How to Implement SDN Technology in ITB
- 2. # whoami
• Affan Basalamah
• Head of IT Development
• Direktorat Sistem Teknologi
Informasi (DSTI)
• Institut Teknologi Bandung
• affan@itb.ac.id
• @affanzbasalamah
- 3. Pesan dari Presentasi ini
• Saya tunjukkan bagaimana sebuah perguruan tinggi
teknologi membuat jaringan dalam kampus menjadi
platform riset teknologi SDN/NFV tanpa mengganggu
jaringan production
- 4. Jabatan saya: IT
• Apa yang harusnya saya lakukan:
• Connecting
• Connecting who?
• Academic/Research in ITB
• with: IT/Telco Industries outside: telco, tech vendor
- 12. Apa yang telah dicapai
• 20 tahun yg lalu ITB pernah membuat sebuah network
yang menghasilkan:
• Production network & development network
• Tidak ada SLA pada waktu itu
• Expert, dgn knowledge dan experience
• Dosen sebagai network/system admin
• Student volunteer sebagai network/system admin
- 13. Apa yang ingin dicapai
• Dalam 2-3 tahun kedepan membuat sebuah network
yang mampu menghasilkan:
• Production network & development network
• Di saat SLA layanan IT & Internet sangat ketat
• Expert, dgn knowledge dan experience
• Dosen & students sebagai researcher
• IT sebagai developer
- 15. Bagaimana mencapainya?
• SDN-supported Datacenter, Core, dan Access Network
• Experimen SDN di ITB dapat memakai network ini
• Tanpa mengganggu production network
• SDN/NFV Research/Development activities
• SDN/NFV Labs, Testbeds, Research Center
• SDN/NFV Communities
- 17. What kind of networks
• Edge: Connecting External Networks
• Datacenter: All of the application system
• Core: Networking highway
• Access: Connecting Endpoints
- 19. Production Network
• Access to Edge via Core (outgoing)
• Access to Datacenter via Core (outgoing)
• Edge to Datacenter via Core (incoming)
• Datacenter to Datacenter via Core
• Every connection has network policies
• ACL, authentication, authorization, content policy
- 20. Experimental Network
• Experiment access to Edge via Core
• Experiment access (labs) to Datacenter via Core
• Experiment cloud Datacenter to Datacenter via Core
• Experiment Edge to Datacenter (labs) via Core
• The policies are there are no network policies
• Firewall open, no authentication, etc.
- 25. 3 Tahap
• Mengenal Jaringan
• Mengenal teknologi yang bisa dipakai
• Rencana & pelaksanaan Implementasi
- 27. Core Network
• 1 GbE optical & 1GbE copper
• 10 GbE optical, Ready for 40/100 GbE
• Enterprise features: STP, VLAN, OSPF, BGP, IPv6
• Service Provider: MPLS, L3VPN, L2VPN, VPLS
• Software Defined Network (SDN): OpenFlow v1.0/1.3
• Brocade MLXe-8 & Juniper EX9200
- 28. Enterprise Network Technology
• L2 Switching
• L3 Routing: OSPF
• IPv6 Routing (OSPFv3, BGP)
• IPv6 Multicast Routing
• Policy Based Routing (PBR) and Access Control List (ACL)
• Existing network working as usual
- 29. High Availability Features
• Redundant Management Module
• Redundant Power Supply with new UPS
• Link Aggregation Groups (LAG)
• BiDirectional Forwarding Detection (BFD)
- 30. Network Security Features
• Management network CPU protection
• L2 ACL, IPv4 & IPv6 ACL
• SSH & SCP authentication via TACACS+ & RADIUS
• DDoS Rate Limit Protection
- 32. Datacenter Network
• 10 GbE & 40 GbE interfaces
• Supporting Server technology:
• HPC Blade
• Cloud computing
• iSCSI Storage Area Networking
- 33. Ethernet Fabric
• L2 for virtualization & cloud
• Inter datacenter with VPLS from Core Network
• VMware vCenter management & OpenStack plugins
• Fabric Ethernet technology with TRILL
• Brocade VDX6740 Fabric Ethernet Switch
- 34. Edge Gateway Network
• Juniper MX80 for Gateway Router
• Juniper SRX650 for Firewall
• Sophos UTM650 for DPI
• Brocade ADX1000 for Application Delivery Switch
