Software-defined network is a new network innovation architecture of Emulex network and a way to realize network virtualization. Its core technology, OpenFlow, realizes flexible control of network traffic by separating the control plane of network equipment from the data plane. Make the network as a pipeline smarter. It abstracts the different and distinguishable layers of the network, making the network agile and flexible. The goal of SDN is to improve network control by enabling enterprises and service providers to respond quickly to changing business needs. In a software-defined network, a network engineer or administrator can shape traffic from a central console without ever touching the individual switches in the network, regardless of the specific connections between servers and devices, a centralized SDN controller directs the switches to Provide network services where needed. This process differs from traditional network architectures, where individual network devices make traffic decisions based on their configured routing tables9, SDN has played a role in networking for a decade and has influenced many network innovations.
1. The working principle of SDN
SDN encompasses several types of technologies, including separation of functions, network virtualization, and automation through programmability. Initially, SDN technology focused only on the separation of the network control plane from the data plane, which moves packets from one place to another while the control plane decides how packets should flow through the network. In a classic SDN scenario, packets arrive at a network switch, rules built into the switch's proprietary firmware tell the switch where to forward the packet, and these packet processing rules are sent from a centralized controller to the switch. A switch (also known as a data plane device) queries the controller as needed for directions and provides the controller with information about the traffic it handles, the switch sends each packet along the same path to the same destination, and sends each packet along the same path to the same destination with All packets are handled in the same way. Software-defined networking uses a mode of operation sometimes called adaptive or dynamic, in which switches make routing requests to controllers for packets that do not have a specific route, a process that is separate from adaptive routing, which passes through routers and is based on network topology algorithm instead of routing requests through the controller. The virtualization aspect of SDN works through virtual overlays, which are logically independent networks on top of the physical network. Users can implement end-to-end overlays to abstract the underlying network and segment network traffic. It is especially useful for service providers and operators of cloud and cloud services, as they can provide each tenant with a separate virtual network with specific policies.
2. Possible application scenarios of SDN in the network
Compared with existing networks, especially representative Internet networks, SDN technology can enhance the intelligent edge forwarding capability of the control layer, the efficient carrying capacity of the backbone network, and the openness and coordination of network capabilities. Therefore, the scenario where SDN may be introduced lies in the cloud Data center, metro backbone network level, access network level, etc.
2.1 Data center scenario
By introducing SDN technology, different data center resources are virtualized on the basis of the data center physical network, and the network capabilities of a single data center can be synthesized into a unified network capability pool, thereby alleviating large-scale cloud data. The expansion and flexibility problems faced by the center when carrying multi-tenant services have improved the intensive operation capability of the network and realized the intelligent carrying of the networking scheme between data centers. A possible solution is to deploy routers supporting SDN technology at the data center egress, which can monitor link bandwidth utilization and application traffic in real time, and submit the monitoring results to the data center controller. The data center controller centrally controls the router devices at the exits of each data center, and uniformly allocates the links and business traffic flows at the exits of multiple data centers, so that link resources can be adjusted according to current business needs and link conditions, improving link quality. Utilization of bandwidth resources.
2.2 Metro backbone network scenarios
In the metro backbone network, edge control devices (such as Broadband Access Server (BRAS) and Service Router (SR)) are the core control units for user and service access. They not only have rich user-side interfaces and network-side interfaces, but also implement Functions such as information exchange for business/user access to the backbone network. The edge control device maintains user-related business attributes, configurations, and status, such as user IP addresses, routing addressing adjacency tables, Dynamic Host Configuration Protocol (DHCP) address binding tables, multicast joining status, PPPoE/IPoE sessions, QoS and access control list (ACL) attributes, etc. These important entries and attributes are directly related to the user's service quality and experience. Based on the SDN technology, functions other than routing and forwarding in the edge access control device can be upgraded to the metropolitan area network controller, and virtualization can be used to achieve flexible and rapid deployment of services. In this scenario, the network controller needs to support the automatic discovery and registration of various remote devices, support the Keep Alive function between remote nodes and the main control node, and be able to deliver the overall planning strategy to the Corresponding remote devices forward, including IP addresses, basic routing protocol parameters, MPLS/VPN encapsulation parameters, QoS policies, ACL policies, etc., while edge access control devices only implement physical resource configuration for user access. At the same time, multiple edge devices can be virtualized into one access control device, and the same MAN (or sub-area) can be virtualized into a separate network element. The network management personnel can realize unified configuration and service provisioning just like configuring an edge router. , and perform batch software upgrades. The application scenario of the MAN is shown in the figure below.
