implementing software defined networking in

ThE jourNAl

30

TJ

Živko Bojović, PETAr D. Bojović, jElENA Šuh

IMPLEMENTING SOFTWARE DEFINED NETWORKING IN ENTERPRISE NETWORKS Achieving a company’s business goals depends largely on the reliable operation and performance of its network infrastructure. This article describes an SDN hybrid network based on implementation of Floodlight (an open source controller for SDN) and SDN functionality in part of an enterprise network. It also examines implementation issues and answers plus the complexity of hybrid architecture from a network management perspective. Finally, the benefits of SDN technology implementation in enterprise networks are outlined. All companies need a timely implementation of services in enterprise networks. The main challenges, however, are to make better use of available resources (bandwidth, address space, etc.), implement more efficient end-user management, reduce the costs emerging from user mobility, improve security,

Volume 12 | Part 1 - 2018

reduce maintenance costs and to enable better Quality of Experience for users. Software defined networking (SDN) offers a solution to these challenges but complete implementation of this concept represents a significant cost to the company, which points to the need for an incremental SDN implementation within the infrastructure.

SDN is intended to enable more effective management under dynamic network traffic changes and to ensure high mobility of devices [1]. The aim is to simplify network management, provide a high degree of reliability and elasticity in the network, and optimally “split” the tasks between the hardware and the software minimising the

INForm

NeTwork

DeVelop

iMPlEMENTiNG SoFTWArE DEFiNED NETWorkiNG

ŽIVKO BOJOVIć, PETAR D. BOJOVIć, JELENA ŠUH SDN’s role in effective management

SDN controller

Control plane

Communication protocol

Switch

The realisation of smart services demands both an understanding of the variety of technologies and protocols and configuration of a large number of devices. With traditional networks, the functionality is implemented in hardware and, if different functionality is required, more hardware is required resulting in increased costs. The challenges of equipment interoperability and the existence of different, non-standard, solutions also affect the complexity of the network management system. These shortcomings are the result of the fact that, in traditional networking, the control plane and data plane are implemented within the same device. it is simply not possible to realise a dynamic architecture and ensure a sufficient level of programmability with traditional networks [1]. implementation of SDN is usually considered from the perspective of large networks (such as telco networks) and the benefits in terms of flexibility and reduced costs. in such networks, SDN implementation can be a complex process as there are numerous network segments characterised by different bandwidth utilisation, latency, security, response to errors, etc. in general, there is over-provision in such networks so that they

Switch

Switch

Switch Switch

latency in the network as much as possible. A simpler network administration is achieved by standardising the management functions and hardware implementation with a unique software interface.

Switch

Switch Data plane

Control traffic Data traffic

Figure 1: SDN concept

can tolerate irregular growth in number of users and other changes. however, the focus of this article is on smaller networks such as enterprise networks which are generally designed to more specific requirements. The main challenges for enterprise networks are the desire for the flexible usage of new applications, and reduction of user management costs. SDN can contribute to the optimisation of resource usage and enable a better response to user requirements. in this way, not only does SDN provide the opportunity for companies to reduce the costs of investment and network maintenance, but it also significantly improves reliability and security in the network. SDN technology overview The most important feature of SDN is the separation of the control plane from the data forwarding (data plane) [2]. This horizontal separation enables centralised management of network resources using the SDN controller as shown in Figure 1. The lower layers of the network (i.e. the data plane) are abstracted enabling the SDN controller to manage the whole network; the controller views the network as a logical

switch. The direct consequence is that network devices can have a simpler architecture since they do not have to make decisions but simply to forward the traffic. This also reduces the costs of the network devices and the complexity of the whole process of network design. SDN architecture is hierarchical and consists of the following layers: infrastructure, control and application (Figure 2 overleaf) [1]. The southbound Application Programming interface (APi) from the control layer is a communications protocol that gives access to the forwarding plane of a network switch or router. openFlow1 was the first such protocol to be standardised and it had a major impact on the development of SDN [3]. it is based on the data flow concept which allows a high degree of granularity in the process of traffic recognition and it can be applied in multi-vendor network environments. Programmability, abstraction, and centralisation enable the implementation of SDN in different environments. in addition to implementation in the enterprise environment where it reduces the

1

openFlow (oF) is the first standardised communication protocol that enables the SDN controller to directly interact with the forwarding plane of network devices (both physical and virtual), so it can better adapt to the changing business requirements. it uses the concept of data flow to recognise traffic based on predefined rules that are defined, statically or dynamically, in the SDN controller software.

