Lesson 10Software Defined Networking (SDN) and Network Function Virtualization (NFV)
n Network function, system, and link virtualizations are new techniques for realizing flexible and cost-effective network
n SDN and NFV create flexible network functions by software
n Career or service provider can introduce new services with minimum cost
10.1
Software Defined Networking (SDN)
serverserverserverserverserverserverserverserver
Ethernet switch
serverserverserverserverserverserverserverserver
Ethernet switch
serverserverserverserverserverserverserverserver
Ethernet switch
storagestoragestoragestoragestoragestoragestoragestorage
Ethernet switch
Ethernet switch
Ethernet switch
Internet
Data center network and system structure
Server rack
n In datacenter, VMs are configured on physical servers¨ VM emulates a computer system on a physical server
n VMs can be migrated between servers¨ Objective: load balancing between servers or racks,
energy efficiency by making unused servers sleep, etc.
server server storage
Virtual Machine (VM) live migration
VM
Live Migrationx CPUsy MB memory
…
…
VM
Ethernet switch
Firewall
Load Balancer
Internet
Web Server
Web ServerDNS
StorageAuthentificationTransactionDB
VLAN #2
VLAN #1
VLAN #3
VLAN #4
Traffic Demand Large
Tenant (User) structure for EC service
n VMs enable adaptive tuning of system performanceEC: Electronic Commerce
GUI
API
VM resource pool
VLAN resourcepool
Storage resourcepool
Manager software
IaaS Platform(e.g., OpenStack, CloudStack)
Cloud Service
(Users can select)
Manual
Automatic
IaaS platform having resource scalabilityIaaS: Infrastructure as a Service
n Virtualized resources (VMs, network, storage, etc.) are provided to users as a service via the Internet
n Users are unaware of the details of physical resources (location, security, backup, etc.)
User
Example in commercial:Amazon EC2 (Elastic Compute Cloud)
Application Application Application
Common Architecture (x86)
VM VM VM
Hypervisor
Resource Pool (CPU, Memory)
Traffic Traffic Traffic
L2, L3, L4-7 NetworkVirtual
NetworkVirtual
NetworkVirtual
Network
Network Virtualization Platform
Physical Network Resources (Node, Link)
(a) Server (b) Network
Server virtualization vs. network virtualization
Network virtualizationn Configure logical networks (or “slices”) suitable to provide
different network services on physical infrastructure¨ Centralized network resource controller configures physical network
resources➔ Software Defined Networking (SDN)
Network resource controller
Instinctive image of network virtualization
Physical network
Network/computational/storage resources with programmability or reconfigurability
Logical network #1 Logical network #3Logical network #2
SDN service for different protocol or system network
SDN Virtual Network
OSPFRouting Slice
IS-ISRouting Slice
IP + EthernetExample
OSPF: Open Shortest Path FirstIS-IS: Intermediate System to Intermediate System
SDN service for multi-service-provider network
Career A’s SDN Virtual Service Network
Provider C Slice
Provider A Slice
Example
Provider B Slice
Application Layer
Control Layer(i.e. Control Plane)
Physical Layer(i.e. Data Plane)
Business Application Layer(IaaS, LAN, VPN)
API API API
SDNcontrolsoftware Virtual Network
Data Plane Control Interface (e.g. OpenFlow, GMPLS)
(Northbound)
(Southbound)
Software Defined Networking (SDN) model
Network EquipmentNetwork Equipment
Network Equipment
Network Equipment Network Equipment
Control softwareControl
softwareControl software
Control software
Router structure evolution
Control software
Hardware(D-plane)
Hardware(D-plane)
Hardware(D-plane)
Hardware(D-plane)
Hardware(D-plane)
Hardware(D-plane)
Hardware(D-plane)
Hardware(D-plane)
Virtualization(Elastic)
Hardware(D-plane)
Hardware(D-plane)
Hardware(D-plane)
