Software defined

Networking(SDN)
Outlines
• What is SDN and why is it becoming popular?
• Traditional networking and its current limitations
• how SDN is supposed to solve the “problems” that
traditional networking has.
Traditional Networking
• Networking has always been very traditional. We have
specific network devices like routers, switches, and
firewalls that are used for specific tasks.
• These network devices are sold by networking vendors
like Cisco and often use proprietary hardware. Most of
these devices are primarily configured through the CLI,
although there are some GUI products like CCP (Cisco
Configuration Protocol) for the routers or ASDM for the
Cisco ASA firewalls.
• A network device, for example, a router has different functions
that it has to perform some of these functions are:
• It has to check the destination IP address in the routing table in
order to figure out where to forward the IP packet to.
• Routing protocols like OSPF, EIGRP or BGP are required to learn
networks that are installed in the routing table.
• It has to use ARP to figure out the destination MAC address of
the next hop or destination and change the destination MAC
address in the Ethernet frame.
• The TTL (Time to Live) in the IP packet has to be decreased by 1
and the IP header checksum has to be recalculated.
• The Ethernet frame checksum has to be recalculated.
• All these different tasks are separated by
different planes of operation in networking. There are
three planes:
• control plane
• data plane
• management plane
Control plane
• The control plane is responsible for exchanging routing
information, building the ARP table, etc. Here are some
tasks that are performed by the control plane:
• Running routing protocols like OSPF, EIGRP, and BGP
• Create, update its routing table,
• and make forwarding decisions.
• In SDN, the control plane is centralized and typically
managed by an SDN controller
Data plane
• The data plane is responsible for forwarding traffic. It relies on
the information that the control plane supplies. Here are some
tasks that the data plane takes care of: This includes:
• Encapsulate and de-encapsulate packets.
• Adding or removing headers like the 802.1Q header.
• Matching MAC addresses for forwarding.
• Matching IP destinations in the routing table.
• Change source and destination addresses when using NAT.
• Dropping traffic because of access-lists.
• The tasks of the data plane have to be performed as fast as
possible
• he data plane is distributed across each network device (like
switches, routers, or firewalls). Each device is responsible for
forwarding packets based on the instructions it receives from the
centralized controller.
Management Plane
• The management plane is used for access and
management of our network devices. For example,
accessing our device through telnet, SSH or the console
port.

• When discussing SDN, the control and data plane are

the most important
The following image is an illustration of the control and data
plane in SDN
- as shown the control plane where we use routing protocols like
OSPF and EIGRP and some static routing. The best routes are
installed in the routing table. Another table that the router has to
build is the ARP table.

Information from the routing and ARP table is then used to build the
forwarding table. When the router receives an IP packet, it will be able to
forward it quickly since the forwarding table has already been built.
 Limitations of traditional networking
• Despite being the backbone in modern computing environments, traditional
networking has a number of drawbacks when considering the demands of today's
dynamic and highly scalable IT architecture. And there are some business
challenges that ask for different solutions. Here are a few significant restrictions.
1. Manual Management: Traditional networks often require manual configuration
and management, which is time-consuming and prone to errors.
2. Cost :Hardware, such as switches, routers, and other networking devices,
requires big costs.
3. Static Architecture: Traditional networking relies on static, hardware-based
configurations that are not easily adaptable to changing requirements.
4. Fixed Capacity: Traditional networks are often designed with fixed capacity,
making it challenging to scale up or down based on demand.
5. Compatibility Issues: Integrating traditional networks with cloud services and
virtualized environments can be difficult and may require additional hardware or
software.
6. Static Security Posture: Traditional networks often rely on perimeter-based
security models, which can be less effective against modern, sophisticated
Example
• In the figure, we see the network infrastructure of a company’s data center.
• At the bottom, is a VMware ESXi server with a number of virtual machines.
• This server is connected to some switches in the access and aggregation layers.
• We also see two ASAs firewalls that protect our server and two routers for access
to the outside world. On top, there is another router with a host device.
• Assume for example that the company has a business requirement for a new
application that requires four new virtual machines to be installed on the VMware
server. For security reasons, each virtual machine should be in a different VLAN. A
user that is using H1 behind R3 should be able to access the application that runs
on these virtual machines.
• some of the things we have to configure on our network to make this happen:
• The VLANs have to be created on all switches.
• We have to configure a root bridge for the new VLANs.
• We have to assign four new subnets, one for each VLAN.
• We need to create new sub-interfaces with IP addresses on the switches.
• We have to configure the firewalls to permit access to the new applications / subnets.
• We have to advertise the new subnets in a routing protocol on our switches, routers, and firewalls.

