IT-6300 Data Communications and Networking 4

1
Week 12 - Network Evolution Part 2 Module

Network Programming
Objectives
After completing this course, students will be able to
 Explain how QoS uses mechanisms to ensure transmission quality.
 Explain why network programmability is necessary for evolving networks.
 Describe software-defined networking.
 Describe controllers used in network programming.

Introduction
Technology is constantly changing. Networks are always evolving.

The Internet of Things (IoT) is a phrase that denotes the billions of electronic devices that
are now able to connect to our data networks and the Internet.

Cloud computing and virtualization is enabling individuals and organizations to store and
access large amounts of data without worrying about the physical components.

Software-defined networking (SDN) is redefining how network administrators think about

the architecture of their networks.

This chapter introduces you to these emerging trends in today’s networks.

Software-Defined Networking

Control Plane and Data Plane

A network device contains the following planes:

Control plane - This is typically regarded as the brains of a device. It is used to make
forwarding decisions. The control plane contains Layer 2 and Layer 3 route forwarding
mechanisms, such as routing protocol neighbor tables and topology tables, IPv4 and IPv6
routing tables, STP, and the ARP table. Information sent to the control plane is processed by
the CPU.

Data plane - Also called the forwarding plane, this plane is typically the switch fabric
connecting the various network ports on a device. The data plane of each device is used to
forward traffic flows. Routers and switches use information from the control plane to
forward incoming traffic out the appropriate egress interface. Information in the data plane
is typically processed by a special data plane processor, such as a digital signal processor
(DSP), without the CPU getting involved.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
2
Week 12 - Network Evolution Part 2 Module

The example in Figure 12.1 illustrates how Cisco Express Forwarding (CEF) uses the control
plane and data plane to process packets.

Figure 12.1 Cisco express Forwarding (CEF), Control Plane and data Plane

CEF is an advanced, Layer 3 IP switching technology that enables forwarding of packets to

occur at the data plane without consulting the control plane. In CEF, the control plane’s
routing table pre-populates the CEF Forwarding Information Base (FIB) table in the data
plane. The control plane’s ARP table pre-populates the adjacency table. Packets are then
forwarded directly by the data plane based on the information contained in the FIB and
adjacency table, without needing to consult the information in the control plane.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
3
Week 12 - Network Evolution Part 2 Module

To virtualize the network, the control plane function is removed from each device and is
performed by a centralized controller, as shown in Figure 2. The centralized controller
communicates control plane functions to each device. Each device can now focus on
forwarding data while the centralized controller manages data flow, increases security, and
provides other services.

Figure 12.2 Centralized Control Plane

Virtualizing the Network

Over a decade ago, VMware developed a virtualizing technology that enabled a host OS to
support one or more client OSs. Most virtualization technologies are now based on this
technology. The transformation of dedicated servers to virtualized servers has been
embraced and is rapidly being implemented in data center and enterprise networks.

Two major network architectures have been developed to support network virtualization:

Software Defined Networking (SDN) - A network architecture that virtualizes the network.

Cisco Application Centric Infrastructure (ACI) - A purpose-built hardware solution for

integrating cloud computing and data center management.

These are some other network virtualization technologies, some of which are included as
components in SDN and ACI:

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
4
Week 12 - Network Evolution Part 2 Module

OpenFlow - This approach was developed at Stanford University to manage traffic between
routers, switches, wireless access points, and a controller. The OpenFlow protocol is a basic
element in building SDN solutions. Click here to learn more about OpenFlow.

OpenStack - This approach is a virtualization and orchestration platform available to build

scalable cloud environments and provide an infrastructure as a service (IaaS) solution.
OpenStack is often used with Cisco ACI. Orchestration in networking is the process of
automating the provisioning of network components such as servers, storage, switches,
routers, and applications. Click here to learn more about OpenStack.

Other components - Other components include Interface to the Routing System (I2RS),
Transparent Interconnection of Lots of Links (TRILL), Cisco FabricPath (FP), and IEEE
802.1aq Shortest Path Bridging (SPB).