Hardware(D-plane)
Cloud
(a) Conventional networking (b) SDN
(c) Elasticity in controller (d) Controllers in the cloud
Hardware(D-plane)
Control software
Control software
Control software
Control software Control
software
Control software
Route information
R1
R2
R3
Network Address Next Hop
1.2.0.0/16 R2
2.3.4.0/24 R3
200.10.0.0/16 R1 (local)
default R2
Network Address Next Hop
1.2.0.0/16 R2
2.3.4.0/24 R3 (local)
200.10.0.0/16 R1
default R2
R4
Routing tableRouting table
IP Packet
Conventional IP network routing
Control software
Control software
Control software
Network Address Next Hop
1.2.0.0/16 R2 (local)
2.3.4.0/24 R3
200.10.0.0/16 R1
default R4
Routing table
Hardware(D-plane)
(a) in the previous slide
Link #1
• If an arrived IP packet does not match to the entries of forwarding table, R1 sends the packet to the controller (Packet-in)
• Then the controller calculates the route and adds new entry to the forwarding table
IP routing by SDN(b) in the previous slide
Hardware(D-plane)
Hardware(D-plane)
Hardware(D-plane)
R1 R3
Header Value Output Link
10-99 #2
100-999 #1
1000-9999 POP
Forwarding table (example)
IP Packet
Network Address Destination
1.2.0.0/16 R2
2.3.4.0/24 R3
200.10.0.0/16 R1
default R4
Routing table
SDN control software Control
software
Forwarding information(table setup)
R2
R4
Forwarding header
Control software
Control software
(a) Physical
Logical link function for SDNVM #A #1 #B #2 #C #3
Ethernet switch
(b) Logical #A #1 #B #2 #C #3
Virtual switchesfor each tenant
100 112 131 100 112 123 100 123 131
100100
112, 131 123, 131
VLAN ID
Softwarefor each tenant
Forwarding table
(c) Slice structure #A #B #C #1
#2 #3Logical link
Virtual switch
SDNcontroller
Hardware(OTN cross-
connect)
Hardware(OTN cross-
connect)
Hardware(OTN cross-
connect)
Hardware(OTN cross-
connect)
OTS
OTS
OTS
OTS
10GbE10GbE
AB
CD
10G10G40G 40G
40G40G
A
C
D
B
Transport SDN = Not only packet switch network but also OTN circuit and wavelength
SDN for transport network
Example: Open Transport Switch (OTS)
n Introduction of SDN technology has started from datacentersn Nowadays, extension of SDN into the transport network (i.e.
core/metro/access networks) is discussed¨ Multi-layer, Multi-domain, Multi-vender
OTN: Optical Transport Network
Key element for Software Defined Transport Network (SDTN)n Ability to create optical paths with flexible bandwidth based
on a request over multiple optical networks
WDMCore
OPSMetro
ROADMMetro
OpticalAccessNW controller
(NMS)OpticalAccess
OF Adapter
Data center
OF Adapter
NW Controller(OFC)
NW Controller(OFC)
Data center
10Gb/s
1Gb/s
SDN controllers on VM
Data center Data center
Flowvisor
(OpenFlow)
SDTN interoperability demo (2014)
100Gbit/s wavelength
division multiplexing
network
ONUs
Virtual L2 SW
Active ODN
Integrated control system
Core Network
Metro Network
Access NetworkData Center
10Gbit Ethernet(※) 10Gbit Ethernet
10Gbit Ethernet 10Gbit Ethernet
1Gbit Ethernet
100Gbit/s classOptical packet and circuit
integration switch network
OLTs
10.2
Network Function Virtualization (NFV)
Network Function Virtualization (NFV)
n Implementation of data-plane network functions in software executed on commodity hosts (servers)
Server
Performance
Virtual machine (VM)Firewall function
Router
Deep packet inspection (DPI)
Tester & monitor N
etw
ork
Func
tions
(NFs
)
Effectiveness of NFV
n In traditional, data-plane network functions are typically implemented in custom hardware
n HypothesisNFV will incur lower capital expenditures (capex) and operating expenditures (opex) when compared to traditional switches/routers and middlebox appliances
MiddleboxNetwork equipment deployed to apply specific transmission policy(Firewall, Network Address Translation (NAT), Intrusion prevention system, etc.)
