IoT – Unit 2 – Notes (Own)

Software Defined Networking

- It is a n/w architecture approach where control-plane is separated from data plane and
centralizes n/w control
- Traditionally, routers/switches make decisions to send packets w/in same hardware
- SDN separates these functionalities by separating control and data plane

- Basics
o Control Plane
 Makes decisions about how traffic should flow
o Data Plane
 Usually routers or switches, executes the decisions
- Architecture
o Application Layer
 Contains n/w applications like intrusion detection, firewall, load
balancing
o Control Layer
 Consists of SDN controller which acts as brain of n/w
o Infrastructure Layer
 Consists of physical switched which form data plane
 Carries out actual movement of data packets

- Working
o Each switch maintains flow table preconfigured by controller
o Incoming packets are matched w/ flow table entries
 o If match found, corresponding instructions are executed
o Otherwise, switch asks controller for new rule
- Diff Models
o Open SDN
o SDN via APIs
o SDN via Hypervisor-based Overlay N/w
o Hybrid SDN
- Adv: Better security, easy to program and modify
- Disadv: Scalability issues

Network Function Virtualization

- Refers to use of virtual machines in place of physical n/w appliances
- It replaces n/w devices such as routers and firewalls w/ software running on virtual
machines operating on stand servers
- Architecture
o NFV Infrastructure
 1st layer consists of hardware resource, storage resources and n/w
resource
 2nd layer is virtualization layer which separates hardware and replaces
w/ software
 3rd layer is virtualized resources such as virtual computers, storage and
n/w
o Virtualized Network Functions
 Its software implementation of n/w function
 Examples: vFirewall, vRouter, vStorage
o NFV Management and Orchestration
 Virtual Infrastructure Manager: controls and manages n/w functions
 VNF Manager: manages lifecycle of VNF
 Orchestrator: manages lifecycle of n/w services

- Working
o VNF runs on virtual machines
o N/w engineers use SDN controller to deploy and manage VNFs
o Tasks like routing, firewalling, etc are done through software-defined logic
- Adv: Cost-effective, scalable, agile
 - Disadv: Malware spreads easily, security issues

SDN vs NFV

IoT System Management

- Managing large-scale IoT systems is complex due to many heterogeneous devices
- Challenges include
o Real-Time Monitoring and Control
o Configuration Automation
o Scalability
o Security
- Modern IoT system management uses protocols such as NETCONF, YANG-
NETCONF, YANG, SNMP and NETOPEER

NETCONF (Network Configuration Protocol)

- It is a session-based protocol for managing n/w devices
- Allows users to configure, install and modify n/w devices
- Based on XML and uses SSH to communicate b/w client and server
- Architecture
o Transport Layer: Secures connectivity using SSH
o RPC Layer: Encodes NETCONF calls and notif using XML
 o Content Layer: Consists of configuration and operational state data
o Data Store: Maintains configuration data separately from state data

- Working
o Client establishes secure connection w/ server using SSH
o Client and server exchange their capabilities
o Client sends Remote Procedure Call (RPC) in XML format to read
configuration, modify configuration, roll back changes, etc.
o Server performs requested operations and sends XML response
o Once tasks are done, client sends request to end connection
- Operations
o Get: Retrieve config data
o Get-config: retrieves all config info available
o Edit-config: edit or modify config data
o Commit: apply config changes
o Lock: lock config to prevent changes from happening

NETCONF-YANG
- Provides standardized way to update and modify configuration of n/w devices
- YANG is modelling language to define structure and constraints of data
- NETCONF is protocol that carries and manipulates data

- Working
o Developers define configuration schema in YANG file
o YANG model is compiler into device’s OS or NETCONF server
o Management tool or CLI sends RPC calls referencing data nodes defined in
YANG model
o NETCONF server validates XML data against YANG schema to ensure
correctness
o If valid, device applies configuration and returns XML-based success msg
YANG (Yet Another Next Generation)
- It is a data modelling language used to model configuration and state data
manipulation by NETCONF
- Operations include configuration, status data, RPCs and notifications

- Working
o Engineers use YANG to define hierarchical data structures
o YANG includes rules to ensure correct data entry
o Once modelled, YANG data structures are translated into XML or JSON for
transmission
o These data structures are used by device to generate configuration templates
o YANG defines RPCs and notifications for invoking actions

SNMP (Simple Network Management Protocol)

- Widely used protocol for monitoring and managing devices over IP n/w
- Follows manager-agent model
- Architecture
o Manager: Asks and collects data
o Agent: Embedded in device and gathers metrics
o Management Information Base: Defines data structure
o Protocol: Uses UDP

- Working
o Devices run SNMP agent which exposes variables define in MIB
o Manager can send GET to read variable, use SET to change value
o Data is exchanged using UDP packets
o Managers poll data at regular intervals to keep dashboards updated
NETOPEER
- Open-source NETCONF server and client implementation that used YANG models
- Supports communication and facilitates n/w automation in IoT systems
- Architecture
o NETOPEER-server
 Main server that controls device
o NETOPEER-cli
 Command line interface allows users to connect to devices and
manipulate its configuration data
o NETOPEER-agent
 NETCONF protocol agent accepts incoming connections and passes
them to netopeer-server
o NETOPEER-manager
 Tool that allows users to manage YANG and transaction modules on
server
o NETOPEER-configurator
 Tool that allows user to configure netopeer-server

- Working
o NETOPEER reads YANG schemas that define configuration parameters
o It starts NETCONF server that listens for incoming SSH connections from
NETCONF client
o Administrator connects to NETOPEER server using NETCONF client
o Client sends get-config, edit-config RPCs that reference nodes defined in
YANG model
o NETOPEER validates these RPCs against scheme, applies changes and
responds w/ success or failure
o NETOPEER supports rollback, commit and configuration features