SlideShare a Scribd company logo

How to Implement SDN Technology in ITB

SDNRG ITB
SDNRG ITB

Affan Basalamah outlines a plan to implement SDN technology at Institut Teknologi Bandung (ITB) without disrupting the production network. He discusses upgrading ITB's core, datacenter, edge, access and wireless networks to support both production and experimental SDN networks. This will allow SDN research and development activities to be conducted using the campus network infrastructure. Basalamah also describes potential SDN/NFV labs, testbeds and collaboration opportunities between universities in Indonesia.

Related slideshows

TACACS Protocol
TACACS ProtocolTACACS Protocol
TACACS Protocol
 
The naming rules of Cisco switches
The naming rules of Cisco switchesThe naming rules of Cisco switches
The naming rules of Cisco switches
 
Cisco Live! :: Carrier Ethernet 2.0 :: BRKSPG-2720 | Las Vegas July/2016
Cisco Live! :: Carrier Ethernet 2.0 :: BRKSPG-2720 | Las Vegas July/2016Cisco Live! :: Carrier Ethernet 2.0 :: BRKSPG-2720 | Las Vegas July/2016
Cisco Live! :: Carrier Ethernet 2.0 :: BRKSPG-2720 | Las Vegas July/2016
 
1 of 92
Download to read offline
How to Implement SDN Technology in ITB Affan Basalamah SDN/NFV Days ITB 2016 21-03-2016
# whoami • Affan Basalamah • Head of IT Development • Direktorat Sistem Teknologi Informasi (DSTI) • Institut Teknologi Bandung • affan@itb.ac.id • @affanzbasalamah
Pesan dari Presentasi ini • Saya tunjukkan bagaimana sebuah perguruan tinggi teknologi membuat jaringan dalam kampus menjadi platform riset teknologi SDN/NFV tanpa mengganggu jaringan production
Jabatan saya: IT • Apa yang harusnya saya lakukan: • Connecting • Connecting who? • Academic/Research in ITB • with: IT/Telco Industries outside: telco, tech vendor
Institut Teknologi Bandung Aula Barat ITB
Gedung PAU ITB
How to Implement SDN Technology in ITB
Era Kabel Kuning dan WaveLAN
Era Cisco Catalyst 6500, Fiber Optic dan PC Router
How to Implement SDN Technology in ITB
Campus Core Network
Apa yang telah dicapai • 20 tahun yg lalu ITB pernah membuat sebuah network yang menghasilkan: • Production network & development network • Tidak ada SLA pada waktu itu • Expert, dgn knowledge dan experience • Dosen sebagai network/system admin • Student volunteer sebagai network/system admin
Apa yang ingin dicapai • Dalam 2-3 tahun kedepan membuat sebuah network yang mampu menghasilkan: • Production network & development network • Di saat SLA layanan IT & Internet sangat ketat • Expert, dgn knowledge dan experience • Dosen & students sebagai researcher • IT sebagai developer
20161996 Future???? Expert w/ Knowledge Experience Network Services Expert w/ Knowledge Experience
Bagaimana mencapainya? • SDN-supported Datacenter, Core, dan Access Network • Experimen SDN di ITB dapat memakai network ini • Tanpa mengganggu production network • SDN/NFV Research/Development activities • SDN/NFV Labs, Testbeds, Research Center • SDN/NFV Communities
Networking in 5+ minutes
What kind of networks • Edge: Connecting External Networks • Datacenter: All of the application system • Core: Networking highway • Access: Connecting Endpoints
Network Components • Switching: Ethernet Switch, WiFi AP • Routing: IP Router • Services: Firewall, NAT, ADC
Production Network • Access to Edge via Core (outgoing) • Access to Datacenter via Core (outgoing) • Edge to Datacenter via Core (incoming) • Datacenter to Datacenter via Core • Every connection has network policies • ACL, authentication, authorization, content policy
Experimental Network • Experiment access to Edge via Core • Experiment access (labs) to Datacenter via Core • Experiment cloud Datacenter to Datacenter via Core • Experiment Edge to Datacenter (labs) via Core • The policies are there are no network policies • Firewall open, no authentication, etc.