• Cisco ASR1002 for NREN Gateway Router
- 35. Access Network
• L2 switches, mixed of:
• Brocade ICX6430/6450
• Juniper EX2200
• Cisco Catalyst 3560
• VLAN & Spanning-Tree
• Security features: DHCP snooping, 802.1x
- 36. Wireless Network
• Ruckus Wireless
• Wifi Controller
• Wifi Access Point Indoor
• Ready for 3G Offload in Campus
• Wifi Access Point Outdoor
- 37. Management Network
• Support for existing: SNMP, CLI, feeding Cacti & Nagios
• Management VRF
• SFlow for data collection & telemetry
• New apps with SFlow-RT with OpenFlow
• NETCONF & YANG
• Support new application
- 43. Campus Wifi Network
WiFi Controller
DHCP/DNS/
AAA
Internet
Firewall
DPI-L7
Router
PAU Labtek V
Labtek VIII
CCAR
CRCS
- 46. MPLS Network
• MPLS forwarding
• LDP or RSVP or BGP signalling
• L3VPN for new services
• L2VPN for new services
• VPLS for new services
- 48. MPLS Service Network - L3VPN
Internet
Router
Surveillance
Monitor System
Registration & Payment
PAU Labtek V
Labtek VIII
CCAR
CRCS
- 49. DPI-L7
Router
Internet
3G/4G Offload Wifi Network
WiFi Controller
Cell1
Cell2
Cell3
SSID Cell3
SSID Cell3
SSID Cell2
SSID Cell2
SSID Cell1
SSID Cell1
DHCP/DNS/
AAA
PAU Labtek V
Labtek VIII
CCAR
CRCS
- 50. Wifi Network with VPLS
WiFi Controller
DHCP/DNS/
AAA
Internet
Firewall
DPI-L7
Router
PAU Labtek V
Labtek VIII
CCAR
CRCS
- 51. Datacenter Network with VPLS
SLB
Firewall
DPI-L7
Router
Fabric Ethernet
Fabric Ethernet
Cloud/
BigData/
HPC
Cloud/
BigData/
HPCInternet
PAU Labtek V
Labtek VIII
CCAR
CRCS
- 53. OpenFlow SDN
• Core network support OpenFlow v1.0
• Hybrid Port Mode with Protected & Unprotected VLANs
• Protected VLANs is not subject to defined OpenFlow flows
• Regular network can coexist with OpenFlow
• VPLS support on VLAN on OpenFlow Hybrid Mode
• L2 mode & L3 mode
• OpenFlow actions & counters
- 54. Management, Control & Data Planes
14 © ipSpace.net 2013 SDN, OpenFlow and NFV for Skeptics
Management, Control and Data Planes
Adjacent routerAdjacent router Router
Control planeControl plane Control plane
Data plane Data planeData plane
OSPF OSPF
Neighbor
table
Link state
database
IP routing
table
Static routes
Forwarding table
Switching
Routing
OSPF
Management / Policy plane
Configuration / CLI / GUI
This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [202.152.202.105]). More information at http://www.ipSpace.net/Webinars
- 55. Existing toolbox for SDN
22 © ipSpace.net 2015 SDN – Four Years Later
SDN Toolbox: Existing Tools
Router
Control plane
Data plane
Neighbor
table
Link state
database
IP routing
table
Static routes
Forwarding table
OSPF
Management / Policy plane
Configuration / CLI / GUINETCONF
ForCES, BGP
Flowspec,
MPLS-TP
PCEP
BGP
SNMP
This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [180.214.233.86]). More information at http://www.ipSpace.net/Webinars
22 © ipSpace.net 2015 SDN – Four Years Later
SDN Toolbox: Existing Tools
Router
Control plane
Data plane
Neighbor
table
Link state
database
IP routing
table
Static routes
Forwarding table
OSPF
Management / Policy plane
Configuration / CLI / GUINETCONF
ForCES, BGP
Flowspec,
MPLS-TP
PCEP
BGP
SNMP
This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [180.214.233.86]). More information at http://www.ipSpace.net/Webinars
- 56. Emerging toolbox for SDN
23 © ipSpace.net 2015 SDN – Four Years Later
SDN Toolbox: Emerging Protocols
OF-Config,
XMPP, OVSDB,
Puppet/Chef
OpenFlow
I2RS, OVSDB
OnePK
Router
Control plane
Data plane
Neighbor
table
Link state
database
IP routing
table
Static routes
Forwarding table
OSPF
Management / Policy plane
Configuration / CLI / GUI
This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [180.214.233.86]). More information at http://www.ipSpace.net/Webinars
