Slide #1.

Chapter 4 Network Layer: The Data Plane A note on the use of these Powerpoint slides: We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you see the animations; and can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following:  If you use these slides (e.g., in a class) that you mention their source (after all, we’d like people to use our book!)  If you post any slides on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material. Thanks and enjoy! JFK/KWR All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach 7th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016 Network Layer: Data 4-1 Plane
More slides like this


Slide #2.

Chapter 4: outline 4.4 Overview 4.1 Generalized of Forwarding and SDN Network • match layer •• data actionplane • control plane OpenFlow examples of match-plus-action in action Network Layer: Data 4-2 Plane
More slides like this


Slide #3.

Network layer  transport segment from sending to receiving hosts  on sending side encapsulates segments into datagrams  on receiving side, delivers segments to transport layer  network layer protocols in every host & router  router examines application transport network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical application transport network data link physical Network Layer: Data 4-3 Plane
More slides like this


Slide #4.

Two key network-layer functions network-layer functions: forwarding: move packets from router’s input to appropriate router output routing: determine route taken by packets from source to destination • routing algorithms analogy: taking a trip  forwarding: process of getting through single interchange  routing: process of planning trip from source to destination Network Layer: Data 4-4 Plane
More slides like this


Slide #5.

Network layer: data plane & control plane Control plane Data plane local, per-router function determines how datagram arriving on router input port is forwarded to router values in arriving output port packet header forwarding function 1 0111 3 2  network-wide logic  determines how datagram is routed among routers along end-end path from source host to destination host  two control-plane approaches: • traditional routing algorithms: implemented in routers • software-defined networking Network (SDN): Layer: Data 4-5 Plane
More slides like this


Slide #6.

Per-router control plane Individual routing algorithm components in each and every router interact in the control plane Routing Algorithm control plane data plane values in arriving packet header 1 0111 3 2 Network Layer: Control 5-6 Plane
More slides like this


Slide #7.

“Logically centralized” control plane A distinct (typically remote) controller interacts with local control agents (CAs) Remote Controller control plane data plane CA CA values in arriving packet header CA CA CA 1 0111 3 2 Network Layer: Control 5-7 Plane
More slides like this


Slide #8.

Chapter 4: outline 4.4 Generalized 4.1 Overview of Forwarding and SDN Network • match layer •• data actionplane • control plane OpenFlow examples of match-plus-action in action Network Layer: Data 4-8 Plane
More slides like this


Slide #9.

Motivation  Proliferation of middleboxes that perform many layer-3 functions (except forwarding) • NAT: rewrite packet header’s IP address and port # • Firewall: block traffic based on header-field values • Load-balancer: forward packets requesting a given service to one of a set of servers  Proliferation of layer-2 switches and layer-3 routers  Each has its own specialized hardware, Network Layer: Data 4-9 Plane
More slides like this


Slide #10.

Generalized Forwarding and Each router contains a flow (match+action) table that SDN is computed and distributed by a logically centralized routing controller logically-centralized routing controller control plane data plane local flow table headers counters actions 0100 1101 SDN switch or packet switch vs. layer 3 router or layer 2 switch 1 3 2 values in arriving packet’s header Network Layer: Data 4-10 Plane
More slides like this


Slide #11.

OpenFlow data plane abstraction  flow: defined by {header fields from different layers}  generalized forwarding: simple packet-handling rules • Pattern: match values in packet header fields • Actions (for matched packet): drop, forward, modify matched packet or send unmatched packet to controller • Priority: disambiguate overlapping patterns • Counters: #bytes and #packets Flow table in a router (computed and distributed by controller) define router’s match+action rules Network Layer: Data 4-11 Plane
More slides like this


Slide #12.

OpenFlow data plane abstraction  flow: defined by {header fields from different layers}  generalized forwarding: simple packet-handling rules • Pattern: match values in packet header fields • Actions (for matched packet): drop, forward, modify matched packet or send unmatched packet to controller • Priority: disambiguate overlapping patterns • Counters: #bytes and #packets * : wildcard 1. 2. 3. src=1.2.*.*, dest=3.4.5.*  drop src = *.*.*.*, dest=3.4.*.*  forward(2) src=10.1.2.3, dest=*.*.*.*  send to controller
More slides like this


Slide #13.

Match+Action  Destination based vs. generalized forwarding  Network-wide collection of per-packet switch matching rules implements a wide range of functions • • • • • • layer 3 routing layer 2 switching NAT firewalling load-balancing virtual networks
More slides like this


Slide #14.

