Software-defined networking

Software -defined networking (SDN ) is an approach to construction of computer network equipment and software, the two main components of such equipment separates and abstracts. It is the control plane and the data plane. Initial concepts for this originates from Stanford University from around 2005. 2013 is described by many manufacturers as their products SDN enabled, so is already talk of a hype.

Description

SDN enables network administrators to more easily manage the network by lower levels of functionality are abstracted into virtual services. The hardware no longer has to be manually configured .. This has become increasingly important with the advent of virtualization, in which a larger data center in increasing numbers over the network to create virtual machines and configure needs, and associated firewall rules and network addresses must be generated. There are a number of approaches, by analogy virtual networks (VLANs) to generate, but this leads to a high complexity. SDN gives network administrators a programmable central control of network traffic without having to manually take access to the single physical network components.

SDN decouples the system that decides where the data is sent ( the control plane ), the underlying system, which forwards the data to the selected destination ( the data plane ). The developer and supplier of these systems indicate that this technology simplifies network administration and enables new applications such as network virtualization, in which the control plane from the data plane separately and implemented as a pure application.

The Open Networking Foundation was founded to promote SDN standards. Trends such as cloud computing blur the boundaries between the network and computer in a technological environment where SDN standards appear to be useful. However, Alcatel- Lucent proposes its own way.

Background

Internet Protocol ( IP) - based networks based on the concept of autonomous systems (AS). This approach allows to extend networks by ever more nodes are connected, forward the incoming packets to a meaningful next node and thereby do not require a detailed look at the entire network structure. This concept is simple and has proven to be stable and extensible. In the simplest case, this concept allows a component not to join at another point in the network, because they would not receive their packages. The identity of a network component derives from its location in the network. Moreover, it is with simple AS structures hardly possible to assign the component specific properties, such as logical grouping, access control, quality of service, a specific processing of data before delivery or contextual information about data flows that go beyond the content of the individual package.

Additional standards have been adopted by the Internet Engineering Task Force ( IETF) in order to take account of these needs, such as DHCP, routing, virtual LANs and virtual private networks (VPNs). Gradually grew thereby the complexity of the specification and configuration of the network by the Administrators.

The increased use of the Internet, now on mobile devices, was one of the drivers that forced the need for highly standardized operating system instances. Cloud architectures with dynamic resource assignment reflect this, and seeks to SDN, the required network configurations comparable automated roll out as virtual systems. The high dynamics in shifting more or less heavily utilized systems on each appropriate hardware resources is supported. It need not be manually configured in each time switches in order to maintain the agreed policies. Rather, the adjustments of routing and firewall rules, bandwidth allocations, etc. These automated and centralized, while the decentralized hardware components perform only simple tasks, such as forwarding a packet to the correct port.

The central software- defined control also recognizes specific contexts that must be attached to source - destination relationships. So not every package of complete firewall are audited if previous, similar packages have already passed the test from the same connection. Matching mechanisms involving manufacturer-specific functions and implementations were found. Goes one step further with the OpenFlow standardize commands for configuring the data plane. The OpenFlow protocol enables the development of software controllers that control the entire network. They can be implemented centralized or distributed to lay beyond the traditional IP core features a level that manages the complex and subscriber- specific network functions.

The term "Software - Defined Networking " is used by Kate Greene, 2009.

You can have a SDN configure the hardware with the control plane is different with the data plane, so that a switch forwards only packets while a separate server, the tasks of the Control Plane takes over.

There are two reasons for this approach. On the one hand can be used different device numbers, replacement cycles, etc.. On the other hand optimally suitable hardware can be used, for example, a powerful server for the control plane and a larger number of energy -saving switches for pure forwarding.

Control plane and data plan will have even communicate over the network with each other here. OpenFlow is a standard for such a protocol, but other methods can be used. OpenFlow is managed by the Open Networking Foundation.

SDN - use models

Applications

An application of SDN is Infrastructure as a Service (IaaS ). Here SDN is combined with virtual machines and virtual storage, which allows a " resilient ", ie needs-based resource allocation. In particular, scale-out scenarios in which demand more systems are being added benefit of the possible automation. The providers of very large software installation such as Google and Facebook show that appropriate software architectures can be found for such distributed systems. But even for small applications that only run on a VM, the same mechanisms can help to abstract completely from the (network) hardware.

Another approach provides dynamic re- allocation of virtual machines on the virtualization hosts. Aim is to exploit as few hosts as well as possible. Virtualization environments where re- allocations ( if any) will be carried out manually, consider, at best, the overloaded hosts, while unused capacity usually find no attention, resulting in a gradual underuse of those hosts and the waste of resources.

SDN allows the distribution of loads on many connections, such as between the application servers and the network backbone. VLANs are traditionally here manually defined and set routes or worked with bonding, which is complex and does not allow dynamic adaptation to changing loads. Load balancing on different application servers, distributed firewalls and more applications are added.

SDN may take in companies, for carriers and Managed Network Services ( MNS ). This is about service level agreements, that is, even with constant changes in the network, as is inevitable in such environments is to the individual participants get its guaranteed bandwidth, latency, availability, and security features.

If the SDN "overlay" does not consider the characteristics of the underlying infrastructure, inefficiency and low throughput are the likely consequence. Just carriers are therefore interested in SDN - solutions which take into account amounts of data, and hardware topology and react accordingly. Accordingly, there is a proposal for SDN solution that takes into account network resources, so that the data stream can be continuously optimized, and the requests are handled in a more predictable manner.

Access Control in SDN

Remote access to the control plane is the administrators for security usually allows by RBAC.

Swell

736837
de