Running under same equipment • Core Switch • Datacenter switch • Access switch
Campus Core Network
PAU Labtek V Labtek VIII CCAR CRCS
PAU Labtek V Labtek VIII CCAR CRCS
3 Tahap • Mengenal Jaringan • Mengenal teknologi yang bisa dipakai • Rencana & pelaksanaan Implementasi
ITB Enterprise Network
Core Network • 1 GbE optical & 1GbE copper • 10 GbE optical, Ready for 40/100 GbE • Enterprise features: STP, VLAN, OSPF, BGP, IPv6 • Service Provider: MPLS, L3VPN, L2VPN, VPLS • Software Defined Network (SDN): OpenFlow v1.0/1.3 • Brocade MLXe-8 & Juniper EX9200
Enterprise Network Technology • L2 Switching • L3 Routing: OSPF • IPv6 Routing (OSPFv3, BGP) • IPv6 Multicast Routing • Policy Based Routing (PBR) and Access Control List (ACL) • Existing network working as usual
High Availability Features • Redundant Management Module • Redundant Power Supply with new UPS • Link Aggregation Groups (LAG) • BiDirectional Forwarding Detection (BFD)
Network Security Features • Management network CPU protection • L2 ACL, IPv4 & IPv6 ACL • SSH & SCP authentication via TACACS+ & RADIUS • DDoS Rate Limit Protection
Management Network • Dedicated ethernet management port • SNMP • TACACS+ & RADIUS • Support RANCID • NTP • Syslog • SFlow • NETCONF
Datacenter Network • 10 GbE & 40 GbE interfaces • Supporting Server technology: • HPC Blade • Cloud computing • iSCSI Storage Area Networking
Ethernet Fabric • L2 for virtualization & cloud • Inter datacenter with VPLS from Core Network • VMware vCenter management & OpenStack plugins • Fabric Ethernet technology with TRILL • Brocade VDX6740 Fabric Ethernet Switch
Edge Gateway Network • Juniper MX80 for Gateway Router • Juniper SRX650 for Firewall • Sophos UTM650 for DPI • Brocade ADX1000 for Application Delivery Switch • Cisco ASR1002 for NREN Gateway Router
Access Network • L2 switches, mixed of: • Brocade ICX6430/6450 • Juniper EX2200 • Cisco Catalyst 3560 • VLAN & Spanning-Tree • Security features: DHCP snooping, 802.1x
Wireless Network • Ruckus Wireless • Wifi Controller • Wifi Access Point Indoor • Ready for 3G Offload in Campus • Wifi Access Point Outdoor
Management Network • Support for existing: SNMP, CLI, feeding Cacti & Nagios • Management VRF • SFlow for data collection & telemetry • New apps with SFlow-RT with OpenFlow • NETCONF & YANG • Support new application
Brocade MLXe-8 Core Network
Brocade MLXe-8 Core Network
Campus Core Network
Campus Core Network PAU Labtek V Labtek VIII CCAR CRCS
Core & Access Network PAU Labtek V Labtek VIII CCAR CRCS
Campus Wifi Network WiFi Controller DHCP/DNS/ AAA Internet Firewall DPI-L7 Router PAU Labtek V Labtek VIII CCAR CRCS
Datacenter Network SLB Firewall DPI-L7 Router Fabric Ethernet Fabric Ethernet Cloud/ BigData/ HPC Cloud/ BigData/ HPCInternet PAU Labtek V Labtek VIII CCAR CRCS
Service Provider Network
MPLS Network • MPLS forwarding • LDP or RSVP or BGP signalling • L3VPN for new services • L2VPN for new services • VPLS for new services
Core & Access Network PAU Labtek V Labtek VIII CCAR CRCS
MPLS Service Network - L3VPN Internet Router Surveillance Monitor System Registration & Payment PAU Labtek V Labtek VIII CCAR CRCS
DPI-L7 Router Internet 3G/4G Offload Wifi Network WiFi Controller Cell1 Cell2 Cell3 SSID Cell3 SSID Cell3 SSID Cell2 SSID Cell2 SSID Cell1 SSID Cell1 DHCP/DNS/ AAA PAU Labtek V Labtek VIII CCAR CRCS
Wifi Network with VPLS WiFi Controller DHCP/DNS/ AAA Internet Firewall DPI-L7 Router PAU Labtek V Labtek VIII CCAR CRCS
Datacenter Network with VPLS SLB Firewall DPI-L7 Router Fabric Ethernet Fabric Ethernet Cloud/ BigData/ HPC Cloud/ BigData/ HPCInternet PAU Labtek V Labtek VIII CCAR CRCS
Research & Education Network
OpenFlow SDN • Core network support OpenFlow v1.0 • Hybrid Port Mode with Protected & Unprotected VLANs • Protected VLANs is not subject to defined OpenFlow flows • Regular network can coexist with OpenFlow • VPLS support on VLAN on OpenFlow Hybrid Mode • L2 mode & L3 mode • OpenFlow actions & counters