OpenFlow: Flow Table Entries Rule Action Stats packet + byte counters 1. 2. 3. 4. 5. Switch VLAN Port ID ID Forward packet to port(s) Encapsulate and forward to controller Drop packet Send to normal processing pipeline Modify Fields MAC src MAC dst Link layer Eth type IP Src IP Dst Network layer IP Prot TCP sport TCP dport Transport layer
More slides like this


Slide #15.

http://archive.openflow.org/documents /openflow-spec-v1.0.0.pdf Network Layer 4-15
More slides like this


Slide #16.

Example s Destination-based forwarding: Switch MAC Port src * * MAC Eth dst type * * Firewall: Switch MAC Port src * * MAC Eth dst type * Switch MAC Port src * * * IP Dst IP Prot TCP TCP Action sport dport * 51.6.0.8 * * VLAN IP ID Src IP Dst IP Prot TCP TCP Forward sport dport * * * * IP Dst IP Prot TCP TCP Forward sport dport * * port6 IP datagrams destined to IP address 51.6.0.8 should be forwarded to router output port 6 * 22 drop do not forward (block) all datagrams destined to TCP port 22 MAC Eth dst type * VLAN IP ID Src VLAN IP ID Src 128.119.1.1 drop * * * * * do not* forward (block) all datagrams sent by host 128.119.1.1
More slides like this


Slide #17.

Example s Destination-based layer 2 (switch) forwarding: Switch MAC Port src * 22:A7:23: 11:E1:02 MAC Eth dst type VLAN IP ID Src IP Dst IP Prot TCP TCP Action sport dport * * * * * * * * port3 layer 2 frames from MAC address 22:A7:23:11:E1:02 should be forwarded to output port 3 Network Layer: Data 4-17 Plane
More slides like this


Slide #18.

OpenFlow abstraction  match+action: unifies different kinds of devices  Router (layer 3) • match: longest destination IP prefix • action: forward out a link  Switch (layer 2) • match: destination MAC address • action: forward or flood  Firewall • match: IP addresses and/or TCP/UDP port numbers • action: permit or deny  NAT • match: IP address and port • action: rewrite address and Network port Layer: Data 4-18 Plane
More slides like this


Slide #19.

OpenFlow example (1) match Example: datagrams from hosts h5 or h6 destined to h3 or h4 should be sent via s1 to s2 action IP Src = 10.3.*.* forward(3) IP Dst = 10.2.*.* Host h6 10.3.0.6 1 2 3 s3 controller 4 Host h5 10.3.0.5 1 2 Host h1 10.1.0.1 match ingress port = 1 IP Src = 10.3.*.* IP Dst = 10.2.*.* action forward(4) s1 s2 1 4 4 2 3 3 Host h2 10.1.0.2 match Host h3 10.2.0.3 Host h4 10.2.0.4 action ingress port = 2 forward(3) IP Dst = 10.2.0.3 ingress port = 2 forward(4) IP Dst = 10.2.0.4
More slides like this


Slide #20.

Load balancing: datagrams from h3 destined to 10.1.*.* are to be forwarded over the link between s2 and s1; datagrams from h4 destined to 10.1.*.* are to controller be forwarded over the link between s2 and s3 (and the from s3 to s1) OpenFlow example (2) match action Ingress port = 4 forward(3) IP Src = 10.2.*.* IP Dst = 10.1.*.* Host h6 10.3.0.6 1 2 3 s3 4 Host h5 10.3.0.5 1 2 Host h1 10.1.0.1 match action IP Dst = 10.1.0.1 forward(2) IP Dst = 10.1.0.2 forward(3) s1 s2 1 4 4 2 3 3 Host h2 10.1.0.2 match Host h3 10.2.0.3 Host h4 10.2.0.4 action ingress port = 3 forward(2) IP Dst = 10.1.*.* ingress port = 4 forward(1) IP Dst = 10.1.*.*
More slides like this


Slide #21.

OpenFlow example (3) Host h6 10.3.0.6 1 2 3 s3 Firewall: s2 wants only to receive (on any of its interfaces) traffic sent from hosts attached to s3 controller 4 Host h5 10.3.0.5 1 2 Host h1 10.1.0.1 s1 s2 1 4 4 2 3 3 Host h2 10.1.0.2 match Host h3 10.2.0.3 Host h4 10.2.0.4 action IP Src = 10.3.*.* forward(3) IP Dst = 10.2.0.3 IP Src = 10.3.*.* forward(4) IP Dst = 10.2.0.4
More slides like this


Slide #22.

