 Thanks for all coming to this session The topic for my session would be a primer into virtual networking and SDN So I would like to just talk about what virtual networking is and what SDN is So this will be like our agenda for this talk We'll talk a little bit about, you know, a traditional networking And then we'll go on and see what is virtual networking and why do we need SDN? And I'll take OpenStack as an example to just show, like, how it is done So this is just like a recap, you know So we'll be talking mostly about the networking Here networking means, like, you have your laptop or something and you are sending some traffic, right? You would want to connect to internet or whatever So whenever your laptop generates a traffic, it will go via your ethernet interfaces So it will be nothing but a packet and this will be the structure of the packet So we have a layer 2 packet, layer 3 You know, these are the various fields of an IP packet So the layer 2 will have the ethernet information like the ethernet source, MAC address of your ethernet device And what is the destination MAC address And layer 3 will have your IP information Like, what is the source IP and what is the destination IP Let's say if you want to, say, pinggoogle.com So your destination IP will be the IP address of Google And the layer 4 will be your TCP or UDP protocols You want to talk to your HTTP service or whatever So that information will be there in that And L7 will be your actual application load What you want to send and how the server would respond back, right? So the layer 7 is what is interesting to all the applications And all the other layers are like handled by the underlying networking stack of your operating system Whatever you're running So I just wanted to show that, those fields So let's talk about, you know, how the traditional networking happens Let's say you are in your office or wherever You have connected your laptop So all of your colleagues are connected to the network, right? So you all, machines can talk to each other You can do a ping or whatever, right? So all that happens because Somewhere underline, somewhere you have a physical switch In your office campus or data center That switch is what, like Switches the packet, sends the packets forward the packet And you will have something called routers as well Let's say you want to talk to your internet Or you want to talk to some other IP addresses You need routers which route the packet And there are other stuff like, I'm not going into details about that Like what is VAN and all But this is what, like, you know, traditional networking would have So I would like to just talk a bit more on the What are switches and, you know, what are routers So let's see what is a switch As I mentioned about, you know, we have a You see a physical device over there That somehow would look like a switch A switch has, like, various ports in it And all your laptops are connected to it, right? So you send a traffic And the switch receives the packet And it has to do something with that packet So ideally, a switch would just send the packet To other ports What a switch does is it looks into your Whatever packet it receives It looks into the layer 2 Packet what I mentioned about That layer 2 will have ethernet source and ethernet MAC So it extracts that ethernet source It extracts the ethernet destination MAC And it learns that information And it knows, like, where I should send that destination MAC Suppose if it doesn't know, it just floods the packet To all the ports So all the systems connected to that switch Will receive the packet And whoever, you know, whoever that packet is Destined to will reply back And that's how that particular switch Actually will learn, basically, that, okay I received a packet with source MAC as this And it knows what is that port number One, two, three, so it kind of, you know Maintains information something like this So this is just an example, like You have a switch there, which you have, like, Three or four computers connected Each one have a MAC address And it may finally maintain, say, Internally a database or a table So it knows that for this source MAC I need, if the destination MAC is this I need to send this packet to this port So this is what, like, a physical switch does It actually can do much more I'm just telling about the basic stuff Okay, now let's, like, talk about what, you know, the router is So in the case of switch, it looks into the layer two packets But whereas in the case of router, it also looks Into the layer three packet Like what is the source IP and what is the destination IP And it takes decision based on what information it has learned Like, if the destination IP address is this Forwarded to this is what it would have learned So that is what a router does It looks into the layer three fields as well And it learns all this routing information Like through various protocols like BGP, OSPF and stuff like that So this is how, you know, a traditional networking thing works So in the case of, you know, data centers What happens is that a network administrator, basically Wants to program the switches He wants to control what ports he wants to enable What kind of traffic he wants to allow or disallow and stuff like that So he wants to program the switches, right, and routers So that's where there's something called as control plane and data plane So what a network admin might do is he will program So the switch exposes a control path He can connect to the switch and configure and do some stuff like that Like if you take Cisco switches and all they will give And admin administrator, you know, API is and stuff like that So you can log into that and configure So that is called as control path A control plane where you can program the switches And data plane is nothing but whatever is programmed It acts according to that So if a packet comes, it has to take a decision It takes the decision based on what it has