Lesson 9 - Software Defined Networking

Question 1

What tasks does Network Management achieve?

Answer 1

This is the process of configuring the network to achieve a variety of tasks:- Load Balancing- Security Goals- Business Relationships w/ Neighboring Networks

Question 2

Network configuration mistakes can lead to these problems:

Answer 2

• Oscillation- Loops- Partitions- Black Holes

Question 3

Oscillation

Answer 3

When routers can’t agree on a route.

Question 4

Loop

Answer 4

When packets get stuck between two routers.

Question 5

Partitions

Answer 5

When a network is split into two or more segments.

Question 6

Black Hole

Answer 6

When packets reach a router which drops it rather than forwarding it on.

Question 7

Why is network configuration hard?

Answer 7

1. It’s difficult to define correct behavior.2. Interactions between multiple routing protocols can lead to unpredictability.3. Operators make mistakes.

Question 8

What does SDN provide operators at a very high level?

Answer 8

1. Network-wide views - Topology - Traffic2. The ability to satisfy network-level objectives. - Load balancing - Security3. Direct Control - devices don’t have to be configured individually or indirectly

Question 9

What should routers do to make network operations easier?

Answer 9

• Forward Packets- Collect measurements (traffic statistics, topology info)- Should NOT compute routes

Question 10

With regards to routers, what is the fundamental tenant of SDN?

Answer 10

The logical centralization of the computing of routes, or “remove routing from routers”

Question 11

Data Plane

Answer 11

The plane whose task it is to forward packets to their ultimate destination.

Question 12

Routing Tables

Answer 12

The state that lives in each router and helps it decide how to forward packets.

Question 13

Conventional Network Control Plane

Answer 13

The plane whose task it is to compute routing tables.

Question 14

Where do the control and data planes reside on conventional networks?

Answer 14

On conventional networks, control and data planes reside on the router.

Question 15

Where does the control plane reside on an SDN?

Answer 15

On SDNs, the control plane runs on a centralized controller which typically controls multiple routers.

Question 16

Routing Control Platform (RCP)

Answer 16

A distributed configuration introduced in 2004 which focused on Border Gateway Protocol (BGP) only.

Question 17

OpenFlow

Answer 17

A protocol that hit mainstream which incorporated RCP and 4D, made practical when manufacturers made the APIs for switched chipsets open and allowed them to be controlled from software.Allowed for de-coupling of the control plane and the data plane.A set of control commands by which a controller can control the behavior of one or more switches.

Question 18

4D

Answer 18

In 2005 the notion of RCP was generalized for the different planes:Decision PlaneData Plane - Dissemination & Discovery Planes

Question 19

Dissemination & Discovery Planes (4D)

Answer 19

Plane that provides the Decision plane the info it needs to compute the forwarding state

Question 20

Decision Plane (4D)

Answer 20

Plane that computes forwarding state for devices in the network

Question 21

Data Plane (4D)

Answer 21

Plane that forwards traffic based on decisions made by the Decision Plane

Question 22

What are the advantages of SDN over conventional networks?

Answer 22

1. Coordination of Behavior Among Devices2. Network is easier to evolve3. Network is easier to reason about (debug)These characteristics are all rooted in having a separate control plane, which allows CS techniques to be applied.

Question 23

How is the SDN Control Plane typically implemented?

Answer 23

The SDN Control Plane is typically implemented in a high level language such as Python or C.

Question 24

How is the SDN Data Plane typically implemented?

Answer 24

The SDN Data Plane is typically implemented as programmable hardware which is controlled by the Control Plane.

Question 25

What are some common applications for SDN?

Answer 25

• Data Centers- Backbone Networks- Enterprise Networks- Internet Exchange Points (IXPs)- Home Networks

Question 26

What are some examples of Control Plane operations?

Answer 26

• Computing a forwarding path that satisfies a high level policy- Computing a shortest path route tree- Authenticating a user’s device based on MAC address.

Question 27

Would this be considered a control plane operation?”Computing a forwarding path that satisfies a high level policy”

Answer 27

True

Question 28

Would this be considered a control plan operation?”Computing a shortest path route tree”

Answer 28

True

Question 29

Would this be considered a control plane operation?”Authenticating a user’s device based on MAC address.”

Answer 29

True

Question 30

Would this be considered a control plane operation?”Rate-limiting Traffic”

Answer 30

False - this is typically done in the data plane

Question 31

Would this be considered a control plane operation?”Load Balancing Traffic Based on Hash of Source IP”

Answer 31

False - this is typically done in the data plane

Question 32

A routing protocol would be considered a function of the _____ plane.

