WIXLIB

to have remote access and control over the softwaredefined network, it raises a few security issues thatare combated by internet-protocol networks.entire network, which is something Internet protocolnetworking is still unable to achieve.The first main security issue is remote access,this means that regardless of firewalls put into placeif the system is hacked anyone can have access to thesettings and change them from anywhere at any time.They would also be able to access any secured filesthrough the network. IP networks do not allow thisbecause in order to access the network you must haveaccess to the hardware itself (Koldehofe et al). Mostcompanies only allow few individuals access to thehardware so their systems is more secure and lesslikely to be invaded by exterior forces.IV. Network Planes and VirtualizationAn additional benefit of internet-protocol basednetworking is the availability of multiple layers.These layers are not able to be manipulated and areimbedded within the network devices (Costanzo).This leaves little room for malfunction in data flowdue to operator error. While the software-drivennetwork style is beneficial and allows formanipulation of data flow, this could potentiallycause malfunctions within the network. This couldgreatly damage the company’s ability to send databetween hosts as well as conduct business.While there are strict implementations for theprotocol for the use of hardware and software insoftware-driven networks there are none presentwithin internet-protocol networks (Costanzo). Due tothis fact there is a multitude of different ways to usethe software as well as the hardware in the Internetprotocol networking system. Even though there is amultitude of ways to use hardware and software inthe Internet protocol networking system, mostcomputers today use transmission control protocol.Transmission control protocol is used mainly toaccess the internet, control the internet content that isseen by the user, seamlessly deliver email, and lastlysend data from one place to another without anydiscrepancies (Koldehofe et al).There is a multitude of benefits from theimplementation of both networking systems;however, it is crucial one understands advantagesbrought forth by software-driven networking. Thistechnology is not only ground breaking, it is also costefficient and user friendly. It allows access to thenetwork by authorized individuals and allows realtime changes to be made. These changes can keep thenetwork from experiencing technical difficulties.Furthermore, this technology is cost efficient becauseit cuts out the necessity of a team of systemsadministrators and allows singular control over anNetworks contain a layered architecture, whichplay a vital role in transferring IP packets fromsource to destination, also making them fundamentalwithin SDN environments. This layered architectureconsists of a control plane, forwarding plane or dataplane, and management plane (see Figure 1).Figure 1: Control, Forwarding (Data), andManagement PlaneThe control plane essentially controls howrouters interact with other hosts; it takes into accountsystem configuration, management, and exchange ofrouting information contained in an Information Base(see Figure 2) and Label Information Base. Thesedatabases will contain tables of various routingscenarios based on the router’s vendor’s prioritiesand preferences, and update forwarding tables,essentially defining and redefining the router’stopological outlook.Figure 2: Juniper's Routing Information Basetables. Juniper is a networking gear provider thatwill be adopting the SDN strategy and model.INFS 6123

