Erasure coding is a mathematical method to encode data in a way that it can be recovered in case of disk failures
Hardware Offload
Using Mellanox ConnectX-4 adapters, Erasure Coding calculations can be offloaded to the adapter's ASIC.
https://community.mellanox.com/docs/DOC-2414
Erasure code introduction
Erasure Code is a theory started at 1960s. The most famous algorithm is the Reed-Solomon.
Erasure Codes usually defines the number of total disks (N) and the number of data disks (K), and it can tolerate N – K failures with overhead of N/K E,g, a typical Reed Solomon scheme: (8, 5), where 8 is the total disks, 5 is the data disks.
RS (8, 5) can tolerate 3 arbitrary failures. If there’s some data chunks missing, then one could use the rest available data to restore the original content.
https://software.intel.com/en-us/blogs/2015/04/06/ceph-erasure-coding-introduction
Software-defined networking (SDN) technology is a novel approach to cloud computing that facilitates network management and enables programmatically efficient network configuration in order to improve network performance and monitoring.
SDN is meant to address the fact that the static architecture of traditional networks is decentralized and complex while current networks require more flexibility and easy troubleshooting. SDN suggests to centralize network intelligence in one network component by disassociating the forwarding process of network packets (Data Plane) from the routing process (Control plane).
Software-Defined Networking (SDN) is an emerging architecture that is dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today’s applications. This architecture decouples the network control and forwarding functions
enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for applications and network services. The OpenFlow® protocol is a foundational element for building SDN solutions.
https://www.opennetworking.org/sdn-definition/
SDN allows network administrators to manage network services through abstraction of lower level functionality.
This is done by decoupling the system that makes decisions about where traffic is sent (the control plane) from the
underlying systems that forward traffic to the selected destination (the data plane).
End User Innovation
With Open Source Operating System Software control over the development and deployment of OS, features are placed
in the hands of the users.
If you need a new extension to Apache/BIND/MySQL/etc. then you can have
someone develop them for you.
What if you could do the same thing for all the features in your:
Switches
Routers
Load Balancers
Firewalls
Software Defined Networking Allows you to do just that
Separates control and data plane:
The open interface between the control and data plane (OpenFlow)
Network control and management features in software
Layer 2 – Switches
Network Virtualisation
Data Center
Multi Tennant
FlowVisor
Each customer not only gets their own ‘network’ they can control it with their own controller.
Layer 3 – Routers
RouteFlow
What if you were able to take any number of ports throughout you network and draw them together into a router?
Being able to add new features without waiting for vendor support
RPKI
Layer 4 – Load Balancers
Load Balancers need to take into account not only complex information about network latency,
congestion and performance, but also the load on each of the servers that they are balancing traffic across.
Layer 4+ - Firewalls
What if we could somehow virtualize them and deploy them only where needed.
https://ecs.victoria.ac.nz/foswiki/pub/Events/SDNWorkshop/VUW_SDNTutorial_with_logos.pdf
Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public key infrastructure (PKI) framework designed to secure the Internet's routing infrastructure.
A virtualized evolved packet core (vEPC) is a mobile-core network system that accommodates LTE access systems. Powered by a carrier-grade virtualization platform and Software-Defined Networking (SDN) technology, NEC/Netcracker's vEPC optimizes mobile operators' TCO and service quality
In contrast with PEN, software-defined networking offers improved programmability and flexibility to network administration and control as opposed to simple policy enforcement.
SDN essentially decouple the administrative mechanism of traffic forwarding decisions from network systems (e.g. switch/routers etc) to a centralized server leaving data path elements or packet forwarding mechanism at the network system.
For a network system, two fundamental elements are critical: Network OS and Packet Forwarding (hardware & firmware)
In SDN, network OS is removed from switches and routers to the centralized controller
Applications such as BGP, OSPF and what you haves can thus be service chained or placed in the same or other servers through “northbound API”. This creates enormous potentials and pitfalls for network virtualization.
