2019 term 3TELE3118: Network Technologies

Week 5: Network Layer Control plane: SDN and SNMP

Some slides have been taken from:qComputer Networking: A Top Down Approach Featuring the Internet, 7th edition. Jim Kurose, Keith Ross. Addison-Wesley, 2016. All material copyright 1996-2016. J.F Kurose and K.W. Ross, All Rights Reserved.qComputer Networks, 5th edition. Andrew S. Tanenbaum. Prentice-Hall, 2010.

Software defined networking (SDN)

5c-2Network Technologies

n Internet network layer: historically has been implemented via distributed, per-router approachq monolithic router contains switching hardware,

runs proprietary implementation of Internet standard protocols (IP, RIP, IS-IS, OSPF, BGP) in proprietary router OS (e.g., Cisco IOS)

q different “middleboxes” for different network layer functions: firewalls, load balancers, NAT boxes, ..

n ~2005: renewed interest in rethinking network control plane

Recall: per-router control plane

5c-3Network Technologies

Individual routing algorithm components in each and every router interact with each other in control plane to compute forwarding tables

RoutingAlgorithm

dataplane

controlplane

4.1 • OVERVIEW OF NETWORK LAYER 309

tables. In this example, a routing algorithm runs in each and every router and both forwarding and routing functions are contained within a router. As we’ll see in Sec-tions 5.3 and 5.4, the routing algorithm function in one router communicates with the routing algorithm function in other routers to compute the values for its forward-ing table. How is this communication performed? By exchanging routing messages containing routing information according to a routing protocol! We’ll cover routing algorithms and protocols in Sections 5.2 through 5.4.

The distinct and different purposes of the forwarding and routing functions can be further illustrated by considering the hypothetical (and unrealistic, but technically feasible) case of a network in which all forwarding tables are configured directly by human network operators physically present at the routers. In this case, no routing protocols would be required! Of course, the human operators would need to interact with each other to ensure that the forwarding tables were configured in such a way that packets reached their intended destinations. It’s also likely that human configu-ration would be more error-prone and much slower to respond to changes in the net-work topology than a routing protocol. We’re thus fortunate that all networks have both a forwarding and a routing function!

Values in arrivingpacket’s header

1

23

Local forwardingtable

header

0100011001111001

1101

3221

output

Control plane

Data plane

Routing algorithm

Figure 4.2 ♦ Routing algorithms determine values in forward tables

M04_KURO4140_07_SE_C04.indd 309 11/02/16 3:14 PM

Recall: logically centralized control plane

5c-4Network Technologies

A distinct (typically remote) controller interacts with local control agents (CAs) in routers to compute forwarding tables

dataplane

controlplane

Remote Controller

CA

CA CA CA CA

Software defined networking (SDN)

5c-5Network Technologies

Why a logically centralized control plane?q easier network management: avoid router

misconfigurations, greater flexibility of traffic flowsn table-based forwarding (OpenFlow API) allows

“programming” routersq centralized “programming” easier: compute tables

centrally and distributeq distributed “programming”: more difficult: compute

tables as result of distributed algorithm (protocol) implemented in each and every router

n open (non-proprietary) implementation of control plane

Analogy: mainframe to PC evolution*

5c-6Network Technologies

Vertically integratedClosed, proprietary

Slow innovationSmall industry

SpecializedOperatingSystem

SpecializedHardware

App

App

App

App

App

App

App

App

App

AppApp

SpecializedApplications

HorizontalOpen interfacesRapid innovationHuge industry

Microprocessor

Open Interface

Linux MacOS

Windows(OS) or or

Open Interface

* Slide courtesy: N. McKeown

Traffic engineering: difficult traditional routing

5c-7Network Technologies

Q: what if network operator wants u-to-z traffic to flow along uvwz, x-to-z traffic to flow xwyz?

A: need to define link weights so traffic routing algorithm computes routes accordingly (or need a new routing

algorithm)!Link weights are only control “knobs”: wrong!

22

13

1

1

2

53

5

v wu z

yx

Traffic engineering: difficult

5c-8Network Technologies

yx

wv

z2

21

3

1

1

2

53

5

u

v

x

w

y

z

Q: how to make w route blue and red traffic differently?