Answer 32

A routing protocol would be considered a function of the CONTROL plane.

Question 33

Configuration of network middleboxes would be considered a function of the _____ plane.

Answer 33

Configuration of network middleboxes would be considered a function of the CONTROL plane.

Question 34

Forwarding packets at the IP layer is a function of the ______ plane.

Answer 34

Forwarding packets at the IP layer is a function of the DATA plane.

Question 35

Layer 2 switching is a function of the ______ plane.

Answer 35

Layer 2 switching is a function of the DATA plane.

Question 36

Why is separating the data and control planes a good idea?

Answer 36

1. Independent Evolution - software and hardware can evolve independently2. Control From a High-Level Program - allows behavior to be debugged and checked more easily

Question 37

The separation of data and control planes provides opportunity for better network management in:

Answer 37

1. Data Centers - VM migration2. Routing - More control over decision logic3. Enterprise Networks - security applications (ex: network access control)4. Research Networks: Can co-exist with production networks on the same hardware

Question 38

How does SDN solve the problem of provisioning and migrating virtual machines in data centers in response to load?

Answer 38

SDN helps solve the problem of provisioning and migrating virtual machines in data centers in response to load by:Programming the switch state from a central database. Example: Migrating a VM from one server to another.

Question 39

How does control/data separation in SDN make managing data centers easier?

Answer 39

As VMs are provisioned and migrated, the state of switches can be reconfigured from a centralized database.

Question 40

T/F: Automatically load balancing is one way that SDN makes data center management easier.

Answer 40

FALSE - SDN does not automatically balance load.

Question 41

T/F: Allowing for fewer switches is one of the benefits of having SDN in a data center.

Answer 41

FALSE - SDN does not automatically allow for fewer switches

Question 42

T/F: Monitoring and control of routes from a centralized point is one of the advantages of using SDN in a data center.

Answer 42

TRUE

Question 43

T/F: Migrating VMs without renumbering host addresses is one of the benefits of using SDN in a data center.

Answer 43

TRUE

Question 44

How does SDN enhance Internet Backbone security with traffic filtering.

Answer 44

If an attacker is sending lots of traffic towards a victim, RCP may install a null route to filter traffic from the attacker to the victim.

Question 45

What are the fundamental challenges with SDN?

Answer 45

1. Scalability2. Consistency3. Security/Robustness

Question 46

How is scalability an issue with SDN?

Answer 46

A controller may be responsible for hundreds or thousands of switches

Question 47

How is consistency an issue with SDN?

Answer 47

There may be many physical replicas of the centralized controller. They needs to see the same view of the network in order to make the same decisions.

Question 48

How is Security/Robustness an issue with SDN?

Answer 48

Network needs to continue to function in the event of controller failure or compromise

Question 49

What are some ways to cope with scalability challenges with SDN?

Answer 49

• Eliminating redundant data structures- Only perform a fixed number of operations (ex: routing)- Cache control-plane decisions in switches- Running multiple controllers to distribute the load

Question 50

T/F: Sending all traffic to the controller is one way to cope with scalability challenges in SDN.

Answer 50

FALSESending traffic to the control would not help with scalability.

Question 51

NOX

Answer 51

NOX is a first generation OpenFlow controller.- Open source- Widely Used- Comes in “Classic” and “New NOX”

Question 52

What two flavors does NOX come in?

Answer 52

Classic: C++/Python, no longer supportedNew NOX: C++ Only, fast, clean, well supported

Question 53

What are the components of a NOX architecture?

Answer 53

1. Switches2. Network-attached servers

Question 54

What role does the controller play in a NOX architecture?

Answer 54

In this architecture, the controller maintains a network view, and may run several applications that operate on that view.

Question 55

What abstraction does NOX provide?

Answer 55

Switch control using the OpenFlow protocol

Question 56

How is a Flow defined in NOX?

Answer 56

(header: counter, actions)

Question 57

What two things does a switch do when it receives a packet.

Answer 57

1. Updates counters for the flow that the packet belongs to or matches2. Applies the corresponding action for the matching flow to the packet

Question 58

What are the different types of events processed by a NOX controller?

Answer 58

• Switch joining or leaving the network- Packet receive event (redirected by the switch to the controller)- Various statistics- The controller also keeps track of a network view and the underlying topology- Utilizes OpenFlow protocol to update the state of switches

Question 59

What type of programming model and language does NOX use?