Telecom Service providers seem to prefer a similar yet distinct instrument of virtualization, “NFV (Network Function Virtualization)” and for good reasons. The goal for NFV is to reduce CAPEX while making network functions flexible and scalable without having to relinquish entire control plane at end devices. Think of such solutions as a mix of SDN and traditional networking concept.
The Good
Academic and technology researchers are now less depended on hardware to conduct their technological experiments rather they could focus on their ingenuity without the impositions of hardware-based systems. Secondly, it allows network managers to define network behavior (i.e. traffic engineering) and implement/experiment at will
Third, it brings the ease of network virtualization and service provisioning at fingertips without having to discontent by impositions of proprietary network systems. Additionally, it provides improved control of network and load balancing capability with the promise of lowering CAPEX/OPEX. Moreover, network interoperability concern among different vendors hardware is a non-issue now.
https://www.linkedin.com/pulse/20140925233657-2665170-sdn-the-good-bad-and-the-ugly/
control plane:
logic that controls forwarding behaviour
example:routing protocols
data plane:
forward traffic according to control plane
example:forwarding( IP layer, layer3),switching(layer 2)
routing protocol functions that computes paths are control plane functionality
taking a packet on an input port and forwarding it to an output port is data plane function
why to seperate such as control and data plane ?
independent evolution
high level controlling
seperation of control and data plane opportunities:
data centers:VM migration
routing: more control over decision logic
enterprise networks:SDN enables developing security applications, like software using NAC
research:
Networking Devices Planes of Operation
management plane
control plane
data plane
Introduction to SDN (Software-defined Networking)
open
programmable
SDN model vs Operating system model
SDN model
network applications
network operating system(NOS)
forwarding device
centralized NOS, SDN controller
Network applications
Application Interfaces:
JAVA API
northbound (RESTCONF): restful interface
SDN Controller/controller plane:
topology service
inventory service
statistics service
host tracking service
southbound interface:
openflow
OVSDB: management protocol
NETCONF
SNMP
forwarding devices, openflow, data planes
East/West Protocol
traditional network devices(nodes)
one physical system,dataplane,control plane
traditional network devices(nodes) vs SDN
traditional network devices are proprietary large boxes
control plane is chained to data plane, both coupled in the box
no direct access to data plane
what is available in the control plane already? what features do device include? CLI available, network operator's point of view
options are limited if new network behaviour is required
each network device(node) is configured individually, network operator's work load in a data center with 100 network device
SDN:
a logical centralized controller with global view of entire network
work load of configuring hundreds of network nodes is reduced.
OpenDaylight (ODL) is a modular open platform for customizing and automating networks of any size and scale. The OpenDaylight Project arose out of the SDN movement, with a clear focus on network programmability. It was designed from the outset as a foundation for commercial solutions that address a variety of use cases in existing network environments.
OpenDaylight (ODL) is a modular open platform for customizing and automating networks of any size and scale. The OpenDaylight Project arose out of the SDN movement, with a clear focus on network programmability. I
Automated Service Delivery: Providing on-demand services that may be controlled by the end user or the service provider. Examples include bandwidth scheduling (either calendared or on-demand) or dynamic VPN services.
Cloud and NFV: Agile service delivery on cloud infrastructure in either the enterprise or service provider environment. The underlay will frequently be OpenStack, and services may be implemented using Network Functions Virtualization (NFV).
Network Resources Optimization (NRO): Dynamically optimizing the network based on load and state. This is the most common carrier use case as it optimizes the network using the near-real-time state of traffic, topology and equipment. NRO uses a variety of southbound protocols (for example, NETCONF, BGP-LS or OpenFlow) depending on the underlying network.
Visibility and Control: Centralized administration of the network and/or multiple controllers. This is sometimes used by carriers or enterprises as a precursor to NRO.
https://www.opendaylight.org/
ODL delivers the benefits of SDN and NFV to carriers, enterprises, research institutions, and other organizations such as cities and metropolitan areas. Some of the most common applications of OpenDaylight technology are described below.