Management, Control & Data Planes 14 © ipSpace.net 2013 SDN, OpenFlow and NFV for Skeptics Management, Control and Data Planes Adjacent routerAdjacent router Router Control planeControl plane Control plane Data plane Data planeData plane OSPF OSPF Neighbor table Link state database IP routing table Static routes Forwarding table Switching Routing OSPF Management / Policy plane Configuration / CLI / GUI This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [202.152.202.105]). More information at http://www.ipSpace.net/Webinars
Existing toolbox for SDN 22 © ipSpace.net 2015 SDN – Four Years Later SDN Toolbox: Existing Tools Router Control plane Data plane Neighbor table Link state database IP routing table Static routes Forwarding table OSPF Management / Policy plane Configuration / CLI / GUINETCONF ForCES, BGP Flowspec, MPLS-TP PCEP BGP SNMP This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [180.214.233.86]). More information at http://www.ipSpace.net/Webinars 22 © ipSpace.net 2015 SDN – Four Years Later SDN Toolbox: Existing Tools Router Control plane Data plane Neighbor table Link state database IP routing table Static routes Forwarding table OSPF Management / Policy plane Configuration / CLI / GUINETCONF ForCES, BGP Flowspec, MPLS-TP PCEP BGP SNMP This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [180.214.233.86]). More information at http://www.ipSpace.net/Webinars
Emerging toolbox for SDN 23 © ipSpace.net 2015 SDN – Four Years Later SDN Toolbox: Emerging Protocols OF-Config, XMPP, OVSDB, Puppet/Chef OpenFlow I2RS, OVSDB OnePK Router Control plane Data plane Neighbor table Link state database IP routing table Static routes Forwarding table OSPF Management / Policy plane Configuration / CLI / GUI This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [180.214.233.86]). More information at http://www.ipSpace.net/Webinars 3 © ipSpace.net 2015 SDN – Four Years Later SDN Toolbox: Emerging Protocols OF-Config, XMPP, OVSDB, Puppet/Chef OpenFlow I2RS, OVSDB OnePK Router Control plane Data plane Neighbor table Link state database IP routing table Static routes Forwarding table OSPF Management / Policy plane Configuration / CLI / GUI This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [180.214.233.86]). More information at http://www.ipSpace.net/Webinars
SDN for Device Configuration Controller Router Access switch Apps Core switch Distrib switch Core switch Core switch Core switch Core switch Device configuration
SDN for Service Configuration Controller Router Hypervisor Apps Core switch Multitenant VM Core switch Core switch Core switch Core switch Service configuration Hypervisor ToR switch . Storage node Figure 1-6. Storage node Example Component Configuration Table 1-2 and Table 1-3 include example configuration and cons third-party and OpenStack components: Table 1-2. Third-party component configuration Component Tuning Availability S MySQL binlog-format = row Master/master replication. However, both nodes are not used at the same time. Replication keeps all nodes as close to being up to date as possible (although the asynchronous nature of the replication means a fully consistent state is not possible). Connections to the database only happen through a Pacemaker virtual IP, ensuring that most problems that occur with master-master replication can be avoided. N lo in s c o b Multitenant VM
SDN for RIB/FIB Adjustments Controller Router Access switch Access point Hypervisor Apps Core switch Distrib switch Core switch Core switch Core switch Core switch Routing & Forwarding Adjustment BGP-LS, PCEP, Quagga MPLS-TE automatic tunnel
Centralized Control Plane - OpenFlow Router Access switch Access point Hypervisor Apps Core switch Distrib switch Core switch Core switch Core switch Core switch Forwarding flow (e.g. 11-tuples) OpenFlow
