Introduction to Software-Defined Networking (SDN) and Network Programmability Davin Gibb, Technical Solutions Architect BRKRST-1014 Agenda

• What is SDN & Network Programmability

• What are the Use Cases and Problems Solved with SDN?

• An Overview of OpenFlow

• An Overview of Network Controllers

• How to Get Ready What Problem Are You Trying to Solve? Changing Nature of IT Ops with SDN led Management

Traditional Management SDN Led Management

Customer input on business / service intent Customer developed provisioning tools, manual CLI changes, and run book Automation automation for IT Operations support (Workflow / Orchestration) Feature ManagementPolicy Configuration (ProvisioningAutomation and Assurance) Management Controller (NMS) (APIC-EM)

NE NE NE NE NE NE NE NE What is SDN & Network Programmability What is Software-Defined Networking (SDN)?

• An approach and architecture in networking where control and data planes are decoupled and intelligence and state are logically centralised

• Enablement where underlying network infrastructure is abstracted from the applications [network virtualisation]

• A concept that leverages programmatic interfaces to enable external systems to influence network provisioning, control and operations SDN is… …a new approach at network transformation …empowering external influencers to network design and operations …impacting the networking industry - challenging the way we think about engineering, implementing and managing networks …providing new methods to interact with equipment/services via controllers, APIs …normalizing the interface with equipment/services …enabling high-scale, rapid network and service provisioning/management …generating a LOT of ‘buzz’ and attention …providing a catalyst for traditional Route/Switch engineers to branch-out SDN is not… …an easy button (someone has to build the easy button) …a panacea or end-state …narrowly defined …meaning the death of network engineers …a mandate for all network engineers to become C and Java programmers

…a new attempt at network evolution… Overlays / Encapsulations Have We Seen This Before?

MPLS VPLS VPN GRE Tunnels LISP Control Plane / Data Plane Separation – Centralized Control

SS7 Management and ATM LANE Programmatic Interfaces Wireless LAN Controller GMPLS SNMP NETCONF EEM Where Did SDN Come From?

http://cleanslate.stanford.edu/ 2008 The Traditional Network… Control Plane (CP) Control and Data Plane resides within CP DP CP DP Physical Device

Data Plane (DP)

CP DP CP DP

CP DP CP DP CP DP CP DP

Control plane learns/computes forwarding decisions Data plane acts on the forwarding decisions The Network As It Could Be…to an SDN ‘Purist’

CP DP CP DP

CP

CP DP CP DP

CP DP CP DP CP DP CP DP

Control plane becomes centralised Physical device retains Data plane functions only The Network As It Could Be…In a ‘Hybrid SDN’

CP DP CP DP

CP CP DP CP DP Controller

CP DP CP DP CP DP CP DP

A Controller is centralised and separated from the Physical Device, but devices still retain a localised Control plane intelligence What are the Use Cases and Problems Solved with SDN? Why Change?

• Familiar Manual, CLI-driven, device-by-device approach is inefficient

• Increased need for programmatic interfaces which allow faster and automated execution of processes and workflows with reduced errors

• Need for a ‘central source of truth’ and touch-point Your Challenges

• Complexity

• Pace of Change – Technology & Competition

• Consistent Pressure for Improved Operational Efficiency

• IT Budgets, Staffing and Resources

• Accelerated Pace of Cloud, Virtualisation and XaaS Options

• Consumption Economics SDN Addresses Needs for…

• Centralised configuration, management/control, monitoring of network devices (physical or virtual)

• Ability to override traditional forwarding algorithms to suite unique business or technical needs

• Allowing external applications or systems to influence network provisioning and operation

• Rapid and scalable deployment of network services with life-cycle management An Overview of OpenFlow What is OpenFlow?

API Application

OF OF Controller AGENT

…a Layer 2 communications protocol that gives access to the forwarding plane of a network device, …a specification for building switches conforming to the protocol Deutsche Telekom : Facebook : Goldman Sachs : Yahoo Google : Microsoft : NTT Communications : Verizon OPEN NETWORK FOUNDATION Stanford : UC Berkeley ONF Board

