Lesson 10Software Defined Networking (SDN) and Network Function Virtualization (NFV)

n Network function, system, and link virtualizations are new techniques for realizing flexible and cost-effective network

n SDN and NFV create flexible network functions by software

n Career or service provider can introduce new services with minimum cost

10.1

Software Defined Networking (SDN)

serverserverserverserverserverserverserverserver

Ethernet switch

serverserverserverserverserverserverserverserver

Ethernet switch

serverserverserverserverserverserverserverserver

Ethernet switch

storagestoragestoragestoragestoragestoragestoragestorage

Ethernet switch

Ethernet switch

Ethernet switch

Internet

Data center network and system structure

Server rack

n In datacenter, VMs are configured on physical servers¨ VM emulates a computer system on a physical server

n VMs can be migrated between servers¨ Objective: load balancing between servers or racks,

energy efficiency by making unused servers sleep, etc.

server server storage

Virtual Machine (VM) live migration

VM

Live Migrationx CPUsy MB memory

…

…

VM

Ethernet switch

Firewall

Load Balancer

Internet

Web Server

Web ServerDNS

StorageAuthentificationTransactionDB

VLAN #2

VLAN #1

VLAN #3

VLAN #4

Traffic Demand Large

Tenant (User) structure for EC service

n VMs enable adaptive tuning of system performanceEC: Electronic Commerce

GUI

API

VM resource pool

VLAN resourcepool

Storage resourcepool

Manager software

IaaS Platform(e.g., OpenStack, CloudStack)

Cloud Service

(Users can select)

Manual

Automatic

IaaS platform having resource scalabilityIaaS: Infrastructure as a Service

n Virtualized resources (VMs, network, storage, etc.) are provided to users as a service via the Internet

n Users are unaware of the details of physical resources (location, security, backup, etc.)

User

Example in commercial:Amazon EC2 (Elastic Compute Cloud)

Application Application Application

Common Architecture (x86)

VM VM VM

Hypervisor

Resource Pool (CPU, Memory)

Traffic Traffic Traffic

L2, L3, L4-7 NetworkVirtual

NetworkVirtual

NetworkVirtual

Network

Network Virtualization Platform

Physical Network Resources (Node, Link)

(a) Server (b) Network

Server virtualization vs. network virtualization

Network virtualizationn Configure logical networks (or “slices”) suitable to provide

different network services on physical infrastructure¨ Centralized network resource controller configures physical network

resources➔ Software Defined Networking (SDN)

Network resource controller

Instinctive image of network virtualization

Physical network

Network/computational/storage resources with programmability or reconfigurability

Logical network #1 Logical network #3Logical network #2

SDN service for different protocol or system network

SDN Virtual Network

OSPFRouting Slice

IS-ISRouting Slice

IP + EthernetExample

OSPF: Open Shortest Path FirstIS-IS: Intermediate System to Intermediate System

SDN service for multi-service-provider network

Career A’s SDN Virtual Service Network

Provider C Slice

Provider A Slice

Example

Provider B Slice

Application Layer

Control Layer(i.e. Control Plane)

Physical Layer(i.e. Data Plane)

Business Application Layer(IaaS, LAN, VPN)

API API API

SDNcontrolsoftware Virtual Network

Data Plane Control Interface (e.g. OpenFlow, GMPLS)

(Northbound)

(Southbound)

Software Defined Networking (SDN) model

Network EquipmentNetwork Equipment

Network Equipment

Network Equipment Network Equipment

Control softwareControl

softwareControl software

Control software

Router structure evolution

Control software

Hardware(D-plane)

Hardware(D-plane)

Hardware(D-plane)

Hardware(D-plane)

Hardware(D-plane)

Hardware(D-plane)

Hardware(D-plane)

Hardware(D-plane)

Virtualization(Elastic)

Hardware(D-plane)

Hardware(D-plane)

Hardware(D-plane)

Hardware(D-plane)

Cloud

(a) Conventional networking (b) SDN

(c) Elasticity in controller (d) Controllers in the cloud

Hardware(D-plane)