SDN for DDoS Protection OpenFlow -RT DDoS User PAU Labtek V Labtek VIII CCAR CRCS
Network Slicing with OpenFlow FlowVisorOpenFlow C1 C2 C3 Slice 1 Slice 2 Slice 3 PAU Labtek V Labtek VIII CCAR CRCS
Software Defined Network OpenFlow Juniper MX80 Mikrotik OpenWRT OpenvSwitch Apps PAU Labtek V Labtek VIII CCAR CRCS
How to Implement SDN Technology in ITB
How to Implement SDN Technology in ITB
How to Implement SDN Technology in ITB
SDN, Cloud & DevOps Tools Mininet
Opensource SDN Process Simplified
SDN Activities & Research
SDN Activities in Campus • Existing: • SDN Course in ITB: Telecommunication Engineering : EL5244 - Software Defined Networking by by Dr.-Ing. Eueung Mulyana • SDN Testbed Trial di Campus Backbone (Tugas Akhir) • OF@TEIN • Coming possibility: • SDN/NFV Labs and Research Center • SDN/NFV Testbed between campus in Indonesia
SDN Course in ITB Telecommunication Engineering : EL5244 - Software Defined Networking • Lectured by Dr.-Ing. Eueung Mulyana Thesis/Final Projects: • Design & Implementation of Multicast Streaming Application on A Local OpenFlow Network • Design & Implementation of MPLS Service on OpenFlow Network with Open vSwitch • Implementation & Analysis of Elastic Load Balancing for DNS Service on OpenStack Cloud • Sustainable Campus-Scale OpenFlow Testbed at ITB • Design & Implementation Site-to-Site IPsec VPN on OpenStack
Design & Implementation of Multicast Streaming Application on A Local OpenFlow Network Dummy%client Streaming%server OpenFlow%Controller Client%1 Client%2 Client%3 Design Multicast Video Streaming Application on Unicast Network Using Floodlight (OF1.0)
Campus-Scale OpenFlow Testbed
Campus-Scale OpenFlow Testbed
Campus-Scale OpenFlow Testbed
How to Implement SDN Technology in ITB
How to Implement SDN Technology in ITB
How to Implement SDN Technology in ITB
How to Implement SDN Technology in ITB
Possibility • SDN/NFV Labs to Research Center • SDN/NFV Testbed antar campus di Indonesia
SDN/NFV Labs • Laboratorium SDN/NFV • Proof of concept for SDN/NFV application • Start from the labs, experiment across campus • Expanding to SDN/NFV Research Center
SDN/NFV Test Bed • Experimental test bed across campus • Extending test bed between campus/research group • Leveraging Indonesia Research Education Network
What’s Next: Collaboration
But don’t forget the human • Pengembangan human resource • SDN/NFV community in ITB • Activity: discussion, small labs, seminar • Next step: meetup, small workshop • Extending to: seminar, workshop, training
SDNRG ITB • SDN Research Group at ITB • http://sdnrg.itb.ac.id • sdnrg@itb.ac.id • twitter.com/sdnrgitb • facebook.com/sdnrgitb • Special Interest Groups on Networking and Connected Services (e.g. OpenStack, Internet of Thing)
But why? • SDN & Cloud Computing is multidiscipline topics • No entities can understand it all completely • Academics, Operators & Vendors needs each others: • Academics need real use case for their research • Operators need help for their problems • Vendors need customers to propose their solutions
SDNRG ITB can bridge the gaps • Academic can get real use case from practitioners • Networkers can get help understanding SDN tech • Vendors can promote SDN tech to educated community
After the gaps is small, whats next? • Educated researchers can build SDN tech solutions for practitioners that fit to the real use case • Educated networkers can architect better SDN solutions that leads to better network, with help from researchers & vendors • Educated vendors can propose SDN solutions to the right customers
SDNRG 1st Meetup, Bandung 2014
OpenStack Mini Workshop, Bandung 2015
The Message • Saya tunjukkan bagaimana sebuah perguruan tinggi teknologi membuat jaringan dalam kampus menjadi platform riset teknologi SDN/NFV tanpa mengganggu jaringan production
Let’s make it happen! Terima kasih!

