Date post: | 16-Jul-2015 |
Category: |
Documents |
Upload: | ankita-mandekar |
View: | 69 times |
Download: | 2 times |
VIT University
Presentation by:-Ankita Vinod Mandekar (13MIT0108)2ndyear MTech IT(Networking),School of Information Technology and Engineering,VIT University
Guided by:-Dr. Krishna ChandramouliAssociate Professor,Division of Enterprise and Cloud Computing,School of Information Technology and Engineering,VIT University
1
Outline:VIT University
1. Software Defined Network
2. Network Architecture
3. Openflow Standard
4. Mininet
5. Floodlight
6. Proposed work
7. Result
8. References 2
1. Programmable network plays a wide role in decreasing the complexity for development of a fullymanaged network at customer edge.
2. Software Defined Networking deals with programmable network using centralized policy whilenetwork deployment.
3. It uses a controller with Southbound and Northbound API.
4. Openflow enabled switches provide the control parameter to controller for making forwardingdecisions.
5. Flow based forwarding is done between source and destination. This increases the throughput ofnetwork.
6. The controller act as per used routing protocol provides the flow table entry.
VIT University
Software Defined Network
3
VIT University
Software Defined Network
1. SDN Controller : Floodlight2. Network Virtualization 4
VIT University
OpenFlow Protocol
1. OpenFlow is a standard protocol defined for southbound of SDN controller.
2. It decouples the control plane from data plane.
3. The Flowtable entries for Openflow enabled routers are:-
4. There are two types of messages:-
a. Controller to Switchb. Asynchronous
5
VIT University
Mininet
1. Mininet is a network emulator
2. Mininet creates a realistic virtual network, running real kernel, switch and application code, on a single machine
3. Way to develop, share, and experiment with OpenFlow and Software-Defined Networking systems
4. It is fast - starting up a simple network takes just a few seconds.
5. Create custom topologies as per network.
6. Using scripts-
sudo mn –controller = remote,ip=192.168.142.1sudo mn –controller=remote,switches =ovsk linear,4
6
VIT University#topo_model.pyfrom mininet.net import Mininet
from mininet.util import createLinknet=Mininet()
#Create nodes in the network.c0 = net.addController()h2=net.addHost('h2')s1=net.addSwitch('s1')h3=net.addHost('h3')
#Creating links between nodes in network (2-way)net.addLink(h2,s1)net.addLink(h3,s1)
#configuration of IP addresses in interfacesh2.setIP ('10.0.0.4',8)
h3.setIP ('10.0.0.5',8)
net.start()net.pingAll()net.stop()
7
VIT University
Floodlight Controller
1. Floodlight is the core of a commercial controller product from Big Switch Networks (link) and isactively tested and improved by a community of professional developers.
2. It is an open source project for Software Defined Network on JAVA platform. So secure comparedto NOX- C++, POX-python controllers
3. It works with physical and virtual switches that speak the OpenFlow protocol.
4. Network Virtualization is done by creating multiple different network on top of a single physicalController.
5. Flowvisor technology is used for isolating those different network.
6. Different protocol are deployed once on controller instead of number of network devices.
8
VIT University
Floodlight Controller(FLC)
9
VIT University
Rest API with FLC
‘http://192.168.142.1:8080/wm/core/controller/summary/json’
http:// 192.168.142.1:8080/wm/core/memory/json’
Static entries to switch
Controller Memory Usage
‘http:// 192.168.142.1:8080/wm/staticflowentrypusher/json’
Representational state transfer (REST) abstracts the network component details such as routers, switches, SDN controller and host.
The FLC uses these REST API to monitor the failure, performance.
Details of switches
10
VIT University
FLC with Firewall
1. FIREWALL filters the incoming and outgoing traffic of the network.
2. The rules of the network with respect to host, timing and priority of communication.
3. In SDN, the firewall is a Northbound API for FLC
4. Rest API for FLC:-
‘http://192.168.142.1:8080/wm/firewall/module/status/json’‘http://192.168.142.1:8080/wm/firewall/module/enable/json’‘http://192.168.142.1:8080/wm/firewall/module/disable/json’
STATUS REST API: (get method)
(put method)
#Allow traffic on 00:00:00:00:00:00:00:01 switch
‘ curl -X POST -d '{"switchid": "00:00:00:00:00:00:00:01"}'
http://localhost:8080/wm/firewall/rules/json’ 11
VIT UniversityFLC with Firewall
12
VIT University
Networking Slice1. Dynamic allocation of IP for each tenant
2. The controller make IP address allocation scalable by using router exposed REST API
3. Make the required changes to ‘/etc/config/network’ directory of routers
13
1. In 2003, “The Beacon OpenFlow Controller” by David Erickson
The Openflow and floodlight approach to the network traffic which proved as much efficientthan traditional network.
2. In 2005, “A denial of service attack against the Open Floodlight SDN controller” by Jeremy M. Dover
Open Floodlight is an open-source software-defined network controller, thebrains of an OpenFlow-based network where the switches act as forwarding devices,leaving the controller to make decisions about flows and routing. In this paper,security threats which can attack over floodlight controller and there prevention isexplained.
3. In 2008, Enabling Innovation in Campus Network proposed by Nick McKeown, Tom Anderson,Hari Balakrishnan. In this paper the campus network is design using OpenFlow protocol. The needof programmable network and its advantages are explain
VIT University
Literature Survey:
14
Experimental ResultsVIT University
1. The FIREWALL Northbound API is designed on top of centralized FLC. This can monitor the traffic across the network. The web based interface to FLC with Firewall allows user to check status, enable and disable. This provide automate nature to network as customer required.
2. The NETWORK SLICE Northbound API can get the network device details to FLC. FLC can reconfigure the network for whole network. This makes the network dynamic and scalable.
15
VIT University
Advantages
1. Network Slice is developed as a northbound API on top of controller. This provides secure
and multitasking network.
2. It makes scalable network for multiple tenants
3. Using single programmable Controller in the network is cost beneficial.
4. It is easy to implement the new protocol all over the network by using Floodlight
controller.
5. Firewall on the controller is used to take action as blocked or accepted as per policies
required to customer.
6. The network is managed as per customers requirement from a single point.
16
VIT University
Conclusion:
The network for campus is centralized with FLC. The filtering of traffic is done
successfully with the firewall Northbound API. The network is automate as well as secure
with centralization policy which makes network robust to failures. The Network Slice
Northbound API makes network scalable for multi tenancy.The network functions are
virtualized on top of FLC. The centralized FLC makes maintenance of network easy in
less cost.
17
VIT University
18