2.3 Access network scenarios
Nodes in the access network are massive nodes in the network, and the workload in daily operation and maintenance is huge. The introduction of SDN technology into the access network can greatly simplify the management and maintenance of access nodes, and facilitate the rapid deployment of new services. In a possible solution, the remote nodes connected to the optical line terminal (OLT) (including multi-dwelling unit (MDU) and ADSL access multiplexer (DSLAM, etc.)) become simple devices that only retain the data plane to realize the transfer The control plane of these nodes is moved to an independent controller or OLT, and the parameter configuration of remote nodes is delivered by the controller. Because the remote node supports flow forwarding, when there are
new services or new features need to be enabled in the access node, a large part of the features can be realized directly through the configuration of the flow table without software upgrades, which greatly speeds up speed of business deployment. Even if some new services cannot be supported by the existing control plane, it is only necessary to upgrade the control plane instead of upgrading a large number of remote nodes.
2.4 Development and operation.
SDN can facilitate DevOps by automating application updates and deployments, a strategy that can include automating IT infrastructure components when deploying DevOps applications and platforms.
2.5 campus network.
Campus networks can be difficult to manage, especially with the ongoing need to unify Wi-Fi and Ethernet networks, SDN controllers can make campus networks benefit.
2.6 Data center security.
SDN enables more targeted protection and simplifies firewall management. Typically, enterprises rely on traditional perimeter firewalls to protect their data centers. However, companies can create a distributed firewall system to protect virtual machines by adding virtual firewalls. This additional Firewall security layers help prevent vulnerabilities in one VM from jumping to another, and SDN centralized control and automation also enables administrators to view, modify, and control network activity to reduce the risk of breaches.
At the beginning of the SDN design, it was not intended to improve the efficiency of the communication network, but mainly hoped that through the separation of the control and forwarding planes, it could support application-programmable network capability exposure, so as to strengthen the application's control over the use of network resources. Therefore, although the introduction of SDN can support the centralization of the control plane, simplify operation and maintenance and reduce operation and maintenance costs, it can also support the innovation of customized software through the opening of the control layer software, but it also brings many technical challenges. And problems:
(1) Although application providers such as Google have commercial cases for deploying SDN, the introduction of SDN technology in large networks, multi-domain networking and control algorithms for a large number of forwarding devices are very complicated, and SDN technology is based on Whether the forwarding performance of the stream can support the massive data forwarding of the Internet is also a question to be verified.
(2) The control layer becomes the key to the network. The network operating system NOS will become the core of the network chain just like the PC operating system and the smart phone operating system. The centralized control core has higher requirements for the security and reliability of the operator's network. Moreover, higher requirements such as flexibility and adaptability are put forward for the control ability of NOS. Sign exchange form, thus avoiding cumbersome TCP/IP encapsulation. On this basis, operators can use SDN API to design and deploy their business management and control logic.
3. Advantages and disadvantages of SDN technology
3.1 Advantages:
1. SDN can change the chimney architecture of tightly coupled applications and networks under traditional networks, and improve the level of network resource pooling.
2. The SDN network is connected to the cloud platform to realize automatic deployment and configuration, and supports rapid service launch and flexible expansion.
3. Through software instead of manual arrangement, network service automation is realized. One sentence summary: SDN is to change the network from hard to soft, improve the centralized control capability of the network, enhance the network's adaptability and support for new technologies such as virtualization and cloud computing, and ultimately improve the service and support capabilities of the network for business. We use SDN technology to reshape the network architecture of the financial industry, and gradually form a financial network architecture with financial cloud as the core, provincial nodes as the hub, and business outlets as the edge.
The financial SDN network can be divided into three layers: network control layer, network forwarding layer, and computing access layer. The network control layer includes AC controllers and FI intelligent analyzers. This layer connects to the cloud platform at the top, provides service-oriented interfaces, controls network devices at the bottom, and abstracts business deployment and network operation and maintenance requirements into network services. The network forwarding layer is composed of network devices such as switches and routers, including three areas: cloud network, pipeline network and terminal network, which respectively satisfy the data center network for server and storage access, the wide area network for connecting branches, and the network points for terminal access and office network. For example, the data center network is a fabric network composed of spine-leaf architecture and VXLAN technology, which carries multi-service network data forwarding through virtualization technology.
