|||
基本信息来源于Infoworld 的Slideshows:
注:个人觉得写的很好,但这只是SDN的某个侧面,尤其提到SDN与虚拟化、覆盖网等范式与思想的融合,有些方面与我以前的想法有相似之处,Controller完全可以大胆引入以前一直在探讨但始终没着落的分布式系统技术与方法(包括一些分布式算法)。写的很清楚,具体我就不解释了,感兴趣的朋友可以交流。
The very heart of networking is about change. Your current network infrastructure is a platform on which the entire IT portfolio depends for communication and services. Although the network is made of many physical elements, such as routers, switches, and firewalls, it is for all practical purposes a single system. A change in any part of the network can cause a failure of the whole. This interdependence has led to a fear of change among network operators that prevents new services, new features, and even good operational practices.
SDN is a network architecture that changes how we design, manage, and operate the entire network so that changes to the network become practical and reliable.
Planes of operation
The internal architecture of a network device has three planes of operation:
The management plane handles external user interaction and administrative tasks like authentication, logging, and configuration via a Web interface or CLI.
The control plane administers the internal device operations, providing the instructions used by the silicon engines to direct the packets; it also runs the routing and switching protocols and feeds operational data back to the management plane.
The data plane is the engine room that moves packets through the device, using the forwarding table supplied by the control plane to determine the output port.
Today, the control plane on each network device communicates with the control planes on all other devices in the network using protocols like OSPF or Spanning Tree. As a result, networking is a system of distributed computing in which all of the system elements must be coherent for the network to function as a whole. Although network protocols are well proven, networking remains less than perfect because:
Distributed computing systems are limited by "eventual consistency" (for networks, that means outage during reconvergence).
We're constrained by poor features like destination-based routing (when source/destination would be better).
Controller networking
The major difference between SDN and traditional networking lies in the model of controller-based networking. In a software-defined network, a centralized controller has a complete end-to-end view of the entire network, and knowledge of all network paths and device capabilities resides in a single application. As a result, the controller can calculate paths based on both source and destination addresses; use different network paths for different traffic types; and react quickly to changing networking conditions.
In addition to delivering these features, the controller serves as a single point of configuration. This full programmability of the entire network from a single location, which finally enables network automation, is the most valuable aspect of SDN.
Hypervisor connectivity
The most useful applications of controller-based networking today are being implemented in hypervisors such VMware vSphere, Microsoft Hyper-V, and the open source KVM project. From a networking perspective, a hypervisor usually hosts several VMs (virtual machines), which are connected to a virtual switch, which in turn is connected to the physical network. Today, the virtual switch is not a network device but a robot patch panel for connecting a VM to the physical network.
Hypervisors and the network
In today's virtualinfrastructures, virtual servers use virtual switches in the host hypervisor toshare the physical NIC with other guest VMs. Each virtual switch acts like asmart patch panel to connect to the entire data center network. This succeedsin networking the guest VMs to all other servers in the network. However,because the underlying physical networks are complex and change-resistant, thedata between VMs flows across the network on a hop-by-hop basis.
Tunnel networking
New tunneling protocols likeVXLAN and NVGRE allow for new networks -- aka overlay networks -- to beabstracted from the physical network and configured in the virtual switch.These tunneling protocols encapsulate the Ethernet data inside an IP packet andtraverse the physical network, allowing two VMs on different Layer 3 subnets tocommunicate on the same Layer 2 network. Tunnels do not need to know about theunderlying physical network configuration and vice versa. As a result, virtual networkconnections between hypervisors can be configured without any dependency on thephysical network.
Tunnel fabric
A virtual switch (aka vSwitch) will create tunnels tobuild a full mesh of connectivity to other vSwitches in the network. In thistype of design, the physical network is often known as a tunnel fabric tohighlight the relationship between the tunnel mesh and physical network. Moregenerally, the use of tunnels is known as overlay networking.
Today, a modern x86-basedserver can easily handle the load of tunnel encapsulation at more than 10Gbps,and Intel tests show up to 40Gbps performance (under optimal conditions) withCPU consumption at about 20 percent of a single core. Planned technology fromIntel promises higher server-based networking performance in the next threeyears.
Multitenancy
The vSwitch can support multiple tunnels to providemultitenancy. As shown here, the creation of tunnels for each tenant in avirtual infrastructure keeps the network traffic isolated at the source of thetraffic. Instead of attempting to secure the traffic in the physical network,we can use a hypervisor management tool, such as VMware vCenter, to configurethe VM and the tunnel network according to security policy. This reduces thelikelihood of operational misconfiguration and makes for reliable process andsimple auditing.
Products like VMware vCloudDirector are using overlay networks to enable the use of software-basednetworking appliances to replace physical firewalls, routers, and loadbalancers.
Network agents
Software-defined networkingwill be further enhanced in the next year as the role of the vSwitch is usurpedby network agents. Network agents will provide more flexibility in connectingVMs to the physical network or tunnel fabric because they will be able tochange network traffic flows according to configuration in a similar way thatrouters or switches select the output interface for a given packet or frame. Inthe near future, a network controller will configure network agents to providerouting, switching, and firewall services.
Network agent as router
A network agent can act as arouter by selecting the outbound tunnel interface that passes traffic to thedestination. In this diagram, VM1 is on a separate VLAN from VM2. To achieveLayer 3 routing between the two VMs, the network agent forwards the trafficfrom VM1 into the tunnel for the VLAN on which VM2 resides. Because theforwarding occurs at the edge of the network in each server, scalability ishigh. Adding more servers increases routing capacity.
The bigger picture
SDN makes networking more dynamic and flexible byusing logical overlay networks that can be configured without impacting theunderlying physical network. The abstraction of overlay networks from theunderlying physical network provides for relatively risk-free changes. Becausethe network controller and network agents are software, they support fasterinnovation and more frequent updates than traditional networking gear.
Furthermore, the hypervisormanager and the network controller will exchange data about the systems theyadminister. For the first time, network engineers will have visibility into theservers and applications on their networks, providing for better operation andtroubleshooting.
Archiver|手机版|科学网 ( 京ICP备07017567号-12 )
GMT+8, 2024-11-23 09:55
Powered by ScienceNet.cn
Copyright © 2007- 中国科学报社