Data Plane: done! 4.1 Overview of Network layer: data plane and control plane 4.4 Generalized Forward and SDN • match plus action • OpenFlow example Question: how do forwarding tables (destination-based forwarding) or flow tables (generalized forwarding) computed? Answer: by the control Network Layer: Data 4-22 Plane
More slides like this


Slide #23.

Chapter 5 Network Layer: The Control Plane A note on the use of these Powerpoint slides: We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you see the animations; and can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following:  If you use these slides (e.g., in a class) that you mention their source (after all, we’d like people to use our book!)  If you post any slides on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material. Thanks and enjoy! JFK/KWR All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach 7th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016 Network Layer: Control 5-23 Plane
More slides like this


Slide #24.

Recall: per-router control plane Individual routing algorithm components in each and every router interact with each other in control plane to compute forwarding tables Routing Algorithm control plane data plane Network Layer: Control 5-24 Plane
More slides like this


Slide #25.

SDN logically centralized control plane A distinct (typically remote) controller interacts with local control agents (CAs) in routers to compute forwarding tables Remote Controller control plane data plane CA CA CA CA CA Network Layer: Control 5-25 Plane
More slides like this


Slide #26.

Software defined networking (SDN) Why a logically centralized control plane?  easier network management: avoid router misconfigurations, greater flexibility of traffic flows  table-based forwarding (recall OpenFlow API) allows “programmable” routers • centralized “programming” easier: compute tables centrally and distribute flow tables • distributed “programming” more difficult: compute tables as result of distributed algorithm (protocol) implemented in each and every router Network Layer: Control 5-26 Plane
More slides like this


Slide #27.

Analogy: mainframe to PC evolution Specialized Application s Specialized Operating System Specialized Hardware vertically integrated closed, proprietary ➡slow innovation, small industry * Slide courtesy: N. McKeown * Ap Ap Ap Ap Ap Ap Ap Ap Ap Ap p p p p p p p p p p Ap Ap Ap Ap Ap Ap Ap Ap Ap Ap App Open Interface Windows (OS) or Linux or Mac OS Open Interface Microprocessor horizontal open interfaces rapid innovation huge industry Network Layer: Control 5-27
More slides like this


Slide #28.

Traffic engineering: difficult with traditional routing 5 2 v u 3 2 1 x w 3 1 5 1 y z 2 Q: what if network operator wants u-to-z traffic to flow along uvwz, x-to-z traffic to flow xwyz? A: need to define link weights so traffic routing algorithm computes routes accordingly (or need a new routing algorithm)! Link weights are the only control “knobs”: wrong! Network Layer: Control 5-28
More slides like this


Slide #29.

Traffic engineering: difficult 5 2 v u 3 2 1 x w 3 1 5 1 y z 2 Q: what if network operator wants to split u-to-z traffic along uvwz and uxyz (load balancing)? A: cannot do it (or need a new routing algorithm) Network Layer: Control 5-29 Plane
More slides like this


Slide #30.

Traffic engineering: difficult Networking 401 5 2 3 v v 2 u 1 xx w w zz 1 3 1 5 yy 2 Q: what if w wants to route blue and red traffic differently? A: cannot do it (with destination based forwarding, and LS, DV routing) Network Layer: Control 5-30 Plane
More slides like this


Slide #31.

Software defined networking (SDN) 4. programmable routing control applications … access control 3. control plane functions external to dataplane switches load balance Remote Controller control plane data plane CA CA CA CA CA 2. control, data plane separation 1: generalized “flowbased” forwarding (e.g., via OpenFlow) Network Layer: Control 5-31 Plane
More slides like this


Slide #32.

SDN perspective: data plane switches Data plane switches  fast, simple, commodity switches implementing generalized data-plane forwarding (Section 4.4) in hardware  switch flow table computed, installed by controller  API for table-based switch control (e.g., OpenFlow) network-control applications … routing access control load balance northbound API SDN Controller (network operating system) southbound API data plane • defines what is controllable and what is not Network protocol for Layer: Control 5-32 Plane control plane SDN-controlled switches
More slides like this


Slide #33.

SDN perspective: SDN controller SDN controller (network OS):  maintain network state information  interacts with network control applications “above” via northbound API  interacts with network switches “below” via southbound API  implemented as distributed system for Network Layer: Control 5-33 performance, scalability, Plane network-control applications … routing access control load balance northbound API control plane SDN Controller (network operating system) southbound API data plane SDN-controlled switches
More slides like this


Slide #34.

