Download code from GitHub
This chapter provides a solid foundation for Software-Defined Networking (SDN) concepts and other supporting technologies. Its characteristics are covered in this chapter as well as the various applications of SDN on production networks. Finally, Network Function Virtualization (NFV), a concept often mixed up with SDN, is explored and the differences between SDN and NFV are explained in details.
In this chapter, we will cover the following topics:
- What is SDN?
- SDN use cases
- NFV
In a bid to understand SDN in relation with OpenFlow, it is necessary to provide a good background on SDN, its motivation, and what it promises. This chapter provides you with the required knowledge prior to the actual setup of SDN/OpenFlow, enabling experimental and developmental environments.
So what is SDN?
Traditional network technologies have existed from the inception of networking, even though various modifications have been made to the underlying architecture and devices (such as switches, routers, and firewalls) and frames and packets have been forwarded and routed using a similar approach resulting in limited efficiency and a high cost of maintenance. As a consequence of this, there was the need to evolve the techniques used in the architecture and operations of networks, which led to the birth of SDN.
SDN, often referred to as a revolutionary new idea in computer networking, promises to dramatically simplify network control and management and enable innovation through network programmability. Network engineers are responsible for configuring policies to respond to a wide range of network events and application scenarios. They manually transform these high-level policies into low-level configuration commands. These very complex tasks are often accomplished with access to very limited tools. Thus, network management control and performance tuning are quite challenging and error-prone tasks.
Another challenge is what network engineers and researchers refer to as internet ossification. Due to its huge deployment base and its impacts on different aspects of our life, the internet has become extremely difficult to evolve both in terms of its physical infrastructure as well as its protocols and performance. As emerging and demanding applications become more complex, the current status quo of the internet seems unable to evolve to address emerging challenges.
Present day network architecture is made up of a control plane, data plane, and management plane where the control and data planes are merged into a machine generally known as inside the box. To avoid these limitations, a new set of networks known as programmable networks have emerged, generally known as out of the box.
The main aim of SDN is to separate the control and data plane and transfer the network intelligence and state to the control plane. Some technologies that have exploited these concepts include Routing Control Platform (RCP), Secure Architecture for the Network Enterprise (SANE), and recently, Ethane. SDN is often related to the OpenFlow protocol. Currently, Open Networking Foundation (ONF) takes on the task of advancing SDN and standardizing OpenFlow, whose latest version is 1.5.0.
SDN can be recognized and distinguished from other innovative networking technologies by the features discussed in the upcoming sections.
Traditional network architecture comprises three distinct planes (control, data, and management), which enable full functionalities:
The main characteristics of SDN are the segregation of the control plane (which determines the way the traffic should be handled) and the data plane (which forwards the traffic based on decisions made by the control plane) based on incoming traffic parameters, such as the MAC address, IP address, and Virtual Local Area Network (VLAN) ID.
In SDN, these policies are determined by the control plane, which is decoupled from the switch (known as the forwarding element) to a logically centralized controller which can physically be distributed and communicated to the forwarding element via a secure link (OpenFlow channel):
In the preceding diagram, the forwarding elements that will operate in SDN environments are designed to handle the data plane. The most predominant forwarding elements are designed to support traditional network architecture and SDN network architecture. Control and management plane functionalities are moved to a high-performance server that serves as the controller.
Control and management plane hardware and software dedicated resources, which resided on the switches in traditional network architecture, have now been migrated to the controller. This new architecture presents a forwarding element, which maximizes the overall resource management in the topology as the hardware processes less complex codes for forwarding the traffic. These complex algorithms now exist in the controller, and traffic forwarding decisions are made from them, which communicates the best forwarding path for every packet to the forwarding element through a secure channel from the controller to the forwarding elements. These characteristics allow a simpler ASIC to be incorporated into the forwarding elements existing in an SDN infrastructure. This also allows the provisioning of ample resources with respect to the growth in the network size.
Network automation can be described as a process by which tools are deployed, which allows the automation of configuration, management, and operations of the network by the network administrator. As a result of this, the network administrator has the ability to tailor the network to fulfill the business requirement in real time. The SDN architecture better supports network automation in comparison to traditional network architecture.
Ansible and Puppet are common examples of automation and orchestration tools that assist network administrators with tasks ranging from the management of configuration to deployment of applications seamlessly. Automation makes the network flexible, resilient, easy to manage, and responsive to business needs in real time, which results in reduced operating expenses.
Network virtualization is the abstraction of the physical network to support the running of multiple network logical instances on a common shared physical element. This supports rapid innovation, as services can be at software speed across the entire network.
SDN controllers provide both automation and virtualization to the network by utilizing the northbound and southbound API to communicate with the applications and forwarding elements.
Over the years, organizations have introduced SDN into their networks. SDN has been introduced because of its benefits, and the upcoming sections highlight the most prominent real-life applications of SDN in networks and how they have been adopted.
Data centers support traffic and applications that have diverse resource requirements ranging from high-bandwidth to security. The present day network architecture is rigid, which restricts the overall utilizable resource provided by the equipment in the data center. Considering the underlying principle of SDN, applications with specific needs can be deployed on an SDN infrastructure.
SDN can support multiple network instances on a single forwarding element, allowing maximum utilization of network resources, as shown in the following diagram. This feature supports the multi-tenancy requirement of future data centers:
SDN also supports the micromanagement of the traffic traversing through the data center, as unique security policies can be assigned on the basis of the packet. Finally, with the rise of cloud-based applications, SDN supports the need for timely and dynamic allocation of redundant resources for maximum delivery of services per time.
