9 - Software Defined Networking Flashcards
What tasks does Network Management achieve?
This is the process of configuring the network to achieve a variety of tasks:
- Load Balancing
- Security Goals
- Business Relationships w/ Neighboring Networks
Network configuration mistakes can lead to these problems:
- Oscillation
- Loops
- Partitions
- Black Holes
Oscillation
When routers can’t agree on a route.
Loop
When packets get stuck between two routers.
Partitions
When a network is split into two or more segments.
Black Hole
When packets reach a router which drops it rather than forwarding it on.
Why is network configuration hard?
- It’s difficult to define correct behavior.
- Interactions between multiple routing protocols can lead to unpredictability.
- Operators make mistakes.
What does SDN provide operators at a very high level?
- Network-wide views
- Topology
- Traffic
- The ability to satisfy network-level objectives.
- Load balancing
- Security
- Direct Control - devices don’t have to be configured individually or indirectly
What should routers do to make network operations easier?
- Forward Packets
- Collect measurements (traffic statistics, topology info)
- Should NOT compute routes
With regards to routers, what is the fundamental tenant of SDN?
The logical centralization of the computing of routes, or “remove routing from routers”
Data Plane
The plane whose task it is to forward packets to their ultimate destination.
Routing Tables
The state that lives in each router and helps it decide how to forward packets.
Conventional Network Control Plane
The plane whose task it is to compute routing tables.
Where do the control and data planes reside on conventional networks?
On conventional networks, control and data planes reside on the router.
Where does the control plane reside on an SDN?
On SDNs, the control plane runs on a centralized controller which typically controls multiple routers.
Routing Control Platform (RCP)
A distributed configuration introduced in 2004 which focused on Border Gateway Protocol (BGP) only.
OpenFlow
A protocol that hit mainstream which incorporated RCP and 4D, made practical when manufacturers made the APIs for switched chipsets open and allowed them to be controlled from software.
Allowed for de-coupling of the control plane and the data plane.
A set of control commands by which a controller can control the behavior of one or more switches.
4D
In 2005 the notion of RCP was generalized for the different planes:
Decision Plane
Data Plane -
Dissemination & Discovery Planes
Dissemination & Discovery Planes (4D)
Plane that provides the Decision plane the info it needs to compute the forwarding state
Decision Plane (4D)
Plane that computes forwarding state for devices in the network
Data Plane (4D)
Plane that forwards traffic based on decisions made by the Decision Plane
What are the advantages of SDN over conventional networks?
- Coordination of Behavior Among Devices
- Network is easier to evolve
- Network is easier to reason about (debug)
These characteristics are all rooted in having a separate control plane, which allows CS techniques to be applied.
How is the SDN Control Plane typically implemented?
The SDN Control Plane is typically implemented in a high level language such as Python or C.
How is the SDN Data Plane typically implemented?
The SDN Data Plane is typically implemented as programmable hardware which is controlled by the Control Plane.
What are some common applications for SDN?
- Data Centers
- Backbone Networks
- Enterprise Networks
- Internet Exchange Points (IXPs)
- Home Networks
What are some examples of Control Plane operations?
- Computing a forwarding path that satisfies a high level policy
- Computing a shortest path route tree
- Authenticating a user’s device based on MAC address.
Would this be considered a control plane operation?
“Computing a forwarding path that satisfies a high level policy”
True
Would this be considered a control plan operation?
“Computing a shortest path route tree”
True
Would this be considered a control plane operation?
“Authenticating a user’s device based on MAC address.”
True
Would this be considered a control plane operation?
“Rate-limiting Traffic”
False - this is typically done in the data plane
Would this be considered a control plane operation?
“Load Balancing Traffic Based on Hash of Source IP”
False - this is typically done in the data plane
A routing protocol would be considered a function of the _____ plane.
A routing protocol would be considered a function of the CONTROL plane.
Configuration of network middleboxes would be considered a function of the _____ plane.
Configuration of network middleboxes would be considered a function of the CONTROL plane.
Forwarding packets at the IP layer is a function of the ______ plane.
Forwarding packets at the IP layer is a function of the DATA plane.
Layer 2 switching is a function of the ______ plane.
Layer 2 switching is a function of the DATA plane.
Why is separating the data and control planes a good idea?
- Independent Evolution - software and hardware can evolve independently
- Control From a High-Level Program - allows behavior to be debugged and checked more easily
The separation of data and control planes provides opportunity for better network management in:
- Data Centers - VM migration
- Routing - More control over decision logic
- Enterprise Networks - security applications (ex: network access control)
- Research Networks: Can co-exist with production networks on the same hardware
How does SDN solve the problem of provisioning and migrating virtual machines in data centers in response to load?
SDN helps solve the problem of provisioning and migrating virtual machines in data centers in response to load by:
Programming the switch state from a central database. Example: Migrating a VM from one server to another.
How does control/data separation in SDN make managing data centers easier?
As VMs are provisioned and migrated, the state of switches can be reconfigured from a centralized database.
T/F: Automatically load balancing is one way that SDN makes data center management easier.
