Software Defined Networking - Computerphile
Vložit
- čas přidán 2. 06. 2016
- Audible 30 day free Trial: www.audible.com/computerphile
Software Defined Networking takes the control away from basic protocols and gives it to the programmers. Cutting edge companies like Google use it to manage their global Network. Dr Richard Mortier of the University of Cambridge Computer Laboratory explains.
Deep Learning: • Deep Learning - Comput...
Secure Web Browsing: • Secure Web Browsing - ...
Rob Miles on Game Playing AI: • AI's Game Playing Chal...
Cookie Stealing: • Cookie Stealing - Comp...
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
A very intelligent man, who finds a way to simplify a very complex concept, so that someone very unintelligent (me), can understand it.
Thank you sir.
I love the 3D visualization of the network
Great into to the world of SDN. There's definitely enough material to do a mini series about this (SDN protocols like OpenFlow, POF, P4, issues related to centralization, security issues, applications to cloud computing, future internet protocols, alternatives like Contrail, NFV, and etc.). Judging from the comments I've seen so far people are itching for these to be discussed.
CZcams already updated the 301 issue, views are now more in real time than before.
Thank you very much @Dr. Richard Mortier for that wonderful explanation and a big thank you @Sean Riley for filming all the Computerphile videos. I always recommend them to my students :D
As this guy briefly mentioned, with the STP example, each bridge is essentially operating independently. A network isn't a "thing" it's a loose collection of things cooperating, and in the good days giving the illusion of order. The main reason that a network runs protocols like STP or OSPF is that you can't possibly have a centralized controller, and each device must be able to operate relatively independently.
What happens if the controller breaks? Make it redundant? Fine, what happens when the controllers lose connection between them and each of them thinks the peer is dead and assumes master role? You have a drawing there where the controller connects to the switches, that in itself is a network. How does that work? Is it a different network, or is it overlayed on top of the regular network? What happens when it fails? What happens when a centrally controlled network is split into multiple islands? Do they islands still operate independently? If they have connection to the controller maybe, but what if they don't? What happens when a device that has lost connection to the controller tries to collaborate with devices that are still connected to the controller (or does it give up trying to do anything altogether, that seems lackadaisical but it may be best)? I admit that in a datacenter, it would be possible to build a simple, reliable, robust, somewhat redundant network that would connect the controller to the network equipment, and then you would have simplified network by orders of magnitude, however, how do you do this if you are a service provider? Do you operate another control network to manage your data transfer network or do you overlay your control network over your data transfer network, in which case, what happens when something breaks, losing data transfer capability is one thing but loosing control over your network sounds much worse? In a datacenter it may be that the environment is stable and failures relatively rare, but in a network that spans a continent or more, failures will be a common thing. You can not try to avoid them, you must design a network that can operate despite these failures.
The most simple tasks, become unbelievingly complicated when they can not be solved by one device but rather a loose collection of devices cooperating, and each of them can loose connection, or malfunction in countless ways, not to mention wilful attempts to disrupt a networks operation.
Any one given device can fail, and it will not be the end of the world. If, let's say, there is a hardware failure of a memory module in a server, it is acceptable that that server will find itself in an irresolvable state of inconsistency, in which case it should stop, and possibly try to start again and if following the POST it is deemed that the server can safely operate with the remaining function components, then it should continue to do so. But what if a network controller fails? Then the entire network needs to be rebooted? That's unfathomable even in a datacenter or office network, let alone an ISP network or the entire internet? You probably plan to operate multiple controllers, but how do you ensure accurate and timely takeover of the role of a failed controller? And what do you do when the controllers disagree? Which of them is "right"? Do you run an odd number of controllers and then have them vote democratically? But who is the arbiter of that election? By doing this haven't you just shifted the problem to the arbiter? What happens when this fails?
This distributed nature of networking makes it such a difficult and interesting subject, if it were possibly to centrally control it would be very simple, but I can't for the life of me imagine how you can do that (though the fact that SDN exists means that this is possible and that I'm just lacking in imagination).
Any of the above questions I would like to see answered in future computerphile videos!
Hi,
I've only very briefly worked with Meraki gear, but essentially yes, if they loose connection to the controller, the equipment still works, but you can not change the configuration anymore. It still runs regular network protocols like STP it's just that you don't directly dial into the device to change the config you do that from the controller. That being said, Meraki is only very slightly above home network equipment, like Linksys or Netgear, when it comes to features. It isn't anywhere near established brands like Ciso or Juniper when it comes to what can do with them, and only really suitable for small simple office networks. NAT functionality is pretty poor and policy routing is non-existent, so if you have duplicate IP ranges, you're out of luck!
paul zapodeanu Yes, im only pointing out the behavior of Meraki because you asked what would happen if the controller crashed In as SDN environment. While Meraki is not SDN, there are similarities in behavior that are applicable to your question. The way Meraki handles its behavior in absence of communication with the mother ship is a pretty reasonable way to handle things.