• Although there are network automation tools to help us, we often use the CLI to
configure all of these devices . It’s a slow, manual process that a human has to
do. While it only takes a few minutes create a new virtual machine, it might take a
few hours for the network team to prepare the network. Changes like these are
also typically done during a maintenance window, not during business hours.
• Server virtualization is one of the reasons why businesses are
looking for something that speeds up the process described
above. Before virtualization, we used to have one physical
server with a single operating system. Nowadays we have
multiple physical servers with hundreds of virtual machines.
• These virtual machines are able to move automatically from
one physical server to another. When they cross an L3
boundary, you don’t want to wait for the network team to
make the required changes to routing or access-lists. It
should be automatic.
• The “trend” nowadays is that everything should be virtual.
This is also happening to networking. Large companies like
Cisco that used to sell only proprietary hardware are now
also offering virtual routers, ASAs, wireless LAN controllers,
etc. that you can run on VMWare servers.
SDN (Software Defined Networking)
• Software-defined networking (SDN) is an innovative approach to
network management that aims to improve the flexibility, efficiency,
and scalability of traditional networking. It achieves this by decoupling
the network control plane (which makes decisions about how packets
should be routed) from the data plane (which forwards packets to their
destinations). This separation allows for more centralized and
programmable control over the network
• Traditional networking uses a distributed model for the control plane. Protocols like ARP, STP, OSPF,
EIGRP, BGP and other run separately on each network device. These network devices communicate with
each other but there is no central device that has an overview or that controls the entire network.
• With SDN, we use a central controller for the control plane. Depending on the vendor’s SDN solution,
this could mean that the SDN controller takes over the control plane 100% or that it only has insight in the
control plane of all network devices in the network. The SDN controller could be a physical hardware
device or a virtual machine.
 SDN (Software Defined Networking)
• shown is the SDN controller which is responsible
for the control plane. The switches are now just
“dumb” devices that only have a data plane,
no control plane. The SDN controller is
responsible for feeding the data plane of these
switches with information from its control plane.
• There are some advantages and disadvantages
of having a distributed vs a central control
plane. One of the advantages of having a central
controller is that we can configure the entire
network from a single device. This controller has
full access and insight of everything that is
happening in our network.
The SDN controller interfaces
• The SDN controller uses the following two interfaces:
• northbound interface (NBI)
• southbound interface (SBI)
1. Southbound Interface
• The Southbound interface connects the SDN controller to the network devices (e.g.,
switches, routers). It allows the controller to configure and manage these devices,
directing how they should handle network traffic.
• This is not a physical interface but a software interface, often an API (Application
Programming Interface).
• An API is a software interface that allows an application to give access to other
applications by using pre-defined functions and data structures.
• Some popular southbound interfaces are:
• OpenFlow: this THIS IS the most popular SBI at the moment, it’s an open source protocol from
the Open Networking Foundation. There are quite a few network devices and SDN controllers that
support OpenFlow.

• Cisco OpFlex: this is Cisco’s answer to OpenFlow. It’s also an open source protocol which has been
submitted to the IETF for standardization.

