Lecture 4
Per-router control plane: every router runs some routing algorithm that all talk to one another
E.g. OSPF, RIP
Logically-centralised control plane: remote controller interacts with agents on every router
Generalised forwarding: match + action
Forwarding table (flow table)
Match bits in incoming packet, take action
Destination-based forwarding: forward based on dest. IP addr
Generalised forwarding: many header fields can determine action (e.g. drop/copy/modify/...)
Flow Table
Flow: defined by header field values
Generalised forwarding: simple packet-handling rules
match pattern values in headers
actions for matched packet: drop, forward, modify or send to controller
priority to choose between multiple overlapping patterns
counters # bytes and #packets
%20Advanced%20Networking/Attachments/Pasted%20image%2020260213114547.png)
OpenFlow Abstraction
Match+action works for multiple kinds of devices
Router:
- match: longest destination IP prefix
- action: forward out a link
Switch - match: destination MAC address
- action: forward or flood
Firewall - match: IP addresses and TCP/UDP port numbers
- action: permit or deny
NAT - match: IP address and port
- action: rewrite address and port
SDN
- Simple data-plane switches
- SDN controller (network OS), maintains network state and talks to the switches
- Network-control apps, the brains. Use API provided by SDN controller
OpenFlow Protocol
Operates between controller and switches
TCP 6653, optionally uses TLS
Three classes of messages
Controller-to-switch
Features: what does the switch support?
Set/Get config
FlowMod: add,delete,modify entries in the switch's flowt able
PacketOut: send this packet out of a specific switch port (used to tell the switch where to send something)
Async switch-to-controller
PacketIn: switch sends packet to controller, when no matching rule exists for a packet
FlowRemoved: switch notifies controller when a flow entry is expired or deleted
PortStatus: update controller on port changes (e.g. up/down)
Symmetric (misc.)
%20Advanced%20Networking/Attachments/Pasted%20image%2020260213120149.png)
- S1, experiencing link failure uses OpenFlow port status message to notify controller
- SDN controller receives OpenFlow message, updates link status info
- Dijkstra’s routing algorithm application has previously registered to be called when ever link status changes. It is called.
- Dijkstra’s routing algorithm access network graph info, link state info in controller, computes new routes
- link state routing app interacts with flow-table-computation component in SDN controller, which computes new flow tables needed
- controller uses FlowMod to install new flow entries in switches that need updating
SDN makes networks more flexible
Primarily adopted by hyperscalers
Not per-se OpenFlow, but it is the norm
Automatic provisioning and centralised control
Network Virtualisation
SDN:
Decoupling the data and control layers
Decoupling the services provided by the network from the physical infrastructure
Virtual network is a bundle of services, provisioned by software
Provides agility: provision, change or tear down a network quickly
%20Advanced%20Networking/Attachments/Pasted%20image%2020260217102235.png)
Two main ideas
- Sharing the network
- Provide services to different tenants with different requirements
- Give them control over their own virtual networks
- Traffic isolation (traffic should not leak between them)
- Performance isolation (congestion of one tenant should not congest the others)
- Abstracting the topology
- One big virtual switch
- Arbitrary topologies
%20Advanced%20Networking/Attachments/Pasted%20image%2020260217102919.png)
Allows you to:
- Efficiently share infra
- Share between multiple customers
- Have an experimental network, that does not affect the production one
- Expanding a network, by leasing space in another network
- Use multiple services (that require different characteristics, e.g. congestion alg.) over the same infra
- Partial deployment (tunnel through/hide the parts that you do not control)
- Hide complexity/details-> more simple and more private
- Scalability due to fewer topology and events
Example technologies
- L2
- VLANs
- QinQ: stacked VLAN tags
- Overlay networks
- VXLAN: scale beyond the size of VLAN tags, mainly in datacenters
- GENEVE (generic network virutalisation): overlay encapsulation
- Multi-tenancy at L3
- VRF (virtual routing and forwarding): multiple isolated routing tables on the same physical device
- MPLS L2/L3 VON: carrier-grade VPN over MPLS backbone
- EVPN: modern BGP-based control plane to advertise MAC/IP reachability for VXLAN and MPLS-based VPNs
SDN vs Network Virtualisation
SDN
Network programmability
Separate control and data
Easier to virtualise an SDN switch
Separate controller per virtual network
Partition the space of all flows
Leverage the interface to the hardware
Virtualisation
Multi-tenancy
Decouple physical infra from what it actually runs
Predates SDN, does not require SDN