More Related Content

How to Implement SDN Technology in ITB

  • 1. How to Implement SDN Technology in ITB Affan Basalamah SDN/NFV Days ITB 2016 21-03-2016
  • 2. # whoami • Affan Basalamah • Head of IT Development • Direktorat Sistem Teknologi Informasi (DSTI) • Institut Teknologi Bandung • affan@itb.ac.id • @affanzbasalamah
  • 3. Pesan dari Presentasi ini • Saya tunjukkan bagaimana sebuah perguruan tinggi teknologi membuat jaringan dalam kampus menjadi platform riset teknologi SDN/NFV tanpa mengganggu jaringan production
  • 4. Jabatan saya: IT • Apa yang harusnya saya lakukan: • Connecting • Connecting who? • Academic/Research in ITB • with: IT/Telco Industries outside: telco, tech vendor
  • 5. Institut Teknologi Bandung Aula Barat ITB
  • 8. Era Kabel Kuning dan WaveLAN
  • 9. Era Cisco Catalyst 6500, Fiber Optic dan PC Router
  • 12. Apa yang telah dicapai • 20 tahun yg lalu ITB pernah membuat sebuah network yang menghasilkan: • Production network & development network • Tidak ada SLA pada waktu itu • Expert, dgn knowledge dan experience • Dosen sebagai network/system admin • Student volunteer sebagai network/system admin
  • 13. Apa yang ingin dicapai • Dalam 2-3 tahun kedepan membuat sebuah network yang mampu menghasilkan: • Production network & development network • Di saat SLA layanan IT & Internet sangat ketat • Expert, dgn knowledge dan experience • Dosen & students sebagai researcher • IT sebagai developer
  • 15. Bagaimana mencapainya? • SDN-supported Datacenter, Core, dan Access Network • Experimen SDN di ITB dapat memakai network ini • Tanpa mengganggu production network • SDN/NFV Research/Development activities • SDN/NFV Labs, Testbeds, Research Center • SDN/NFV Communities
  • 17. What kind of networks • Edge: Connecting External Networks • Datacenter: All of the application system • Core: Networking highway • Access: Connecting Endpoints
  • 18. Network Components • Switching: Ethernet Switch, WiFi AP • Routing: IP Router • Services: Firewall, NAT, ADC
  • 19. Production Network • Access to Edge via Core (outgoing) • Access to Datacenter via Core (outgoing) • Edge to Datacenter via Core (incoming) • Datacenter to Datacenter via Core • Every connection has network policies • ACL, authentication, authorization, content policy
  • 20. Experimental Network • Experiment access to Edge via Core • Experiment access (labs) to Datacenter via Core • Experiment cloud Datacenter to Datacenter via Core • Experiment Edge to Datacenter (labs) via Core • The policies are there are no network policies • Firewall open, no authentication, etc.