Since forwarding data updates slowly in largenetworks, control planes are considered the legacypath over packet switching architectures.The forwarding plane can be also called the dataplane. The data plane parses packets headers,manages encapsulations, queuing, and policing; itdeals with user traffic. When packets are destined toor originating from a router, they do not go throughits data plane, only its control plane. Only whenpackets are being sent through an intermediary routeris when the intermediary’s data plane is in use. Themanagement plane deals with administrative traffic inorder to manage network traffic.Network virtualization is the concept of carvingseveral logical paths out of a physical network andmultiplexing infrastructure. This would entaildirection over packet manipulation and forwarding inthe data plane by a network virtualization supervisor,who would produce one or more logical forwardingelements. The control plane would then use this toexplain the required network functionality. However,network virtualization by a network supervisor wouldallow mainly static configuration. To have constantchanges in configuration done through the logicalinterface would require network managementsoftware. This is where software define networkingcomes in.V. Software-defined Network ControllerThe SDN controller is the interface between theapplication layer and the network devices. Thecontrol plane is removed from the switch and is nowcontained in the SDN controller. The SDN controllercan be now programmed for making routingdecisions, instead of having those algorithms builtinto the switch. It allows control and enablement ofintelligent networking platforms to operate a varietyof technology components.The SDN controller will then relay the decisionto all the devices in the network, based on acommunications protocol such as OpenFlow (seeSection VI). Technology components are set withcertain protocols to synergize with OpenFlow inorder to allow services to transfer data toswitches and secure any designated packets withinthe network. OpenFlow updates the flow table in theswitches, which is used by the network device todirect data packets. This allows the SDN Controllerto manage flow control in the network and choose theoptimal path depending on network conditions.OpenFlow is a communications protocol used inSoftware Defined Networking (SDN) that decouplesthe control plane and data plane. This allows forcontrol of a network’s layout and traffic flow from asingular point. The control plane refers to thecapabilities of the Routing Engine. The creation ofrouting and forwarding tables, maintenance ofadjacencies, filtering, policies, and system monitoringare handled by the control plane. In contrast, theforwarding plane of the router consists of theinterfaces, the Packet Forwarding Engines, and theswitch fabric (see Figure 3).Figure 3: Forwarding plane of a RouterIn the current architecture the control planepopulates the forwarding table, which is used by theforwarding plane/data plane to forward packets totheir next destination. This architecture is rigid sinceit implies that all data flow between two end hostswill follow the same path even if their requirementsare different say one is a video data packet versusregular page content.OpenFlow is a protocol to program the flowtable in different switches and routers. This allowsthe next destination of data packets to be determinedby the program as opposed to the control planedeciding. This separation of the data plane andcontrol plane allows a program to define the networkpath provided the software is installed on multiplerouters or switches. The network devices now simplycan work of a single set of SDN instructions asopposed to thousands of protocol standards.VI. OpenFlow ProtocolINFS 6124

Figure 5: Example of Open Flow Instruction SetFigure 4: OpenFlow on the Control LayerThe Open Flow software is installed on both thecontrol layer (i.e. the control software) and thenetwork devices (see Figure 4). Open Flow allowsidentification of network traffic based on pre-definedmatch rules and allows for control based onparameters such as usage patterns allowing for it forrespond to real time changes at the application userand session levels.While OpenFlow was initially tested on acampus Ethernet network, it can now be deployed onboth physical and virtual networks. Network devicescan also support the traditional forwarding from theforwarding table as well as SDN defined forwardingwith OpenFlow protocol allowing for a gradualupgrade to SDN technology across multiple vendors.VII. SDN Deployment ModelsSDN utilize policies implemented in an SDNcontroller to provide the services and applications tothe data plane for data delivery. The typical SDNarchitecture is illustrated in the figure below:An entry in the flow table has three fields: (1) Apacket header that defines the flow, (2) The action,which defines how the packets should be processedand (3) Statistics, which keep track of the number ofpackets and bytes for each flow. Three basic actionsthat can be performed on a packet are:(1) Forward this flow’s packets to a givenport(2) Encapsulate and forward this flow’spackets to a controller(3) Drop this flow’s packets, use for security(see Figure 5)This can be compared to an instruction set givento a CPU. An example of a how a Flow Table wouldlook in given below:Figure 6: SDN ArchitectureCurrently there are three predominant approaches todeploying a SDN, switch based, overlay, and acombination of the two, which referred to as a hybriddeployment strategy. These deployments involve themethods of data control and configuration below theSDN Controller (example Open Flow) level asillustrate above.1) Switch Based: In this model, the SDNcontrol protocols are issued directly from theSDN controller (virtual machine) directly tothe data control plane within SDN enabledINFS 6125