SDN Architecture

In a traditional router or switch architecture, the control plane and data plane functions
occur in the same device. Routing decisions and packet forwarding are the responsibility of
the device operating system.

Software defined networking (SDN) is a network architecture that has been developed to
virtualize the network. For example, SDN can virtualize the control plane. Also known as
controller-based SDN, SDN moves the control plane from each network device to a central
network intelligence and policy-making entity called the SDN controller. The two
architectures are shown in Figure 12.3.

Figure 12.3 Traditional and SDN Architectures

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
5
Week 12 - Network Evolution Part 2 Module

The SDN controller is a logical entity that enables network administrators to manage and
dictate how the data plane of virtual switches and routers should handle network traffic. It
orchestrates, mediates, and facilitates communication between applications and network
elements.

The SDN framework is illustrated in Figure 12.4. Note the use of Application Programming
Interfaces (APIs) within the SDN framework. An API is a set of standardized requests that
define the proper way for an application to request services from another application. The
SDN controller uses northbound APIs to communicate with the upstream applications. These
APIs help network administrators shape traffic and deploy services. The SDN controller also
uses southbound APIs to define the behavior of the downstream virtual switches and
routers. OpenFlow is the original and widely implemented southbound API. The Open
Networking Foundation is responsible for maintaining the OpenFlow standard.

Figure 12.4 SDN Framework

Note: Traffic in a modern data center is described as North-South (going between external
data center users and the data center servers) and East-West (going between data center
servers).

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
6
Week 12 - Network Evolution Part 2 Module

Controllers
SDN Controller and Operations
The SDN controller defines the data flows that occur in the SDN Data Plane. A flow is a
sequence of packets traversing a network that share a set of header field values. For example,
a flow could consist of all packets with the same source and destination IP addresses, or all
packets with the same VLAN identifier.

Each flow traveling through the network must first get permission from the SDN controller,
which verifies that the communication is permissible according to the network policy. If the
controller allows a flow, it computes a route for the flow to take and adds an entry for that
flow in each of the switches along the path.

All complex functions are performed by the controller. The controller populates flow tables.
Switches manage the flow tables. In the figure, an SDN controller communicates with
OpenFlow-compatible switches using the OpenFlow protocol. This protocol uses Transport
Layer Security (TLS) to securely send control plane communications over the network. Each
OpenFlow switch connects to other OpenFlow switches. They can also connect to end-user
devices that are part of a packet flow.

Within each switch, a series of tables implemented in hardware or firmware are used to
manage the flows of packets through the switch. To the switch, a flow is a sequence of packets
that matches a specific entry in a flow table.

Cisco Application Centric Infrastructure

Very few organizations actually have the desire or skill to program the network using SDN
tools. However, the majority of organizations want to automate the network, accelerate
application deployments, and align their IT infrastructures to better meet business
requirements. Cisco developed the Application Centric Infrastructure (ACI) to meet these
objectives in more advanced and innovative ways than earlier SDN approaches.

ACI is a data center network architecture that was developed by Insieme and acquired by
Cisco in 2013. Cisco ACI is a purpose-built hardware solution for integrating cloud
computing and data center management. At a high level, the policy element of the network
is removed from the data plane. This simplifies the way data center networks are created.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
7
Week 12 - Network Evolution Part 2 Module

Core Components of ACI

These are the three core components of the ACI architecture:

Application Network Profile (ANP) - An ANP is a collection of end-point groups (EPG),

their connections, and the policies that define those connections. The EPGs shown in the
figure, such as VLANs, Web services, and applications, are just examples. An ANP is often
much more complex.
Application Policy Infrastructure Controller (APIC) – The APIC is considered to be the
brains of the ACI architecture. APIC is a centralized software controller that manages and
operates a scalable ACI clustered fabric. It is designed for programmability and centralized
management. It translates application policies into network programming.
Cisco Nexus 9000 Series switches – These switches provide an application-aware
switching fabric and work with an APIC to manage the virtual and physical network
infrastructure.
As shown in the figure 12.5, the APIC is positioned between the APN and the ACI-enabled
network infrastructure. The APIC translates the application requirements into a network
configuration to meet those needs.