Control software

Control software

Control software

Control software Control

software

Control software

Route information

R1

R2

R3

Network Address Next Hop

1.2.0.0/16 R2

2.3.4.0/24 R3

200.10.0.0/16 R1 (local)

default R2

Network Address Next Hop

1.2.0.0/16 R2

2.3.4.0/24 R3 (local)

200.10.0.0/16 R1

default R2

R4

Routing tableRouting table

IP Packet

Conventional IP network routing

Control software

Control software

Control software

Network Address Next Hop

1.2.0.0/16 R2 (local)

2.3.4.0/24 R3

200.10.0.0/16 R1

default R4

Routing table

Hardware(D-plane)

(a) in the previous slide

Link #1

• If an arrived IP packet does not match to the entries of forwarding table, R1 sends the packet to the controller (Packet-in)

• Then the controller calculates the route and adds new entry to the forwarding table

IP routing by SDN(b) in the previous slide

Hardware(D-plane)

Hardware(D-plane)

Hardware(D-plane)

R1 R3

Header Value Output Link

10-99 #2

100-999 #1

1000-9999 POP

Forwarding table (example)

IP Packet

Network Address Destination

1.2.0.0/16 R2

2.3.4.0/24 R3

200.10.0.0/16 R1

default R4

Routing table

SDN control software Control

software

Forwarding information(table setup)

R2

R4

Forwarding header

Control software

Control software

(a) Physical

Logical link function for SDNVM #A #1 #B #2 #C #3

Ethernet switch

(b) Logical #A #1 #B #2 #C #3

Virtual switchesfor each tenant

100 112 131 100 112 123 100 123 131

100100

112, 131 123, 131

VLAN ID

Softwarefor each tenant

Forwarding table

(c) Slice structure #A #B #C #1

#2 #3Logical link

Virtual switch

SDNcontroller

Hardware(OTN cross-

connect)

Hardware(OTN cross-

connect)

Hardware(OTN cross-

connect)

Hardware(OTN cross-

connect)

OTS

OTS

OTS

OTS

10GbE10GbE

AB

CD

10G10G40G 40G

40G40G

A

C

D

B

Transport SDN = Not only packet switch network but also OTN circuit and wavelength

SDN for transport network

Example: Open Transport Switch (OTS)

n Introduction of SDN technology has started from datacentersn Nowadays, extension of SDN into the transport network (i.e.

core/metro/access networks) is discussed¨ Multi-layer, Multi-domain, Multi-vender

OTN: Optical Transport Network

Key element for Software Defined Transport Network (SDTN)n Ability to create optical paths with flexible bandwidth based

on a request over multiple optical networks

WDMCore

OPSMetro

ROADMMetro

OpticalAccessNW controller

(NMS)OpticalAccess

OF Adapter

Data center

OF Adapter

NW Controller(OFC)

NW Controller(OFC)

Data center

10Gb/s

1Gb/s

SDN controllers on VM

Data center Data center

Flowvisor

(OpenFlow)

SDTN interoperability demo (2014)

100Gbit/s wavelength

division multiplexing

network

ONUs

Virtual L2 SW

Active ODN

Integrated control system

Core Network

Metro Network

Access NetworkData Center

10Gbit Ethernet(※) 10Gbit Ethernet

10Gbit Ethernet 10Gbit Ethernet

1Gbit Ethernet

100Gbit/s classOptical packet and circuit

integration switch network

OLTs

10.2

Network Function Virtualization (NFV)

Network Function Virtualization (NFV)

n Implementation of data-plane network functions in software executed on commodity hosts (servers)

Server

Performance

Virtual machine (VM)Firewall function

Router

Deep packet inspection (DPI)

Tester & monitor N

etw

ork

Func

tions

(NFs

)

Effectiveness of NFV

n In traditional, data-plane network functions are typically implemented in custom hardware

n HypothesisNFV will incur lower capital expenditures (capex) and operating expenditures (opex) when compared to traditional switches/routers and middlebox appliances

MiddleboxNetwork equipment deployed to apply specific transmission policy(Firewall, Network Address Translation (NAT), Intrusion prevention system, etc.)

