 State of the Internet

 The Need for a New Network

 Software-Defined Networking (SDN)
 Network Data Plane
 SDN Data Plane Technology: OpenFlow

SDN Tutorial 2
SDN Tutorial 3
• Proposed in the late 1970s
• Open Systems Interconnection model:
– It characterizes and standardizes a
communication system by dividing it into
layers
– A layer serves the layer above it and is
served by the layer below it
• Two major components:
– An abstract model of networking
– A set of protocols

SDN Tutorial 4
 OSI Model
Data Unit Layer Function

Host Data 7. Application Network process to application

Layers
6. Presentation Data presentation, encryption
and decryption
5. Session Interhost communication

Segment 4. Transport Reliable delivery of packets

Media Packet/Datagram 3. Network Addressing, routing and

Layers delivery of datagrams
Bit/Frame 2. Data Link Reliable direct P2P data
connection
Bit 1. Physical Direct P2P data connection

SDN Tutorial 5
SDN Tutorial 6
 The Internet Hourglass
Applications
Kazaa VoIP Mail News Video Audio IM U Tube
Everything
Transport protocols
on IP
TCP SCTP UDP ICMP
Ossification Continued
Innovations
IP

IP on
Ethernet 802.11 Power lines ATM Optical Satellite Bluetooth
everything
Link technologies

SDN Tutorial 7
 The trends driving the networking
industry to reevaluate traditional
network architecture:
 The explosion of mobile devices and
content
 Server virtualization
 Advent of cloud services
 Traditional networks are hierarchical:
 Make sense for client-server computing
 Ill-suited to the dynamic computing and
storage needs
SDN Tutorial 8
 The key computing trends driving for a
new network paradigm:
 Changing traffic patterns:
▪ Instead of client-server communication,
applications access multiple databases and
servers across the entire network
 The “consumerization of IT”:
▪ Mobile devices are widely used which drive IT to
accommodate these personal devices in a fine-
grained manner

SDN Tutorial 9
 The key computing trends driving for a
new network paradigm:
 The rise of cloud services:
▪ Enterprises enthusiastically embraced both public
and private cloud services
 The hunger for “Big data”:
▪ Mega datasets needs massive parallel processing
on multiple servers, which need direct connection
▪ The constant demand for additional network
capacity
▪ Maintain any-to-any connectivity

SDN Tutorial 10
 Limitations of current networking:
 Complexity leads to stasis:
▪ To add or move any device, IT must touch
multiple switches, routers, firewalls, etc.
▪ Server virtualization has greatly altered
assumptions about physical location of hosts
▪ Network static nature cannot dynamically adapt
changing traffic, application, and user demand
 Inconsistent policies:
▪ Today’s network makes it difficult for IT to apply
consistent set of access, security, QoS, and other
policies to increasingly mobile users

SDN Tutorial 11
 Limitations of current networking:
 Inability to scale:
▪ Network becomes very complex with the addition
of thousands of network devices that must be
configured and managed
▪ Dynamic traffic patterns cannot be handled with
manual configuration
 Vendor dependence:
▪ Vendors’ equipment product cycles cannot adapt
to the rapid changing network architecture in time
▪ Lack of standard, open interfaces limit the ability
of network operators to tailor the network

12
 The Need for a New Network

 To reinvent the Internet

 To develop a new network with similar
magnitude as today’s Internet but with more
demanding and complex design goals and
specifications
 Built with the usage of emerging new
technologies in the area of computer
networking

SDN Tutorial 13
State of The Internet
The Internet is great at what it does, but..
 Security is weak
 Availability/Reliability is an issue
 Instrumentation is weak
 Predictability is weak
 Manageability is an issue
 Mobility is not well supported
 Sensing is not well supported
 Scalability is an issue
Our critical infrastructures cannot rely on it!
Persistent problems not solvable by incremental improvements to the
current Internet
 New Paradigms may prove more powerful, providing the basis for a
superior Future Internet
SDN Tutorial 14
 Global networks are creating
extremely important new challenges
Science Issues
We cannot currently Innovation Issues
understand or predict the Substantial barriers to
behavior of complex, at-scale experimentation with
large-scale networks new architectures, services,
and technologies

