book

SDN: Software Defined Networks

by Thomas D. Nadeau, Ken Gray

August 2013

Intermediate to advanced

384 pages

11h 56m

English

O'Reilly Media, Inc.

Read now

Unlock full access

SDN: Software Defined Networks
A Note Regarding Supplemental Files
Foreword by David Meyer
Foreword by David Ward
Preface
AssumptionsWhat’s in This Book?Conventions Used in This BookUsing Code ExamplesSafari® Books OnlineHow to Contact UsAcknowledgments from Thomas NadeauAcknowledgments from Ken Gray
1. Introduction
2. Centralized and Distributed Control and Data Planes
IntroductionEvolution versus RevolutionWhat Do They Do?The Control PlaneData PlaneMoving Information Between PlanesWhy Can Separation Be Important?Scale mattersEvolutionCostInnovationStabilityComplexity and its resulting fragilityDistributed Control PlanesIP and MPLSCreating the IP UnderlayConvergence TimeLoad BalancingHigh AvailabilityCreating the MPLS OverlayReplicationCentralized Control PlanesLogical Versus LiteralATM/LANERoute ServersConclusions
3. OpenFlow
IntroductionWire ProtocolReplicationFAWG (Forwarding Abstraction Workgroup)Config and ExtensibilityArchitectureHybrid ApproachesShips in the NightDual Function SwitchesConclusions
4. SDN Controllers
IntroductionGeneral ConceptsVMwareNiciraRelationship to the idealized SDN frameworkVMware/NiciraOpenFlow-RelatedRelationship to the idealized SDN frameworkMininetNOX/POXTremaRyuBig Switch Networks/FloodlightRelationship to the idealized SDN frameworkLayer 3 CentricL3VPNRelationship to the idealized SDN frameworkPath Computation Element ServerRSVP-TE problem statementBin-packingDeadlockThe PCE SolutionRelationship to the idealized SDN frameworkPlexxiPlexxi AffinityCisco OnePKRelationship to the Idealized SDN FrameworkConclusions
5. Network Programmability
IntroductionThe Management InterfaceThe Application-Network DivideThe Command-Line InterfaceNETCONF and NETMODBasic NETCONF OperationsCapabilitiesSNMPThe SNMP agentThe SNMP managerManager and agent relationshipThe MIB (management information base)Modern Programmatic InterfacesPublish and Subscribe InterfacesXMPPGoogle’s Protocol BuffersComment [tom3]: Patrick, do we want a reference/footnote on a title or later in the text?ThriftJSONI2RSModern OrchestrationOpenStackCloudStackPuppetConclusions

6. Data Center Concepts and Constructs
IntroductionThe Multitenant Data CenterThe Virtualized Multitenant Data CenterOrchestrationConnecting a Tenant to the Internet/VPNVirtual Machine Migration and ElasticityData Center Interconnect (DCI)Fallacies of Data Center Distributed ComputingData Center Distributed Computing Pitfalls to ConsiderDCI approachesVLANs for DCIVPLS for DCIEVPN for DCISummary comparison of VPLS and EVPN for DCISDN Solutions for the Data Center NetworkThe Network UnderlayVLANsEVPNLocator ID Split (LISP)VxLanNVGREOpenFlowNetwork OverlaysTunnels terminated at the vSwitchNetwork Overlay TypesLayer 2 overlaysLayer 3 overlaysHybrid overlay-underlay approachConclusions
7. Network Function Virtualization
IntroductionVirtualization and Data Plane I/OData Plane I/OI/O SummaryServices Engineered PathService Locations and ChainingMetadataAn Application Level ApproachScaleNFV at ETSINon-ETSI NFV WorkMiddlebox StudiesEmbrane/LineRatePlatform VirtualizationConclusions
8. Network Topology and Topological Information Abstraction
IntroductionNetwork TopologyTraditional MethodsLLDPBGP-TE/LSBGP-LS with PCEALTOBGP-LS and PCE Interaction with ALTOI2RS TopologyConclusions
9. Building an SDN Framework
IntroductionBuild Code First; Ask Questions Later...The Juniper SDN FrameworkIETF SDN Framework(s)SDN(P)ABNOOpen Daylight Controller/FrameworkAPIHigh Availability and State StorageAnalyticsPolicyConclusions
10. Use Cases for Bandwidth Scheduling, Manipulation, and Calendaring
IntroductionBandwidth CalendaringBase Topology and Fundamental ConceptsOpenFlow and PCE TopologiesExample ConfigurationOpenFlow Provisioned ExampleEnhancing the ControllerOverlay Example Using PCE ProvisioningExpanding Your Reach: Barbarians at the GateBig Data and Application Hyper-Virtualization for Instant CSPFExpanding TopologyConclusions
11. Use Cases for Data Center Overlays, Big Data, and Network Function Virtualization
IntroductionData Center OrchestrationCreating Tenant and Virtual Machine StateForwarding StateData-Driven LearningControl-Plane SignalingScaling and Performance ConsiderationsPuppet (DevOps Solution)Network Function Virtualization (NFV)NFV in MobilityOptimized Big DataConclusions
12. Use Cases for Input Traffic Monitoring, Classification, and Triggered Actions
IntroductionThe FirewallFirewalls as a ServiceNetwork Access Control ReplacementExtending the Use Case with a Virtual FirewallFeedback and OptimizationIntrusion Detection/Threat MitigationConclusions
13. Final Thoughts and Conclusions
What Is True About SDN?EconomicsSDN Is Really About Operations and ManagementMultiple Definitions of SDNAre We Making Progress Yet?
Index
About the Authors
Colophon
Copyright

Content preview from SDN: Software Defined Networks

Chapter 12. Use Cases for Input Traffic Monitoring, Classification, and Triggered Actions

Introduction

One category of use cases^[214] that seems to recur frequently is a variation on the theme of input traffic monitoring or classification, and then taking some sort of triggered action (or actions). The general premise is one of interception or detection of some traffic pattern somewhere in the network—often at the edge or access point—that then results in one or more triggered actions. The action or actions can vary and be quite robust: from as simple as dropping incoming packets or as complex as triggering a query to a radius server or an HTTP redirection. Once those actions are triggered, the system can either return to its original state and simply process traffic as if it had never happened, or alter its actions to do something else either implicitly, or as a consequence of receiving a response from a query such as a radius request. Let’s investigate a few canonical examples to help illustrate how this all might work, starting with the most basic input traffic interception mechanism available: the firewall.

The Firewall

At its heart, a firewall is a system comprised of an input traffic pattern-matching engine populated with a set of classification rules to match input traffic on. Classification rules range in capability from quite simplistic and primitive, to complex regular expressions. In all cases, each classification rule has a corresponding action that is taken by the engine ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781449342425Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design