Figure 12.5 ACI Framework

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
8
Week 12 - Network Evolution Part 2 Module

Spine-Leaf Topology
The Cisco ACI fabric is composed of the APIC and the Cisco Nexus 9000 series switches using
two-tier spine-leaf topology, as shown in the figure 12.6. The leaf switches always attach to
the spines, but they never attach to each other. Similarly, the spine switches only attach to
the leaf and core switches (not shown). In this two-tier topology, everything is one hop from
everything else.

Figure 12.6 Spine-Leaf Topology

The Cisco APICs and all other devices in the network physically attach to leaf switches.

When compared to SDN, the APIC controller does not manipulate the data path directly.
Instead, the APIC centralizes the policy definition and programs the leaf switches to forward
traffic based on the defined policies.

For virtualization, ACI supports multivendor hypervisor environments that would connect
to the leaf switches, including the following:

Microsoft (Hyper-V/SCVMM/Azure Pack)

Red Hat Enterprise Linux OS (KVM OVS/OpenStack)
VMware (ESX/vCenter/vShield)

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
9
Week 12 - Network Evolution Part 2 Module

SDN Types
The Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM)
extends ACI aimed at enterprise and campus deployments. To better understand APIC-EM,
it is helpful to take a broader look at the three types of SDN:

Figure 12.7 Device-Based SDN

Device-based SDN - In this type of SDN, the devices are programmable by applications
running on the device itself or on a server in the network, as shown in Figure 12.7. Cisco
OnePK is an example of a device-based SDN. It enables programmers to build applications
using C, and Java with Python, to integrate and interact with Cisco devices.

Figure 12.8 Controller-Based SDN

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
10
Week 12 - Network Evolution Part 2 Module

Controller-based SDN - This type of SDN uses a centralized controller that has knowledge of
all devices in the network, as shown in Figure 12.8. The applications can interface with the
controller responsible for managing devices and manipulating traffic flows throughout the
network. The Cisco Open SDN Controller is a commercial distribution of OpenDaylight.

Figure 12.9 Policy-Based SDN

Policy-based SDN - This type of SDN is similar to controller-based SDN where a centralized
controller has a view of all devices in the network, as shown in Figure 12.9. Policy-based SDN
includes an additional Policy layer that operates at a higher level of abstraction. It uses built-
in applications that automate advanced configuration tasks via a guided workflow and user-
friendly GUI. No programming skills are required. Cisco APIC-EM is an example of this type
of SDN.
APIC-EM Features
Each type of SDN has its own features and advantages. Policy-based SDN is the most robust,
providing for a simple mechanism to control and manage policies across the entire network.
Cisco APIC-EM provides the following features:

 Discovery - Supports a discovery functionality that is used to populate the controller's

device and host inventory database.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
11
Week 12 - Network Evolution Part 2 Module

 Device Inventory - Collects detailed information from devices within the network
including device name, device status, MAC address, IPv4/IPv6 addresses,
IOS/Firmware, platform, up time, and configuration.

 Host Inventory - Collects detailed information from hosts with the network including
host name, user ID, MAC address, IPv4/IPv6 addresses, and network attachment point.

 Topology - Supports a graphical view of the network (topology view). The Cisco APIC-
EM automatically discovers and maps devices to a physical topology with detailed
device level data. In addition, auto-visualization of Layer 2 and 3 topologies on top of
the physical topology provides a granular view for design planning and simplified
troubleshooting. The figure shows an example of a topology view generated by the Cisco
APIC-EM.

 Policy - Ability to view and control policies across the entire network including QoS.

 Policy Analysis - Inspection and analysis of network access control policies. Ability to
trace application specific paths between end devices to quickly identify ACLs in use and
problem areas. Enables ACL change management with easy identification of
redundancy, conflicts and incorrect ordering of access control entries. Incorrect ACL
entries are known as shadows.

Figure 12.10 APIC-EM Topology View

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
12
Week 12 - Network Evolution Part 2 Module

APIC-EM ACL Analysis

One of the most important features of the APIC-EM controller is the ability to manage policies
across the entire network. Policies operate at a higher level of abstraction. Traditional device
configuration applies to one device at a time, whereas SDN policies apply to the entire
network.