ThE jourNAl

TJ

31

ThE jourNAl

32

TJ

Živko Bojović, PETAr D. Bojović, jElENA Šuh

Applications

Routing Load balancing

Application layer

Northbound API

Control layer

Policies / Rules Control network status Rules update Programming language

Network services Southbound API (OpenFlow)

Router Switch

Virtual server Infrastructure layer

Virtual machine

Wireless access point

Data plane Transmission media Network devices

Figure 2: SDN architecture

complexity and the costs of service realisation, SDN can be applied in academic networks [4], data centres, as well as service providers’ networks. Concept of a hybrid SDN architecture in enterprise networks Despite the benefits of SDN, companies are rightly concerned about the costs necessary for full implementation of SDN. This can be the biggest challenge for companies that are also facing the problem of complex network policies and a long-term network transformation. To address this, some companies may adopt the idea of a hybrid SDN network in which some of the legacy equipment is replaced allowing the gradual expansion of a virtual network infrastructure that supports the openFlow protocol. The brain of a SDN network is the controller (such as Floodlight controller) that manages the process of traffic forwarding. When an openFlow-enabled router receives an unknown packet stream (i.e. there is no

Volume 12 | Part 1 - 2018

proper record in the Flow table), it is forwarded to the controller (via openFlow protocol) which processes the packet in accordance with the requirements of the network control applications. The packet forwarding rules are forwarded to the openFlow enabled router using the appropriate openFlow instruction (for example, to add a new stream to the Flow table). Figure 3 shows the concept of a hybrid SDN network that is based on the connection of physical and virtual network infrastructure over a hybrid device. hybrid SDN networks use existing network equipment whist building a new approach to the network architecture that allows SDN to control of network connections above the traditional iP layer [5]. This helps in overcoming some traditional limitations in lAN and WAN networks and enables more flexible and efficient delivery of traffic. The key feature of this concept is the

interconnection between traditional and SDN networks using common data-link protocol. An openFlow-enabled edge router is responsible for that interconnection as it is part of both networks and provides secure communication with the SDN controller. To realise a hybrid SDN network, two important challenges need to be addressed: • The strategic selection and upgrade to SDN of a group of devices from the existing network without changing the topology of the network. • The implementation in the SDN controller of functions such as optimal path switching, traffic load balancing, fast failure recovery etc. This requires the development of software that applies a new traffic model that would include for example SDN traffic switching based on rules for packet flow forwarding and traditional rules for packet routing. Implementation of a hybrid SDN network A hybrid SDN network has been implemented within the computer infrastructure of rAF Company in Belgrade. rAF Company consists of numerous organisational units dealing with educational, scientific research and publishing activities. The existing network infrastructure of the company is quite heterogeneous and consists of 23 network segments. in order to meet the requirements of different organisational units within the company, various technologies have been implemented (Ethernet, vlAN, vPN, WiFi, link Aggregation, and others). The aim was to replace the traditional switching mechanisms with a SDN mechanism by implementing SDN technology on existing network devices. With this in mind, the first phase of implementation was for SDN functionality to be introduced in the network segment for wireless users’ access, which is made up mainly of physical and virtual network devices. The goal was to provide a higher level of access control with the implementation of SDN technology, to optimise traffic forwarding and provide more

INForm

NeTwork

DeVelop

iMPlEMENTiNG SoFTWArE DEFiNED NETWorkiNG

Internet

SDH OpenFlow controller

OpenFlow-enabled edge router

OpenFlow-enabled network infrastructure

Legacy Network infrastructure

Virtual machines

Figure 3: hybrid SDN concept

ISP2

ISP1 Traditional IP network

IoT Cloud, Traditional IP network

flexible allocation of network resources (traffic engineering) for wireless network users.

DMZ

As shown in Figure 5, on the virtual machine shost2, a Floodlight controller has been installed which includes a switching module and is able to optimise the flow path using the Dijkstra shortest-path-first algorithm.

