“Share your knowledge.

It is a way to achieve
immortality.” Dalai Lama

Introduction to Controller-
Based Networking

Create Connection. Value Conversation.

 Time Activity

This is our
8:00 Welcome
8:10 SDN and Controller-based Networks
8:30 Controllers and Software-Defined Architecture

Agenda
8:50 Examples of network programmability and SDN
9:20 Cisco APIC Enterprise Module
9:30 Comparing Traditional Versus Controller-based Networks
9:40 Debrief + Break (5 minutes)

2 Create Connection. Value Conversation.

 An Approach
Built Around
SDN and Automation and
Controller-based networks Programmability

You
Explain the role and function of SDN Explain how automation impacts
and Controller-Based Networks network management

3 Create Connection. Value Conversation.

 These are
rules

This training will be a Let’s use raise the hand when

participative session it is needed

4 Create Connection. Value Conversation.

01
SDN and
Controller-based
Networks

Create Connection. Value Conversation.

 The Data, Control, and Management
Planes
Everything that networking devices do can be categorized as being in a particular plane. programmability can work over three plane: the data plane, the control
plane, and the management plane.

It is the plane responsible for

The Data Plane forwarding a message between
the devices (End devices)

It is referring to any action that

The Control Plane controls the data plane. Relating to
table (Routing, ARP, MAC, etc)

It is referring to the plane that

The Management Plane includes protocol that allow
network engineers to manage
the devices

6 Create Connection. Value Conversation.

 The Data Plane
Tasks on the Data plane
The term data plane refers to
the tasks that a networking • De-encapsulating and re-encapsulating a packet in
device does to forward a a data-link frame
message. In other words,
anything to do with receiving • Adding or removing an 802.1Q trunking header
data, processing it, and
forwarding that same data is • Matching an Ethernet frame’s destination Media
Access Control (MAC) address to the MAC address
part of the data plane.
table

• Matching an IP packet’s destination IP address to

the IP routing table

• Encrypting the data and adding a new IP header

• Changing the source or destination IP address

Discarding a message due to a filter

7 Create Connection. Value Conversation.

 The Control Plane
The term control plane refers to any action that controls the data plane.
Most of these actions have to do with creating the tables used by the
data plane, tables like the IP routing table, an IP Address Resolution
Protocol (ARP) table, a switch MAC address table, and so on.
You already know about many control plane protocols—for instance, all
the IP routing protocols.
• Routing protocols (OSPF, Enhanced Interior Gateway Routing
Protocol [EIGRP], Routing Information Protocol [RIP], Border Gateway
Protocol [BGP])
• IPv4 ARP
• IPv6 Neighbor Discovery Protocol (NDP)

• Switch MAC learning

• STP

8 Create Connection. Value Conversation.

 The Management Plane
The management plane performs overhead
work as well, but that work does not directly
impact the data plane. Instead, the
management plane includes protocols that
allow network engineers to manage the
devices. Telnet and Secure Shell (SSH) are
two of the most obvious management plane
protocols.
9 Create Connection. Value Conversation.
To emphasize the difference with control
plane protocols, think about two routers: one
configured to allow Telnet and SSH into the
router and one that does not.
Both could still be running a routing protocol
and routing packets, whether they support
Telnet and SSH.
 Cisco Switch Data Plane Internals

First, the switching logic occurs not in the CPU with

software, but in an application-specific integrated circuit
(ASIC). An ASIC is a chip built for specific purposes,
such as for message processing in a networking
device.

Second, the ASIC needs to perform table lookup in the

MAC address table, so for fast table lookup, the switch
uses a specialized type of memory to store the
equivalent of the MAC address table: ternary content-
addressable memory (TCAM).

IOS runs in the CPU and uses RAM. Most of
the control and management plane functions
run in IOS. The data plane function (and the
control plane function of MAC learning)
happens in the ASIC.
Note that some routers also use hardware for
data plane functions, for the same kinds of
reasons that switches use hardware.
The ideas of a hardware data plane in
routers are like those in switches: use a
purpose-built ASIC for the forwarding logic,
and TCAM to store the required tables for
fast table lookup.

