Lecture 2 - SDN Part 1 Flashcards
(28 cards)
What is parts of Network Softwarization?
- Software Defined Networking (SDN)
- Network Functions Virtualization (NFV)
- Whitebox hardware
What is flow based forwarding?
Forwarding defined on flows rather than only IP or MAC addresses
Theoretically - Any information of a packet that identifies a communication relation
Practically - Combinations of selected layer 2 to 4 header fields
- Example: IP + Ports + protocol IDs
Fine-grained forwarding of selected flows or coarse-grained aggregation
Check slide 8 in SDN - Part 1
What do the Control and Data planes do and how are they distributed/centralized?
Control plane: defines routes, manages network graph
Data plane: forwarding of packets
Note: Check slide 9 in SDN - Part 1
The Control plane is logically centralized but physically distributed (Logically centralized controller)
Why is Logical Centralization utilized?
Greatly simplifies implementation of control logic
- Consistent global view onto the network
Global view can increase performance of control
- E.g., faster convergence
- Solutions closer to optimum
- Example: Distributed vs Centralized routing
Physical distribution ensures high availability and scalability
- Redundant controllers
- Load distribution between controller instances
Distributed Routing?
Need time to converge to optimum -> lower resource utilization
Complex protocol and algorithm
If connection between S1 and S5 breaks, it used S2 then optimized to use S3 because it wasn’t used. (Check slide 12-15 in SDN - Part 1
Logically Centralized Routing (in SDN)
Centralized optimization
Faster convergence - higher resource utilization
Simpler routing algorithm on global view
Same example as with Distributed, but converges to optimum in step 1 (slide 15)
Explain the refined architecture of a SDN system
The control logic modules are connected to the northbound interface
NB-Interface is part of the controller block
Controller
Southbound interface (also part of controller block) is connected to the switches in the DP
Explain SDN Switches/Routers
Implement data plane: packet forwarding
- manages forwarding infobase (i.e. forwarding tables)
Typically multi-layer switches
- Forwarding based on layer 2-4 headers
Hardware switches
- Hardware support for fast matching
– Application Specific integrated circuit (ASIC)
– Special purpose matching memory
Software switches
- Connect multiple VMs to physical interface of host
- Example: Open vSwitch
Hybrid switches: Implement SDN & standard L2/L3 forwarding
Explain the SDN Controller
It’s a server process executed on host/VM
Implements the Control Plane
Implements southbound interface to switches
- Config of forwarding tables
- Injecting packets (packet-out)
- Events from switch (packet-in)
- Collection of traffic stats
- Discovery of topology
Interfaces with control logic control (“application”) via northbound interface(s)
Explain the Control Logic (SDN Apps)
Often defines routes of “flows”
- Proactive and reactive routing
Might interface with other information sources:
- Example: VM manager knowing locations of VMs on hosts
Example for Proactive Routing
- Wired/Wireless Internet Access Networks
- Data Center (known IPs)
Pros for Proactive Routing
- Known Topology and Hosts
- Bound number of flows
Control plane distribution?
Controller can be physically distributed in various ways
- No standard way defined
Logical centralization: distribution transparent to control logic
- Allows for global view onto the system
Goal:
- Deal with failures
- Increase scalability
Types of CPlane distribution?
Replication - Switch has multiple controller planes (slave-master) if one fails other is the secondary
Coordination - Both controllers work at the same time (i.e. load balancing) (work on different switches)
- Support large-scale deployment
– Raises issues similar to P2P networks
– Knowledge about neighborhood
– Coordination and consistency
Explain the CAP problem
Logically centralization makes implementation of control logic simpler, but implementation of controller hard
Well-known CAP problem also applies to a (distributed) SDN controller
- Only 2 out of 3 CAP properties possible:
– Consistency
– Availability
– Partitioning Tolerance
Control Plane distribution:
- Challenged by CAP problem
- What is most important?
What is OpenFlow
A standard for southbound interface between controller and switches
- Defined by Open Networking Foundation (ONF)
- Currently the only vendor independent Standard
What’s the basic functionality of OpenFlow?
- Modification of flow tables (adding, removing, modifying entries)
- Injecting Packets
– Openflow: packet-out event - Events for receiving packets
– Openflow: packet-in event
– i.e. for unknown packets –> reactive routing - Quarying traffic Statistics (counters)
- (Discover Topology)
What’s the architecture of an OpenFlow system?
Controller connects to an OpenFlow switch using the OpenFlow protocol
Switch connects to standard port 6653
The protocol uses TCP and optional TLS/SSL for auth and encryption
The switch contains a channel for information from protocol, and a flow table (OF 1.0)
OF 1.5 Switch has a Group and Meter table and a pipeline of Flow Tables
The pipeline contains at least one flow table, and actions can be executed between different tables, at the end actions are executed one final time and then packet-out
What do Flow Tables consist of and what does that smaller unit consist of?
Flow tables consist of flow entries
Flow entry (slightly simplified):
- Match Field: Defines matching packets
- Priority: Precedence if multiple entries match
- Counters: Counts matches
- Instructions:
– Modification and forwarding of packet
- Timeouts: Removes entry after a certain (idle) time
What are table misses and how do they work?
Table misses are important for dynamic routing
Each table supports a table-miss flow entry
- Lowest priority
- Matches all packets
Possible actions (at least):
- Drop
- Send to controller
If no table-miss entry is defined
- Drop packet (default in OF1.3+)
- Or define another default action
Table miss will occur if packet doesn’t find any matching entries
What are Match fields?
Subset of L2-4 header fields
10 tuple in OF 1.0 (must be supported)
- Optional additional also possible
Note: hardware switches might only support hardware-accelerated matching on some combinations!
- Rest goes the “slow path”
Example table on slide 33 of SDN part 1
What’s wildcard matching?
In matching fields, not all fields need to be specified: * is a wildcard, meaning it will work for everything
For IP addresses, bitmasks can be specified (CIDR)
- Ex.: Subnet mask of IPv4 address 192.168.1.1/24 (netmask 255.255.255.0)
Explain hardware matching
Hardware switches can perform very fast matching using Content Addressable memory (CAM)
- Parallel matching of all entries in a few clock cycles (~20 ns)
– CONSTANT execution time
Two types of CAM
- Binary CAM (BCAM): ordinary bits 1,0
– Good for exact matching
- Ternary CAM (TCAM): ordinary bits + wildcard (don’t care) 0,1,*
– Implementation of longest prefix match on IP addresses
Drawbacks: Consumes significant energy, silicon space
- Limited memory size in switches (hundreds to hundred thousand entries)
Did OF support IPv6 in version 1.0?
NOPE
Actions of OpenFlow?
Output - output packet on the specified port
TTL modifications - decrement TTL, copy TTL outwards/inwards
Push and pop tags - Add or remove VLAN/MPLS/PBB (MAC-in-MAC) tags to/from the packet
Set header fields - Ex: IP or MAC address re-writing
Group actions - Example multicast
Order of execution of actions is well-defined by action type
How do instructions work with OF?
Write actions
- Adds given actions to the action set
- Overwrites actions of the same type
Go to table with given id
- Hybrid switches can also go to the “normal” table
Apply specific actions immediately
- Modify packet before going to the table
Clear action set
Meter id: send packet to a given meter (e.g. rate limitation)