  • 21. Running under same equipment • Core Switch • Datacenter switch • Access switch
  • 23. PAU Labtek V Labtek VIII CCAR CRCS
  • 24. PAU Labtek V Labtek VIII CCAR CRCS
  • 25. 3 Tahap • Mengenal Jaringan • Mengenal teknologi yang bisa dipakai • Rencana & pelaksanaan Implementasi
  • 27. Core Network • 1 GbE optical & 1GbE copper • 10 GbE optical, Ready for 40/100 GbE • Enterprise features: STP, VLAN, OSPF, BGP, IPv6 • Service Provider: MPLS, L3VPN, L2VPN, VPLS • Software Defined Network (SDN): OpenFlow v1.0/1.3 • Brocade MLXe-8 & Juniper EX9200
  • 28. Enterprise Network Technology • L2 Switching • L3 Routing: OSPF • IPv6 Routing (OSPFv3, BGP) • IPv6 Multicast Routing • Policy Based Routing (PBR) and Access Control List (ACL) • Existing network working as usual
  • 29. High Availability Features • Redundant Management Module • Redundant Power Supply with new UPS • Link Aggregation Groups (LAG) • BiDirectional Forwarding Detection (BFD)
  • 30. Network Security Features • Management network CPU protection • L2 ACL, IPv4 & IPv6 ACL • SSH & SCP authentication via TACACS+ & RADIUS • DDoS Rate Limit Protection
  • 31. Management Network • Dedicated ethernet management port • SNMP • TACACS+ & RADIUS • Support RANCID • NTP • Syslog • SFlow • NETCONF
  • 32. Datacenter Network • 10 GbE & 40 GbE interfaces • Supporting Server technology: • HPC Blade • Cloud computing • iSCSI Storage Area Networking
  • 33. Ethernet Fabric • L2 for virtualization & cloud • Inter datacenter with VPLS from Core Network • VMware vCenter management & OpenStack plugins • Fabric Ethernet technology with TRILL • Brocade VDX6740 Fabric Ethernet Switch
  • 34. Edge Gateway Network • Juniper MX80 for Gateway Router • Juniper SRX650 for Firewall • Sophos UTM650 for DPI • Brocade ADX1000 for Application Delivery Switch • Cisco ASR1002 for NREN Gateway Router
  • 35. Access Network • L2 switches, mixed of: • Brocade ICX6430/6450 • Juniper EX2200 • Cisco Catalyst 3560 • VLAN & Spanning-Tree • Security features: DHCP snooping, 802.1x
  • 36. Wireless Network • Ruckus Wireless • Wifi Controller • Wifi Access Point Indoor • Ready for 3G Offload in Campus • Wifi Access Point Outdoor
  • 37. Management Network • Support for existing: SNMP, CLI, feeding Cacti & Nagios • Management VRF • SFlow for data collection & telemetry • New apps with SFlow-RT with OpenFlow • NETCONF & YANG • Support new application
  • 41. Campus Core Network PAU Labtek V Labtek VIII CCAR CRCS
  • 42. Core & Access Network PAU Labtek V Labtek VIII CCAR CRCS
  • 43. Campus Wifi Network WiFi Controller DHCP/DNS/ AAA Internet Firewall DPI-L7 Router PAU Labtek V Labtek VIII CCAR CRCS
  • 44. Datacenter Network SLB Firewall DPI-L7 Router Fabric Ethernet Fabric Ethernet Cloud/ BigData/ HPC Cloud/ BigData/ HPCInternet PAU Labtek V Labtek VIII CCAR CRCS
  • 46. MPLS Network • MPLS forwarding • LDP or RSVP or BGP signalling • L3VPN for new services • L2VPN for new services • VPLS for new services
  • 47. Core & Access Network PAU Labtek V Labtek VIII CCAR CRCS
  • 48. MPLS Service Network - L3VPN Internet Router Surveillance Monitor System Registration & Payment PAU Labtek V Labtek VIII CCAR CRCS
  • 49. DPI-L7 Router Internet 3G/4G Offload Wifi Network WiFi Controller Cell1 Cell2 Cell3 SSID Cell3 SSID Cell3 SSID Cell2 SSID Cell2 SSID Cell1 SSID Cell1 DHCP/DNS/ AAA PAU Labtek V Labtek VIII CCAR CRCS
  • 50. Wifi Network with VPLS WiFi Controller DHCP/DNS/ AAA Internet Firewall DPI-L7 Router PAU Labtek V Labtek VIII CCAR CRCS
  • 51. Datacenter Network with VPLS SLB Firewall DPI-L7 Router Fabric Ethernet Fabric Ethernet Cloud/ BigData/ HPC Cloud/ BigData/ HPCInternet PAU Labtek V Labtek VIII CCAR CRCS