switches and network equipment (see Figure7).Figure 7: Switch-Based SDNWhen a packet arrives at a switch in aconventional network, rules built into the switch'sproprietary firmware tell the switch where to forwardthe packet. The switch sends every packet going tothe same destination along the same path -- and treatsall the packets the exact same way. In the enterprise,smart switches designed with application-specificintegrated circuits or “ASIC” are sophisticatedenough to recognize different types of packets andtreat them differently. These ASIC enabled switchesare more expensive than existing commodity IPnetwork switches.In a software-defined network, a networkadministrator can manage traffic from a centralizedcontrol console without having to touch individualswitches. The administrator can change any networkswitch's rules when necessary -- prioritizing, deprioritizing or even blocking specific types of packetswith a very granular level of control. This isespecially helpful in cloud architecture because itallows the administrator to manage traffic loads in aflexible and more efficient manner. Essentially, thisallows the administrator to use less expensive,commodity switches and have more control overnetwork traffic flow than ever before.SDN allows network engineers to support aswitching fabric across multi-vendor hardware andapplication-specific integrated circuits. Currently, themost popular specification for creating a softwaredefined network is an open standard calledOpenFlow. OpenFlow lets network administratorsremotely control routing tables.The biggest limitation to this approach is that iscurrently does not leverage existing L2/3 networkequipment.2) Overlay Network: This deployment approachcan be used to accelerate deployments inenterprises with an existing IP network using atunnel based overlay approach which can beimplemented by a server virtualization team.The data source and end host maintain virtualdevices that are part a “hypervisor”environment. In this model, the SDN controlprotocols are issued directly from the SDNcontroller (virtual machine) directly to theSDN hypervisor switches that are in control ofan enterprise’s existing IP network equipment.Special SDN switches are not required toimplement software-defined networks usingthe overlay model (see Figure 8).Figure 8: Overlay Network SDNThe overlay model requires the use ofHypervisor virtual switch equipment that isresponsible for providing instructions to the existingIP network that run under the virtual switch. Thevirtual switch is a virtual machine responsible forperforming the network edge responsibilities, whichwould interface with the SDN network applications.Overlay model virtual switches have two primaryresponsibilities to include layer two network deliveryfunctions via a “virtual Ethernet module” andadherence to supervisory policy instructions.Function of the Virtual Ethernet Modules - TheVirtual Ethernet module provides configurationinformation and Layer 2 switching and advancednetworking functions such as configuration for portchannels, quality of service, security to include port,(VLAN) and access control. Additionally in theINFS 6126

event of loss of communication with the virtualswitch, the VEM has Nonstop Forwarding (NSF)capability to continue to switch traffic based on thelast known configuration. Thus, the VEM providesadvanced switching with data center reliability for theserver virtualization environment.Function of the Virtual Supervisor Modules The virtual switch supervisory module controlsmultiple VEMs as one logical modular switch.Instead of physical line-card modules, the VSMsupports multiple VEMs running in software insidethe physical servers. Configuration is performedthrough the VSM and is automatically propagated tothe VEMs. Instead of configuring soft switches insidethe hypervisor on a host-by-host basis, administratorscan define configurations for immediate use on allVEMs being managed by the VSM from a singleinterface. The virtual supervisor provides portconfiguration via software, system failoverinstructions to increase availability, and can beimplemented and managed via existing protocolssuch as SNMP, API and command line interfaces.This approach has the disadvantage such that thenetwork team will be required to maintain both thehistorical network equipment and the task ofdebugging routing issues needs to evaluate both theSDN and the historical network to resolve issues.3) Hybrid: This deployment is a combinationof the switch based and the overlay(tunneling approach), which can be used togradually migrate existing equipment to anew switch based model. This allows for anenterprise to control the speed of its SDNdeployment and control the rate ofequipment investment. One potentialdisadvantage of this approach is that certaingateway links may not always support thetunneling methods employed (see Figure 9).VII. Related Research WorksHardware and software providers are consideringsoftware-defined networks already. Vendors such asCisco, Juniper, Big Switch, and others aremanufacturing hardware to support SDNs. Currentlysoftware protocols, such as OF and others, are beingdeveloped and refined to enable incremental SDNcapability to be deployed. We expect broad basedadoption of SDNs in a wide variety of business overthe next decade.VIII. Solutions and AnalysisIP vs. SDN Cost AnalysisWe have compared the cost of existing IPnetwork equipment with that of the SDN networkdevices. We found the cost of mature market (i.e.commodity based) IP network gear to be substantiallycheaper at the current time due to the relativeimmaturity of the SDN equipment design life cycle.We noted that all major network equipmentmanufacturers to include Juniper, Cisco, NEC, AristaNetworks, Brocade, Big Switch, HP, and IBM aredesigning equipment to be used to support variousSDN protocols and network operations. Thiscompetition will drive down the SDN equipmentcosts over time.Further we noted that the virtualizationencourages potential reduction in other standalonenetwork hardware such as firewalls, spam filters, andintrusion detection hardware, as these functions canbe performed by a properly configured SDN throughsoftware. The SDN controller pricing from IBMillustrated below is applied to the first and secondsoftware licenses granted (note: most networksrequire redundancy in design hence two licenseswould be required) with all additional incrementallicenses to be priced at 1,700 each. The chart inAppendix A illustrates the current disparity in pricingbetween IP and SDN network gear based oncommercially available retail sources and excludesany consideration of vendor discounts.Business Case AssessmentsAs mentioned above, any network policy changerequires making hardware changes which makes thesystem rigid. SDN allows for unlimited policies andchange to those policies for intrusion detection,firewalls and load balancing with changes tosoftware, which makes managing networks muchmore flexible.Figure 9: Overlay Network SDNINFS 6127