learned Through program, you know, how it has been programmed Based on that, it will take the decision So the job of the data plane is simple just to move the traffic The packet comes and here receives and here stuff like that But control plane gives the programmability But if you see this traditional networking So this control plane and data plane are like, you know, are part of one particular switch They are kind of, are there in one particular place So there is no clear differentiation between them So you need to access the switch and program and stuff like that Now, so now that we saw how a traditional switching and networking works And now we are like in a cloud era Where we have, you know, everything is virtual You have virtual machines and Docker containers and stuff like that, right? So you have VMs come up and you need to give networking to them So that's where, like, you need to program those things as well So this is where, you know, the virtual networking comes into picture So virtual networking is the same thing, whatever switching and routing you do But you do that in software And you would generally do that in an X86 machine Where you will run your switching, surveys, routing surveys So if you take Linux platform So Linux gives, like, a Linux bridge Which is an implementation of a, software implementation of a switch Basically, so it gives, you can create your own virtual switch By a command called BRCTL, create a bridge You can add ports and stuff like that So it acts as, it's nothing but a switch, but it is virtual It runs as software And we also have something called as OpenWizWitch It is an open source implementation Which gives the functionality of virtual switching I'll talk a bit more about OpenWizWitch a bit later So, and virtual router is also the same thing As I said, instead of you have an appliance Which, you know, the expensive appliances, which do the routing You can do everything as a service, as a software program Running on some commodity hardware So that takes care of, you know, forwarding the packets Learning all the routes, using the BGP protocol and stuff like that So typically all your SDNs will have these services Now, let's take an example You have a laptop, let's say, and you boot few VVMs You can boot VMs, virtual machines, using software like Vmware And our virtual box or KVM I hope, I mean, if you have played with that, you would be familiar with that So what it does is, like, you boot a few VMs, right? So you need to give networking to them Basically, those VMs should be able to talk to the outside world So what, and that service is provided by, I mean, I'm talking here An example of LibVert, which is Linux virtualizing software You know, it has LibVert, KVM and stuff like that So as you can see here, I have booted up two VMs there They have their own IP addresses internally But when those VMs send a packet, the underlying Linux virtualizing software Takes those packets, and then, you know, if you want to talk from one VM to VM, it's simple It needs to send to this VM, right? So there is a virtual bridge over there, which takes the packet and sends it to this one So, and if you want to talk to the outside world, it provides, you know, it uses the native Linux IP tables Stuff like that to route the packet to the outside world And there's something called natting and stuff like that, which is done So this is like, you know, you have one machine, you create few VMs So they have their own virtual networking going on here Now, before going to that, now let's say you have, like, you know, around many servers And you want to boot VMs on all of those servers, or physical servers And you want to, you know, virtualize everything And all the VMs running over from one place to another would think that they're all connected, right? So that's where your cloud services comes into picture Like you have AWS or OpenStack, which gives you that, you know, option of creating such VMs Like you can control your hardware infrastructure So now, let's talk about what is software defined networking, right? So we spoke about what is a control plane and what is a data plane So what software defined networking is, like, you want to basically differentiate This control plane altogether from the data plane So there will be some service running in some servers, some machines, you know Which acts as a control plane And it actually exposes few APIs to the applications or the outside world Which they can talk to it and configure And underlying, it takes care of, you know, configuring the networking So even if your control plane, like, you know, goes down By goes down, I mean that application which was doing this job dies or gets killed or whatever Your traffic, the underlying VM traffic or your service traffic will not get affected And so the, so it's very clear distinction You have an application layer there, which talks to the control layer And it actually programs the underlying switches Those switches can, those can be virtual switches or actual physical switches Okay, so, so every SDN, you know, mainly will have a north bone interface North bone, like your application interfaces APIs, REST APIs, which you can talk to it So that is called as a north bone interface So any application wants to kind of create, you know It can create, like, virtual networks It can create virtual ports and stuff like that It would talk to the API and it tell it that Can you create me a virtual network with this subnet With this IP address? Can you create me these virtual ports and stuff like that So it can talk to the north bone interface And there is something called a south bone interface This SDN, as I said, there is a north bone interface At the bottom, there is south bone interface So whatever the APIs it receives from the north bone interface It actually converts them into south bone interface Which is nothing but the underlying physical, underlying networking It can be anything