Improving Network Management with Software Defined Network Group 5 : z Xuling Wu z Haipeng Jiang z Sichen Wu z Aparna Sanil z Yun Feng z Kejiao Li z Dongquan Qi 1
Summary To operate, maintain and secure a communication was always a challenge. SDN separates the control plane and data plane and thereby breaks the rigid underlying infrastructure of network system. SDN introduces a centralized software program called controller for the operating the entire network. We also talk about prototype deployments in home and campus networks and how SDN improves the network management and performance. 2
Outline Introduction SDN Architecture Case study Conclusion 3
Introduction Why ? Difficulties to implement high-level policies on Low-level infrastructure. Various large numbers of routers, switches,etc. Closed equipment Software bundled with hardware Inflexibility Hard to introduce&deploy new protocol Complex environment (network states, events) Little mechanism to respond automatically manually adjust network configurations. 4 Router Management/ Policy plane Control plane Data plane
How? 5 SDN Concept: Separate Control plane and Data plane. Decision Maker (software) Packet forwarder( hardware)
Southbound interface OpenFlow Controller Northbound interface Procera 6 SDN Architecture
7
OpenFlow is a common southbound SDN interfaces. The Open Networking Foundation (ONF) is responsible for standardizing the OpenFlow protocol. There are a variety of OpenFlow controllers, e.g.: NOX C++ or Python to program Floodlight Java-based Maestro Multithreading 8 OpenFlow
A network control framework. Purpose: helps operators express event-driven network policies using a high-level functional programming language. Serves as a glue between high-level event-driven network policies and low-level network configuration. Use control domains to express event-driven network policies. 9 Procera
10 Procera Control domain
11 Procera Architecture
Event source: network components or middle boxes that can send dynamic events to the procera controller. e.g.: IDS, Authentication systems, SNMP Policy engine: parsing the network policy expressed with a policy language, also processing various events that come from event sources Language: allows operators to specify complex network policies in a simple language based on functional reactive programming (FRP) 12
Establish a connection to each OpenFlow-capable switch through the OpenFlow protocol. Insert, delete, or modify packet forwarding rules in switches through this connection. Also react to packet-in events and switch-join events that come from switches. – For packet-in events, install relevant forwarding rules in switch – For switch-join events, establish a new connection with that specific switch 13 Controller
Case study CAMPUS NETWORK HOME NETWORK 1.POLICY 2.DEPLOYMENT STATUS 1.IMPROVEMENT 2.POLICY 3.DEPLOYMENT STATUS 14
Campus Network-Policy Require unregistered end-host device to undergo an authentication process via an authentication web portal. After successful authentication, the device is scanned for possible vulnerabilities. If none are found, the device is finally granted access to the internal network and the Internet. Other events: 5 hours’ inactivity & infection. 15
Transitions and events in campus network 16
Implementing such complex policy relies on many technologies. eg. VLAN, firewall rules, etc. Requires network operators to independently configure multiple different components, including middle boxes, management servers, and numerous ad hoc scripts. Procera can automatically finish these configuration work, which significantly simplifies the expression of these types of policies. 17
Campus network deployment status 18
Home Network-Improvement Limited Visibility into broadband performance and overall status. Inflexible closed software installed in common home gateways hard to introduce new functions for home network. ISPs start to enforce monthly bandwidth caps to limit data usage. users need a new system to monitor and manage devices data usage. Issues 19
Improving Visibility: BISMARK BISmark is a collection of home gateways installed in households, a centralized management and data collection server, and multiple measurement servers deployed around the world. Improve visibility into home broadband performance and its overall status. Provide continuously monitoring of the status of home networks, and ensure that customers receive their promised service. Improving Control: SDN SDN makes it much easier to introduce new functions. It is possible to combine BISmark’s measurement data and procera to build a management system that reacts to various conditions of the home. network. Example: Traffic shapping, proactively prefetching and caching. SDN paradigm enable a central controller to make various kinds of traffic engineering decisions and pushing rules to home gateways to enforce such policy greatly increases the flexibility of home network management. 20
Uncapped device can access the Internet normally. When the device’s data usage exceeds the monthly cap value set by the home user, it is blocked-Capped. The reverse transition is triggered when the cap value is increased or data usage of devices are reset due to the end of a billing cycle. Procera automatically detects caped or uncapped devices every 5sec. 21
Home Network- Deployment Status NetGear WNDR 3700v2 and 3800 wireless routers are used as OpenFlow-capable forwarding devices. Home users use the router as a wireless access point and observe no particular difference from any normal wireless access point. The wireless router runs a customized firmware based on OpenWrt that implements OpenFlow protocol version
Conclusion Network configuration is becoming complex due to Continually changing network state & Low-level per-device network configuration. SDN basic idea: separating control plane from switches, managing the whole network, rather than individual network component. The practice of Procera based on SDN structure in these two examples demonstrate OpenFlow-CAPABLE switches give possibilities for expressing complex network policies while reducing management in settings. 23
QUESTIONS? 24
Thank you 25