Open Source Mano is an ETSI-hosted initiative to develop an Open Source NFV Management and Orchestration (MANO) software stack aligned with ETSI NFV.
Two of the key components of the ETSI NFV architectural framework are the NFV Orchestrator and VNF Manager, known as NFV MANO
https://www.etsi.org/technologies-clusters/technologies/nfv/open-source-mano
Open Source MANO is an ETSI-hosted project to develop an Open Source NFV Management and Orchestration (MANO) software stack aligned with ETSI NFV.
https://osm.etsi.org/
Open Platform for NFV (OPNFV) facilitates the development and evolution of NFV components across various open source ecosystems. Through system level integration, deployment and testing, OPNFV creates a reference NFV platform to accelerate the transformation of enterprise and service provider networks
https://wiki.opnfv.org/
ONOS is the only SDN controller platform that supports the transition from legacy “brown field” networks to SDN “green field” networks
https://onosproject.org/
CORD (Central Office Re-architected as a Datacenter) combines NFV, SDN, and the elasticity of commodity clouds to bring data center economics and cloud agility to the Telco Central Office. CORD lets the operator manage their Central Offices using declarative modeling languages for agile, real-time configuration of new customer services.
https://opencord.org/
OPEN VIRTUAL NETWORK (OVN)
Open Virtual Network (OVN) is an Open vSwitch-based software-defined networking (SDN) solution for supplying network services to instances. OVN provides platform-agnostic support for the full OpenStack Networking API. OVN allows you to programmatically connect groups of guest instances into private L2 and L3 networks
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html/networking_with_open_virtual_network/open_virtual_network_ovn
Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distribution across multiple physical servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V
https://www.openvswitch.org
Open vSwitch with SSL
If you plan to configure Open vSwitch to connect across the network to an OpenFlow controller, then we recommend that you build Open vSwitch with OpenSSL. SSL support ensures integrity and confidentiality of the OpenFlow connections, increasing network security.
http://docs.openvswitch.org/en/latest/howto/ssl/
How to Use the VTEP Emulator
This document explains how to use ovs-vtep, a VXLAN Tunnel Endpoint (VTEP) emulator that uses Open vSwitch for forwarding. VTEPs are the entities that handle VXLAN frame encapsulation and decapsulation in a network.
http://docs.openvswitch.org/en/latest/howto/vtep/
Open vSwitch with SELinux
Security-Enhanced Linux (SELinux) is a Linux kernel security module that limits “the malicious things” that certain processes, including OVS, can do to the system in case they get compromised. In our case SELinux basically serves as the “second line of defense” that limits the things that OVS processes are allowed to do. The “first line of defense” is proper input validation that eliminates code paths that could be used by attacker to do any sort of “escape attacks”, such as file name escape, shell escape, command line argument escape, buffer escape. Since developers don’t always implement proper input validation, then SELinux Access Control’s goal is to confine damage of such attacks, if they turned out to be possible.
http://docs.openvswitch.org/en/latest/howto/selinux/
TOSCA (Topology and Orchestration Specification for Cloud Applications)
First, TOSCA is a specification that aims to standardize how we describe software applications and everything that is required for them to run in the “cloud”.
This means that TOSCA provides a way to describe not only an application, but also its dependencies and supporting (cloud) infrastructure.
There are two basic building blocks in TOSCA: nodes and relationships.
A node can be an infrastructure component, like a subnet, a network, a server (it can even represent a cluster of servers), or it can be a software component, like a service or a runtime environment.
For example, a “compute” node, which represents a resource with a CPU. These types can be used in “service templates”, or, as they are called in Cloudify, “blueprints”
Cloudify’s DSL is based on TOSCA’s YAML Simple Profile, which his a way of writing TOSCA blueprints in YAML. (Originally, TOSCA is written in XML, but since XML has lots of unnecessary punctuation, the YAML profile is easier to use.)
https://cloudify.co/2015/07/21/what-is-TOSCA-cloud-application-orchestration-tutorial-cloudify.html
Overlay networking (aka SDN overlay) is a method of using software to create layers of network abstraction that can be used to run multiple separate, discrete virtualized network layers on top of the physical network, often providing new applications or security benefits.
