www.finebook.ir www.finebook.ir SDN: Software Defined Networks Thomas D. Nadeau and Ken Gray www.finebook.ir SDN: Software Defined Networks by Thomas D. Nadeau and Ken Gray Copyright © 2013 Thomas D. Nadeau, Ken Gray. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://my.safaribooksonline.com). For more information, contact our corporate/ institutional sales department: 800-998-9938 or [email protected]. Editors: Mike Loukides and Meghan Blanchette Indexer: Judith McConville Production Editor: Kristen Borg Cover Designer: Karen Montgomery Copyeditor: Jasmine Kwityn Interior Designer: David Futato Proofreader: Amanda Kersey Illustrator: Rebecca Demarest and Kara Ebrahim August 2013: First Edition Revision History for the First Edition: 2013-08-07: First release See http://oreilly.com/catalog/errata.csp?isbn=9781449342302 for release details. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. SDN: Software Defined Networks, the image of a goosander duck, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc., was aware of a trade‐ mark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. ISBN: 978-1-449-34230-2 [LSI] www.finebook.ir Table of Contents Foreword by David Meyer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Foreword by David Ward. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2. Centralized and Distributed Control and Data Planes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Introduction 9 Evolution versus Revolution 10 What Do They Do? 11 The Control Plane 11 Data Plane 16 Moving Information Between Planes 18 Why Can Separation Be Important? 20 Distributed Control Planes 28 IP and MPLS 29 Creating the IP Underlay 30 Convergence Time 32 Load Balancing 33 High Availability 34 Creating the MPLS Overlay 34 Replication 37 Centralized Control Planes 37 Logical Versus Literal 38 ATM/LANE 39 Route Servers 42 Conclusions 44 3. OpenFlow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 iii www.finebook.ir Introduction 47 Wire Protocol 50 Replication 53 FAWG (Forwarding Abstraction Workgroup) 54 Config and Extensibility 57 Architecture 62 Hybrid Approaches 63 Ships in the Night 64 Dual Function Switches 65 Conclusions 69 4. SDN Controllers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Introduction 71 General Concepts 72 VMware 75 Nicira 79 VMware/Nicira 83 OpenFlow-Related 83 Mininet 85 NOX/POX 87 Trema 89 Ryu 92 Big Switch Networks/Floodlight 93 Layer 3 Centric 95 L3VPN 96 Path Computation Element Server 101 Plexxi 109 Plexxi Affinity 111 Cisco OnePK 111 Relationship to the Idealized SDN Framework 113 Conclusions 113 5. Network Programmability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Introduction 117 The Management Interface 118 The Application-Network Divide 118 The Command-Line Interface 122 NETCONF and NETMOD 124 SNMP 126 Modern Programmatic Interfaces 132 Publish and Subscribe Interfaces 132 XMPP 135 iv | Table of Contents www.finebook.ir Google’s Protocol Buffers 137 Thrift 140 JSON 142 I2RS 143 Modern Orchestration 146 OpenStack 147 CloudStack 151 Puppet 153 Conclusions 156 6. Data Center Concepts and Constructs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 Introduction 157 The Multitenant Data Center 160 The Virtualized Multitenant Data Center 163 Orchestration 167 Connecting a Tenant to the Internet/VPN 168 Virtual Machine Migration and Elasticity 169 Data Center Interconnect (DCI) 175 Fallacies of Data Center Distributed Computing 176 Data Center Distributed Computing Pitfalls to Consider 177 SDN Solutions for the Data Center Network 184 The Network Underlay 185 VLANs 186 EVPN 188 Locator ID Split (LISP) 191 VxLan 192 NVGRE 195 OpenFlow 197 Network Overlays 199 Network Overlay Types 201 Conclusions 205 7. Network Function Virtualization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Introduction 207 Virtualization and Data Plane I/O 208 Data Plane I/O 210 I/O Summary 213 Services Engineered Path 214 Service Locations and Chaining 217 Metadata 219 An Application Level Approach 220 Scale 222 Table of Contents | v www.finebook.ir NFV at ETSI 223 Non-ETSI NFV Work 228 Middlebox Studies 229 Embrane/LineRate 231 Platform Virtualization 233 Conclusions 238 8. Network Topology and Topological Information Abstraction. . . . . . . . . . . . . . . . . . . . . 241 Introduction 241 Network Topology 242 Traditional Methods 244 LLDP 248 BGP-TE/LS 252 BGP-LS with PCE 253 ALTO 254 BGP-LS and PCE Interaction with ALTO 255 I2RS Topology 256 Conclusions 259 9. Building an SDN Framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Introduction 261 Build Code First; Ask Questions Later... 262 The Juniper SDN Framework 265 IETF SDN Framework(s) 268 SDN(P) 268 ABNO 270 Open Daylight Controller/Framework 271 API 274 High Availability and State Storage 275 Analytics 276 Policy 279 Conclusions 279 10. Use Cases for Bandwidth Scheduling, Manipulation, and Calendaring. . . . . . . . . . . . . 281 Introduction 281 Bandwidth Calendaring 284 Base Topology and Fundamental Concepts 285 OpenFlow and PCE Topologies 286 Example Configuration 287 OpenFlow Provisioned Example 287 Enhancing the Controller 289 Overlay Example Using PCE Provisioning 290 vi | Table of Contents www.finebook.ir Expanding Your Reach: Barbarians at the Gate 294 Big Data and Application Hyper-Virtualization for Instant CSPF 295 Expanding Topology 297 Conclusions 298 11. Use Cases for Data Center Overlays, Big Data, and Network Function Virtualization. . 299 Introduction 299 Data Center Orchestration 299 Creating Tenant and Virtual Machine State 302 Forwarding State 304 Data-Driven Learning 305 Control-Plane Signaling 306 Scaling and Performance Considerations 306 Puppet (DevOps Solution) 308 Network Function Virtualization (NFV) 311 NFV in Mobility 312 Optimized Big Data 315 Conclusions 319 12. Use Cases for Input Traffic Monitoring, Classification, and Triggered Actions. . . . . . . . 321 Introduction 321 The Firewall 321 Firewalls as a Service 324 Network Access Control Replacement 326 Extending the Use Case with a Virtual Firewall 330 Feedback and Optimization 333 Intrusion Detection/Threat Mitigation 333 Conclusions 335 13. Final Thoughts and Conclusions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337 What Is True About SDN? 337 Economics 339 SDN Is Really About Operations and Management 340 Multiple Definitions of SDN 341 Are We Making Progress Yet? 342 Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 Table of Contents | vii www.finebook.ir www.finebook.ir