Society Issues
Credit: MONET Group at UIUC
We increasingly rely on
the Internet but are unsure
we can trust its security,
privacy or resilience

SDN Tutorial 15
Software Defined Networking

SDN Tutorial 16
What is SDN?
• An architectural approach that
optimizes and simplifies network
operation by:
– Decoupling the control plane and the data
plane
• Control plane: the system that makes decision
about where traffic is sent
• Data plane: the system that forwards traffic to
the selected destination
• Evolved from the work done by UC
Berkeley and Stanford University
(Network managing project)
SDN Tutorial 17
SDN Tutorial 18
What is SDN?
• Achieved by employing a point of
logically centralized network control
(SDN Controller)
– It facilitates the communication between
applications and network elements
– It exposes and abstracts network functions
and operations via programmable
interface
– Gain vendor-independent control over the
entire network from a single logical point

SDN Tutorial 19
• Today: Closed Boxes, Fully Distributed
Protocols

SDN Tutorial 20
• SDN was implemented to open it

SDN Tutorial 21
• The Software-defined Network

SDN Tutorial 22
SDN Tutorial 23
• The part of the router architecture, also
called “Forwarding plane”
• It handles incoming datagrams through
a series of link-level operations
• Datagram is processed in the data
plane by performing lookup in the FIB
table programmed by control plane
• Fast path packet processing due to
no further learning process needed

SDN Tutorial 25
• One exception to this process when
packets cannot be matched to rules
– Unknown destination detected
– Packets are sent to router processor where
control plane can process
• FIB table can be implemented in varies
ways:
– Software
– Hardware-accelerated software
– Hardware

SDN Tutorial 26
 Each cell takes three logic states Input A B C D
 ‘0’, ‘1’, and ‘?’(don’t care)
 Fully associative memory: compares C D E F
input string with all the entries in A B C ? Match

> 1K entries
parallel
 If multiple matches, report index of the A B ? ?
first match TCAM
 Current TCAM technology
 Fast Match Time: 4-8 ns
 Size: 1M
▪ 1K entries * 1K bytes per entry
▪ 2K entries * 512 bytes per entry

k bytes

27
• High-performance routers often have
multiple distributed forwarding
elements
– Increases performance with parallel
processing
• Besides the forwarding decision, the
data plane may implement some small
features (forwarding features)
– Access Control List (ACL)
– Quality of Service (QoS)
– Policy
SDN Tutorial 28
• The data plane have to do some level of
datagram header rewrite

SDN Tutorial 29
• Two-stage lookups in multislot/card
system:
– 1st stage at ingress identifies the outgoing
slot/card
– 2nd stage at egress performs secondary
lookup
– This can enable an optimization called
localization to reduce the egress FIB size

SDN Tutorial 30
• Scalability Issues:
– The service card are limited to a certain
amount of flow state they can support for
certain generation of the card
– The significant lag between the availability
of a new family of processors and new
service cards that use that innovation
– The control card memories have processing
limitations based on the generation of the
CPU complex
• Cost
SDN Tutorial 31
SDN Tutorial 32
SDN Tutorial 33
• A communications protocol that allows
the path of network packets through
the switches to be determined by
software running on multiple routers
• It was originally developed by Stanford
University as part of network research
– Creation of experimental protocols
• Ultimate goal:
– Replace the functionality of layer 2 and
layer 3 protocols completely in commercial
switches and routers
SDN Tutorial 34
• The key components of the OpenFlow:
– Separation of the control and data planes
– Using a standardized protocol between
controller and an agent for instantiating
state
– Providing network programmability from a
centralized view via API
• It is a set of protocols and an API
– The controller does nothing without an
application program

