On the road of exploring SDN, the author has read many books on SDN, and found that it is to introduce the concept of SDN, SDN architecture, etc. You will find that these are relatively abstract, only when you know how SDN came, why not use traditional What are the benefits of SDN? You can go a long way on the road of SDN.
What is SDN
It is worth mentioning here that SDN is not a technology, but a design concept and a framework. It does not require how to implement it. It focuses more on the grasp of the entire network architecture.
Why does SDN appear?
It is mainly to solve the shortcomings of the traditional architecture. The traditional network is controlled individually by device and is purely distributed; the control plane and the forwarding plane are tightly coupled; administrators cannot directly control forwarding according to their own will; network protocols limit forwarding Rules such as routing protocols can only be forwarded by IP address.
Although traditional networks can also have software to participate in programming, these all depend on the software being the designer, not the user. It is impossible for administrators to implement the functions they want at will, such as programming and configuration on routers. It is quite complicated, and SDN provides a set of interfaces to the administrator. Through these interfaces, he can implement the functions he wants, and it does not need to care about how the SDN is implemented internally.
SDN requires that the control plane and the forwarding plane, what is the control plane, what is the forwarding plane, etc. will be explained. From the perspective of the forwarding plane, it is hoped that it has nothing to do with the behavior of the protocol, and the will of the administrator is more important. Some people hope that the hardware of the forwarding plane is standard, which of course can bring many benefits to the development of SDN, but it is difficult to realize the unification of the country.
Several requirements of SDN :
separation of control plane and forwarding plane;
open programmable interface;
centralized network control;
automatic deployment and control of network services;
when we design the SDN architecture, we should meet the above points.
From the above figure, you can clearly find that the SDN control plane and forwarding plane are separated.
SDN Architecture
SDN is not Openflow. Openflow requires not only the standardization of programming interfaces, but also the standardization of internal forwarding. Openflow is an implementation solution for the southbound interface of SDN. The southbound interface is mainly provided to the forwarding plane, while the northbound interface is mainly provided to the service layer.
From the above figure, we know that SDN is not a technology or a management tool, it is just an architectural concept that plans various components.
forwarding plane
It consists of many network devices where packets are processed and forwarded.
southbound interface
Openflow is an implementation of the southbound interface. It expects the interface to be standard. The southbound interface of traditional networks is not standardized, and the code is also in each device, which is not open source.
Of course, Openflow does not represent the whole of the southbound interface. It has other implementation solutions, which we call OtherAPI.
controller
A controller can control multiple devices, and a device can also be controlled by multiple controllers, which usually run on a separate server, such as windows and linux. It provides the interface of the application program upward and controls the hardware device downward.
northbound interface
The interface between the Controller and the application, which is not yet standardized.
application service
It can be located on the same server as the controller, or it can be a different server, such as load balancing, network operation monitoring, etc.
automation
For traditional networks, we need to configure manually. SDN does not require manual configuration. It can be implemented through programs and automated deployment.
Problems that SDN can solve
Why do we need SDN? With the consolidation of data centers, the trend of server virtualization is becoming more and more obvious, and more and more problems are generated. SDN plays an important role in solving these problems. The development of network services requires administrators to be able to manage more and more complex networks and devices and deploy complex network applications. SDN has become particularly important, and it can greatly simplify these problems.
For a network as big as Alibaba, such as Alibaba Cloud, if the traditional Internet architecture is used, it is extremely difficult to maintain and expand. At the same time, due to the difficulty of unifying network devices, it requires administrators to The control, operation and maintenance costs of various equipment are quite high.
SDN is the most recognized solution. Let's compare the processing of data by traditional networks and the processing of data by SDN.
The traditional network sends packets from the source site to the destination site. The forwarding behavior is one-by-one, and each route needs to be configured independently. This control is distributed,
and SDN removes the control plane of other devices from the device. Come out, carry out centralized and unified management, and provide API to upper-layer applications to control, administrators can easily control only through programming
An example of using SDN
The customer is a data center server provider in Japan. They use SDN for DOSS defense. Their approach is to provide a general Internet entrance, and an Openflow switch is attached to each data center entrance. When there is no Doss, The data is passed through the router, to the ordinary switch, and then forwarded to the host. When Doss is detected (the router sends some packets to the detection server for analysis through NetFlow), the BGP protocol of the router is configured through the Controller, and all the The packets are all sent to the Openflow switch. The Openflow switch discards the attacking packets, changes the destination IP of the non-attacking packets (the change is for the purpose of sending them out and then sending them back), and then sends the packets back. The router, and then the router transmits the message to the ordinary switch, and then to the host.
If the traditional anti-DOSS solution is used, once DOSS is detected, the switch will block all packets, thus making the server unable to serve for a period of time.