RAF Company gateway

IoT

WiFi

MT-RG9

WiFi-U6 WiFi-5GHz-U6

WiFi-U4

Traditional WiFi network

WiFi-5GHz-U2

WiFi-U2

WiFi-5GHz-U7 WiFi-Hodnik

WiFi-5GHz-RG9 WiFi-2.4/5GHz-5s

WiFi-RG9

Figure 4: rAF Company’s layer 2 network diagram

WiFi-RG

WiFi-Srv

WiFi-U7

To facilitate communication between the SDN controller and the network devices supporting the openFlow protocol, the openFlow ports were configured so that the SDN controller could take control over traffic flows. it is important that there is compliance between the version of openFlow and the corresponding Transmission Control Protocol (TCP) port. one problem that arose during the implementation was that one part of the SDN-aware network equipment still used TCP port 6633 in accordance with an earlier openFlow specification whereas the iANA (internet Assigned Numbers Authority) subsequently standardised the usage of TCP port 6653 in Service Name and Transport

ThE jourNAl

TJ

33

ThE jourNAl

34

TJ

Živko Bojović, PETAr D. Bojović, jElENA Šuh

ISP2

ISP1

shost2 Traditional IP network

RAF Company gateway

DMZ IoT Cloud, Traditional IP network

WiFi

IoT

MT-RG9

WiFi-U6 SDN controller virtual machine SDN capable switch

WiFi-5GHz-U6

WiFi-U4

OpenFlow WiFi-5GHz-U2 controlled network

WiFi-U2

WiFi-5GHz-U7 WiFi-Hodnik

WiFi-5GHz-RG9 WiFi-2.4/5GHz-5s

WiFi-RG9

F

WiFi-RG

WiFi-Srv

WiFi-U7

Figure 5: hybrid SDN network as part of integrated network system

Protocol Port Number registry [6]. The inconsistency of the openFlow standards on both sides of the network connection was particularly evident with occurrence of errors on the Floodlight controller. To overcome this, it was necessary to modify the Floodlight source file which also enabled the potential development of new functionality to offer a more flexible allocation of network resources and dynamic access control. An application was developed as a module of the Floodlight controller to dynamically manage network security of wireless users; when an openFlow-enabled switch receives a packet, it will try to match the packet to an entry in the switch’s default flow table. if the switch cannot locate a flow that matches the packet, it will send the packet to the controller as a packet-in message so it can be compared with the network policy stored in the database. if wireless users’ iP address and destination network prefix match the network policy, the packet is accepted and the new accepted flow is pushed to the originating switch. otherwise, drop flow is pushed. Another application was developed to control network usage by controlling the throughput of wireless users by limiting the number of

Volume 12 | Part 1 - 2018

their packets in one second. The application reads the users’ MAC (Media Access Control) addresses and collects the information on number of packets transferred by each user in local hash map. if the number of packets of a specific user is greater than allowed, a new flow is pushed with a drop directive and lifetime of 500ms. Control of network usage on a SDN controller is high load task as the controller needs to process every packet passing from openFlow-enabled switches. To be able to process every packet, high priority flow for packet redirection should be injected in all openFlow-enabled switches. Benefits of SDN implementation in enterprise networks The key benefits in enterprise networks are: • Network programmability. • Service acceleration in accordance with the network applications requirements. • Simplification of functions and increased operational efficiency leading to a reduction in the costs of capital investment and maintenance. one of the most important reasons for implementing SDN in enterprise networks is the flexibility of network architecture. By separating the control plane from the data

plane and centralising the network intelligence (i.e. the application software) in the SDN controller, abstraction of network devices is achieved thereby enabling network devices to be managed without detailed knowledge of their implementation. The controller and network devices only “see” the southbound APi through which their complete communication takes place. This simplifies implementation of new services and enables faster creation of traffic policies or organisation of network traffic in accordance with the needs of the company. By moving the intelligence to the controller, the network devices become less intelligent. SDN enables use of a heterogeneous infrastructure. in other words, it is possible to integrate a wide range of different devices in the network infrastructure that companies can purchase at relatively lower cost [7]. Centralisation of the control plane in the application software represents a turning point in terms of defining the functionality of the network. rather than relying upon the equipment vendor, the responsibility for the definition and rapid development of the network functionality transfers to the application developers in response to the needs of the company (a dramatic reduction in dependency on the vendors). From an applications perspective, the potential is there to operate the network in accordance with the requirements of different applications. For example, in the context of security, there is the possibility of dynamic change of access rights to allow for BYoD (Bring Your own Device), resource reallocation, and so on. A company’s operational efficiency depends largely on quality and maintenance costs. A key advantage of SDN is the simplification of network management. Adding new users, solving connectivity problems, changing device configurations, event reporting, early detection and quick replacement of faulty nodes, detection and defence against attacks, can be automated to a greater extent thereby reducing costs. in the case of rAF Company, the incremental implementation of SDN functionality resulted in the following benefits:

INForm

NeTwork

DeVelop

iMPlEMENTiNG SoFTWArE DEFiNED NETWorkiNG

• optimisation of packet forwarding in company’s wireless network. • A platform which will enable the incremental expansion of SDN functionality and the gradual introduction of higher levels of programmability into the network. • A higher level of security by implementing dynamic access-control lists that allow a more efficient application of user authorisation rights. • optimisation of the wireless network by limiting the number of packets per second per user. AUTHorS’ CoNClUSIoNS SDN is no longer a new concept but the extent of its applicability has become more significant in recent years. one of the reasons for this was the fact that the focus in the industry was more on technical details and less on the benefits that SDN can bring. initially, SDN implementation was mainly limited to data centres and service providers. More recently, however, the benefits SDN can bring to enterprises, by implementing a flexible network architecture where all network intelligence is concentrated in the control plane software, has come to the fore. As shown above, the implementation of a hybrid SDN architecture significantly simplifies network communications and creates the conditions for faster and easier expansion of services and infrastructure at lower cost (companies can buy various network devices at relatively lower prices). The cost-effective evolution of an enterprise’s network infrastructure requires the integration of its existing equipment with a new expanding virtual infrastructure. in most cases, cost factors prevent a wholesale changeover to a full SDN network and therefore an incremental approach is appropriate as described above. This approach implies that enterprises need to implement the openFlow protocol in parts of their network and to implement some of the mechanisms for efficient traffic engineering when building a hybrid SDN network. issues can arise in the implementation of hybrid SDN networks, which are quite often caused

by the existence of different openFlow protocol versions on both sides (SDN controller and network devices). Solutions for overcoming specific problems have been described indicating the strong need for permanent harmonisation of standards that are integral part of openFlow specification. ABoUT THe AUTHorS Živko Bojović is Assistant Professor on courses covering computer and telecommunication networks, iP technology, software of telecommunication systems and storage infrastructure and communications in big data. he received his Ph.D. degree in Electrical Engineering from the university of Novi Sad in 2011 and joined the Communication Engineering and Signal Processing Chair in 2015. Before his academic career he worked as Director of the Department for Construction and Maintenance of Business and Technical Buildings in logistics Division of Telekom Srbija. Petar D. Bojović graduated with a Masters Degree from the Faculty of Computer Science, union university Belgrade in 2008. he then joined the Faculty of Computer Science as a lecturer in the Department of Computer Networks. he currently works as Associate Professor in the same faculty, focusing on teaching and research. his interests include computer network as well as computer network security, which is the topic for his doctoral thesis. Jelena Šuh received her Diploma (Dipl. ing.) degree at the Faculty of Electrical Engineering, university of Belgrade in 2007 and her Ph.D. degree at the Faculty of organizational Sciences, university of Belgrade in 2017. She is employed as an iP/MPlS engineer at Telekom Srbija and as an instructor at the Telekom Educational initiative Cisco

reFereNCeS 1. Xia, W., Wen, Y., Foh, C.h., Nivato, D., and Xie, h. A Survey on SoftwareDefined Networking. iEEE Communications Surveys and Tutorials, vol. 17, no. 1, pp. 27–51, 2015 2. C. E. rothenberg, et al. When open Source Meets Network Control Planes. iEEE Computer Magazine, vol. 47, no. 11, pp. 46–54, 2014 3. Tourrilhes, j., Sharma, P., Banerjee, S., and Pettit, j. The Evolution of SDN and openFlow: A Standards Perspective. iEEE Computer Magazine, vol. 47, no. 11, pp. 22–29, 2014 4. Šuh, j., Bojović, Z., Despotović-Zrakić, M., Bogdanović, Z., and labus, A. Designing a Course and infrastructure for Teaching Software Defined Networking. Computer Applications in Engineering Education, vol. 25, no. 4, pp. 554–567, 2017 5. hong, D.k., Ma,Y., Banerjee, S., and Mao, Z.M. incremental Deployment of SDN in hybrid Enterprise and iSP Networks. in SoSr ’16 Proceedings of the Symposium on SDN research, 2016 6. Service Name and Transport Protocol Port Number registry. Available at: https://www.iana.org/assignments/ser vice-names-port-numbers/servicenames-port-numbers.xhtml 7. karakus, M., and Durresi, A. Service Cost in Software Defined Networking (SDN). in 2017 iEEE 31st international Conference on Advanced information Networking and Applications (AiNA), 2017, pp. 468–475 Networking Academy. her research interests include computer networks, network management, software defined networks, internet technologies and e-education. ABBreVIATIoNS APi Application Programming interface SDN Software Defined Networking TCP Transmission Control Protocol

ThE jourNAl

TJ

35