SDN Tutorial 35
Link Aggregation Control Protocol
Rapid Spanning Tree Protocol
Open Shortest Path First

SDN Tutorial 36
 • Switch Components:
– Main components of an
OpenFlow switch:
• Consists of one or more flow
tables and a group table,
used to perform packet
lookup and forwarding
• An OpenFlow channel to an
external controller
• Controller manages the
switch via the OpenFlow
protocol

SDN Tutorial 37
• Switch Components:
– The controller can add, update, and delete
flow entries in flow tables
– Each flow table contains a set of flow
entries; each flow entry consists of:
• Match fields, counters, and set of instructions
– Matching starts at the first flow table and
may continue to additional flow tables
– Flow entries match packets in priority
order, with the first matching entry being
used
SDN Tutorial 38
SDN Tutorial 39
 Packet Flow Flowchart

SDN Tutorial 40
• Switch Components:
– If a matching entry found, the instructions
associate with the specific flow entry are
executed
– If no match found, the outcome depends
on configuration of the table-miss flow
entry:
• The packet may be forwarded to the controller,
dropped, or may continue to next flow table
– Instruction associated with each flow entry
either contain actions or modify pipeline
processing
SDN Tutorial 41
• Switch Components:
– Actions included in instructions describe
packet forwarding, packet modification and
group table processing
– Pipeline processing instructions allow
packets to be sent to subsequent tables for
further processing
– Pipeline processing stops when the
instruction set associated with a matching
flow entry doesn’t specify a next table
• At this point the packet is usually modified and
forwarded
SDN Tutorial 42
• Switch Components:
– Flow entries may forward to a port, usually
a physical port, but it could also be a
logical port defined by the switch or a
reserved port defined by the specification
– Actions associated with flow entries may
also direct packets to a group, which
specifies additional processing
– Groups represent sets of actions for
flooding and more complex forwarding
semantics (multipath, fast reroute, and link
aggregation)
SDN Tutorial 43
• Switch Components:
– Groups also enable multiple flow entries to
forward to a single identifier
– Group table contains group entries:
• Each group entry contains a list of action
buckets with specific semantics dependent on
group type

SDN Tutorial 44
 Example of Nested Flows
From Foundations of Modern Networking: SDN, NFV, QoE, IoT, and Cloud by William Stallings (0134175395)
Copyright © 2016 Pearson Education, Inc. All rights reserved.
 Group Types
From Foundations of Modern Networking: SDN, NFV, QoE, IoT, and Cloud by William Stallings (0134175395)
Copyright © 2016 Pearson Education, Inc. All rights reserved.
Goal: Evangelize OpenFlow to vendors
Free membership for all researchers
Whitepaper, OpenFlow Switch Specification,
Reference Designs
Licensing: Free for research and commercial use
http://OpenFlowSwitch.org

SDN Tutorial 47
SDN Tutorial 48
• A network emulator emulates a
collection of end-hosts, switches,
routers, and links on a single Linux
kernel
• Uses lightweight virtualization to
make a single system look like a
complete network
• Commonly used as an emulation,
verification, testing tool, and resource

SDN Tutorial 49
• Represents a shell of a machine that
arbitrary programs can be plugged into
and run
• The measured performance of a
Mininet-hosted network often should
approach that of actual (non-emulated)
switches, routers, and hosts
• Allows full topologies and packet
forwarding customization

SDN Tutorial 50
Internally, Mininet employs lightweight virtualization
features in the Linux kernel, including process groups, CPU
bandwidth isolation, and network namespaces, and combines them
with link schedulers and virtual Ethernet links.