Relation between SDN and NFV (1/2)
n In SDN, most of the control-plane software is re-implemented for execution on external commodity hostsØ SDN offers a solution for reducing development costs of
the software run on processors in switches/routers
Traditional SDN
Control-plane software implemented in each router
A remote SDN controller implements the control-plane algorithms
Relation between SDN and NFV (2/2)
n In NFV, data-plane functions are implemented in software on a commodity server instead of custom hardware¨ Latest commodity servers are cost-effective and energy-
efficient¨ Software NF can be developed to run on multiple operating
systems, VM hypervisors, and containers¨ Industry competition in the markets help reduce capex and
opex of NFV-based network switches and middleboxes
Ø NFV offers a solution for reducing hardware development costs of switches/routers
Energy efficiency of NFV
n Sharing the same physical server for multiple network functions allows for higher CPU resource utilization and energy efficiency
(b) NFV solution(a) Hardware appliance
Firewall� e.g.) 200 W
Tester & monitor� e.g.) 400 W
Router� e.g.) 1.5 kW
100%
0% Tester
Router
Firewall
Tester
Router
Firewall
Server� e.g.) 750 W
each network appliance consumes a fixed amount of power
Scalability value of NFV (1/3)
n Performance of NFs can be controlled easily in NFV¨ As traffic load increases, more servers (or VMs) can be
powered on to improve performance¨ When traffic load becomes low, some servers (or VMs) can
be powered off to save energy
Traffic demand
Physical server
ON
OFF
Energy (W)
Virtual function
DayTraffic
dem
and
ThroughputON
ON
Energy (W)
Traffic demand
Physical server
ON
OFF
Energy (W)
Virtual function
DayTraffic
dem
and
ThroughputON
ON
Energy (W)
scalability with traffic load
Scalability value of NFV (2/3)
n Load balancing enhances scalability of NFV system¨ Load-balancer distributes incoming packets to different
servers (and/or VMs)n For example, incoming packets are distributed to different servers
by hashing on fields in the packet header
Traffic
Load balancer
N servers�(scalability)
...
Scalability value of NFV (3/3)
n Scale-up technique using pipelining¨ Example: Software IP router
n Router function is divided into several sub-function blocksn If there is a complex operation, multiple instances of the block are
executed in parallel to reduce packet processing delay
Block-A
Blockccc -kkkkkkkkkkkkkkkkkkkkkkkk-------C
Block-B Block-B
Block-D
Pipe
linin
g
Stage 1e.g.) Interface
Stage 4e.g.) Interface
Stage 3e.g.) Switching
Stage 2 (Parallel operation)e.g.) Longest-prefix Matching Engine (LME)
Server(IP router VNF)
High-Level NFV Framework
Source: ETSI GS NFV 002 V1.1.1 (2013-10)
n Specified by ETSI (European Telecommunications Standards Institute)
Virtualised Network Functions (VNFs)
NFV Infrastructure (NFVI) NFV Management
and Orchestration
(MANO)
Architectural components of NFV
n Virtualized Network Functions (VNFs)¨ Network functions implemented as software and executed
on VMs
n NFV Infrastructure (NFVI)¨ Hardware resources and virtualization software that are
commonly required to execute VNFsn Management And Network Orchestration (MANO)
¨ Management functions of VNFs and hardware/software resources
n Fault management, Configuration management, Accounting, Performance monitoring and Security (FCAPS)
¨ Orchestration functionsn Manage service chains of multiple VNFs
VNFs
NFVI
MA
NO
Example of VNFs (1/4)
n Software switches/routers¨ Support packet forwarding between VMs within a server,
or replace physical switches that interconnect servers
Example
• Click modular router (http://read.cs.ucla.edu/click/)– Seminal open-source software router
(First paper was published in 2000!)– Router configuration can be assembled as a directed graph of packet
processing modules (“elements”)
Example of VNFs (2/4)Ethernet switch by Click
FromDevice– reads packets from network device
Classifier– classifies packets by contents
EtherSpanTree– IEEE 802.1d spanning tree algorithm
Suppressor– optionally drops some input ports
EtherSwitch– learning, forwarding Ethernet switch
ToDevice– sends packets to network device Source: E. Kohler, et al, “The Click modular router”, 2000.