SDN perspective: control applications network-control apps:  “brains” of control: implement control functions using lowerlevel services, API provided by SDN controller  unbundled: can be provided by 3rd party: distinct from routing vendor, or SDN controller Network Layer: Control 5-34 Plane network-control applications … routing access control load balance northbound API control plane SDN Controller (network operating system) southbound API data plane SDN-controlled switches
More slides like this


Slide #35.

Components of SDN controller access control routing Interface layer to network control apps: abstractions, API Network-wide state management layer: state of networks’ hosts, links, switches, services: a communication distributed layer: database/servers communicate between SDN controller and controlled switches load balance Interface, abstractions for network control apps network graph RESTful API statistics … … intent flow tables Network-wide distributed, robust state management Link-state info host info OpenFlow … … switch info SDN controller SNMP Communication to/from controlled devices Network Layer: Control 5-35 Plane
More slides like this


Slide #36.

OpenFlow protocol OpenFlow Controller  operates between controller and switch  TCP used (port # 6653) to exchange messages • optional encryption  three classes of OpenFlow messages:Network Layer: Control 5-36 Plane
More slides like this


Slide #37.

OpenFlow: controller-to-switch messages Key controller-to-switch OpenFlow Controller messages  read-state: controller collects statistics and counter values from flow tables and ports  configuration: controller queries/sets switch configuration parameters  modify-state: add, delete, modify flow table entries in switch; set switch port Network Layer: Control 5-37 properties Plane
More slides like this


Slide #38.

OpenFlow: switch-to-controller messages Key switch-to-controller OpenFlow Controller messages  packet-in: transfer (unmatched) packet (and its control) to controller. Vs. packet-out message from controller  flow-removed: flow table entry deleted at switch Fortunately, network operators do not “program”  switches port-status: inform controller by creating/sending OpenFlow messages of a status change on a port. abstraction at directly. Instead, use higher-level controller Network Layer: Control 5-38 Plane
More slides like this


Slide #39.

SDN: control/data plane interaction example Dijkstra’s link-state Routing network graph 4 RESTful API … 3 statistics Link-state info host info 2 OpenFlow 1 … 5 … flow tables … s2 s3 switch info SNMP 6 s1 intent s4 1 S1, experiencing link failure using OpenFlow port-status message to notify controller 2 SDN controller receives OpenFlow message, updates link status info 3 Dijkstra’s routing algorithm application has previously registered to be called when ever link status changes. It is called. 4 Dijkstra’s routing algorithm access network graph info, link state info in controller, computes new routes Network Layer: Control 5-39 Plane
More slides like this


Slide #40.

SDN: control/data plane interaction example Dijkstra’s link-state Routing network graph 4 RESTful API … 3 statistics Link-state info host info 2 OpenFlow 1 … 5 … intent flow tables … switch info SNMP 6 5 link state routing app interacts with flow-tablecomputation component in SDN controller, which computes new flow tables needed 6 Controller uses OpenFlow to install new tables in switches that need updating s2 s1 s3 s4 Network Layer: Control 5-40 Plane
More slides like this


Slide #41.

OpenDaylight (ODL) controller… Traffic Engineering REST API Network service apps Access Control Basic Network Service Functions topology manager switch manager forwarding manager stats manager host manager Service Abstraction Layer (SAL) OpenFlow 1.0 … SNMP OVSDB  ODL Lithium controller  network apps may be contained within, or be external to SDN controller  Service Abstraction Layer: interconnects internal, external applications and services Network Layer: Control 5-41 Plane
More slides like this


Slide #42.

ONOS controller … Network control apps REST API northbound abstractions, protocols Intent hosts paths flow rules topology devices links statistics ONOS distributed core device link OpenFlow host flow Netconf packet OVSDB southbound abstractions, protocols  control apps separate from controller  intent framework: high-level specification of service: what rather than how  considerable emphasis on distributed core: service reliability, replication Network Layer: Control 5-42 performance Plane
More slides like this


Slide #43.

SDN: challenges  hardening the control plane: dependable, reliable, performancescalable, secure distributed system • robustness to failures: leverage strong theory of reliable distributed system for control plane • dependability, security: “baked in” from day one?  networks, protocols meeting missionspecific requirements • e.g., real-time, ultra-reliable, ultra-secure  Internet-scaling Network Layer: Control 5-43 Plane
More slides like this