Relation between SDN and NFV (1/2)

n In SDN, most of the control-plane software is re-implemented for execution on external commodity hostsØ SDN offers a solution for reducing development costs of

the software run on processors in switches/routers

Traditional SDN

Control-plane software implemented in each router

A remote SDN controller implements the control-plane algorithms

Relation between SDN and NFV (2/2)

n In NFV, data-plane functions are implemented in software on a commodity server instead of custom hardware¨ Latest commodity servers are cost-effective and energy-

efficient¨ Software NF can be developed to run on multiple operating

systems, VM hypervisors, and containers¨ Industry competition in the markets help reduce capex and

opex of NFV-based network switches and middleboxes

Ø NFV offers a solution for reducing hardware development costs of switches/routers

Energy efficiency of NFV

n Sharing the same physical server for multiple network functions allows for higher CPU resource utilization and energy efficiency

(b) NFV solution(a) Hardware appliance

Firewall� e.g.) 200 W

Tester & monitor� e.g.) 400 W

Router� e.g.) 1.5 kW

100%

0% Tester

Router

Firewall

Tester

Router

Firewall

Server� e.g.) 750 W

each network appliance consumes a fixed amount of power

Scalability value of NFV (1/3)

n Performance of NFs can be controlled easily in NFV¨ As traffic load increases, more servers (or VMs) can be

powered on to improve performance¨ When traffic load becomes low, some servers (or VMs) can

be powered off to save energy

Traffic demand

Physical server

ON

OFF

Energy (W)

Virtual function

DayTraffic

dem

and

ThroughputON

ON

Energy (W)

Traffic demand

Physical server

ON

OFF

Energy (W)

Virtual function

DayTraffic

dem

and

ThroughputON

ON

Energy (W)

scalability with traffic load

Scalability value of NFV (2/3)

n Load balancing enhances scalability of NFV system¨ Load-balancer distributes incoming packets to different

servers (and/or VMs)n For example, incoming packets are distributed to different servers

by hashing on fields in the packet header

Traffic

Load balancer

N servers�(scalability)

...

Scalability value of NFV (3/3)

n Scale-up technique using pipelining¨ Example: Software IP router

n Router function is divided into several sub-function blocksn If there is a complex operation, multiple instances of the block are

executed in parallel to reduce packet processing delay

Block-A

Blockccc -kkkkkkkkkkkkkkkkkkkkkkkk-------C

Block-B Block-B

Block-D

Pipe

linin

g

Stage 1e.g.) Interface

Stage 4e.g.) Interface

Stage 3e.g.) Switching

Stage 2 (Parallel operation)e.g.) Longest-prefix Matching Engine (LME)

Server(IP router VNF)

High-Level NFV Framework

Source: ETSI GS NFV 002 V1.1.1 (2013-10)

n Specified by ETSI (European Telecommunications Standards Institute)

Virtualised Network Functions (VNFs)

NFV Infrastructure (NFVI) NFV Management

and Orchestration

(MANO)

Architectural components of NFV

n Virtualized Network Functions (VNFs)¨ Network functions implemented as software and executed

on VMs

n NFV Infrastructure (NFVI)¨ Hardware resources and virtualization software that are

commonly required to execute VNFsn Management And Network Orchestration (MANO)

¨ Management functions of VNFs and hardware/software resources

n Fault management, Configuration management, Accounting, Performance monitoring and Security (FCAPS)

¨ Orchestration functionsn Manage service chains of multiple VNFs

VNFs

NFVI

MA

NO

Example of VNFs (1/4)

n Software switches/routers¨ Support packet forwarding between VMs within a server,

or replace physical switches that interconnect servers

Example

• Click modular router (http://read.cs.ucla.edu/click/)– Seminal open-source software router

(First paper was published in 2000!)– Router configuration can be assembled as a directed graph of packet

processing modules (“elements”)

Example of VNFs (2/4)Ethernet switch by Click

FromDevice– reads packets from network device

Classifier– classifies packets by contents

EtherSpanTree– IEEE 802.1d spanning tree algorithm

Suppressor– optionally drops some input ports

EtherSwitch– learning, forwarding Ethernet switch

ToDevice– sends packets to network device Source: E. Kohler, et al, “The Click modular router”, 2000.

