Learning Tree’s new Software Defined Networking course just had its test run, and when the course starts running in January, I think it will be a popular one. Software Defined Networking (or SDN) has been a crucial part of telecommunication carrier networking for years, and now a form of it is moving into the data center.
SDN separates the network control plane from the forwarding plane. Applications can request dynamic network reconfiguration to establish new traffic flows, move virtual machines to other physical platforms without interrupting network connectivity, compartmentalize traffic with VLANs, or whatever is desired. The control plane then communicates with the forwarding infrastructure to make the requested changes happen.
The core of an SDN infrastructure is the SDN controller:
|⏫ Northbound traffic ⏬|
|⏫ Southbound traffic ⏬|
|Layer 2-4 Switching|
User applications, sometimes called Orchestration Engines, communicate with the SDN controller via what is called northbound traffic. OpenStack, CloudStack, and VMware’s vCloud suite can integrate the SDN orchestration. The SDN controller then uses southbound traffic to control the switching infrastructure by updating the flow tables in the switching devices.
The OpenDaylight SDN controller project is a community-led industry-supported open-source project. It uses a descriptive model, documenting what has been found to work, as opposed to a prescriptive model specifying in advance what must be done. OpenDaylight provides a controller which runs on a Linux host. The versions are named for the elements, you may have heard references to SDN controllers named Hydrogen, Helium, Lithium, and now Beryllium. Those are all OpenDaylight.
OpenDaylight is the biggest player in the open SDN controller arena but not the only one. Big Switch Networks, a spin-off of Stanford University, has released Floodlight.
OpenFlow is an open, vendor-neutral, standard protocol for the southbound control communication. The switching infrastructure can be made up of physical Ethernet switches, virtualized switches within hypervisors (e.g., VMware Nicira and vSwitch, Cisco’s Nexus 1000V, or Microsoft’s Hyper-V virtual switch), or a combination of physical and virtual.
The traffic flow is the fundamental concept of SDN network management. A flow, a traffic stream between programs running on two separate hosts, must be forwarded from one end to the other. But some flows, like streaming voice or video, have strict requirements for latency and throughput. Other flows, like web browsing, can accept greater latency. And others, such as electronic mail, aren’t intended to be any sort of real-time communication and can be forwarded at much lower priority.
OpenFlow devices use OSI layers 2 through 4. That is, the hardware or MAC addresses at each end, the IP addresses, and the UDP or TCP ports.
Some writers describe SDN as controlling traffic flows “using layers 2 through 7” but that seems like an overblown slogan to me. NFS is the only protocol for which I’ve been convinced that layers 5, 6, and 7 really exist in some explicit form. But I don’t think we really need those rather abstract higher layers.
Once the hosts have mutually authenticated (as with SSH, or with HTTPS using mutual authentication), and then you have authenticated the user in some trusted fashion, the layer 4 TCP connections from socket to socket imply host and user identity relationships. If we’re still uneasy, we must realize that we’re really questioning our host or user authentication and there’s nothing SDN can do to fix that.
SDN is very much a work in progress. OpenDaylight is just two years old, although OpenFlow was proposed in 2008. Cisco has just recently come on board, but to no one’s surprise they still push heavily for their proprietary solutions.
So far, many of the tools require a programmatic interface. There may be a browser interface, but it usually limits you to viewing, not controlling, and the viewing may not be terribly helpful yet.
The good news is that the OpenDaylight plus OpenFlow SDN solution is gaining traction. Check out the new course to see how the many pieces come together!