IMHO, the most striking thing about comparing Meraki with SDN is in regards to the bootstrapping problem discussed in the video. Without distributed network intelligence using current protocols (BGP, Static Routes, OSPF and the like), Meraki could not operate cause it would never be able to communicate with the controller. I'm curious how SDN plans to supplant traditional network infrastructure if it cant seem to function without it.
I'd like to think of traditional network as "Human Defined Networking" :) since they're managed and configured manually by humans in a datacenter or remotely logged into one. In that sense, the "controller network" in traditional networking is actually made up of human legs that's running back and forth between data centers when the network is in need of maintenance(outage, config change, etc). I'd consider whatever controller communication mechanism used by SDN to still be more reliable and responsive than human legs. And if anything extraordinary happens, human-leg-networking can still be your last resort :D
Thanks for an amazing quality, love the vids with Dr. Mortier
I love Computerphiles explanations. Easy to understand and put onto real life situations.
Do the switches typically get connected _directly_ to the controller, as was shown in the diagram, or would they be connected through the network, and only one or two of the switches would be directly connected?
So can we see the traditional tcp-ip routing mechanism as a specific case of openflow where the SDN algorithm implemented is spanning-tree?
Is it true that we can actually specify the source IP and the action to it here but not in forwarding tables? (i.e: source IP cannot be specified in forwarding tables to apply actions accordingly, instead, you only use destination IP’s and ports to specify actions)
Can someone tell me the names of the books on his shelf in the background?
What are the topics or problems in the networks that the researcher can work on in graduate studies?
So is something like Cisco prime a form of SDN? I was reading on Cisco prime and they were talking about bootstrapping, etc to a network server. So the controller is basically like the config file for a switch, but it covers all the switches instead? Would something like this mean that say you have several Vlans and you bring a PC from Vlan 20 to the shop for work and you normally use vlan 10 will it be able to see the mac address at the controller then say this needs to be in vlan20?
Sir i need to know whether handoff reduction in cellular network is possible in iot sdn network
Very interesting, would love to hear more.
I don't understand why people don't yell out "zeroth" on Computerphile in the comments!
I imagine the kids who write "first" aren't that bright.
100110th!
NuggetNapper
That's more like it! haha!
Only real programmers start from 0.
An object of index 0 is the 1st.
Question from 2020, what is considered the current status of SDN? Is a fair amount of public internet traffic running on SDN routers and switches now?
Any possibility you could back up this video with an addendum that explains how you would implement some redundancy in an SDN?
The main advantage I can see for this is stateful load balancing. Even if just implemented within a datacenter (as opposed to across the whole internet) this could be really advantageous.
Daryl A I was thinking TCP connections of undetermined length or where the demands of handling the request is not equal per request. Stateless load balancing solutions (such as round robin or connection count balancing) have no idea of what the impact of the connection is on the end server. If the servers have a way of monitoring their load based on the number of connections, the tasks being performed on those connections and even the state of the machine (what other tasks its doing/what the CPU load is) then this can be reported to the application layer of SDN for it to change how the traffic is sent to the servers,
Maybe "stateful" isn't the right term?
Aren't ACLs designed to permit or deny access based on the IP addresses?
Is anyone concerned about the controller in an SDN getting hacked and the implications?
I recently started re-reading ASOIAF. My body is so so ready for The Winds of Winter ^^
4 years later and still no winds of winter..
I want to start SDN. I want to know how to start and what is the first course I should study??
Plz guide me 🤝🌹
Great video guys.
Awesome video!
yesss, perfectly timed for comp3
How to control the any game package through Software Defined Network in a network
It almost seems like this just creates more overhead on switches, while this probably wouldn't cause a noticeable slow down in smaller settings, in big corporate offices where you would probably find these kinds of things, it may cause noticeable slow down for instance
If destination IP address is 10.10.10.2 send out of port 3, would require just as much processing time as most protocols, plus if it goes out of port 3, to say a switch with the IP 10.10.10.4 and then it's supposed to send that out of port 6 to 10.10.10.2, why not just use something like EIGRP to let the swiches/routers find everything themselves, not to mention if it has a controller it adds another point of failure that IT staff would need to be aware of and worry about
Is the controller not then a single point of failure?
The controller doesn't have to be physically centralized. There can be many distributed controllers but logically centralized (i.e. they share the same view of the network, so they process and act as if one entity).
The video just gave a brief basic introduction into the topic but obviously, for saving time, they don't go into such details.