  • 53. OpenFlow SDN • Core network support OpenFlow v1.0 • Hybrid Port Mode with Protected & Unprotected VLANs • Protected VLANs is not subject to defined OpenFlow flows • Regular network can coexist with OpenFlow • VPLS support on VLAN on OpenFlow Hybrid Mode • L2 mode & L3 mode • OpenFlow actions & counters
  • 54. Management, Control & Data Planes 14 © ipSpace.net 2013 SDN, OpenFlow and NFV for Skeptics Management, Control and Data Planes Adjacent routerAdjacent router Router Control planeControl plane Control plane Data plane Data planeData plane OSPF OSPF Neighbor table Link state database IP routing table Static routes Forwarding table Switching Routing OSPF Management / Policy plane Configuration / CLI / GUI This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [202.152.202.105]). More information at http://www.ipSpace.net/Webinars
  • 55. Existing toolbox for SDN 22 © ipSpace.net 2015 SDN – Four Years Later SDN Toolbox: Existing Tools Router Control plane Data plane Neighbor table Link state database IP routing table Static routes Forwarding table OSPF Management / Policy plane Configuration / CLI / GUINETCONF ForCES, BGP Flowspec, MPLS-TP PCEP BGP SNMP This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [180.214.233.86]). More information at http://www.ipSpace.net/Webinars 22 © ipSpace.net 2015 SDN – Four Years Later SDN Toolbox: Existing Tools Router Control plane Data plane Neighbor table Link state database IP routing table Static routes Forwarding table OSPF Management / Policy plane Configuration / CLI / GUINETCONF ForCES, BGP Flowspec, MPLS-TP PCEP BGP SNMP This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [180.214.233.86]). More information at http://www.ipSpace.net/Webinars
  • 56. Emerging toolbox for SDN 23 © ipSpace.net 2015 SDN – Four Years Later SDN Toolbox: Emerging Protocols OF-Config, XMPP, OVSDB, Puppet/Chef OpenFlow I2RS, OVSDB OnePK Router Control plane Data plane Neighbor table Link state database IP routing table Static routes Forwarding table OSPF Management / Policy plane Configuration / CLI / GUI This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [180.214.233.86]). More information at http://www.ipSpace.net/Webinars 3 © ipSpace.net 2015 SDN – Four Years Later SDN Toolbox: Emerging Protocols OF-Config, XMPP, OVSDB, Puppet/Chef OpenFlow I2RS, OVSDB OnePK Router Control plane Data plane Neighbor table Link state database IP routing table Static routes Forwarding table OSPF Management / Policy plane Configuration / CLI / GUI This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [180.214.233.86]). More information at http://www.ipSpace.net/Webinars
  • 57. SDN for Device Configuration Controller Router Access switch Apps Core switch Distrib switch Core switch Core switch Core switch Core switch Device configuration
  • 58. SDN for Service Configuration Controller Router Hypervisor Apps Core switch Multitenant VM Core switch Core switch Core switch Core switch Service configuration Hypervisor ToR switch . Storage node Figure 1-6. Storage node Example Component Configuration Table 1-2 and Table 1-3 include example configuration and cons third-party and OpenStack components: Table 1-2. Third-party component configuration Component Tuning Availability S MySQL binlog-format = row Master/master replication. However, both nodes are not used at the same time. Replication keeps all nodes as close to being up to date as possible (although the asynchronous nature of the replication means a fully consistent state is not possible). Connections to the database only happen through a Pacemaker virtual IP, ensuring that most problems that occur with master-master replication can be avoided. N lo in s c o b Multitenant VM
  • 59. SDN for RIB/FIB Adjustments Controller Router Access switch Access point Hypervisor Apps Core switch Distrib switch Core switch Core switch Core switch Core switch Routing & Forwarding Adjustment BGP-LS, PCEP, Quagga MPLS-TE automatic tunnel