A: can’t do it (with destination based forwarding)

Traffic engineering: difficult

5c-9Network Technologies

Q: what if network operator wants to split u-to-z traffic along uvwz and uxyz (load balancing)?

A: can’t do it (or need a new routing algorithm)

22

13

1

1

2

53

5

v wu z

yx

Software defined networking (SDN)

5c-10Network Technologies

dataplane

controlplane

Remote Controller

CA

CA CA CA CA

1: generalized“ flow-based” forwarding (e.g., OpenFlow)

2. control, data plane separation

3. control plane functions external to data-plane switches

…4. programmable control applications

routing access control

loadbalance

SDN perspective: data plane switches

5c-11Network Technologies

Data plane switchesn fast, simple, commodity switches

implementing generalized data-plane forwarding (Section 4.4) in hardware

n switch flow table computed, installed by controller

n API for table-based switch control (e.g., OpenFlow)

q defines what is controllable and what is not

n protocol for communicating with controller (e.g., OpenFlow) data

plane

controlplane

SDN Controller(network operating system)

…routing

access control

loadbalance

southbound API

northbound API

SDN-controlled switches

network-control applications

SDN perspective: SDN controller

5c-12Network Technologies

SDN controller (network OS):

n maintain network state information

n interacts with network control applications “above” via northbound API

n interacts with network switches “below” via southbound API

n implemented as distributed system for performance, scalability, fault-tolerance, robustness

dataplane

controlplane

SDN Controller(network operating system)

…routing

access control

loadbalance

southbound API

northbound API

SDN-controlled switches

network-control applications

SDN perspective: control applications

5c-13Network Technologies

network-control apps:n “brains” of control: implement

control functions using lower-level services, API provided by SND controller

n unbundled: can be provided by 3rd party: distinct from routing vendor, or SDN controller

dataplane

controlplane

SDN Controller(network operating system)

…routing

access control

loadbalance

southbound API

northbound API

SDN-controlled switches

network-control applications

Components of SDN controller

5c-14Network Technologies

Network-wide distributed, robust state management

Communication to/from controlled devices

Link-state info switch infohost info

statistics flow tables…

…

OpenFlow SNMP…

network graph intent

RESTfulAPI

… Interface, abstractions for network control apps

SDNcontroller

routing access control

loadbalance

communication layer: communicate between SDN controller and controlled switches

Network-wide state management layer: state of networks links, switches, services: a distributed database

Interface layer to network control apps: abstractions API

OpenFlow protocol

5c-15Network Technologies

n operates between controller, switch

n TCP used to exchange messagesq optional encryption

n three classes of OpenFlow messages:q controller-to-switchq asynchronous (switch to

controller)q symmetric (misc)

OpenFlow Controller

OpenFlow: controller-to-switch messages

5c-16Network Technologies

Key controller-to-switch messagesn features: controller queries switch

features, switch replies

n configure: controller queries/sets switch configuration parameters

n modify-state: add, delete, modify flow entries in the OpenFlow tables

n packet-out: controller can send this packet out of specific switch port

OpenFlow Controller

OpenFlow: switch-to-controller messages

5c-17Network Technologies

Key switch-to-controller messagesn packet-in: transfer packet (and its control)

to controller. See packet-out message from controller

n flow-removed: flow table entry deleted at switch

n port status: inform controller of a change on a port.

Fortunately, network operators don’t “program” switches by creating/sending OpenFlow messages directly. Instead use higher-level abstraction at controller

OpenFlow Controller

SDN: control/data plane interaction example

5c-18Network Technologies

Link-state info switch infohost info

statistics flow tables…

…

OpenFlow SNMP…

network graph intent

RESTfulAPI

…

1

2

3

4

6

5

Dijkstra’s link-state Routing

s1s2

s3s4

S1, experiencing link failure using OpenFlow port status message to notify controller

1

SDN controller receives OpenFlow message, updates link status info

2

Dijkstra’s routing algorithm application has previously registered to be called when ever link status changes. It is called.