• Isolated Hosts. An emulated host in Mininet is a group of user-level

processes moved into a network namespace  Linux network
namespaces
• Emulated Links. The data rate of each link is enforced by Linux Traffic Control
(tc), which has a number of packet schedulers to shape traffic to a
configured rate  Linux tc feature

• Emulated Switches. Mininet typically uses the default Linux bridge

or Open vSwitch running in kernel mode to switch packets across
interfaces  Linux Open vSwitch (OVS)

SDN Tutorial 51
SDN Tutorial 52
• The easiest way is to download pre-
packaged Mininet/Ubuntu VM
– Included Mininet, all OpenFlow binaries and
tools, and tweaked kernel
https://bitbucket.org/mininet/mininet-
vm-images/downloads
• Download and install a virtualization
system
– Recommend VirtualBox
https://www.virtualbox.org/wiki/Downlo
ads
SDN Tutorial 53
• Import VM:
– Add the VM and start it up, in the
virtualization program you choose
– VirtualBox:
• Import the OVF file, select “settings”, and add an
additional host-only network adapter
– VMware:
• Import the OVF file, then start the VM
– Qemu/KVM:
• Convert the VMDK to QCOW2 format first
qemu-img convert –O qcow2 filename.vmdk
filename.qcow2
SDN Tutorial 54
• VirtualBox:
– Import

SDN Tutorial 55
• VirtualBox:
– Open downloaded VOF file:

SDN Tutorial 56
• VirtualBox:
– Click next after you chose the location

SDN Tutorial 57
• VirtualBox:
– Review the VM configuration and Import

SDN Tutorial 58
• VirtualBox:
– Make sure your VM has two network
interfaces:
• NAT interface:
– It can use to access the Internet
– It should be eth0 and have a 10.X IP address
• Host-only interface:
– Used to communicate with host machine
– It should be eth1 with 192.168.X IP address
• Both interfaces should be configured using
DHCP, if not, run:
– $ sudo dhclient ethX
– Replacing ethX with the name of downed interface

SDN Tutorial 59
• VirtualBox:
– Select the imported VM and click “Settings”

SDN Tutorial 60
• VirtualBox:
– In the network, add an additional host-only
network adapter and click Ok

SDN Tutorial 61
• VirtualBox:
– Log in to VM, use following username and
password:
• mininet-vm login: mininet
• Password: mininet
– Command syntax:
• $: precedes Linux commands that should be
typed at the shell prompt
• mininet>: precedes Mininet commands that
should be typed at Mininet’s CLI
• #: precedes Linux commands that re typed at a
root shell prompt

SDN Tutorial 62
• Mac OS and Linux:
– Open a terminal. Run following in terminal:
$ ssh –X [user]@[Guest IP Here]
– Replace [user] with the correct username
– Replace [Guest IP] with the IP you just
noded
– Enter the password for your VM image
– Try to start up the X terminal using
$ xterm

SDN Tutorial 63
• Windows:
– In order to use X11 applications such as
xterm and wireshark, the Xming server
must be running
– Download and install Xming
http://sourceforge.net/projects/xming/
– Start Xming by double-clicking its icon
– Make an ssh connection with X11
forwarding enabled

SDN Tutorial 64
• Windows:
– To enable X11 forwarding from PuTTY GUI,
click PuTTY ->
Connection ->
SSH -> X11,
then click on
Forwarding –
Enable X11
Forwarding

SDN Tutorial 65
• Windows - Alternative:
– Run X11 in the VM console window:
• First, log in to the VM in its console window and
make sure apt is up to date
sudo apt-get update
• Then install the desktop environment of your
choice:
sudo apt-get install xinit <environment>
• <environment> is you GUI of choice
– lxde: a reasonable compact and fast desktop GUI
– flwm: a smaller but more primitive desktop GUI
– ubuntu-desktop: the full, heavyweight ubuntu GUI
• Then you can start X11 in the VM: startx
SDN Tutorial 66
• Development Environment:
– OpenFlow Controller:
• Sits above the OpenFlow interface
• Executed during the simulation and observe
messages being sent
– OpenFlow Switch:
• Sits below the OpenFlow interface
• A user-space software switch
– dpctl:
• Command-line utility that sends quick OpenFlow
messages
• Useful for viewing switch port stats
SDN Tutorial 67
• Development Environment:
– Wireshark:
• General graphical utility for viewing packets
• Dissector parses OpenFlow messages sent to
OpenFlow default port in a readable way
– iperf:
• General command-line utility for testing the
speed of a single TCP connection
– cbench:
• Utility for testing the flow setup rate of
OpenFlow controllers

