VIT University

Presentation by:-Ankita Vinod Mandekar (13MIT0108)2ndyear MTech IT(Networking),School of Information Technology and Engineering,VIT University

Guided by:-Dr. Krishna ChandramouliAssociate Professor,Division of Enterprise and Cloud Computing,School of Information Technology and Engineering,VIT University

1

Outline:VIT University

1. Software Defined Network

2. Network Architecture

3. Openflow Standard

4. Mininet

5. Floodlight

6. Proposed work

7. Result

8. References 2

1. Programmable network plays a wide role in decreasing the complexity for development of a fullymanaged network at customer edge.

2. Software Defined Networking deals with programmable network using centralized policy whilenetwork deployment.

3. It uses a controller with Southbound and Northbound API.

4. Openflow enabled switches provide the control parameter to controller for making forwardingdecisions.

5. Flow based forwarding is done between source and destination. This increases the throughput ofnetwork.

6. The controller act as per used routing protocol provides the flow table entry.

VIT University

Software Defined Network

3

VIT University

Software Defined Network

1. SDN Controller : Floodlight2. Network Virtualization 4

VIT University

OpenFlow Protocol

1. OpenFlow is a standard protocol defined for southbound of SDN controller.

2. It decouples the control plane from data plane.

3. The Flowtable entries for Openflow enabled routers are:-

4. There are two types of messages:-

a. Controller to Switchb. Asynchronous

5

VIT University

Mininet

1. Mininet is a network emulator

2. Mininet creates a realistic virtual network, running real kernel, switch and application code, on a single machine

3. Way to develop, share, and experiment with OpenFlow and Software-Defined Networking systems

4. It is fast - starting up a simple network takes just a few seconds.

5. Create custom topologies as per network.

6. Using scripts-

sudo mn –controller = remote,ip=192.168.142.1sudo mn –controller=remote,switches =ovsk linear,4

6

VIT University#topo_model.pyfrom mininet.net import Mininet

from mininet.util import createLinknet=Mininet()

#Create nodes in the network.c0 = net.addController()h2=net.addHost('h2')s1=net.addSwitch('s1')h3=net.addHost('h3')

#Creating links between nodes in network (2-way)net.addLink(h2,s1)net.addLink(h3,s1)

#configuration of IP addresses in interfacesh2.setIP ('10.0.0.4',8)

h3.setIP ('10.0.0.5',8)

net.start()net.pingAll()net.stop()

7

VIT University

Floodlight Controller

1. Floodlight is the core of a commercial controller product from Big Switch Networks (link) and isactively tested and improved by a community of professional developers.

2. It is an open source project for Software Defined Network on JAVA platform. So secure comparedto NOX- C++, POX-python controllers

3. It works with physical and virtual switches that speak the OpenFlow protocol.

4. Network Virtualization is done by creating multiple different network on top of a single physicalController.

5. Flowvisor technology is used for isolating those different network.

6. Different protocol are deployed once on controller instead of number of network devices.

8

VIT University

Floodlight Controller(FLC)

9

VIT University

Rest API with FLC

‘http://192.168.142.1:8080/wm/core/controller/summary/json’

http:// 192.168.142.1:8080/wm/core/memory/json’

Static entries to switch

Controller Memory Usage

‘http:// 192.168.142.1:8080/wm/staticflowentrypusher/json’

Representational state transfer (REST) abstracts the network component details such as routers, switches, SDN controller and host.

The FLC uses these REST API to monitor the failure, performance.

Details of switches

10

VIT University

FLC with Firewall

1. FIREWALL filters the incoming and outgoing traffic of the network.

2. The rules of the network with respect to host, timing and priority of communication.

3. In SDN, the firewall is a Northbound API for FLC

4. Rest API for FLC:-

‘http://192.168.142.1:8080/wm/firewall/module/status/json’‘http://192.168.142.1:8080/wm/firewall/module/enable/json’‘http://192.168.142.1:8080/wm/firewall/module/disable/json’

STATUS REST API: (get method)

(put method)

#Allow traffic on 00:00:00:00:00:00:00:01 switch

‘ curl -X POST -d '{"switchid": "00:00:00:00:00:00:00:01"}'

http://localhost:8080/wm/firewall/rules/json’ 11

VIT UniversityFLC with Firewall

12

VIT University

Networking Slice1. Dynamic allocation of IP for each tenant

2. The controller make IP address allocation scalable by using router exposed REST API

3. Make the required changes to ‘/etc/config/network’ directory of routers

13

1. In 2003, “The Beacon OpenFlow Controller” by David Erickson

The Openflow and floodlight approach to the network traffic which proved as much efficientthan traditional network.

2. In 2005, “A denial of service attack against the Open Floodlight SDN controller” by Jeremy M. Dover

Open Floodlight is an open-source software-defined network controller, thebrains of an OpenFlow-based network where the switches act as forwarding devices,leaving the controller to make decisions about flows and routing. In this paper,security threats which can attack over floodlight controller and there prevention isexplained.

3. In 2008, Enabling Innovation in Campus Network proposed by Nick McKeown, Tom Anderson,Hari Balakrishnan. In this paper the campus network is design using OpenFlow protocol. The needof programmable network and its advantages are explain

VIT University

Literature Survey:

14

Experimental ResultsVIT University

1. The FIREWALL Northbound API is designed on top of centralized FLC. This can monitor the traffic across the network. The web based interface to FLC with Firewall allows user to check status, enable and disable. This provide automate nature to network as customer required.

2. The NETWORK SLICE Northbound API can get the network device details to FLC. FLC can reconfigure the network for whole network. This makes the network dynamic and scalable.

15

VIT University

Advantages

1. Network Slice is developed as a northbound API on top of controller. This provides secure

and multitasking network.

2. It makes scalable network for multiple tenants

3. Using single programmable Controller in the network is cost beneficial.

4. It is easy to implement the new protocol all over the network by using Floodlight

controller.

5. Firewall on the controller is used to take action as blocked or accepted as per policies

required to customer.

6. The network is managed as per customers requirement from a single point.

16

VIT University

Conclusion:

The network for campus is centralized with FLC. The filtering of traffic is done

successfully with the firewall Northbound API. The network is automate as well as secure

with centralization policy which makes network robust to failures. The Network Slice

Northbound API makes network scalable for multi tenancy.The network functions are

virtualized on top of FLC. The centralized FLC makes maintenance of network easy in

less cost.

17

VIT University

18