3.2 Disadvantages:
It is undeniable that SDN technology is not perfect, and the three major components involved in SDN, network equipment, communication protocols, and controllers, are not perfect. For example, the number of flow tables supported by the chip of the network device is very limited, and the packet matching and action are not flexible enough to support multi-level flow tables. The software installed on the Windows or Linux operating system makes the controller and the operating system face the same risk of being attacked. As long as the attacker can gain control of the SDN controller through continuous attacks, it may cause the entire The network "fell", so the network risk is too great. Even if there is no attack, the calculation of the controller is huge. Once the controller fails, the entire data center network will be paralyzed and cannot be controlled. There are also many defects in the OpenFlow protocol of the communication protocol between the controller and network devices.
First of all, the OpenFlow standard has changed a lot, from version 1.0 to 1.3. Switches designed based on different versions are difficult to be compatible with each other. Up to now, the OpenFlow standard is still being updated, which makes network companies have no standard design products for reference. It is also difficult to be compatible with each other; secondly, OpenFlow is not stable enough. OpenFlow is produced by the ONF standard organization. The members of this organization are mainly academic circles and users. The design is somewhat out of touch with reality; again, the functional defects of OpenFlow are still obvious. Some of the most basic functions of network equipment, such as SNMP management, viewing traffic statistics, being able to PING and Telnet devices, and being able to perform identity authentication, are not defined on OpenFlow. This makes it impossible for OpenFlow to completely replace the software system functions of existing network devices. OpenFlow only defines the functions of the forwarding and control planes, but does not involve the management plane. Network management is the most common and important aspect of the data center. daily work; network equipment does not support SDN very well. Although network chip giants Broadcom, Intel, and Marvell Electronics are actively launching network processing chips that implement SDN, the flow meter specifications of the SDN forwarding chips that support SDN are all too high. Small, and limited by the production process, the SDN function operation is not stable enough. SDN technology has completely changed the original processing flow of network chips, which is equivalent to developing a new set of forwarding tables. The difficulty can be imagined.
A lot of imperfections and problems about SDN can be listed. This is also the topic of heated discussions in various network technology seminars and forums. This market is extremely lively. If SDN builds a brand-new big network stage, then all kinds of characters are starting to perform their best on this stage. There are more and more programs on the stage, and they are becoming more and more exciting. The most popular characters and works in the hearts of data center users of the show. It is precisely because SDN has many deficiencies that there are so many discussions, and eventually a unified standard in the industry will gradually be formed, and it is now in the process of changing. As early as 30 years ago, the network protocol was not the only Ethernet protocol. Both IBM and Apple proposed their own network protocols. However, in the process of development, Ethernet gradually proposed by 3com has been favored by users, so that today Developed into the only local area network technology, SDN is also undergoing this transformation process. We should discover the beauty of the flaws of SDN, just as Ma Yun of Alibaba said, "Where there is dissatisfaction, there will be opportunities." The many flaws of SDN urgently need people to solve them, from network equipment companies to software technology companies need to make Work hard, whoever can design SDN products that satisfy data center users will be able to take the lead in becoming the leader of next-generation data center network technology. Network enterprises should be good at discovering the beauty of defects in SDN technology. Defects are business opportunities, and defects are the direction of product optimization. In today's environment where data center users have generally accepted SDN, solving these defects and getting support from users is success.
We must have a correct understanding of SDN and be good at discovering the beauty of SDN defects. At the same time, keep a cool head and don't overestimate the capabilities of SDN. In the short term, SDN technology will not replace traditional networks, and it is even impossible to see the possibility of it occupying a monopoly position, but it will definitely be a strong supplement to existing networks. SDN has begun to appear as a necessary accessory function of network equipment. Such network equipment can not only carry out forwarding control through SDN, but also manage and maintain equipment through traditional methods, and can also manually use traditional methods to perform business on network equipment. Deployment, SDN can be used as a way to deploy network equipment services, just like the driverless car researched by Google, which can be driven by the car or by humans. The future network will also have two ways In the way of long-term coexistence, although SDN technology still has many defects, it will be improved soon. It is these defects that may create the next new network giant.
