Software-Defined Networks Jennifer Rexford Princeton University - - PowerPoint PPT Presentation

▶

Aug 19, 2022 163 likes •374 views

Software-Defined Networks Jennifer Rexford Princeton University Traditional Networks 2 control plane: distributed algorithms data plane: packet processing decouple control and data planes Software Defined Networks 3 decouple control and

SLIDE 1

Software-Defined Networks

Jennifer Rexford

Princeton University

SLIDE 2

Traditional Networks

control plane: distributed algorithms data plane: packet processing

SLIDE 3

decouple control and data planes

Software Defined Networks

SLIDE 4

decouple control and data planes by providing open standard API

Software Defined Networks

SLIDE 5

Simple Data-Plane API

Prioritized list of rules

– Pattern: match packet header bits – Actions: drop, forward, modify, send to controller – Priority: disambiguate overlapping patterns – Counters: #bytes and #packets

1. srcip=1.2.*.*, ¡ds.p=3.4.5.* ¡à ¡drop ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡
2. srcip=*.*.*.*, ¡ds.p=3.4.*.* ¡à ¡forward(2) ¡
3. ¡ ¡ ¡srcip=10.1.2.3, ¡ds.p=*.*.*.* ¡à ¡send ¡to ¡controller ¡

SLIDE 6

(Logically) Centralized Controller

Controller Platform

SLIDE 7

Protocols è Applications

Controller Platform

Controller Application

SLIDE 8

Seamless Mobility

See host sending traffic at new location
Modify rules to reroute the traffic

SLIDE 9

Server Load Balancing

Pre-install load-balancing policy
Split traffic based on source IP

src=0*, dst=1.2.3.4 src=1*, dst=1.2.3.4 10.0.0.1 10.0.0.2

SLIDE 10

Middlebox Traffic Steering

Direct selected traffic (e.g., port 80)
… through a chain of middleboxes

dstip = 1.2.3.4 dstport = 80 dstip=1.2.3.4

SLIDE 11

Example SDN Applications

Seamless mobility and migration
Server load balancing
Steering traffic through middleboxes
Dynamic access control
Using multiple wireless access points
Energy-efficient networking
Blocking denial-of-service attacks
Adaptive traffic monitoring
Network virtualization
<Your app here!>

SLIDE 12

A Major Trend in Networking

SDN components

– Switches: Open vSwitch, hardware switches, etc. – Controllers: ONOS, Floodlight, Ryu, Frenetic, …

Commercial successes

– Google’s private backbone – Nicira’s network virtualization platform

Industry consortia

– Open Networking Foundation (ONF) – Open DayLight (ODL) – Open Compute Project (OCP)

SLIDE 13

Example Research Areas

SLIDE 14

Languages and Verification

Languages

– Abstractions for apps – Compilation to switches

Verification

– Data-plane invariants – Control-plane correctness

Controller

App App

queries updates composition

Controller

SLIDE 15

Controller Controller

Distributed Controllers

Scalability, reliability, and performance
Managing controller state or replicas
Aggregating information about the

network

SLIDE 16

More Sophisticated Switches

OpenFlow 1.0

– Single rule table and twelve header fields

OpenFlow 1.3/1.4

– Multiple match-action stages on different headers

OpenFlow 2.0 (?)

– Reconfigurable parsing and match-action tables

White-box/bare-metal switches

– Program the switch directly

SLIDE 17

Network Function Virtualization

Network functions

– Firewall, intrusion detection, NAT, transcoder, compression, proxy cache, monitoring, …

Virtualized

– Virtual machines that can run anywhere

Challenges

– Optimization (placement, steering, routing) – Platforms for hosting virtualized functions – Control protocols for managing the functions

SLIDE 18

SDN Security

Securing the entire stack

– Switches – Control protocol – Controller platform – Controller apps

Example attacks/vulnerabilities

– Worst-case traffic to DoS the controller – Rogue apps that violate user privacy – Compromising the controller platform

Controller

App App

SLIDE 19

New Applications of SDN

Cloud

– Data centers – Private backbones

Other networks

– Enterprise – Cellular – Home – Exchange points – Optical networks

Hybrid deployments

– Overlay (SDN edge, legacy core) – Mix of SDN and legacy devices

Beyond networking

– Software Defined Infrastructure – Network, middleboxes, storage, compute, …

SLIDE 20

Conclusions

SDN is two main ideas

– Logically centralized controller – Standard APIs to the data plane

SDN is happening in practice

– Protocol standards and white-box networking – Wide variety of switch and controller platforms – Real operational deployments

Clean-slate research opportunity

Software-Defined Networks

Jennifer Rexford

Princeton University

Traditional Networks

control plane: distributed algorithms data plane: packet processing

decouple control and data planes

Software Defined Networks

decouple control and data planes by providing open standard API

Software Defined Networks

Simple Data-Plane API

– Pattern: match packet header bits – Actions: drop, forward, modify, send to controller – Priority: disambiguate overlapping patterns – Counters: #bytes and #packets

(Logically) Centralized Controller

Controller Platform

Protocols è Applications

Controller Platform

Controller Application

Seamless Mobility

Server Load Balancing

Middlebox Traffic Steering

Example SDN Applications

A Major Trend in Networking

– Switches: Open vSwitch, hardware switches, etc. – Controllers: ONOS, Floodlight, Ryu, Frenetic, …

– Google’s private backbone – Nicira’s network virtualization platform

– Open Networking Foundation (ONF) – Open DayLight (ODL) – Open Compute Project (OCP)

Example Research Areas

Languages and Verification

– Abstractions for apps – Compilation to switches

– Data-plane invariants – Control-plane correctness

Controller

Controller

Controller Controller

Distributed Controllers

network

More Sophisticated Switches

– Single rule table and twelve header fields

– Multiple match-action stages on different headers

– Reconfigurable parsing and match-action tables

– Program the switch directly

Network Function Virtualization

– Firewall, intrusion detection, NAT, transcoder, compression, proxy cache, monitoring, …

– Virtual machines that can run anywhere

– Optimization (placement, steering, routing) – Platforms for hosting virtualized functions – Control protocols for managing the functions

SDN Security

– Switches – Control protocol – Controller platform – Controller apps

– Worst-case traffic to DoS the controller – Rogue apps that violate user privacy – Compromising the controller platform

Controller

New Applications of SDN

– Data centers – Private backbones

– Enterprise – Cellular – Home – Exchange points – Optical networks

– Overlay (SDN edge, legacy core) – Mix of SDN and legacy devices

– Software Defined Infrastructure – Network, middleboxes, storage, compute, …

Conclusions

– Logically centralized controller – Standard APIs to the data plane

– Protocol standards and white-box networking – Wide variety of switch and controller platforms – Real operational deployments

– … while still influencing the practice