This makes me wish there was a Telecomphile...
What if the controller fails?
I love this channel.
Great video. But I don't quite get why he mentioned STP in the beginning. Doesn't have too much to do with the topic of SDN to my understanding? Valuable for understanding L2 Loop Prevention, yes. But not really needed for grasping the concept of SDN right?
Nope, not necessary for understanding SDN. But I was trying to contrast SDN to the more traditional alternatives... :)
Awesome, a reply from Dr. Mortier himself :)
Ok, I get that. Fair enough.
Thanks for taking the time to reply and for creating content like this for everyone!
Would be interesting to see how academia defines the topic of SDN, now that literally every vendor in the Networking space has its own implementation and therefor interpretation of the technology/paradigm.
Is there even one single definition of SDN?
Thanks for this!
Good timing, I have an exam in this next Friday
There are universities teaching about SDN?
University of Oslo has some courses that include SDN. The course Im taking is more of a general networking course that touches several subjects, with SDN being one of the main themes.
Nice! Now the large corporate ISPs can completely control content!
They can already do that. SDN is just a different way of routing packets. The routing decision is centralized in SDN as opposed to distributed in current network deployments (i.e. each router decides for itself based on rules input by the ISP).
+Daryl A ISPs cant do it as easily as with this software layer. routers at the moment do not operate like a bot net
Urensoft I think I missed the part where we were talking about ease of use among two given options or how similar distributed routing is to botnet behavior.
+Daryl A 2:30
Last I heard Google was using SDN for their B4 network. I don't believe CZcams rides atop that. I'm on the fence, as a lot of network engineers are with SDN. I feel like it may have better PR among Engineers if it didn't set out to immediately try and replace us lol. "SDN, giving the network to programmers!" Which, is a hilariously bad idea. Makes about as much sense as giving devops to the network guys imo. Cisco's play with ACI isn't too shabby, heck in their 2.0 release they brought in some NX-OS like configuration modes. Which is the right move to me.
4:03 sounds like you could craft packets to easily gain access to servers if what you say is a common example...? Surely you can't allow the software to make allow/deny decisions itself? Or can you? Also surely this will cause overhead, I mean on top of the protocols..
it does not, at least minimal.
sending commands to switches is independent of them handling packets
they learn their network similar to before, the management layer just gets pivoted. if you use sdn for higher level osi it might cause a problem for big bulks of data
empirical statistics show some, but minimal, delay.
Make ipv6 detail video please
Yeah, how about we _don't_ do that for the internet?
Why not?
because the internet needs to be highly dynamic and decentralized.
if you have a central controller you just add failure points to systems.
Easier government control.
Daryl A The previous commenters mostly said it already: it's a technological nightmare because basically _the_ strength of the internet is its decentralized nature. But it's also a political nightmare because the level of control that both governments and private bodies could gain would make the recent discussion about net neutrality look practically laughable in comparison.
We just covered this subject in university today
Which university is teaching this? I'm surprised lol.
It's in germany... I study computer science at HTW Saar. We started this topic in our networking course
Is this the reason why Googles virtual machines in asia and europe have IP addresses geolocated to the US?
no thats probably because of a VPN connected to one of their LANs in the US
I hope this technology matures quickly. Although I enjoy the huge $$ as a Network Engineer, but as a Gamer, it's filthy to work with archaic technologies. XP
Sounds like Cisco iOS.
I can't help but wonder what happens if someone managed to get access to that controller when they're not supposed to.
Man in the middle just gained a new option, I suppose.
exactly, or the government
+Urensoft Like he said, man in the middle.
You could say the same about switch managers. I've tested SDN to sniff packets to analyze them for malware. mirror ports have always been a security risk if somebody gains access to the maintenance of a network.
i dont believe the controller in itself poses such a risk, but always the network admins' intentions. The controller can be monitored via monitoring tools and traffic can ge visualizated as well as ruletables
But then, Who, judges the merits of each router variant, for self-consistency, mutual-consistency, new-design consistency...
Look up WMvare NSX for an implementation of software defined networking.
It's sorta sdn but not. It's virtualized networking.
I have a CCNA 1 networking exam tomorrow :O
Concurrent Computing and Network Architecture maybe?
OmegaCraftable nah, Cisco Certified Network Associate, entry level, lol
Haha man that sounds even worse
TechXSoftware did u pass
@@eduardobelfort5676 I passed CCNA 4
What's a "rooter"? ;)
Truffle pig.
A "rooter" is a device that routes traffic.
A "r-ow-ter" is a tool used in carpentry to rout - or hollow out - an area of wood.
The pronunciation matters, as they're both spelt "router".
And let's not get into the American pronunciation of "soldering iron"...