1. SDNs can be implemented within large-scaledata centers environments such as public cloudproviders.These are customers that are hyper scale publicclouds vendors and can include Amazon.com,Google, Facebook, MSN, Yahoo, Badu, IBM,AT&T, Verizon, and Rackspace.Business NeedsThe operations of certain large-scale publiccloud providers currently are centered on contentdelivery network model and website hosting. Theseenterprises have data demand, availability, andlatency requirements. Scaled online retailerproviders such as Amazon.com as well as enterprisebusiness data storage networks are prime candidatesfor SDN implementations. These public cloudproviders must contend with service and servermobility which requires a per device configurationapproach within an IP based network model. TheSDN can provide customizable equipmentprovisioning and configuration that can be automatedand centralized to flexibly enable existing assets to beconfigured by policy to respond to peak (synaptic)data flow that accompany the business cycles such asholiday sales seasonality, data consumption patternsthat do not occur ratably.1.1 SDN Benefits An SDN can direct traffic through thenetwork from an originating point to aterminating point based on real-time statusof all network elements and policies definedfor each endpoint.A single high-level program (API) can beused to separate and control the data planeas well as the control plane via the networkcontroller device as desired by therequirements of the underlying business.The SDN provide a means of addressinghyper scale growth in the utilization andscalability of their data center networkequipment.An SDN can be reconfigured faster thancurrent network architectures to respond tonew business needs.With enterprises of this scale the ability tomanage data based on internal servicepolicies promotes the ability to createcompetitive advantages over networks thatrely on IP protocols only.These cloud providers have significantoperating costs from data transport, storage, and network administration. Each of thesecost drivers can be reduced by the use ofSDN as virtual machines replace manualdevice-by-device configuration formerlyperformed by a large team of networkadministration personnel.The ability to route and manage data overpreferred network channels and slotinformation can enable the business toflatten bandwidth consumption to reduce thequantity and costs of dedicated circuit fromglobal network providers.OpenFlow controllers enable administratorsto set policy to drop packets which increasenetwork security and vulnerabilities fromdistributed denial of service attacks.A single high-level program (API) can beused to separate and control the data planeas well as the control plane via the networkcontroller device as desired by therequirements of the underlying business.2. SDNs can be implemented within smallbusinesses and campus environments.These are customers that are local campus networkenvironments such as George Mason University“GMU” as well as small business with multipledistributed office locations over a wide geographicarea that require a higher level of network security.2.1 SDN Benefits SDNs enable enterprise security inbusinesses with high throughput yet lowlatency requirements by domain isolationwithin a single data center.SDNs allow for central control planeinstructions over multiple end-devices,which can strengthen network firewallcapabilities.The SDN controller can be configured to actas a proxy on behalf of applications toprevent and control network device accessesSDNs may utilize “service chaining” as away of inserting services into the flow ofnetwork traffic as it moves among networkdevices.SDNs can implement virtual LAN “VLAN”instructions and provide access control lists(ACLs) as a means of enforcing networksecurity.Campuses can benefit from the ability toconsolidate many network equipment typesINFS 6128

onto industry-standard servers, switches andstorage.Distributed offices will benefit from theSDN automates equipment configuration incommon events such asinstall/adds/moves/changes/ (“IMACs”) andclient device roaming.3. SDN Common Consideration Points (Large andSmall Implementations) Depending on the implementation model(switch vs. overlay), new IT hardware toperform the layer 2/3 routing will berequired for switch base deploym

III. Internet Protocol vs. Software-defined Network There is constant debate over which style of network is better; software-defined networking or Internet protocol (IP) networking. While they both have their advantages and disadvantages, overall we have found the software-defined network to be preferable. Key attributes of an SDN environment