APIC-EM ACL Analysis and Path Trace provide tools to allow the administrator to analyze
and understand ACL policies and configurations. Creating new ACLs or editing existing ACLs
across a network to implement a new security policy can be challenging. Administrators are
hesitant of changing ACLs for fear of breaking them and causing new problems. ACL Analysis
and Path Trace allows the administrator to easily visualize traffic flows and discover any
conflicting, duplicate, or shadowed ACL entries.

APIC-EM provides the following tools to troubleshoot ACL entries:

ACL Analysis - This tool examines ACLs on devices, searching for redundant, conflicting, or
shadowed entries. ACL Analysis enables ACL inspection and interrogation across the entire
network, exposing any problems and conflicts. An example screenshot of this tool is shown
in Figure 12.11.

Figure 12.11 Example ACL Analysis

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
13
Week 12 - Network Evolution Part 2 Module

ACL Path Trace - This tool examines specific ACLs on the path between two end nodes,
displaying any potential issues. An example screenshot of this tool is shown in Figure 12.12.

Figure 12.12 Example ACL Path Trace

Summary
The IoT refers to the network of billons of physical objects accessible through the Internet
as we continue to connect the unconnected. The challenge for IoT is to securely integrate
new things from multiple vendors into existing networks. The six pillars of IoT are:

 Network Connectivity
 Fog Computing
 Security
 Data Analytics
 Management and Automation
 Application Enablement Platform

Cloud computing involves large numbers of computers connected through a network that
can be physically located anywhere. Cloud computing, with its “pay-as-you-go” model, allows
organizations to treat computing and storage expenses more as a utility rather than investing
in infrastructure. Cloud computing services include:

 Software as a Service (SaaS)

 Platform as a Service (PaaS)
 Infrastructure as a Service (IaaS)
 IT as a Service (ITaaS)

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
14
Week 12 - Network Evolution Part 2 Module

Cloud models include:

 Public clouds
 Private clouds
 Hybrid clouds
 Community clouds

Cloud computing is possible because of data centers. A data center is a facility used to house
computer systems and associated components. Data centers rely heavily on virtualization to
provide cloud computing services. Cloud computing separates the application from the
hardware. Virtualization separates the OS from the hardware. This allows cloud computing
customers to dynamically provision the compute resources they need when they need them.

Virtualized server hardware is managed through a hypervisor. Type 1 hypervisors are

installed directly on the hardware. Then any OSs and VMs can be installed. Type 2
hypervisors, such as Mac OS X Parallels or Oracle VM VirtualBox, are installed on top of any
existing OS.

SDN is a network architecture that has been developed to virtualize the network. For
example, SDN can virtualize the control plane. Also known as controller-based SDN, SDN
moves the control plane from each network device to a central network intelligence and
policy-making entity called the SDN controller. The SDN controller defines the data flows
that occur in the SDN data plane.

The three types of SDN are:

 Device-based SDN
 Controller-based SDN
 Policy-based SDN

Policy-based SDN, such as Cisco’s APIC-EM, is the most robust, providing for a simple
mechanism to control and manage policies across the entire network. One of the most
important features of the APIC-EM controller is the ability to manage policies across the
entire network.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
15
Week 12 - Network Evolution Part 2 Module

References and Supplementary Materials

Books and Journals
1. Bob Vachon and Allan Johnson; 2018; Connecting Networks v6 Companion Guide; 800
East 96th Street Indianapolis, IN 46240 USA; Cisco Press.
2. Rick Graziani and Allan Johnson; 2017; Introduction to Networks v6 Companion
Guide; 800 East 96th Street Indianapolis, IN 46240 USA; Cisco Press.

Online Supplementary Reading Materials

1. CCNA Routing and Switching: Connecting Networks; www.netacad.com; Oct 14, 2019

Online Instructional Videos

1. CISCO CCNA 4 CONNECTING NETWORKS;
https://www.youtube.com/watch?v=weOirQq27xE&list=PL452256E1D4CDA875;
Oct 14, 2019

Data Communication and Networking 4