10 Create Connection. Value Conversation.

02
Controllers and
Software-Defined
Architecture

Create Connection. Value Conversation.

 Controllers and Centralized Control
First, the controller sits anywhere in the network that has IP
reachability to the devices in the network. Each of the network
Most traditional control plane processes use a distributed devices still has a data plane; however, note that none of the
architecture. For example, each router runs its own OSPF routing devices has a control plane.
protocol process. To do their work, those distributed control plane
processes use messages to communicate with each other, like
OSPF protocol messages between routers. As a result, traditional
networks are said to use a distributed control plane.

There are pros and cons to using distributed and centralized

architectures to do any function in a network. However, a centralized
application can be easier to write than a distributed application,
because the centralized application has all the data gathered into
one place

A controller, or SDN controller, centralizes the control of the

networking devices. The degree of control, and the type of control,
varies widely. For instance, the controller can perform all control
plane functions, replacing the devices’ distributed control plane

12 Create Connection. Value Conversation.

 The Southbound Interface

In a controller-based network architecture, the controller needs to

communicate to the networking devices. There is an interface
between the controller and those devices and given its location at
the bottom part of drawings, the interface came to be known as the SBI is an interface between a program (the
southbound interface, or SBI. controller) and a program (on the networking
device) that lets the two programs
communicate, with one goal being to allow the
controller to program the data plane
forwarding tables of the networking device.
An SBI often includes a protocol, so that the controller and devices
can communicate, but it often includes an application programming
interface (API). An API is a method for one application (program) to
exchange data with another application.

13 Create Connection. Value Conversation.

 The Northbound Interface
A controller’s northbound interface (NBI) opens the controller so its data and functions can be used by other programs, enabling network programmability, with
much quicker development. An application can run on the same server as the controller and use an NBI, which is an API, so that two programs can
communicate.

The big box in the figure represents the system where the REST (Representational State Transfer) describes a type of API
controller software resides. This controller happens to be written in that allows applications to sit on different hosts, using HTTP
Java and has a Java-based native API. messages to transfer data over the API.

The application runs on a host at the top of the figure. In this case,
at step 1, it sends an HTTP GET request to a particular URI.

At step 2, the controller sends back an HTTP GET response

message with the object. Most REST APIs will ask for and receive
structured data.

The common formats for data used for network programmability are JavaScript Object Notation (JSON) and eXtensible
Markup Language (XML),
14 Create Connection. Value Conversation.
 Software Defined Architecture Summary

SDN and network programmability introduce a new

way to build networks. The networking devices still
exist and still forward data, but the control plane
functions and locations can change dramatically. Some options pull most control plane functions into the
controller, whereas others pull only some of those
The centralized controller acts as the focal point, so functions into the controller.
that at least some of the control plane functions move
from a distributed model to a centralized model.

15 Create Connection. Value Conversation.

03
Examples of network
programmability and
SDN

Create Connection. Value Conversation.

 OpenDaylight and OpenFlow

One common form of SDN comes

from the Open Networking In the OpenFlow model,
Foundation (ONF) and is billed as applications may use any APIs
Open SDN. (NBIs) supported on the controller
platform to dictate what kinds of
The ONF model of SDN features forwarding table entries are placed
OpenFlow. OpenFlow defines the into the devices; however, it calls
concept of a controller along with for OpenFlow as the SBI protocol.
an IP-based SBI between the
controller and the network
devices.
The Open SDN model centralizes Because the ONF’s Open SDN
most control plane functions, with model has this common thread
control of the network done by the of a controller with an
controller plus any applications OpenFlow SBI, the controller
that use the controller’s NBIs. plays a big role in the network.

17 Create Connection. Value Conversation.

 The OpenDaylight Controller
1
The OpenDaylight open-source
SDN controller is one of the more
successful SDN controller platforms
to take many of the same open-
source principles used with Linux,
with the idea that if enough vendors
3
worked together on a common
open-source controller, then all
would benefit. Note the variety of SBIs listed in
the lower part of the controller box:
OpenFlow, NetConf, PCEP, BGP-
LS, and OVSDB; many more exist.
ODL has many features, with many
2 SBIs, and many core features.