KlaxonCow
A rooter is a device for unclogging drains. A router routes things along routes.
Why would you pronounce them the same?
It seems related to the IP roots/rooting. When hacking someone, you pull them up by their IP roots.
Oh no, what have I started? Hehe. As long as it's out of love.
Man in the middle attack.
Did he just say dynamically updating firewall rules. hmmmm
>yaaaay woooo more centralized control on internet infrastructure
Yeah...how about no.
Oh, snap! People better not build the Aquinas Router, or i'm gonna blow up the internet at some point :D
Just so y'all know: By rooters, he means routers.
Yeah, routers. That's what he said.
+Penjacker Rekcajnep Exactly
Penjacker Rekcajnep How do you guys pronounce "pronounce?"
British people pronounce "router" root-er, Americans pronounce it r-out-er. Don't argue about it.
Only midwesterners say "rowter." Those of us Americans who are sensible say "rooter." :-)
Wait what?
They are hyping SDN the way they hyped Ipv6.
It is essential for cloud computing!
Is there a point hidden somewhere in that comment?
I think he is making the point that the claims of increased efficiency and utility derived from SDN are analogous with similar claims made by proponents of IPV6.
Yes, but unlike IPv6 this can happen bit by bit without limitations, so for example if you want to apply the SDN architecture to your private network you can do that and it would still be able to communicate with the outside world (the internet), while with IPv6 it was more complicated.
Yep. I feel like they should've mentioned this in the video. It should also be noted that SDN has the potental be used to help create the "bridging" necessary for IPv4 and IPv6 netowrks to co-exist. Many interesting use-cases.
This sounds like a terrible idea for data security and integrity.
Push a policy on to a server, "every time a password comes here send it to me and then i'll forward it" - simplified example.....
And that's why we use tls when sending passwords
I don't think that's what is done. It seems to be more of a "If you get something on this port from this server, send it to that address" I imagine that would make a content distribution network like they use for CZcams easier to manage, along with propietary software.
rip protocal
I felt this guy was trying to explain something reasonably simple, but rambled and used lots of technical terms and I couldn't really understand what was being said in the video.
I was thinking the same, it is hard to understand if your English is a secondary language.
Yeah, it's true that he likes to talk non-stop when he's explaining something. It's not just in this video
great!
stage 1 of how to let individuals control the entire internet.
i really want my packets to be modified without my consent as they're sent over the net.
why does mankind insist on ruining the greatest invention ever made.
What are you talking about? Just having a packet leave your router causes it to be changed. NAT makes changes to packets and every hop through a router causes yet more changes to your packet. I really hope you're being sarcastic and it's just not coming across properly because if you're genuinely upset you need to learn a bit more about how networking works.
+James Durand routers dont change the body of a request, this can. i hope you aren't a technician
Routers can and do make changes to a packet. NAT, as I said previously rewrites the source IP of the packet before passing it out to the external network. No one said you were rewriting the entire packet. The specification for TCP/IP allows for changing of certain fields in packets because that is the ONLY WAY YOU CAN ACHIEVE CERTAIN THINGS! Try making a proxy service without changing packet fields and let me know how that goes. Just because a packet was changed doesn't mean some evil thing is happening. You really need to take off the tin foil hat from time to time. Your brain is starting to fry.
There's really nothing right now that says routers can't modify the payload. An update to the firmware and it'll be possible. A malicious administrator can also easily re-route traffic to a custom middlebox that can do packet inspection and alteration. Honestly if you trust IT people running the system as it exists now, there's no reason why you shouldn't trust them handling the logic of the SDN controller.
Almost any traffic of value is encrypted by either TLS or SSL anyways, which pretty much ensures the integrity of the payload. Still don't see what you're worried about...
3rd.
Roooters 😆
I usually use a rooter to clean my sewer pipes, and handle my internet traffic with a router.
2nd
I hate hearing the word audiable. It sounds like selling out to me.
Id be thumbsing up if it were not for that. As is im not clicking either.
Because people shouldn't make a decent living making CZcams videos right? /s
They should absolutely be able to make some money and even a living (if that's possible; dunno how high the rates are) from CZcams videos.
Me, I'm just a bit sad it's nearly always Audible, because I don't like Audible. The audio books they sell are horrible DRM'd. There's also no real way to play them on GNU/Linux, expect through their cloud player (i.e. runs in a browser, needs an active internet connection).
This is nothing I hold against Computerphile/Numberphile or anyone else, though. This is a beef I have purely with Audible.
Scribble Science
Thats the worry about it. Its just a stepping stone.
***** That pretty much how i feel but with more words :)
TheProCactus I disagree with your use of the term "selling out", though.
Ha! The GoT books are utter drivel...