Improving Network Management with Software Defined Network

Group 5 : z5001855 Xuling Wu z5026754 Haipeng Jiang z5031759 Sichen Wu z5044151 Aparna Sanil z5038558 Yun Feng z5037356 Kejiao Li z5024451 Dongquan Qi

1

Summary

• To operate, maintain and secure a communication was always a challenge.

• SDN separates the control plane and data plane and thereby breaks the rigid underlying infrastructure of network system.

• SDN introduces a centralized software program called controller for the operating the entire network.

• We also talk about prototype deployments in home and campus networks and how SDN improves the network management and performance.

2

Outline• Introduction • SDN Architecture • Case study • Conclusion

3

Introduction

Why ?Difficulties to implement high-level policies on Low-level infrastructure.• Various large numbers of routers, switches,etc.• Closed equipment• Software bundled with hardware• Inflexibility • Hard to introduce&deploy new protocol• Complex environment (network states,

events) Little mechanism to respond automatically manually adjust network configurations. 4

RouterManagement/

Policy plane

Control plane

Data plane

How?

5

SDN Concept: Separate Control plane and Data plane.

Decision Maker (software)

Packet forwarder( hardware)

• Southbound interface OpenFlow• Controller• Northbound interface Procera

6

SDN Architecture

7

• OpenFlow is a common southbound SDN interfaces.• The Open Networking Foundation (ONF) is

responsible for standardizing the OpenFlow protocol.

• There are a variety of OpenFlow controllers, e.g.: NOX C++ or Python to program Floodlight Java-based Maestro Multithreading

8

OpenFlow

• A network control framework.• Purpose: helps operators express event-driven

network policies using a high-level functional programming language.

• Serves as a glue between high-level event-driven network policies and low-level network configuration.

• Use control domains to express event-driven network policies.

9

Procera

10

Procera Control domain

11

Procera Architecture

• Event source: network components or middle boxes that can send dynamic events to the procera controller. e.g.: IDS, Authentication systems, SNMP

• Policy engine: parsing the network policy expressed with a policy language, also processing various events that come from event sources

• Language: allows operators to specify complex network policies in a simple language based on functional reactive programming (FRP)

12

• Establish a connection to each OpenFlow-capable switch through the OpenFlow protocol.

• Insert, delete, or modify packet forwarding rules in switches through this connection.

• Also react to packet-in events and switch-join events that come from switches.

– For packet-in events, install relevant forwarding rules in switch – For switch-join events, establish a new connection with that specific switch

13

Controller

Case study

• CAMPUS NETWORK

• HOME NETWORK

1. POLICY2. DEPLOYMENT STATUS

1. IMPROVEMENT2. POLICY3. DEPLOYMENT STATUS

14

Campus Network-Policy

• Require unregistered end-host device to undergo an authentication process via an authentication web portal.

• After successful authentication, the device is scanned for possible vulnerabilities.

• If none are found, the device is finally granted access to the internal network and the Internet.

• Other events: 5 hours’ inactivity & infection. 15

Transitions and events in campus network

16

• Implementing such complex policy relies on many technologies.

eg. VLAN, firewall rules, etc.

• Requires network operators to independently configure multiple different components, including middle boxes, management servers, and numerous ad hoc scripts.

• Procera can automatically finish these configuration work, which significantly simplifies the expression of these types of policies.

17

Campus network deployment status

18

Home Network-Improvement

• Limited Visibility into broadband performance and overall status.

• Inflexible closed software installed in common home gateways hard to introduce new functions for home network.

• ISPs start to enforce monthly bandwidth caps to limit data usage. users need a new system to monitor and manage devices data usage.

Issues

19

Improving Visibility: BISMARK• BISmark is a collection of home gateways installed in households, a• centralized management and data collection server, and multiple

measurement servers deployed around the world.• Improve visibility into home broadband performance and its overall status.• Provide continuously monitoring of the status of home networks, and ensure

that customers receive their promised service.

Improving Control: SDN• SDN makes it much easier to introduce new functions.• It is possible to combine BISmark’s measurement data and procera to build

a management system that reacts to various conditions of the home. network. Example: Traffic shapping, proactively prefetching and caching.

• SDN paradigm enable a central controller to make various kinds of traffic engineering decisions and pushing rules to home gateways to enforce such policy greatly increases the flexibility of home network management. 20

• Uncapped device can access the Internet normally.

• When the device’s data usage exceeds the monthly cap value set by the home user, it is blocked-Capped.

• The reverse transition is triggered when the cap value is increased or data usage of devices are reset due to the end of a billing cycle.

• Procera automatically detects caped or uncapped devices every 5sec.

21

Home Network-Deployment Status

• NetGear WNDR 3700v2 and 3800 wireless routers are used as OpenFlow-capable forwarding devices.

• Home users use the router as a wireless access point and observe no particular difference from any normal wireless access point.

• The wireless router runs a customized firmware based on OpenWrt that implements OpenFlow protocol version 1.0.0. 22

Conclusion• Network configuration is becoming complex due to Continually

changing network state & Low-level per-device network configuration.

• SDN basic idea: separating control plane from switches, managing the whole network, rather than individual network component.

• The practice of Procera based on SDN structure in these two examples demonstrate OpenFlow-CAPABLE switches give possibilities for expressing complex network policies while reducing management in settings.

23

QUESTIONS?

24

Thank you

25