ONF Members

3TEN8 Cisco Systems Hitachi Metaswitch Networks Samsung 6WIND Citrix Systems HP Midokura Sanctum Networks Ltd A10 Networks Colt Technology Services Huawei MRV Communications SDN Essentials Active Broadband Networks Coriant IBM NAIM Networks SDN Solutions ADVA Optical Networking Corsa Technology Infinera NCL Communication SK Telecom Alcatel-Lucent Criterion Networks (I) Pvt Ltd Infoblox NEC Spirent Alibaba Group Holding Ltd Cyan Institute for Information Industry (III) Netgear Swisscom Applied Micro Circuits Dell/Force10 Networks Intel Netronome Tail-f Systems Aricent Group Digital China Networks Ltd (DCN) Intelliment Security NetScout Tallac Networks Arista Networks ECI Telecom Intune Networks NoviFlow Inc. Tata Communications Aruba Networks Equinix IP Infusion NSN Tekelec (Acquired by Oracle) ATTO Research Korea Ericsson Itential NTT Data Telecom Italia Auvik Networks EstiNet Technologies Inc. ITRI (Industrial Technology Research OKI Electric Industry Telefonica Baidu Online Network Technology Co ETRI (Electronics and Institute) Optelian Telekom Malaysia - TM Research & Ltd. Telecommunications Research Ixia Oracle Development Barefoot Networks Institute) Juniper Networks Orange Telesoft Beijing Internet Institute (BII) Extreme Networks KDDI Overture Networks Tellabs Big Switch Networks F5 Kemp Technologies PCCW Global Ltd. Tencent, Inc. BISDN Fiberhome Technologies Konodrac Pertino Texas Instruments Blue Ocean Networks Pty LTD FishNet Security KT Corp. (Korea Telecom) Pica8 Thales Broadcom Freescale Semiconductor Inc L3 Communications Systems - East Plexxi Inc Tilera Brocade Communication Systems Friesty Lancope, Inc. PMC-Sierra Inc. Transmode BTI Systems Fujitsu Level 3 Procera Networks TW Telecom Centec Networks Gencore Systems LSI Corporation Qosmos UBIqube Solutions Ceragon Networks Gigamon Luxoft Rackspace Vello Systems China Mobile Research Center GlimmerGlass Marvell Radware Verizon China Telecom GuardiCore Ltd. MediaTek Riverbed Technologies Ciena H3C Technologies Mellanox Technologies Saisei Networks http://opennetworking.org What Makes OpenFlow Different? Flow Table

Ingres Source Dest Ether VLAN VLAN IP IP IP IP TCP/U TCP/U Action Priority Counter s Port MAC MAC Type ID Priorit SRC DEST Protoco TOS DP DP l y SRC DEST

* * * Switching* * * * * * * * Fwd Port 100 3c:07:54:* 10 * * *Routing* * * * * * * * Fwd Port 100 192.168.1.* 12 Port 1 Replication/SPAN Fwd Port 100 * * * * * * * * * * * 14…24 * *Firewall/Security* * * * * * * * * 25 Drop 100

* * * * Inspection* * * * 0x0800 * * * Controller 100

Vlan10 Combinations 80 Fwd Port 8 200 * 00:01:E7:* * * * * * * * * * * * * * * * * * * 80 Rewrite 200 Multi-action ; NAT 192.168.1.* 10.1.2.3; Fwd port 9 *Local handling* * * * * * 10.* * * * * Local 200 What Makes OpenFlow Different? Actions

OPENFLOW CONTROLLER Required Actions Forward out all ports 1 except input port

Redirect to OpenFlow 2 2 Controller FLOW Forward to local CPU 3 TABLE Forwarding Stack (CPU)

Perform action in flow 4 4 3 table 7 5 Forward to input port SWITCH FORWARDING Forward to destination 5 ENGINE 6 port

7 Drop Packet

1 6 OpenFlow Introduced Notable Features Flow-spec Version Tuple 1.0 2009-12 Initial Specification [Still very prevalent in the market] 12 1.1 2011-02 Support for multiple flow tables; Added support for MPLS 15 Defined two operating modes – Hybrid | Pure OpenFlow 1.2 2011-12 Support for IPv6 34 Multiple Controller support 1.3 2012-06 Support for Rate Limiting; IPv6 Extensions, GRE 38 Version increasingly targeted by customers/manufacturers 1.3.1 2012-09 Support for Negotiation TLVs 38

1.3.2 2013-04 Support for controller-initiated connections 38 1.4 2013-10 Support for Rule change ‘transactions’ (1.4.1 April 2015) 40 1.3.3 2013-12 Update with IANA registered TCP port : 6653 40 Clarify multipart segmentation rules, clarify use of empty multipart messages Specify the normal fragment handling is mandatory, drop/reasm optional 1.3.4 2014-03 Clarify table feature wildcard list should not include fields that are mandatory in some context 40 Only Add section about control channel maintenance Push MPLS should add a MPLS header before the IP header and before MPLS tags, not before VLAN which is not valid 1.5 2014-12 Egress Tables; Packet aware pipeline (IP, PPP); flexible encoding - OpenFlow 44 eXtensible Statistics (OXS); set-field action wildcard; Controller connection status (1.5.1 April 2015) OpenFlow is one Fish in the Sea of SDN

PCEP

APIs SDN Protocols in Internet

Application Frameworks, Management Systems, Controllers, ...

