known as MANO – management, automation and

network orchestration) is needed to manage the infrastructure and provision
network functionality.
 Risks of network functions virtualization
• Physical security controls are not effective: Virtualizing network components
increases their vulnerability to new kinds of attacks compared to physical
equipment that is locked in a data center.

• Malware is difficult to isolate and contain: It is easier for malware to travel

among virtual components that are all running off of one virtual machine
than between hardware components that can be isolated or physically
separated. 

• Network traffic is less transparent: Traditional traffic monitoring tools have a

hard time spotting potentially malicious anomalies within network traffic that
is traveling east-west between virtual machines, so NFV requires more fine-
grained security solutions. 

• Complex layers require multiple forms of security: Network functions

virtualization environments are inherently complex, with multiple layers that
are hard to secure with blanket security policies.
 Difference between SDN and NFV
SDN NFV
SDN architecture mainly focuses on data centers. NFV is targeted at service providers or operators.

NFV helps service providers or operators to virtualize functions

SDN separates control plane and data forwarding plane by like load balancing, routing, and policy management by
centralizing control and programmability of network. transferring network functions from dedicated appliances to
virtual servers.

SDN uses OpenFlow as a communication protocol. There is no protocol determined yet for NFV.

SDN supports Open Networking Foundation. NFV is driven by ETSI NFV Working group.

Various enterprise networking software and hardware vendors Telecom service providers or operators are prime initiative
are initiative supporters of SDN. supporters of NFV.

Corporate IT act as a Business initiator for SDN. Service providers or operators act as a Business initiator for NFV.

SDN applications run on industry-standard servers or switches. NFV applications run on industry-standard servers.

NFV increases scalability and agility as well as speed up time-to-

SDN reduces cost of network because now there is no need of market as it dynamically allot hardware a level of capacity to
expensive switches & routers. network functions needed at a particular time.

•Application of NFV:Routers, firewalls, gateways

•Application of SDN:Networking •WAN accelerators
•SLA assurance
•Cloud orchestration •Video Servers
•Content Delivery Networks (CDN)
 IoT system management
• IoT system management refers to the processes
involving the provisioning and authenticating,
configuring, maintaining, monitoring and
diagnosing connected devices operating as part
of an IoT environment to provide and support
the whole spectrum of their functional
capabilities.
Need for IoT Systems Management
• Automating Configuration

• Monitoring Operational & Statistical Data

• Improved Reliability

• System Wide Configurations

• Multiple System Configurations

• Retrieving & Reusing Configurations

Requirements for IoT Device Management
The following are the four basic requirements needed for
IoT Device Management.

1) Provisioning and Authentication

2) Configuration and Control
3) Monitoring and Diagnostics
4) Software Updates and Maintenance
 1. Provisioning and Authentication

Provisioning:
• Provisioning is the process by which a device is
enrolling in a system. It has two parts-
– By registering the device, the establishment of an initial
connection between a device and an IoT solution is
done.
– Based on the requirements of the particular solution, a
configuration is done to the device.

• Only after completing these steps, we can say that

the device is fully provisioned. Some providers
complete the first step and do not provides
configuration. But, in device provisioning, both
these steps are automated to offer smooth usage.
Authentication:
• Authentication is a process by which devices with valid
credentials only get enrolled.

• It helps in trusting the device by validating an actual

device is used with a trusted software and trusted the
user.

• Even though the process of Authentication differs in each

and every device, the device that is deployed will be
having a certificate or key that checks whether it is
authentic.

• When a new device is installed, it authenticates by

validating credentials and several unique data such as
model number, serial number, etc.
 2. Configuration and Control

• Whenever a new device is getting installed, there has to be some

configuration done before start using.

• For example, a location tracker is the device that is installed in a truck

and data is getting uploaded in the cloud every minute. Before start
using that device, some settings have to be done in the device such as
truck number, truck speed, truck driver name, etc. Otherwise, it may
create some confusion on the same. 

• Devices can be said as imperfect if this step is not done before start
using. Even after deployment, the ability to control and configure devices
is critical to ensure certain aspects such as functionality, performance,
and protection from security threats. It is also advised to reset the
devices to factory configuration before decommissioning them.