Answer 59

C++, Event-based (programmers can write event handlers)

Question 60

What are some of the benefits and drawbacks of programming for NOX controllers?

Answer 60

Benefits: High PerformanceDrawbacks: - Requires an understanding of the semantics of low-level OpenFlow commands- Requires to be written in C++ which can be slow for development

Question 61

POX

Answer 61

A NOX controller implemented in Python which addresses the difficulties of developing for NOX controllers with C++

Question 62

What are some advantages and disadvantages to using POX for NOX programming instead of C++?

Answer 62

• POX is well maintained and supported- Easy to use, Python- Poor performance compared to C++

Question 63

Would you use NOX or POX for a class or university research project?

Answer 63

POXAllows rapid prototype development.

Question 64

Would you use NOX or POX for a large Internet data center?

Answer 64

NOXPOX does not perform as well as other controllers.

Question 65

Ryu

Answer 65

An SDN controller:- Implemented in Python- Supports later versions of OpenFlow- Supports OpenStack- Does not perform as well as NOX

Question 66

Floodlight

Answer 66

SDN Controller- written in Java- Supports OpenFlow- Fork from “Beacon” contoller

Question 67

What are some of the advantages/disadvantages of Floodlight?

Answer 67

• Maintains good documentation- Good integration with the REST API- Good production-level performance- Steep learning curve

Question 68

What do Ryu, Floodlight, NOX, and POX all have in common that makes them relatively difficult to learn and use?

Answer 68

Ryu, Floodlight, NOX, and POX all require a low-level understanding of fundamental OpenFlow commands.

Question 69

Describe how a hub would be implemented in POX/Python.

Answer 69

An event listener would be added so that when a packet is received, it is flooded to all output ports.

Question 70

Describe how a switch would be implemented in POX/Python.

Answer 70

When the first packet arrives at the switch on a given port, it is diverted to the controller which creates an entry in a hash table which maps the host address to that port. If the packet is multicast, or if there is no table entry the destination address, it is flooded to all ports.The flow table is installed from the controller to the switch so that future packets do no have to be redirected to the controller.

Question 71

What does a controller do if the source and destination address of a packet are the same.

Answer 71

The controller instructs the switch to drop the packet.

Question 72

Would the IS-IS protocol be considered a control plane or a data plane protocol and why?

Answer 72

Intermediate System to Intermediate System (IS-IS) is a routing protocol, therefore it would be considered a CONTROL PLANE protocol.

This is used to calculate routes that allow routers to later forward data packets, but does not carry data for any application

Question 73

Would the IP protocol be considered a control plane or a data plane protocol and why?

Answer 73

The IP protocol is a DATA PLANE protocol because… the actual IP packets that are forwarded by routers are the packets that contain application data

Question 74

Would the UDP protocol be considered a control plane or a data plane protocol and why?

Answer 74

DATA. similar to IP, these UDP packets contain application data

Question 75

Would the DHCP protocol be considered a control plane or a data plane protocol and why?

Answer 75

CONTROL – this is used to automatically assign IP addresses to end hosts (and sometimes subnet and DNS server locations as well), which is required for that end host to then be able to send and receive data packets, but DHCP messages do not contain any application data themselves

Question 76

Would the 802.11 (WiFi) protocol be considered a control plane or a data plane protocol and why?

Answer 76

DATA – this is a link layer protocol that carries data for applications or higher level protocols (which would be considered “data” by the link layer, even if they are not data at the application layer)

Question 77

Name two situations/scenarios in which using SDN provides a benefit.

Answer 77

1. When something breaks in the network the control plane is separate and policies are centralized in the SDN controller, so it is easier to see the “big picture”
2. When you want to update your network, instead of buying new hardware, just update the policy
3. SDN is useful in research or testbed network. Because SDN is flexible, you can create new control techniques or try different policies to experiment with them

Question 78

Name two places where network virtualization is useful.

Answer 78

1. Network virtualization is useful in multi tenant data centers (or “the cloud”) in order to provide each tenant with the illusion that they have a private network connecting their servers/Vms
2. R&D environments in order to isolate networking experiments from the rest of the general-purpose traffic in their enterprise
3. Useful in networking classes

Question 79

Name two places where network virtualization is not normally especially useful.

Answer 79

1. Where it would be overkill, like in a home network.
2. Networks that are highly sensitive to latency are not good candidates. A network of hosts and physical devices used to launch manned space vehicles, conduct air traffic control, control a nuclear reactor, etc. are bad candidates for network virtualization