SDN Tutorial 68
SDN Tutorial 69
• Create the network in VM, enter (SSH):
& sudo mn –topo single,3 --mac --
switch ovsk --controller remote
– This tells Mininet to start up 3-host, single
switch topology, set the MAC address:
• Created 3 virtual hosts, each with a separate IP
address
• Created a single OpenFlow software switch in
the kernel with 3 ports
• Connected each virtual host to the switch with a
virtual Ethernet cable
• Set the MAC address of each host equal to its IP
• Configure the switch to connect to a controller
SDN Tutorial 70
• Mininet-specific basic commands:
– Lists available nodes, run:
mininet> nodes
– Lists all available commands, run:
mininet> help
– Runs a single command on a node, ex:
check the IP of a virtual host:
mininet> h1 ifconfig
– Running interactive commands and
watching debug output:
mininet> xterm h1 h2
SDN Tutorial 71
• dpctl example usage (SSH terminal):
– It enables visibility and control over a
single switch’s flow table, useful for
debugging by viewing flow state and flow
counters
– To dump out port state and capabilities:
$ dpctl show tcp:127.0.0.1:6634
– More useful command:
$ dpctl dump-flows tcp:127.0.0.1:6634

SDN Tutorial 72
• Ping test:
– Let’s go back to the mininet console and try
to ping h2 from h1:
mininet> h1 ping –c3 h2
• The ping should fail due to the switch flow table
is empty, and there is no controller connected to
the switch
– Manually install the necessary flows by
using dpctl:
$ dpctl add-flow tcp:127.0.0.1:6634
in_port=1, actions=output:2
$ dpctl add-flow tcp:127.0.0.1:6634
in_port=2, actions=output:1
SDN Tutorial 73
SDN Tutorial 74
• Ping test:
– Run the ping command again and you
should get the replies
– If you didn’t see any ping replies, it might
be the case that the flow-entries expired
before you start your ping test, the default
idle_timeout is 60 seconds
– We can manually modify the idle_timeout
by running:
$ dpctl add-flow tcp:127.0.0.1:6634
in_port=1,idle_timeout=120,actions=out
put:2
SDN Tutorial 75
• Running Wireshark:
– The VM image includes the OpenFlow
Wireshark dissector pre-installed
– To open Wireshark:
$ sudo wireshark &
– Set up a filter for OpenFlow control traffic
by typing ‘of’ in Filter box near the top
– Press the apply button to apply the filter to
all recorded traffic

SDN Tutorial 76
• Start controller and view messages
– With the Wireshark dissector listening, start
the OpenFlow controller (SSH terminal):
$ controller ptcp:
– This starts a simple controller that acts as a
learning switch without installing any flow-
entries
– You should see number of messages
displayed in Wireshark, from the Hello
exchange messages and so on

SDN Tutorial 77
• Start controller and view messages
Message Type Description
Like TCP handshake, the controller
Hello Controller->Switch sends its version number to the
switch
The switch replies with its
Hello Switch->Controller
supported version number
The controller asks to see which
Features Request Controller->Switch
ports are available
Controller asks the switch to send
Set Config Controller->Switch
flow expirations
Switch replies with a list of ports,
Features Reply Switch->Controller port speed, and supported tables
and actions

SDN Tutorial 78
• Benchmark controller w/iperf:
– iperf is a command-line tool for checking
speeds between two computers
– In the mininet console, run:
mininet> iperf
– This command runs an iperf TCP server on
one virtual host, then runs an iperf client
on a second virtual host, once connected,
they transfer packets with each other and
report the results

SDN Tutorial 79