“Protocols” OpenFlow I2RS PCEP BGP-LS/FS Neutron OMI Puppet NETCONF

Management OMI Puppet NETCONF Agent Agent Agent Orchestration OpenStack Agent Network Services BGP PCEP BGP-LS/FS Agent Agent Radius Control I2RS SNMP Agent … Forwarding OpenFlow Agent Device Operating Systems – Cisco IOS / NX-OS / IOS-XR Industry Communities, Projects and Standards Bodies Cisco Innovations: FEX Architecture Technical Advisory 802.1 Overlay Board seat Networking Project Open Network Research Center at Stanford University

Puppet Agent Modules Puppet Labs Initiatives: investor Contributor - Neutron API Technical Advisory Group Technical Committee Donabe Chair, Management Area Cisco Innovations: Working Groups: Projects OpenStack API for Nexus Config, Hybrid, Extensibility, OpenStack Extensions Futures/FPMOD/OF2.0

Founding Platinum member Catalyzed initial Open Source offering

Overlay Working Groups: NVO3, L2VPN, TRILL, L3VPN, LISP, PWE3 Working Groups: NETCONF, ALTO, CDNI, XMPP, SDNP, Open Source Cloud I2AEX Computing project PCE, FORCES I2RS – Interface to Routing System An Overview of Network Controllers What Is OpenDaylight?

• …an open source project formed by industry leaders and others under the Linux Foundation with the mutual goal of furthering the adoption and innovation of Software Defined Networking (SDN) through the creation of a common vendor supported framework.

• Focus: Customers with some programming resources that desire a free, community-supported SDN controller, especially if focus is on OpenFlow

Platinum Gold Silver OpenDaylight Architectural Model Hydrogen • Released February 2014

Helium • Released October 2014 • 1.87M+ lines of code • 28 Projects • 256 Contributors

Lithium • June 2015

Beryllium • Feb 2016 OpenDaylight Membership Platinum Members 23 29 1 13 15 4

1.9M lines of code since projects launch

10,411 total OpenDaylight

OpenFlow-enabled devices that are configured to this controller automatically show up in the topology OpenDaylight

Hosts can be added or learned Flow-specifications can be defined or reviewed What Is OSC?

• Cisco’s reinvestment from the previous Extensible Network Controller (XNC) to a new ‘Open SDN Controller (OSC)’

• Based on OpenDaylight “Helium”

• Includes Cisco value-added functions: installation helpers, log and metrics aggregation, plug-in clustering, and monitoring • http://cisco.com/go/opensdn or https://developer.cisco.com/site/openSDN • Focus: Customers with some programming resources that desire a commercially supported edition of a free, community-supported SDN controller, especially if focus is on OpenFlow Cisco Commercial Distribution of OpenDaylight Open SDN Controller vs Cisco XNC Re-bases XNC on OpenDaylight Helium Release

Hydrogen Helium Lithium

XNC 1.x Open SDN Controller Open SDN Controller vs OpenDaylight

“HELIUM” Open SDN Controller Community Support Cisco Supported OpenContrail DLUX Log Plugin Aggregation LISP Flow AAA MD-SAL Metrics Mapping Aggregation Group Policy BGP-LS OVA Distribution Defense4all Basic L2 Switch Controller Precluded Clustering Incremental OpenDaylight Common Content Cisco Content Value VTN Project OVSDB Yang Tools PCEP One Click Install Secure Network Openflow SNMP4SDN Bootstrap Infra Monitoring Plugin PacketCable Central Admin PCMM Service Function Plug-in Clustering AD-SAL Chaining SDNi Sample Apps To be contributed back to the “open community” Deployment Experience

One Click Installation Open Virtualization (OVA) Format

VMware ESXi and Oracle Virtual Box support

Single “click” to select standalone vs clustered installation

Seamless software upgrades

Launched by Cisco Platform BU Native Applications

Inventory Augmented OpenDaylight “Nodes” user interface

Device vendor

Platform IDs

Series numbers Native Applications (cont’d)

OpenFlow Manager

OpenFlow topology visualization

Advanced flow management

Flow based troubleshooting

JSON body preview System Monitoring

Real Time Event Logging Event visualization

Adhoc queries

Filtered queries System Monitoring (cont’d)

Real Time Metrics CPU utilisation

Memory usage

System load

Controller heap size

Network usage

Free disk space APIs

RESTCONF and Java APIs For provisioning, checking configuration and operational states and fault management

List of exposed Northbound APIs available via DevNet and on platform

SAL Binding, Common, Connector and Core APIs provided What Is APIC-EM?