• CLI: Cisco offers APIC-EM which is an SDN solution for the current generation of routers and
switches. It uses protocols that are available on current generation hardware like telnet, SSH, and
SNMP.
Northbound Interface
• The northbound interface is used to access the SDN controller
itself.
• This allows a network administrator to access the SDN to configure
it or to retrieve information from it.
• This could be done through a GUI but it also offers an API which
allows other applications access to the SDN controller. You can use
this to write scripts and automate your network administration.
• some examples:
• List information from all network devices in your network.
• Show the status of all physical interfaces in the network.
• Add a new VLAN on all your switches.
• Show the topology of your entire network.
• Automatically configure IP addresses, routing, and access-lists when a new virtual machine is created.
Northbound Interface- Continue
• As illustrated in the figure multiple applications are able
to access the SDN controller through the API :
• A user that is using a GUI to retrieve information about the
network from the SDN controller. Behind the scenes, the GUI is
using the API.

• Scripts that are written in Java or Python can use the API to
retrieve information from the SDN controller or configure the
network.

• Other applications are able to access the SDN controller.

Perhaps
an application that automatically configures the network once a
new virtual machine is created on a VMware ESXi server.
REST API (Representational State
Transfer)
• the north- and southbound interfaces use APIs.
• SDN controllers typically use a REST API (Representational
State Transfer)
• The REST API uses HTTP messages to send and receive
information between the SDN controller and another application. It
uses the same HTTP messages that you use when you browse a
webpage on the Internet or when you enter a contact form online:
• HTTP GET: used when we want to retrieve information.
• HTTP POST/PUT: used when we want to upload or update information.
• It is similar to browsing a webpage, only this time, you are not
requesting a webpage or picture but a particular object from the
SDN controller, for example, a list with all VLANs in the network.
 REST API
• When the SDN controller receives the HTTP GET request, it will reply with an
HTTP GET response with the information that was requested. This information
is delivered in a common data format. The two most used data formats are:
• JSON (JavaScript Object Notation)
• XML (eXtensible Markup Language)

1. a python script that is using HTTP GET to fetch 2. Once the API receives this, it will respond with
the following URL through the API: an HTTP GET response message
https://192.168.1.1:8443/sdn/v2.0/net/nodes The variables that were requested will be supplied
-This URL will retrieve some of the variables that in JSON format. The next page show how it looks
are available, for example, information about all
nodes (hosts) on the network.
- the JSON output above is easy to read.
- It tells us that we have two nodes on the
network, their IP, and MAC addresses.
• It’s likely that we will be using APIs more often than the
CLI in the future
• An API (Application Programming Interface) is a
set of rules and protocols that allows different software
applications to communicate with each other. It defines
the methods and data formats that applications can use
to request and exchange information. APIs are essential
for enabling the integration and interaction of different
systems, services, and applications in a standardized
way
Types of APIs

1.Web APIs:
1.RESTful APIs: Use standard HTTP methods and are designed around resources
identified by URIs.
2.SOAP APIs: Use XML-based messaging protocol and are often used in
enterprise environments.
2.Library or Framework APIs:
1.Definition: Provide functions and methods that can be used by developers
within specific programming environments or frameworks.
3.Operating System APIs:
1.Definition: Allow applications to interact with the underlying OS features and
services.
4.Database APIs:
1.Definition: Enable communication between applications and database
management systems.
SDN OpenDayLight
• OpenDaylight is an open source SDN controller
framework/platform, hosted by the Linux Foundation. It’s one of
the more popular (open source) SDN controllers at the moment.
• One of the southbound interface protocols it supports is
OpenFlow

• You can install and use Mininet that allows you to run a virtual network on your own computer
with devices that support OpenFlow.
• Using Mininet you can run a virtual network with OpenFlow network components (such as
switches , routers) that are controlled by our OpenDaylight SDN controller. You can use the
RESTCONF API to interact with your controller.
• Here’s the virtual network that we are going to build:
ONOS (Open Network Operating System)

• The ONOS (Open Network Operating System) project is

an open source community hosted by The Linux Foundation.
The goal of the project is to create a software-defined
networking (SDN) operating system for communications service
providers that is designed for scalability, high performance and
high availability.