FALSE - SDN does not automatically balance load.
T/F: Allowing for fewer switches is one of the benefits of having SDN in a data center.
FALSE - SDN does not automatically allow for fewer switches
T/F: Monitoring and control of routes from a centralized point is one of the advantages of using SDN in a data center.
TRUE
T/F: Migrating VMs without renumbering host addresses is one of the benefits of using SDN in a data center.
TRUE
How does SDN enhance Internet Backbone security with traffic filtering.
If an attacker is sending lots of traffic towards a victim, RCP may install a null route to filter traffic from the attacker to the victim.
What are the fundamental challenges with SDN?
- Scalability
- Consistency
- Security/Robustness
How is scalability an issue with SDN?
A controller may be responsible for hundreds or thousands of switches
How is consistency an issue with SDN?
There may be many physical replicas of the centralized controller. They needs to see the same view of the network in order to make the same decisions.
How is Security/Robustness an issue with SDN?
Network needs to continue to function in the event of controller failure or compromise
What are some ways to cope with scalability challenges with SDN?
- Eliminating redundant data structures
- Only perform a fixed number of operations (ex: routing)
- Cache control-plane decisions in switches
- Running multiple controllers to distribute the load
T/F: Sending all traffic to the controller is one way to cope with scalability challenges in SDN.
FALSE
Sending traffic to the control would not help with scalability.
NOX
NOX is a first generation OpenFlow controller.
- Open source
- Widely Used
- Comes in “Classic” and “New NOX”
What two flavors does NOX come in?
Classic: C++/Python, no longer supported
New NOX: C++ Only, fast, clean, well supported
What are the components of a NOX architecture?
- Switches
2. Network-attached servers
What role does the controller play in a NOX architecture?
In this architecture, the controller maintains a network view, and may run several applications that operate on that view.
What abstraction does NOX provide?
Switch control using the OpenFlow protocol
How is a Flow defined in NOX?
(header: counter, actions)
What two things does a switch do when it receives a packet.
- Updates counters for the flow that the packet belongs to or matches
- Applies the corresponding action for the matching flow to the packet
What are the different types of events processed by a NOX controller?
- Switch joining or leaving the network
- Packet receive event (redirected by the switch to the controller)
- Various statistics
- The controller also keeps track of a network view and the underlying topology
- Utilizes OpenFlow protocol to update the state of switches
What type of programming model and language does NOX use?
C++, Event-based (programmers can write event handlers)
What are some of the benefits and drawbacks of programming for NOX controllers?
Benefits: High Performance
Drawbacks:
- Requires an understanding of the semantics of low-level OpenFlow commands
- Requires to be written in C++ which can be slow for development
POX
A NOX controller implemented in Python which addresses the difficulties of developing for NOX controllers with C++
What are some advantages and disadvantages to using POX for NOX programming instead of C++?
- POX is well maintained and supported
- Easy to use, Python
- Poor performance compared to C++
Would you use NOX or POX for a class or university research project?
POX
Allows rapid prototype development.
Would you use NOX or POX for a large Internet data center?
NOX
POX does not perform as well as other controllers.
Ryu
An SDN controller:
- Implemented in Python
- Supports later versions of OpenFlow
- Supports OpenStack
- Does not perform as well as NOX
Floodlight
SDN Controller
- written in Java
- Supports OpenFlow
- Fork from “Beacon” contoller
What are some of the advantages/disadvantages of Floodlight?
- Maintains good documentation
- Good integration with the REST API
- Good production-level performance
- Steep learning curve
What do Ryu, Floodlight, NOX, and POX all have in common that makes them relatively difficult to learn and use?
Ryu, Floodlight, NOX, and POX all require a low-level understanding of fundamental OpenFlow commands.
Describe how a hub would be implemented in POX/Python.
An event listener would be added so that when a packet is received, it is flooded to all output ports.
Describe how a switch would be implemented in POX/Python.
When the first packet arrives at the switch on a given port, it is diverted to the controller which creates an entry in a hash table which maps the host address to that port. If the packet is multicast, or if there is no table entry the destination address, it is flooded to all ports.
The flow table is installed from the controller to the switch so that future packets do no have to be redirected to the controller.
What does a controller do if the source and destination address of a packet are the same.
The controller instructs the switch to drop the packet.
Would the IS-IS protocol be considered a control plane or a data plane protocol and why?
Intermediate System to Intermediate System (IS-IS) is a routing protocol, therefore it would be considered a CONTROL PLANE protocol.
Would the IP protocol be considered a control plane or a data plane protocol and why?
The IP protocol is a DATA PLANE protocol because…
Would the UDP protocol be considered a control plane or a data plane protocol and why?
?
Would the DHCP protocol be considered a control plane or a data plane protocol and why?
?
Would the 802.11 (WiFi) protocol be considered a control plane or a data plane protocol and why?
?
Name two situations/scenarios in which using SDN provides a benefit.
- ?
2. ?
Name two places where network virtualization is useful.
- ?
2. ?
Name two places where network virtualization is not normally especially useful.
- ?
2. ?