• A purpose-built, easy to use SDN controller

• Does NOT require programming experience [but does have REST NBI]

• Does NOT require HW/SW upgrades to take advantage of controller model

• Has specific applications built-in to address common network needs: Policy Management, QoS Management, Zero-Touch Deployment and iWAN

• Available to SmartNet customers without charge • Focus: Enterprise Customers with Few to No Programming Resources that desires a Commercially-supported solution that preserves existing investment and doesn’t require HW/SW upgrades APIC-EM - Platform Architecture

APIC-EM Network PnP IWAN Path Trace Network Inventory APIC-EM Applications Advanced Topology Visualiser Applications

APIC-EM Controller Northbound REST APIs `

Inventory Policy RBAC Policy Analysis APIC-EM Manager Programmer APIC-EM Services Services Topology Data Access IWAN Network PnP Services Service Services

Addresses Scale Out Elastic Service Infrastructure Grapevine and HA Requirements Network Information Base Provides “One Source of Truth” Topology with Location

47 Path Trace

48 PnP App

49 EasyQoS APIC-EM: IWAN Application How to Get Ready Remember This Inflection Point?

Telephony in 1998

• IP Telephony struggled until we got ‘hybrid engineers’ to translate between the Circuit Switch ‘Tip & Ring’ and Packet Switch ‘Bits & Bytes’ camps

• Likewise, now, we need the next generation of ‘hybrid engineers’ to translate between traditional network domain engineers and software/application developers What Skills Would Be Helpful for a Network Engineer Branching Out?

• Basic Programming constructs (conditionals, loops, functions/procedures)

• Basic Python / Javascript

• REST / Web Services

• Regular Expression

• XML / XSLT

• Basic SQL

• Basic shell scripting - grep

• #1 - Communicating Effectively with Programmers Job Roles: Cisco Network Programmability Evolution

Business Application Business Application Developer — Network Developer Programmability Aware

System Engineer/ Network Network Designer Programmability Developer Development Network Network Engineer Programmability Curriculum Designer

Network Support Engineer Programmability Engineer

Traditional Networking Open Infrastructure Infrastructure

http://www.cisco.com/web/learning/certifications/specialist DevNet

https://developer.cisco.comhttp:// Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• DevNet Zone

• developer.cisco.com

• Meet the Expert 1:1 meetings Thank you

Acronym Decoder Ring [Aka Glossary]

• SDN -- Software Defined Networking

• BGP-LS – Border Gateway Protocol – Link State

• onePK – one Platform Kit

• NFV – Network Functions Virtualization

• SS7 – Signaling System No. 7

• ATM LANE – Asynchronous Transfer Mode LAN Emulation

• GMPLS – Generalized Multi-Protocol Label Switching

• VPLS – Virtual Private LAN Service

• VPN – Virtual Private Network

• GRE – Generic Routing Encapsulation

• LISP – Locator/ID Separation Protocol

• SNMP – Simple Network Management Protocol

• NETCONF – Network Configuration Protocol [IETF Standard]

• EEM – Embedded Event Manager Acronym Decoder Ring [Aka Glossary]

• CP – Control Plane

• DP – Data Plane

• CLI – Command-Line Interface

• API – Application Programmatic Interface

• GUI – Graphical User Interface

• OF – OpenFlow

• NAT – Network Address Translation

• TLV – Type-Length-Value

• PCEP – Path Computation Element (PCE) Communication Protocol

• I2RS – Interface To Routing System

• OTV – Overlay Transport Virtualization

• VXLAN – Virtual Extensible LAN

• REST – Representational State Transfer

• IDE – Integrated Development Environment Acronym Decoder Ring [Aka Glossary]

• CA – Controlled Availability

• GA – General Availability

• EFT – Early Field Trial

• NVGRE – Network Virtualization using Generic Routing Encapsulation

• STT – Stateless Transport Tunneling

• ODL – OpenDaylight

• OSGi – Open Service Gateway Initiative

• NBI – North-Bound Interface

• SBI – South-Bound Interface

• iWAN – Intelligent Wide Area Network