4. Is SDN mature? Why?
At present, SDN is still immature. As the future network strategic routes of the three major domestic operators have been clarified, SDN/NFV has become the best choice for reshaping the future network architecture. 2016 can be called the first year of SDN/NFV large-scale network commercialization. The deployment of the two in the network has its own advantages and disadvantages. The industry has realized the major challenges encountered in the network access, orchestration and control of the software-defined infrastructure that provides network connections and services. The technical concept of operators has completely changed. In 2017, it is expected that a more complete and multi-vendor solution is expected to be commercially launched. SDN controllers, interface support capabilities, multi-vendor interoperability issues, and issues such as decoupling, management orchestrator, and operations in NFV deployment will accelerate Discuss and resolve. The overall and systematic work of network reconfiguration will enter a critical stage of development driven by the joint innovation of operators and manufacturers. SDN is no longer a technology promoted by network vendors or technology fields to enterprises, but driven by the development demands of enterprises. Enterprises will not eliminate and replace their existing products because SDN is regarded as the "next big thing" in network technology, but only try SDN because of their inherent needs, such as automation will make existing networks easier Management, openness, and programmability will make existing networks more flexible, and SDN+ high-performance networks will make cloud systems that enterprises are building more scalable and elastic. It is these endogenous driving forces that allow enterprises to more actively accept new technologies such as SDN.
There are still hidden concerns about technology and product maturity. However, judging from the results of the two survey reports, IT decision makers still have hidden concerns about the maturity of SDN-related technologies and products, and some problems do hinder enterprises from implementing SDN plans. According to the survey results for China, 58% of the respondents hope that SDN technology can be further developed and matured, otherwise they dare not use it in key production systems. Judging from the current situation, this is indeed consistent with the facts. Regarding the openness and commercialization of OpenFlow, there are still many differences in the industry, and the standards have not yet been unified, causing most companies to remain on the sidelines. In addition, the lack of successful cases is also one of the manifestations of the immaturity of SDN technology. Different from the concerns of Chinese users, American users generally believe that the high cost of SDN implementation is the main obstacle at present. They believe that from implementation to deployment to personnel training, the cost of new technology application is still relatively high, and Chinese companies generally do not have Consider related issues. In addition to cost, IT decision makers in the United States believe that the challenges of implementing SDN also come from the difficulty of integrating new technologies with existing systems, security concerns, and the lack of corresponding skills of existing employees. Regarding this concern, Bao Guixin, consultant engineer of Juniper Networks Asia-Pacific data center, believes that with the continuous evolution and development of SDN-related technologies, enterprises adopting SDN technology must build their own technical teams, cultivate corresponding skills, and Only by improving the traditional working methods can the full potential of SDN be released. This kind of change cannot be completed overnight.
5. Analyze the impact of SDN on society and environment
Software-defined networking has had a major impact on the management of IT infrastructure and network design. As SDN technology matures, it not only changes network infrastructure design, but also changes IT's perception of its role.
SDN architectures can make network control programmable, often using open protocols such as OpenFlow. As a result, enterprises can apply software-aware controls at the edge of their network. This allows access to network switches and routers instead of the closed and proprietary firmware typically used to configure, manage, secure and optimize network resources.
While SDN deployments can be found in every industry, the technology is most effective in technology-related fields and financial services. The success of SDN in financial services depends on connecting a large number of transaction participants, low latency and highly secure network infrastructure to drive global financial markets. Almost all participants in the financial market rely on traditional networks that can be unpredictable, difficult to manage, slow to deliver, and vulnerable to attacks. With the help of SDN technology, organizations in the financial services sector can build predictive networks to provide more efficient financial transaction applications. , more effective platform.
SDN is impacting the way telcos operate, Verizon, for example, used SDN to consolidate all of its existing service edge routers for Ethernet and IP-based services into one platform, with the goal of simplifying the edge architecture and enabling Verizon to improve operations Efficiency and flexibility to support new features and services.
Of course, that doesn't mean all companies should shy away from SDN. As software-defined networking evolves, its benefits will be maximized while its drawbacks will be minimized or even eliminated. As a new technology, there is still a lot of optimization work to be done. The goal pursued by many enterprises is to better secure their networks, and SDN is one of the ways to achieve this goal. Time will tell, and once SDN is realized, it will demonstrate its potential.