Basically, there could be many SDN providers Or it can talk to physical switches Or it can talk to virtual switches as well And, you know, program them So basically with that, your VMs, whenever they come up They don't even know that they are virtual actually For them, a VM comes up, it boots, it gets an IP address From the DHCP, it can talk So all that is taken care underlying by the SDN software So the main thing in SDN is the programmability So you can, the administrator or the network They can program and say that when this packet comes If the packet is like a TCP packet with this port I want you to do these things Or I don't want to allow PING to my servers So drop any packet with ICMP packet or ICMP request So all those things you can basically program and tell So that is what there is a protocol called OpenFlow Which gives you that option to program So basically OpenFlow is a protocol As I said, it's mainly implemented in a switch Or physical switch or on a virtual switch You can just say that I want, as I said before That I want this packet to be dropped I mean, you know, give the programmability Earlier all that was inside a switch It was quite limited But now with the help of SDN you can express things So that your VM traffic, you can control the VM traffic Let's say you are a provider of infrastructure service You can control So, I mean, this is just one example Wherein, you know, you say that if the source MAC is this And the destination MAC is this Do this Or if it's a DHCP packet With this, you know Any DHCP packet is nothing but a UDP packet With source port 68 and destination that's 67 Then you do this You drop the packet Or you send it to someone Or you modify the packet and do this way So that is what like OpenFlow does And most of the switches The hardware switches which the vendors provide They kind of claim that they support this protocol So that anyone can talk to that switch and program them And control that switch So now let's talk about OpenStack a little bit So OpenStack is like a You have various servers And you want to control those hardware services And you want to virtualize them And you give it as an infrastructure So that you can anyone can boot a VM I mean, example is AWS Classic example is AWS Wherein you as a user can create your VMs Once you create an account, you can create VMs Boot VMs and do whatever you want So you don't care where the servers are running Where those virtual machines are running And all you just need to connect to that And you know, run your service So this is what OpenStack does It can be a public cloud It can be a private cloud Let's say you have various servers You can deploy OpenStack on it and control it So in the case of OpenStack, there are various services Like if you want to boot VMs There is something called NOVA NOVA is a service which helps you boot VMs And similarly there is a service called Neutron Which takes care of the networking part So what OpenStack does is like It gives you APIs And you talk to those APIs And create your VMs Create your networks and stuff like that So as I was saying That the networking service should give these services Like your VMs have come up They can talk They should be able to talk They should be able to ping, you know, connect And when a VM comes up It should get a DHCP service back And IPv6 stuff And you should be, as an administrator You should be able to apply your ACLs Or policies saying that I don't want my VM to No one should be able to log into my VM So you kind of restrict Or you don't want VMs to talk to the internet You put policies and stuff like that So all that OpenStack Neutron provides you the option So the one thing is that It is quite dynamic And even if you take like the Docker Or Kubernetes right Where the Docker services comes in It's quite dynamic Those containers come and go Those VMs come and go, you know So the underlying SDN should be able to handle all these things So that is what the SDN does So it sees that, okay VM has come up It has to program the flows So that the VM has connectivity So, yeah This is like You have these many servers Let's say an example So this is It looks this way before OpenStack But then once you deploy OpenStack You should be like Able to boot VMs And they should be able to talk Like if you see here In the case there are two colors One is gray and one is blue So those blue VMs are like from one user He boots like three or four VMs And they are spawned here, here, here But that those VMs are like Quite transparent They don't know I mean The user is not even bothered He can He should be able to talk to all those VMs here They would have got an IP address So he can talk to each of them The same But those VMs should not be able to talk to The gray VMs So all that is like taken care By the OpenStack Neutron service So let's talk a little bit About OpenStack You know the Neutron So these So as I said In SDN you have an REST API It exposes And there are various services The Neutron runs So that The VMs get connectivity Like there are various agents OpenVC agent layer 3DHCP I mean those services Those are meant to give Specific service So underlying is what you have is like OpenVSwitch So in the case of OpenStack Neutron There is a reference implementation I mean it's an open source thing Where in We use OpenVSwitch To as an underlying virtual switch And VProgram stuff I'll take one example here Like Neutron has various backends Like Cisco will have one Backend driver Juniper could have one more Backend driver Or other vendors could have their own Backend drivers Which they will talk to their own SDN services And you know give this functionality So there's one such SDN controller called OVN Which is part of the OpenVSwitch community Which gives the Same functionality And it's like open It's like Completely open source And it's like community 211 So it again Has various services Which run kind of you know The north North bound And the controller