The result was that back in the mid-

2010s, the OpenDaylight SDN
controller was born. OpenDaylight
(ODL) began as a separate project
but now exists as a project
managed by the Linux Foundation.

18 Create Connection. Value Conversation.

 The Cisco Open SDN Controller
(OSC)
2

That controller followed the

intended model for the ODL
project: Cisco and others
contributed labor and money to
1 the ODL open-source project; 3
once a new release was
completed
At one point back in the
2010s, Cisco offered a Cisco no longer produces and sells
commercial version of the the Cisco OSC, Cisco had made a
OpenDaylight controller strong strategic move toward
called the Cisco Open SDN different approaches to SDN using
Controller (OSC) {EoL/EoS} intent-based networking (IBN).

19 Create Connection. Value Conversation.

 Cisco Application Centric
Infrastructure (ACI)
1 3

Cisco’s work happened to arise from different ACI set about to create data center
groups, each focused on different parts of the networking with the flexibility and automation
network: data center, campus, and WAN. built into the operational model.

That research resulted in Cisco’s current SDN
offerings of ACI in the data center, Software-
Defined Access (SDA) in the enterprise
campus, and Software-Defined WAN (SD-
WAN) in the enterprise WAN.
2 Old data center networking models with a lot
of per-physical-interface configuration on
switches and routers were just poor models
for the rapid pace of change and automated
nature of modern data centers

Cisco made the network infrastructure become

application centric, hence the name of the
Cisco data center SDN solution: Application
Centric Infrastructure, or ACI.

20 Create Connection. Value Conversation.

 ACI Physical Design: Spine and Leaf
The Cisco ACI uses a specific physical switch topology called
spine and leaf. With ACI, the physical network has some spine
switches and some leaf switches
• Each leaf switch must connect to every spine switch.
Endpoints connect only to leaf switches and never to spine
switches. None of the endpoints connect to the spine switches;
they connect only to the leaf switches. The endpoints can be
connections to devices outside the data center, like the router on
the left.

• Each spine switch must connect to every leaf switch.

• Leaf switches cannot connect to each other.

• Spine switches cannot connect to each other.

• Endpoints connect only to the leaf switches.

21 Create Connection. Value Conversation.

 ACI Operating Model with Intent-Based
Networking
The model that Cisco defines for
ACI uses a concept of endpoints
and policies. The endpoints are
the VMs, containers, or even
traditional servers with the OS
running directly on the hardware.
ACI then uses several constructs
as implemented via the
Application Policy Infrastructure
Controller (APIC)
22 Create Connection. Value Conversation.
Users from outside the data center connect
Web Server to a web server, which sends web page
content to the user.
Because most web pages contain dynamic
content, the app server does the processing
App (Application) Server to build the next web page for that particular
user based on the user’s profile and latest
actions and input.
Many of the app server’s actions require data;
DB (Database) Server the DB server retrieves and stores the data as
requested by the app server
 ACI Operating Model with Intent-
Based Networking
1

ACI uses a centralized controller

called the Application Policy
Infrastructure Controller (APIC)
3

The APIC takes the intent (EPGs,

policies, and so on), which
completely changes the operational
model away from configuring
2
VLANs, trunks, EtherChannels,
ACLs, and so on.
The name defines the function in
this case: it is the controller that
creates application policies for the
data center infrastructure.

23 Create Connection. Value Conversation.

 ACI Operating Model with Intent-
Based Networking
1

The APIC, of course, has a

convenient GUI, but the power
comes in software control—that is,
network programmability. 3

But all these players access the

ACI system by interfacing to the
APIC; the network engineer no
longer needs to connect to each
2
individual switch and configure CLI
commands.
The same virtualization software,
or cloud or automation software,
even scripts written by the
network engineer, can define the
endpoint groups, policies, and so
on to the APIC.

24 Create Connection. Value Conversation.

04
Cisco APIC Enterprise
Module

Create Connection. Value Conversation.

