1. 1
Customer Driven Innovation
1
Do not distribute/edit/copy without the
written consent of A10 Networks
SDN: an Introduction
Luca Profico
lprofico@a10networks.com
2. 2
Who am I
Luca Profico
RSE@a10networks
A10 Networks
Networking company based in San Jose (CA)
10 years developing its own solutions
3# worldwide marketshare in ADC Market; #1 in Japan
Leader in CGN and IPv6 Migration solutions
3. 3
Software-defined Networking
• SDN concept has been around for almost 9 years now but
the concept is not yet clear
• Marketing is riding SDN with bigger and bigger promises
• What will we do with SDN?
• US ICT Event survey:
• SDN, I don’t understand it but I want it.
• All this fuss for old concepts remixed.
• Will I lose my job because of SDN?
4. 4
What is, What is Not
SDN is not a protocol
SDN is not a suite of protocols
SDN is not a technology
SDN is a concept, a methodology, an architecture that aims
at making network implementation, scalability and
management easier by separating planes
5. 5
Network Devices and Planes
Build and exchange information
ARP MAC Learning STP …
Routing protocols Neighbors …
Build and store local L2/L3 info tables
Packet processing/forwarding decisions
Forwarding table
Control
plane
Data
plane
fwd tbl
p
1
p
3
p
2
9. 9
Network
Network operating system
Middleware
vSwitchSwitch Switch Switch Switch vSwitch vSwitch
SDN Controller
Network
Application
Network
Application
Network
Application
Network
Application
Northbound API
Southbound API
SDN Implementation
10. 10
Open Networking Foundation
Members-only organization
Milestones
Founded in 2011
More than 50 members in 1st yr.
Over 100 members in 2013 (Vendors, SPs, Telcos)
11. 11
OpenFlow
Standard communication interface between control and
forwarding layer
OpenFlow specs
OF Switch specs 1.3.2 published 2013
OF Switch specs 1.4 approved 2013
OF-Config (conf & mgmt protocol) 1.1.1 published 2013
Simple traffic processing
Flow tables
Pipeline concept
OpenFlow Switches
Hybrid OpenFlow Switches
12. 12
OpenFlow Tables
Flow Table
Group Table
Meter Table
Match fields Priority Counters Instructions Timeout Cookie
Group Identifier Group Type Counters Action Buckets
Meter Identifier Meter Bands Counters
MAC src MAC dst IP src IP dst TCP dport … Action Count
* 10:20:. * * * * Port 1 99
* * 217.99.* * * * Table 6 18
* .:38:aa:. * * * * drop 4
* * * 7.7.9.4 25 * drop 172
* * * * 69 * local 19
* * * * * * controller 2993
13. 13
switch
Example: Life of a Packet
Flow Table
Group
Table
Group
Table
Meter Table
Next table
Action 1
Action 2
Action 3
Next table
Action 4
Next table
Action 5
Output
Action set
14. 14
OpenFlow Challenges
Protocol status. OF is simple. Maybe *too* simple
Which functionalities should stay resident?
Large networks flow programming
Hi-rate flow table update
Vendors proprietary protocols
15. 15
Overlays
VLAN on traditional networks has limitations
Number of instances
Transport
Overlapping
Some solutions have been tried
HVLAN, QinQ, PBT, PBB-TE, Mac-in-mac, …
With SDN we talk about Overlay networks
Used to create virtual network containers logically isolated from the
others, while sharing the underlying physical network
Always based on encapsulation. Usually tunnels are terminated on
softswitch
16. 16
VXLAN
Virtual Extensible LAN
Broadest industry support
VXLAN
Layer 2 frames in UDP packets
VLAN frames are preserved – multiple Layer 3 networks inside a VXLAN
segment
Uses multicast to transport broadcasts (openflow may avoid that)
Tenants see their own “normal” network
Underlying network sees UDP VXLAN traffic with a segment ID
VXLAN ID is 24 bits = 16 Million tenants sharing the same infrastructure
17. 17
50 Bytes More. Jumbo Frames!
14 bytes Outer MAC Header
20 bytes Outer IP Header
8 bytes Outer UDP Header
8 bytes VXLAN Header
Original L2 frame
(VLAN tag included)
18. 18
Multi-tenant SDN Network
Switch Switch Switch Switch Switch Switch Switch Switch
ServerServer Server Server Server Server
vServer
vServer
vServer
vServer
vSwitchvSwitch vSwitch vSwitch vSwitch vSwitch
vServer
vServer
vServer
vServer
vServer
vServer
vServer
vServer
vServer
vServer
vServer
vServer
vServer
vServer
vServer
vServer
vServer
vServer
vServer
vServer
SDN Controller
Network Apps/UI/…
19. 19
NVGRE, STT, NVO3
NVGRE
Similar to VXLAN
Microsoft pushes it
Overlay of choice in Hyper-V
Does not require multicast to carry broadcast, unknown unicast, multicast
Hyper-V embedded switch (Windows Network Virtualization Module) is pre-
populated with all host-to-tunnel mappings by powershell CMDlets
No flooding, as there is no unknown node
STT
Stateless Transport Tunneling
Encapsulation leverages some specific network card capabilities, like
TSO (TCP segmentation offload)
Nicira developed it. Nicira has been acquired by VMware
NVO3
Network Virtualization Overlays 3 - Developed by a group in IETF
20. 20
SDN Actual Use Cases
Link usage optimization
Distributed packet filtering
NAC for devices that do not support 802.1x
Service insertion, service chaining
Network traffic analysis, TAP aggregation
Basic link/service load balancing
21. 21
SDN Challenges
Southbound API is uncertain and will be fragmented
Scalability issues
Number of flows
Performance issues
Rate of flow-table updates
Redundancy
Vendors’ SDN controllers (OpenDaylight project?)
Know-how
Security
22. 22
Conclusions
SDN future is uncertain, at the moment most of the
development is being done on large data
centers, backbones, virtualization spaces
So far there is no real use for the enterprise
The southbound API will most probably be fragmented
It will take some time: as some analysts point out, it took
server virtualization 10 years to become mainstream, while
openflow 1° release was born in 2009
SDN will add up to $400M within the networking market in
2014 (Doyle Research)
In the end, the market will decide what SDN will be, where it
will be used, what applications we’ll write on it