logo

What is Software Defined Networking (SDN)

SDN

The core idea of SDN is to separate the forwarding plane (which forwards the packets) from the control plane (which decides the route).

Traditionally both these planes are in switches (each switch would contain a routing table that it used to decide how to route each packet, the routing table is largely static and needs to be updated by the admin); in SDN control plane may be separated from the networking hardware.

A protocol like OpenFlow can help move network control out of proprietary network switches and into control software that's open source and locally managed.

OpenFlow

OpenFlow introduces the concept of flow table, based on which forwarders forward data packets. Controllers deploy flow tables on forwarders through OpenFlow interfaces, achieving control on the forwarding plane.

  • an open source standard supported by many vendors; maintained by the Open Network Foundation.
  • a communication / network control protocol, allows a server to tell network switches where to send packets.
  • used between the switch and controller on a secure channel.
  • program data plane, to allow control plane to scale separately from data plane.
  • an enabler of SDN.
  • Network traffic does not go through the OpenFlow protocol. Instead, OpenFlow sends the control signals that tell the network switches how to route the network traffic.
  • In OpenFlow, an SDN controller is the control plane. The SDN controller contains the logic and does the decision-making for how the network traffic should flow between the switches. The SDN controller establishes a connection to each switch to pass messages.

Open vSwitch (OVS)

Open vSwitch (OVS) is an open-source implementation of a distributed virtual multilayer switch. Supports the OpenFlow protocol.

Open vSwitch internally uses strongSwan.

Open Virtual Network (OVN)

OVN provides a higher-layer of abstraction than Open vSwitch, working with logical routers and logical switches, rather than flows.

OVN (Open Virtual Network) is a series of daemons for the Open vSwitch that translate virtual network configurations into OpenFlow. OVN code used to live within the Open vSwitch codebase. It was split into its own repo in 2019.

Kube-OVN (a CNCF sandbox project) is brining OVN/OVS to k8s.

Use cases

Google B4 is SDN. Google owned data centers are currently connected by B4, very high bandwidth but lower cost than B2, topology is restricted. B2 connects all, including 3rd party and PoP. (B4 is the 8-lane interstate freeway, B2 is 2-lane the highway)

Virtual Firewall

Palo Alto Networks vSys: Each virtual system (vSys) is an independent, separately-managed firewall with its traffic kept separate from the traffic of other virtual systems.

logo
PRIVACY POLICYABOUT中文