• Also, the user needs to remotely reset the device to attain a good state,
error recovery, and implementation of new configurations. This will help
in implementing control capability in the system.
 3. Monitoring and Diagnostics

• Sometimes, there may be software bugs or certain

other issues that can occur which in turn results in
the downtime of the device.

• In order to solve the issues, the user needs to

identify them first. For that, constant monitoring
of devices is essential.

• Softwares with device management helps in

diagnosing these issues by continuously logging.

• This software can also use certain cloud-hosted

analytics to offer solutions.
 4. Software Updates and Maintenance
• When a device is installed, it needs to be updated for the
flawless working of the device. Sometimes there will be
additional functionalities to be included.

• Devices are increasing day by day. So it is hard to update all

the devices manually.

• The ability to update and maintain remote device software

securely is thus one of the most important components of
good device management.

• It can’t be done on a running track. So, before updating the

software, make sure the truck is on rest.
 Advantages of IoT Management

1. Know your Device

• IoT device management helps the product owners to track, manage, monitor,
track, sustain and secure the connected devices. Since the platform is
associated with dashboard, it is also easy to remotely access and allows the
devices to manage, decommission and provision them.

2. Less Operational Costs and Maintenance

• With the help of device management, it is possible to undergo Predictive
maintenance as an effective solution for periodic maintenance, and several
other issues. Thus, the time consumed will be less and in turn, operation costs
will be less.

3. IT and OT Convergence

• In order to have a successful business, it is essential to have parallel
coordination of information technology (IT) and operational technology (OT). It
helps in a seamless flow of information to work parallel in different projects.
 Simple Network Management Protocol
(SNMP)
• SNMP is a well-known and widely used network
management protocol that allows monitoring and
configuring network devices such as routers,
switches, servers, printers, etc.

SNMP component include:

• Network Management Station (NMS)
• Managed Device
• Management Information Base (MIB)
• SNMP Agent that runs on the device
How SNMP works
 Limitations of SNMP
• SNMP is stateless in nature and each SNMP request contains all the
information to process the request. The application needs to be intelligent to
manage the device.

• SNMP is a connectionless protocol which uses UDP as the transport protocol,

making it unreliable as there was no support for acknowledgement of
requests.

• MIBs often lack writable objects without which device configuration is not
possible using SNMP.

• It is difficult to differentiate between configuration and state data in MIBs.

• Retrieving the current configuration from a device can be difficult with SNMP.

• Earlier versions of SNMP did not have strong security features.

 NETCONF (Network Configuration Protocol )
• Network Configuration Protocol (NETCONF) is a session-based network
management protocol.

• NETCONF allows retrieving state or configuration data and manipulating

configuration data on network device.
• NETCONF works on SSH (Secure Shell Protocol) transport protocol.

• Transport layer provides end-to-end connectivity and ensure

reliable delivery of messages.

• NETCONF uses XML-encoded Remote Procedure Calls (RPCs)

for framing request and response messages
• The RPC layer provides mechanism for encoding of RPC calls and
notifications.

• NETCONF provides various operations to retrieve and edit configuration

data from network devices.

• The Content Layer consists of configuration and state data which is XML-
encoded.

• The schema of the configuration and state data is defined in a data

modeling language called YANG.

• NETCONF provides a clear separation of the configuration and state data.

• The configuration data resides within a NETCONF configuration data

store on the server.
 YANG (Yet Another Next Generation)
• YANG is a data modeling language used to model configuration and state data manipulated by
the NETCONF protocol

• YANG modules contain the definitions of the configuration data, state data, RPC calls that can
be issued and the format of the notifications.

• YANG modules defines the data exchanged between the NETCONF client and server.

• A module comprises of a number of 'leaf' nodes which are organized into a hierarchical tree
structure.

• The 'leaf' nodes are specified using the 'leaf' or 'leaf-list' constructs.

• Leaf nodes are organized using 'container' or 'list' constructs.

• A YANG module can import definitions from other modules.

• Constraints can be defined on the data nodes, e.g. allowed values.

• YANG can model both configuration data and state data using the 'config' statement.
YANG Module Example
 IoT Systems Management with NETCONF-YANG
• Management System

• Management API

• Transaction Manager

• Rollback Manager

• Data Model Manager

• Configuration Validator

• Configuration Database

• Configuration API

• Data Provider API