  • 60. Centralized Control Plane - OpenFlow Router Access switch Access point Hypervisor Apps Core switch Distrib switch Core switch Core switch Core switch Core switch Forwarding flow (e.g. 11-tuples) OpenFlow
  • 61. SDN for DDoS Protection OpenFlow -RT DDoS User PAU Labtek V Labtek VIII CCAR CRCS
  • 62. Network Slicing with OpenFlow FlowVisorOpenFlow C1 C2 C3 Slice 1 Slice 2 Slice 3 PAU Labtek V Labtek VIII CCAR CRCS
  • 63. Software Defined Network OpenFlow Juniper MX80 Mikrotik OpenWRT OpenvSwitch Apps PAU Labtek V Labtek VIII CCAR CRCS
  • 67. SDN, Cloud & DevOps Tools Mininet
  • 68. Opensource SDN Process Simplified
  • 70. SDN Activities in Campus • Existing: • SDN Course in ITB: Telecommunication Engineering : EL5244 - Software Defined Networking by by Dr.-Ing. Eueung Mulyana • SDN Testbed Trial di Campus Backbone (Tugas Akhir) • OF@TEIN • Coming possibility: • SDN/NFV Labs and Research Center • SDN/NFV Testbed between campus in Indonesia
  • 71. SDN Course in ITB Telecommunication Engineering : EL5244 - Software Defined Networking • Lectured by Dr.-Ing. Eueung Mulyana Thesis/Final Projects: • Design & Implementation of Multicast Streaming Application on A Local OpenFlow Network • Design & Implementation of MPLS Service on OpenFlow Network with Open vSwitch • Implementation & Analysis of Elastic Load Balancing for DNS Service on OpenStack Cloud • Sustainable Campus-Scale OpenFlow Testbed at ITB • Design & Implementation Site-to-Site IPsec VPN on OpenStack
  • 72. Design & Implementation of Multicast Streaming Application on A Local OpenFlow Network Dummy%client Streaming%server OpenFlow%Controller Client%1 Client%2 Client%3 Design Multicast Video Streaming Application on Unicast Network Using Floodlight (OF1.0)
  • 80. Possibility • SDN/NFV Labs to Research Center • SDN/NFV Testbed antar campus di Indonesia
  • 81. SDN/NFV Labs • Laboratorium SDN/NFV • Proof of concept for SDN/NFV application • Start from the labs, experiment across campus • Expanding to SDN/NFV Research Center
  • 82. SDN/NFV Test Bed • Experimental test bed across campus • Extending test bed between campus/research group • Leveraging Indonesia Research Education Network
  • 84. But don’t forget the human • Pengembangan human resource • SDN/NFV community in ITB • Activity: discussion, small labs, seminar • Next step: meetup, small workshop • Extending to: seminar, workshop, training
  • 85. SDNRG ITB • SDN Research Group at ITB • http://sdnrg.itb.ac.id • sdnrg@itb.ac.id • twitter.com/sdnrgitb • facebook.com/sdnrgitb • Special Interest Groups on Networking and Connected Services (e.g. OpenStack, Internet of Thing)
  • 86. But why? • SDN & Cloud Computing is multidiscipline topics • No entities can understand it all completely • Academics, Operators & Vendors needs each others: • Academics need real use case for their research • Operators need help for their problems • Vendors need customers to propose their solutions
  • 87. SDNRG ITB can bridge the gaps • Academic can get real use case from practitioners • Networkers can get help understanding SDN tech • Vendors can promote SDN tech to educated community
  • 88. After the gaps is small, whats next? • Educated researchers can build SDN tech solutions for practitioners that fit to the real use case • Educated networkers can architect better SDN solutions that leads to better network, with help from researchers & vendors • Educated vendors can propose SDN solutions to the right customers
  • 89. SDNRG 1st Meetup, Bandung 2014
  • 90. OpenStack Mini Workshop, Bandung 2015
  • 91. The Message • Saya tunjukkan bagaimana sebuah perguruan tinggi teknologi membuat jaringan dalam kampus menjadi platform riset teknologi SDN/NFV tanpa mengganggu jaringan production