Lesson 9: Software Defined Networking Flashcards
What is network management?
The process of configuring the network to achieve a variety of tests. These tests include Load Balance, Security, and Business relationships
What can configuration mistakes lead to?
- Persistent Oscillation
- Loops, where packets get stuck between 2 or more routers
- Partitions
- “Black Holes
Why is configuration hard to get right?
- It is difficult to define what “correctness” means
- Interactions between protocols are unpredictable
- Operators make mistakes.
What do operators need which SDN provides?
- Network-wide views of both Topology and Traffic
- The ability to satisfy network-level objects, such as load balance and security
- Direct control of the data plane
What should routers do in SDN?
- Forward Packets
- Collect measurements.
- should NOT compute routes. This should be done from a centralized control program.
What are the advantages of SDN over conventional networks?
- Easier to coordinate over a network of devices.
- Easier to evolve.
- Easier to reason.
What is the control plane?
A software program, usually written in high level language, such as Python or C
What is the Data Plane?
Programmable Hardware, controlled by the control plane
What are some SDN Applications?
Data Centers, Backbone Networks, Enterprise Networks, Internet Exchange Points (IXPs), and Home Networks.
Which of the following are examples of control plane operations?
- Computing a forwarding path, that satisfies some high-level policy such as an access control policy
- computing a shortest path routing tree
- rate-limiting traffic
- Load balancing traffic based on a hash of the packet source IP address
- authenticating a user’s device based on its MAC address
1, 2, 5
What is the function of the control plane?
Logic that controls forwarding behavior, such as routing protocols, configuration for network middleboxes.
What is the function of the data plane?
To forward traffic according to the control plane logic. Examples: Fowarding packets at IP layer, and switching.
Why separate the data plane from the control plane?
- Independent evolution & development,
- Control from a high-level program, which allows for easier debugging/checking behavior.
- Opportunity for better network management in data centers, using VM migration
- In routing, this provides more control over decision logic
- it provides enterprise networks opportunities for better security
- In research networks, easier to virtualize networks
Reasons for separating data and control?
A: No single point of failure
B: Ability to scale to much larger networks
C: Independent evolution of data & control plane
D: separating vendor hardware from control logic
E: Easier reasoning about network behavior
C, D, E
How does SDN benefit data centers?
If a data center has 20k servers, and each server 200 VMs, then each data center supports 400k VMs in a cluster.
Problem: Provisioning/migration in response to load
Solution: Program switch state from a central database.
If we need to provision additional, or migrate VMs, updating the switch state is much easier from a centralized server.
Why does SDN makes migration easier in data centers?
The servers are addressed with Layer 2 addressing. The entire data center looks like a flat layer 2 topology.
This means a server can be migrated from one portion of the data center to another without requiring the VM to acquire new addresses.
how does the control data plane separation make managing data centers easier?
A: he ability to monitor and control routes from a central point of control
B: The ability to migrate virtual machines without renumbering host addresses
C: requirement for fewer switches, or
D: making load balance automatic
A and B
How does SDN benefit backbone security?
if an attacker is sending lots of traffic to a victim, a measurement system may detect the attack, identify the entry point.
Then a controller, such as RCP, will install a “null route” on the attacker so the victim will no longer receive traffic from the attacker
What are the three main challenges to SDN?
- Scalability - a single control element maybe responsible for thousands of switches.
- Consistency - for redundancy/reliability, we’ll replicate the controller. So it is a challenge to ensure different replicas see the same view
- Security / Rebustness: Failure or compromise
What are some ways of coping with SDN scalability?
A: Eliminate redundant data structures
B: Only perform control-plane operations for a liminted # of operations
C: Send all traffic to controllers (to minimize decisions routers and switches need to make)
D: Cache forwarding decisions in switches.
E: Run multiple controllers
A (can help save memory)
B (ensures controller doesn’t do too much)
D (ensures not too much traffic is redirected to the contollers)
E (reduces controller load
What are some examples of SDN controllers?
NOX, Ryu Floodlight Pyretic Frentic Procera Routeflow Trema
What is NOX?
First-gen openflow controller - open-source, stable, widely used Two flavors: - "Classic" : C++/python (no longer supported) - "New NOX": C++ only, fast, clean
NOX Architecture components
Components: switches, network-attached servers
Abstraction: switch control
Control: Flow granularity
More about NOX
Watch 11.14
When would you use POX?
A: Class project
B: large internet data center
C: University research
A and C
A comparison of Ryu, floodlight, Nox, and Pox
Watch 11.16
What does a hub do?
When it receives traffic, it sends it out to all other nodes
What does a learning switch do?
It maintains a table that associates hosts with output ports.