 APIC-EM Basics
Topology map The application discovers and displays
the topology of the network.
APIC-EM assumes the use of the
same traditional switches and The user supplies a source and
routers with their familiar distributed
destination device, and the application
data and control planes.
Path Trace shows the path through the network, along
That approach could certainly with details about the forwarding decision
change over time (and it has), but at each step.
Cisco APIC-EM does just that: offer
enterprise SDN using the same This application provides Day 0 installation
switches and routers already support so that you can unbox a new
installed in networks.
Plug and Play
device and make it IP reachable through
automation in the controller.

With a few simple decisions at the

Easy QoS controller, you can configure complex QoS
features at each device.

Adding a centralized controller with powerful northbound APIs opens many possibilities for
customers/operators, while also creating a world in which Cisco and its partners can bring
new and interesting management applications to market.

APIC-EM does not directly program the data or control planes, but it does interact with the
management plane via Telnet, SSH, and/or SNMP; consequently, it can indirectly impact the
data and control planes.

26 Create Connection. Value Conversation.

 APIC-EM Replacement

Cisco announced the current CCNA exam

(200-301) in 2019, and around the same time
Cisco announced the end of marketing for the
APIC-EM product.
First, during the early 2020syou will still see
many references to APIC-EM. Cisco DevNet
will likely still have many useful labs that
reference and use APIC-EM, at least for a few
years.
Furthermore, APIC-EM gives us a great tool
to see how a controller can be used, even if
the networking devices do not change their
normal operation.
Second, many of the functions of APIC-EM
have become core features of the Cisco DNA
Center (DNAC) product

27 Create Connection. Value Conversation.

 Summary of the SDN Examples

28 Create Connection. Value Conversation.

05
Comparing Traditional
Versus Controller-based
Networks

Create Connection. Value Conversation.

 How Automation Impacts Network
Management
First, centralized controllers formalize and define data
models for the configuration and operational data about
networks. We humans might be comfortable with
visually scanning the output of show commands to find
the tidbit of information we need..

With a northbound API on a controller, and the data

model it supplies, an automation program could issue
this command and begin by parsing this text. The goal:
find the configuration setting on the switchport mode
command and the current trunking state

>>> interface1 {'trunk-config': 'dynamic auto', 'trunk-status': 'static access'}

Instead of asking for the text from a show command, the

API call will result in the program having a series of
variables set. In this case, there are variables for that
same interface that list the trunk configuration setting and
the trunk operational state.
One API call that returns a list of all
devices and their running
configuration, with other API calls to
collect each device’s MAC address
tables and/or their IP routing tables.
Then you must process that data to
find the end-to-end path.
One API call to which you pass the
source and destination IP addresses
and TCP/UDP ports, and the API
returns variables that describe the
end-to-end path, including device
hostnames and interfaces. The
variables spell out the path the
packet takes through the network.

30 Create Connection. Value Conversation.

 Comparing Traditional Networks with
Controller-Based Networks
By centralizing some of the functions in the network and providing Some of the advantages include the following:
robust APIs, controllers enable a large number of new operational
models. • Uses new and improved operational models that allow the
configuration of the network rather than per-device configuration
Those models include the three most likely to be seen from Cisco in
an enterprise: Software-Defined Access (SDA), Software-Defined
WAN (SD-WAN), and Application Centric Infrastructure (ACI). • Enables automation through northbound APIs that provide robust
methods and model-driven data

• Configures the network devices through southbound APIs,

This changes the operating paradigm in many cases, with the resulting in more consistent device configuration, fewer errors,
controller determining many device-specific details: and less time spent troubleshooting the network
• The network engineer does not need to think about every
command on every device. • Enables a DevOps approach to networks

• The controller configures the devices with consistent and

streamlined settings.

• The result: faster and more consistent changes with fewer issues.

31 Create Connection. Value Conversation.

 HERE
IS

Objectives
Recap Explain the role and Explain how automation impacts
function of SDN and network management
Controller-Based Networks

32 Create Connection. Value Conversation.

 IT ‘S
POSSIBLE

Thank You

33 Create Connection. Value Conversation.