Elements
Example of VNFs (3/4)
• Open vSwitch (http://openvswitch.org/)– Open-source software switch targeted at
multi-server virtualization deployments– Enhance the scalability and mobility of
VM environment by providing packet forwarding instead of physical switches
• Lagopus (http://www.lagopus.org/)– Software OpenFlow switch designed for wide-area network service
providers (i.e. network edge)– Achieves 10 Gbps packet forwarding and 1,000,000 flow entries by
applying Intel DPDK to its data plane
DPDK: Data Plane Development Kit
Example of VNFs (4/4)
n Middlebox functions¨ Middlebox: Network equipment deployed to apply specific
transmission policy¨ Reasonable performance is required compared to traditional
custom-hardware implementationn Trade-off with software flexibility
• Firewall• Network Address Translation (NAT)• Intrusion prevention system etc.
Example
NFVI framework
n NFVI includes hardware (i.e. servers) and softwaren “Framework” software provides useful functions for
VNFs¨ NF placement, dynamic scaling, fault tolerance, and load
balancing, etc.
Example
• ClickOS (http://cnp.neclab.eu/clickos/)– VM platform that supports a variety of
Click-based middlebox functions– Consists of virtualized OSs optimized
for running Click (called MiniOS) ClickOS architecture overviewSource: J. Martins et al, HotSDN, 2013.
The NFV-MANO architectural framework with reference pointsSource: ETSI GS NFV-IFA 009 V1.1.1 (2016-07)
Management And Network Orchestration (MANO)
n NFVO supports chaining of network functions to create services
n VNF manager manages individual network functions
n VIM manages physical servers and VMs that constitute NFVI hardware
Example • CloudNFV (http://cloudnfv.com/) • OPNFV (https://www.opnfv.org/)• OpenMANO (Telefonica, Spain) etc.
Service chaining (1/2)
n Definition in RFC (RFC7498 and 7665)
¨ Ordered list of instances of service functions¨ Subsequent “steering” of traffic flows through those
service functionsn VNFs are implemented in software on commodity hosts
¨ VNFs could be deployed in VMs in a single server, or could be distributed across multiple servers
¨ Servers could be in an edge-cloud or in a commercial-cloud datacenter
RFC: Request for Comments(issued by IETF(Internet Engineering Task Force))
Service chaining (2/2)
n High-speed optical network offers the opportunity to offload some VNFs to a remote datacenter¨ WAN propagation delays may impact the overall service-
chain performancen Performance requirements from clients should be considered while
choosing servers, and their corresponding datacenters
¨ Multiple service chains could share one network function
Optical Network Remote Datacenter
Ubiquitous grid (uGrid) environment
n Extends NFV service chaining concept to devices, general-purpose software program, and content¨ Referred to as “service parts”
Commercial cloud
Camera (Device)
Service part
Co
Commercial cloud
Program
Service chain
Television
Autonomous driving car
Air conditioner
( )Edge-server�(Video processing)
Cache�(storage)In-network
server
M2M control
Atomic NFV
n Divide VNFs into small sub-functions called “atomic functions” (like elements in Click)¨Aim to provision network service with flexible
performance by chaining distributed atomic functions
e.g. Firewall
Virtual network device(= Clustered VMs)
VNF (= Chain of atomic functions)
Commodity server
Atomic function(Software)
VM
Shared resource pool
Output of an atomic function could be transferred as input to another atomic function
Conclusions for Lesson 1010.1 SDN
• Following the popularization of server virtualization in datacenters, the concept of network virtualization has appeared
• SDN enables provision of logical networks for different network services
• Nowadays SDN is also extended into the transport network
10.2 NFV• NFV is the implementation of data-plane network functions in software
on commodity servers• NFV offers academic researchers an exciting opportunity to experiment
with new types of protocols, techniques, and networking service ideas• Many cloud and Internet service providers have invested considerable
resources in developing NFV, and therefore the promised capex/opexsavings are likely to be realized