services And the actual data services So just like Let's try to look How does OVN work So what happens is that You as an administrator would Create networks So there's something called NorthboundDB So And there is something called A service called OVN Northree Which actually whatever you Write it into the NorthboundDB It actually converts into SouthboundDB I mean And these are Let's say these are your all hypervisors Where you run your VMs Or container services Okay So this actually connects to that And it will come to know That okay Basically yeah You program there And it gets all this And it actually applies those programs Using OpenVSwitch So this is like an higher level Overview of Anyone any SDN controller If you take It looks more or less similar Means you have a Northbound service And you have various data plane services Let's try to see a little bit Like how it works Okay So as you can See this I mean You want to create a network You know Using I mean If you guys are familiar with OpenStack It gives you APIs and CLIs To create a virtual network So you just create a network Called demoNet You create it And it gets So it gets The Neutron OVN plugin Will actually write it to the OVN Northbound DB And it just writes it And then you can create various subnets And you can create ports So those ports are nothing but like You know That port will have a MAC address And an IP address So this is at this point of time These are like you know Logical entities They are not physical entities They are logical entities And when you create a VM Using OpenStack Nova service And you tell that I want to use this port That's when the hooking happens Like that when that VM comes up It will see an If you log into that VM and see You will see an ETH0 interface And that ETH0 interface Would have some MAC address Whatever you see here And it will have an IP address Whatever is created in this In the port Like if you see here So at this point They are all like Logical entities You just created it Using OpenStack APIs It's just stored into the database That's it But But when you actually Boot a VM Right So that's when the hooking happens So So Here what I'm trying to say is that I talked about Southbound DB Right So there is an OVN NorthD service Which actually looks into the Northbound database And it converts into the Southbound DB So in the Southbound DB It will have information Like how many hypervisor I have And how can I reach and stuff like that And OVN gives something called as Logical flows So whenever you create Right It creates logical flows saying that For this particular import Do this and stuff like that And when the actual VM comes up It hooks up This probably So when I'm just trying to say that They can When two VMs are in the same host They can ping through this And when let's say One VM is here The other VM is there And the packet will go through tunnels So in most of the virtual world You have something called as tunnels It can be a VX line Tunneler And it's Gini Those are like You encapsulate the packet Like your VM sends a packet Your hypervisor receives it But it puts that VMs packet in Inside another packet And it sends it to the destination Okay So probably Yeah, I can skip that So yeah So as I said You know the hypervisors Generate the actual physical flows So when And how that happens Is that in each Yeah, sure So if I'm sending a packet From the virtual device Will that get Encapsulated with the physical device Mac address Or the IP address as well Yes So what happens is that As I said There are tunnels Okay Yeah VX line, tunnel, or Gini Those are nothing but layer three protocols So on each hypervisor You establish a tunnel between them Like It normally runs in a UDP space On some particular port So your hypervisor has Layer to Mac address It has its own IP address Your physical hypervisor too Has layer to Mac and IP address Right So this knows This particular hypervisor knows That if a packet comes I need to send it to that So how it does is The VM packet comes in So your virtualizing software Like KVM or virtual box Or whatever takes that packet And it frames another packet With layer two, layer three of this And it embeds the VM packet In the layer seven Okay That is called tunneling Okay And it sends the packet So the hypervisor there receives the packet It can only see the layer two and layer three Actual physical Then it can figure out That it's a tunnel packet Because it's a UDP packet Right So it can figure out Then it strips that packet Okay And it gives And it gives the actual packet to the VM outside So that's why the VMs are like Quite transparent So underlying it's done by the tunneling Yeah It's necessary because it helps in the routing Yes And you can segregate the traffic as well So one VM from one tenant Cannot talk to the VM from another tenant So all that programming is done by your virtual Like Neutron does it So I think I can skip all these things So these are some of the other open source SDN controllers Like Open Daylight, OVN Open Contrail I think it's called Tungsten now So there are many other SDN solutions Basically they give the option to programming And in the cloud environment You can segregate and you can program and stuff like that So that is what I'd like I try to convey in this talk If you have any questions Okay, all right then Thank you Thanks for being patient Cannot talk to the VM from another tenant So all that programming is done by your virtual Like Neutron does it Okay So I think I can skip all these things So these are some of the other open source SDN controllers Like Open Daylight, OVN Open Contrail I think it's called Tungsten now So there are many other SDN solutions Basically they give the option to programming And in the cloud environment You can segregate and you can program and stuff like that So that is what I'd like I try to convey in this talk If you have any questions Okay, all right then Thank you, thanks for being patient