The NWDAF is responsible for providing network analysis information upon request from network functions. For example, a network function may request specific analysis information on the load level of a particular network slice. Alternatively, the network function can use the subscribe service to ensure that it is notified by the NWDAF if the load level of a network slice changes or reaches a specific threshold.
https://www.mpirical.com/glossary/nwdaf-network-data-analytics-function
Automating the 5G Core using Machine Learning and Data Analytics
The NWDAF may serve use cases belonging to one or several domains, e.g. QoS, traffic steering, dimensioning, security.
Use case descriptions should include the following aspects:
1. General characteristics (domain: performance, QoS, resilience, security; time scale).
2. Nature of input data (e.g. logs, KPI, events).
3. Types of NF consuming the NWDAF output data, how data is conveyed and nature of consumed analytics.
4. Output data.
5. Possible examples of actions undertaken by the consuming NF or AF, resulting from these analytics.
6. Benefits, e.g. revenue, resource saving, QoE, service assurance, reputation.
https://mollydpowellusblog.wordpress.com/2018/07/29/automating-the-5g-core-using-machine-learning-and-data-analytics/
DCUS17 : Docker networking deep dive
OpenStack Reference Architecture For 1000 Nodes
Exploring container security: Isolation at different layers of the Kubernetes stack
SDN and NFV integrated OpenStack Cloud - Birds eye view on Security
With NFV and SDN in place, Network Functions are virtualzied and network traffic is managed in separated control and data planes
Virtualized Network Functions are tied with Software Defined Networks to boost the power of virtualization.
Red Hat SDN partner Neutron was highlighted as an option that is fully integrated into OpenStack development and maintenance tools and cycles. Neutron provides out-of-the-box support for VLAN, VxLAN and GRE overlays as well as open source that’s supported by the upstream and utilizes upstream components. Neutron’s SDN solution includes quality of service (QoS) and performance optimization.
What does this "magical" concept of NFV really mean? The presenters defined NFV as "decoupling of network functions from underlying physical network infrastructure" and "move of traditional network functions usually deployed in proprietary hardware to software running in virtual machines (VM) on general-purpose hardware or cloud infrastructure."
Lefrere then walked through an overview of benefits NFV delivers:
Lowers costs: reduces CapEx to eliminate wasteful over-provisioning and reduces OpEx because many of the space, power and cooling costs go away with virtualization
Increases flexibility: management automation and reusable infrastructure
Open Virtual Network (OVN) is an Open vSwitch-based software-defined networking (SDN) solution for supplying network services to instances. OVN provides platform-agnostic support for the full OpenStack Networking API. OVN allows you to programmatically connect groups of guest instances into private L2 and L3 networks.
The objective is to develop a single, standard, vendor-neutral protocol for the virtualization of network switching functions, still based on the functionality first created for VMware virtual networks.
OVN and Network Control
OVN’s main goal is to provide Layers 2 and 3 networking, which distinguishes it from general-purpose, software-defined networking (SDN) protocols and controllers.
OVN and OpenFlow
OVN can be used with the OpenFlow protocol, which was created as a way of exploiting the capability to manipulate flow tables. Networks employ these to implement network services, such as quality-of-service (QoS) monitors, firewalls, and network address translation (NAT).
OVN and OpenStack Integration
OVN can also be used in OpenStack-based networks, where Open vSwitch is the most popular virtual-switch option.
This architecture example augments Open vSwitch: Provider networks to support a nearly limitless quantity of entirely virtual networks. Although the Networking service supports VLAN self-service networks, this example focuses on VXLAN self-service networks
.jpg)
+Software+OpenFlow+switch+Documentation+and+code.jpg)