Elements

Example of VNFs (3/4)

• Open vSwitch (http://openvswitch.org/)– Open-source software switch targeted at

multi-server virtualization deployments– Enhance the scalability and mobility of

VM environment by providing packet forwarding instead of physical switches

• Lagopus (http://www.lagopus.org/)– Software OpenFlow switch designed for wide-area network service

providers (i.e. network edge)– Achieves 10 Gbps packet forwarding and 1,000,000 flow entries by

applying Intel DPDK to its data plane

DPDK: Data Plane Development Kit

Example of VNFs (4/4)

n Middlebox functions¨ Middlebox: Network equipment deployed to apply specific

transmission policy¨ Reasonable performance is required compared to traditional

custom-hardware implementationn Trade-off with software flexibility

• Firewall• Network Address Translation (NAT)• Intrusion prevention system etc.

Example

NFVI framework

n NFVI includes hardware (i.e. servers) and softwaren “Framework” software provides useful functions for

VNFs¨ NF placement, dynamic scaling, fault tolerance, and load

balancing, etc.

Example

• ClickOS (http://cnp.neclab.eu/clickos/)– VM platform that supports a variety of

Click-based middlebox functions– Consists of virtualized OSs optimized

for running Click (called MiniOS) ClickOS architecture overviewSource: J. Martins et al, HotSDN, 2013.

The NFV-MANO architectural framework with reference pointsSource: ETSI GS NFV-IFA 009 V1.1.1 (2016-07)

Management And Network Orchestration (MANO)

n NFVO supports chaining of network functions to create services

n VNF manager manages individual network functions

n VIM manages physical servers and VMs that constitute NFVI hardware

Example • CloudNFV (http://cloudnfv.com/) • OPNFV (https://www.opnfv.org/)• OpenMANO (Telefonica, Spain) etc.

Service chaining (1/2)

n Definition in RFC (RFC7498 and 7665)

¨ Ordered list of instances of service functions¨ Subsequent “steering” of traffic flows through those

service functionsn VNFs are implemented in software on commodity hosts

¨ VNFs could be deployed in VMs in a single server, or could be distributed across multiple servers

¨ Servers could be in an edge-cloud or in a commercial-cloud datacenter

RFC: Request for Comments(issued by IETF（Internet Engineering Task Force))

Service chaining (2/2)

n High-speed optical network offers the opportunity to offload some VNFs to a remote datacenter¨ WAN propagation delays may impact the overall service-

chain performancen Performance requirements from clients should be considered while

choosing servers, and their corresponding datacenters

¨ Multiple service chains could share one network function

Optical Network Remote Datacenter

Ubiquitous grid (uGrid) environment

n Extends NFV service chaining concept to devices, general-purpose software program, and content¨ Referred to as “service parts”

Commercial cloud

Camera (Device)

Service part

Co

Commercial cloud

Program

Service chain

Television

Autonomous driving car

Air conditioner

( )Edge-server�(Video processing)

Cache�(storage)In-network

server

M2M control

Atomic NFV

n Divide VNFs into small sub-functions called “atomic functions” (like elements in Click)¨Aim to provision network service with flexible

performance by chaining distributed atomic functions

e.g. Firewall

Virtual network device(= Clustered VMs)

VNF (= Chain of atomic functions)

Commodity server

Atomic function(Software)

VM

Shared resource pool

Output of an atomic function could be transferred as input to another atomic function

Conclusions for Lesson 1010.1 SDN

• Following the popularization of server virtualization in datacenters, the concept of network virtualization has appeared

• SDN enables provision of logical networks for different network services

• Nowadays SDN is also extended into the transport network

10.2 NFV• NFV is the implementation of data-plane network functions in software

on commodity servers• NFV offers academic researchers an exciting opportunity to experiment

with new types of protocols, techniques, and networking service ideas• Many cloud and Internet service providers have invested considerable

resources in developing NFV, and therefore the promised capex/opexsavings are likely to be realized