3

Dijkstra’s routing algorithm access network graph info, link state info in controller, computes new routes

4

SDN: control/data plane interaction example

5c-19Network Technologies

Link-state info switch infohost info

statistics flow tables…

…

OpenFlow SNMP…

network graph intent

RESTfulAPI

…

1

2

3

4

6

5

Dijkstra’s link-state Routing

s1s2

s3s4

link state routing app interacts with flow-table-computation component in SDN controller, which computes new flow tables needed

5

Controller uses OpenFlow to install new tables in switches that need updating

6

OpenDaylight (ODL) controller

5c-20Network Technologies

topologymanager

Basic Network Service Functions

REST API

OpenFlow 1.0… SNMP OVSDB

forwardingmanager

switchmanager

hostmanager

statsmanager

Network service apps

Service Abstraction Layer (SAL)

AccessControl

TrafficEngineering

… n ODL Lithium

controller

n network apps may be contained within, or be external to SDN controller

n Service Abstraction Layer: interconnects internal, external applications and services

ONOS controller

5c-21Network Technologies

Network control apps

…

REST API

ONOSdistributed core

southbound abstractions,protocolsOpenFlow Netconf OVSDB

device link host flow packet

northbound abstractions,protocolsIntent

statisticsdevices

hosts

links

paths flow rules topology

n control apps separate from controller

n intent framework: high-level specification of service: what rather than how

n considerable emphasis on distributed core: service reliability, replication performance scaling

SDN: selected challenges

5c-22Network Technologies

n hardening the control plane: dependable, reliable, performance-scalable, secure distributed systemq robustness to failures: leverage strong theory of

reliable distributed system for control planeq dependability, security: “baked in” from day one?

n networks, protocols meeting mission-specific requirementsq e.g., real-time, ultra-reliable, ultra-secure

n Internet-scaling

Network management & SNMP

5c-23Network Technologies

n autonomous systems (aka “network”): 1000s ofinteracting hardware/software components

n other complex systems requiring monitoring, control:q jet airplaneq nuclear power plantq others?

"Network management includes the deployment, integration and coordination of the hardware, software, and human elements to monitor, test, poll, configure, analyze, evaluate, and control the network and element resources to meet the real-time, operational performance, and Quality of Service requirements at a reasonable cost."

Infrastructure for network management

5c-24Network Technologies

managed devicemanaged device

managed device

managed device

definitions:

managed devicescontain managed

objects whose data is gathered into a

Management Information Base

(MIB)

managingentity data

managing entity

agent data

agent data

networkmanagement

protocol

managed device

agent data

agent data

agent data

SNMP protocol

5c-25Network Technologies

Two ways to convey MIB info, commands:

agent data

managed device

managingentity

agent data

managed device

managingentity

trap msgrequest

request/response mode trap mode

response

SNMP protocol: message types

5c-26Network Technologies

GetRequestGetNextRequestGetBulkRequest

manager-to-agent: “get me data”(data instance, next data in list, block of data)

Message type Function

InformRequest manager-to-manager: here’s MIB value

SetRequest manager-to-agent: set MIB value

Response Agent-to-manager: value, response to Request

Trap Agent-to-manager: inform managerof exceptional event

SNMP protocol: message formats

5c-27Network Technologies

….PDUtype(0-3)

RequestID

ErrorStatus(0-5)

ErrorIndex Name Value Name Value

….PDUtype4

Enterprise AgentAddr

TrapType(0-7)

Specificcode

Timestamp Name Value

Get/set header Variables to get/set

Trap header Trap info

SNMP PDU

More on network management: see earlier editions of text!

Network Layer Control Plane: summary

5c-28Network Technologies

we’ve learned a lot!n approaches to network control plane

q per-router distributed control (traditional)q logically centralized control (SDN)

n Distributed routing algorithmsq Intra-domain: distance vector (RIP) and link-state (OSPF)q Inter-domain: BGP

n Centralized control:q SDN use-cases: traffic engineering, resilience, security, …q Switch interaction and standardization (OpenFlow)q Controller platforms (ODL, ONOS) and applications

n Network management and visibility: ICMP, SNMP