Campus networks have evolved over the years with more complexity in technology and management introduced in them to support the growing user base. The initial architecture of campus networks was characterized by the finite number of nodes that were application-centric, such as firewalls and load balancers. Growth in the campus required a very complex network architecture, which could comprise hundreds of nodes.
In earlier campus network deployments based on traditional networks architectures, there existed a rigid foundation that required support for mobility, security, multiple devices, and variants of application packets. SDN comprises the best approach to tackle the ever-evolving networks present in campuses. For instance, campus networks require many policies considering the diversity of users present. SDN deployed with OpenFlow allows the provision of these policies across the network from the centralized controller.
SDN deployed on campus networks allows packet-level wide-visibility of traffic traversing through the network nodes per time. Network analytics grants the network administration access to analytics and thorough visibility of the network. In proactive network management, network administrators, upon reviewing analytics results, can deploy policies to maximize bandwidth allocation using the load balancer app existing in the north plane of the controller.
Service providers have witnessed a high growth in the total user base in the last decade; the mobile growth rate of smartphone users, year on year, was approximately 12.1% from 2015 to 2016, which was a significant growth with respect to the infrastructure required to service the new users. SDN comes with a great potential to solve these issues faced by service providers.
The implementation of SDN for service providers comes with certain stringent requirements. SDN should be able to provide high availability (HA) and performance coupled with support for diverse forwarding elements as well as be able to accommodate various applications northbound of the controller. In addition, network virtualization should be supported in the SDN flavor used by service providers. Here, it is expected that the SDN architecture allows customers services (such as firewalls, Intrusion Detection Systems (IDS), and Virtual Private Networks (VPN)) to be virtualized compared to traditional networks that require you to introduce middle appliance boxes.
Some service providers have been implementing SDN into their networks. AT&T, which is a pioneer, has seen benefits in the support of innovation, agility, and cost. AT&T program Domain 2.0 aims to control and virtualize 75% of its network using SDN methodologies by the year 2020. For more information, you can visit http://features.zdnet.com/huawei/huawei-the-carrier-challenge#transform-the-business. NTT communication has introduced SDN/OpenFlow solutions into its networks. Overcoming the 4000 VLAN limitation is one of the greatest benefits it can boast about.
Projections exist that service provider's investment in SDN and NFV will account for a revenue of over $18 billion over the years 2016-2020.
Mobile networks have been posed with various challenges over the years, which includes network flexibility and management. The management of the network has been a difficult task because of the diverse customer segments it supports and the Operations Support Systems (OSS) and billing support systems tools used for billing the subscriber.
SDN promises a significant boost in network management and flexibility because of the support for more granular traffic monitoring and dynamic bandwidth allocation. Network congestion, a critical challenge posed to a service provider, is addressed by SDN because the controller can optimize the various northbound apps in accordance to the network traffic in real time.
A striking advantage of the SDN implementation is multitenancy. It allows multiple mobile operators to utilize the same physical infrastructure. With SDN, this will be intelligently supported because the OpenFlow controller will support the application of granular policies to their traffic by multiple mobile operators.
NFV is the abstraction of the physical network to support the running of multiple network logical instances on a common, shared, and physical element. Network instances that are virtualized essentially function similarly to the equivalent physical instance.
A prominent example of network virtualization is VLAN. A VLAN is an abstraction of a physical switch in simple terms; it splits a single L2 broadcast domain into smaller logical domains that coexist without intercommunication between them. Communication between such domains requires the implementation of a layer three switch or a router.
Earlier implementations of network virtualization supported layer two (switching) and layer three (routing) services, but layer four to layer seven services such as firewalls and load balancers are now fully supported by network visualization.
Network virtualization maximizes the physical resources and ultimately grants full control, security, and efficiency to the network administration. It also cuts down the high cost of physical elements when compared to the virtual instances. The operational cost of elements such as cooling, power, and special requirements are cut down.
NFV is often mixed up with SDN. SDN is an approach introduced to bring intelligence into the network, while NFV is used to migrate network appliances such as IDS, VPN, and load balancers from the physical hardware to a virtualized platform.
NFV technologies help cut down cost relatively but without an intelligent approach introduced to manage the virtualized resources. The overall operational cost remains the same because it suffers major constraints that physical hardware deployments suffer, such as manual management of policies.
SDN introduces automation in network infrastructures such that the virtualized services created by NFV can be more methodical and optimized for the maximum utilization of resources. The preceding diagram shows a pictorial view of SDN and NFV combined in a network.
NFV can exist fully without SDN, but SDN is the boost needed to reap the maximum benefit from NFV technology. Even though both technologies differ, combining them allows reduced capital and operational cost as well as optimized traffic flow across the network.
NFV comes with some challenges that require considerations before implementing in existing networks. In large-scale networks, redundancy is a vital characteristic that is essential in order to minimize the downtime of the network if any network element goes down.
With NFV, the deployment should have redundancy at the physical level as well as the virtualized level. For instance, if the redundant switch is hosted on the same physical infrastructure, in the case of a power outage, both switches will fail, leading to a loss of connectivity.
Physical resources required to support a fully virtualized environment are limited. A physical host that supports multiple switch instances will require a network interface card of up to 100 Gbps for optimum functionality. The cost of such hardware to support a fully virtualized environment is on the high side.
In this chapter, we were able to create a good foundation, introducing SDN and its key characteristics. NFV was also explained in detail, and comparison between both technologies was covered. SDN applications were also covered, and we explained how they have led to a reduced total cost of operations in most large-scale network infrastructures. In the next chapter, we will cover OpenFlow in detail, along with its operation in an SDN infrastructure.