3 © ipSpace.net 2015 SDN – Four Years Later
SDN Toolbox: Emerging Protocols
OF-Config,
XMPP, OVSDB,
Puppet/Chef
OpenFlow
I2RS, OVSDB
OnePK
Router
Control plane
Data plane
Neighbor
table
Link state
database
IP routing
table
Static routes
Forwarding table
OSPF
Management / Policy plane
Configuration / CLI / GUI
This material is copyrighted and licensed for the sole use by Affan Basalamah (affan@itb.ac.id [180.214.233.86]). More information at http://www.ipSpace.net/Webinars
- 57. SDN for Device Configuration
Controller
Router Access switch
Apps
Core switch
Distrib switch
Core switch
Core switch
Core switch
Core switch
Device
configuration
- 58. SDN for Service Configuration
Controller
Router
Hypervisor
Apps
Core switch
Multitenant
VM
Core switch
Core switch
Core switch
Core switch
Service
configuration
Hypervisor
ToR switch
. Storage node
Figure 1-6. Storage node
Example Component Configuration
Table 1-2 and Table 1-3 include example configuration and cons
third-party and OpenStack components:
Table 1-2. Third-party component configuration
Component Tuning Availability S
MySQL binlog-format
= row
Master/master replication. However, both nodes are
not used at the same time. Replication keeps all
nodes as close to being up to date as possible
(although the asynchronous nature of the replication
means a fully consistent state is not possible).
Connections to the database only happen through a
Pacemaker virtual IP, ensuring that most problems
that occur with master-master replication can be
avoided.
N
lo
in
s
c
o
b
Multitenant
VM
- 59. SDN for RIB/FIB Adjustments
Controller
Router Access switch
Access point
Hypervisor
Apps
Core switch
Distrib switch
Core switch
Core switch
Core switch
Core switch
Routing & Forwarding
Adjustment
BGP-LS, PCEP, Quagga
MPLS-TE automatic tunnel
- 60. Centralized Control Plane - OpenFlow
Router Access switch
Access point
Hypervisor
Apps
Core switch
Distrib switch
Core switch
Core switch
Core switch
Core switch
Forwarding flow
(e.g. 11-tuples)
OpenFlow
- 61. SDN for DDoS Protection
OpenFlow
-RT DDoS
User
PAU Labtek V
Labtek VIII
CCAR
CRCS
- 62. Network Slicing with OpenFlow
FlowVisorOpenFlow
C1
C2
C3
Slice 1
Slice 2
Slice 3
PAU Labtek V
Labtek VIII
CCAR
CRCS
- 70. SDN Activities in Campus
• Existing:
• SDN Course in ITB: Telecommunication Engineering : EL5244 -
Software Defined Networking by by Dr.-Ing. Eueung Mulyana
• SDN Testbed Trial di Campus Backbone (Tugas Akhir)
• OF@TEIN
• Coming possibility:
• SDN/NFV Labs and Research Center
• SDN/NFV Testbed between campus in Indonesia
- 71. SDN Course in ITB
Telecommunication Engineering : EL5244 - Software Defined Networking
• Lectured by Dr.-Ing. Eueung Mulyana
Thesis/Final Projects:
• Design & Implementation of Multicast Streaming Application on A Local
OpenFlow Network
• Design & Implementation of MPLS Service on OpenFlow Network with Open
vSwitch
• Implementation & Analysis of Elastic Load Balancing for DNS Service on
OpenStack Cloud
• Sustainable Campus-Scale OpenFlow Testbed at ITB
• Design & Implementation Site-to-Site IPsec VPN on OpenStack
- 72. Design & Implementation of Multicast Streaming
Application on A Local OpenFlow Network
Dummy%client
Streaming%server OpenFlow%Controller
Client%1 Client%2 Client%3
Design Multicast Video Streaming Application on Unicast Network Using Floodlight (OF1.0)
- 81. SDN/NFV Labs
• Laboratorium SDN/NFV
• Proof of concept for SDN/NFV application
• Start from the labs, experiment across campus
• Expanding to SDN/NFV Research Center
- 82. SDN/NFV Test Bed
• Experimental test bed across campus
• Extending test bed between campus/research group
• Leveraging Indonesia Research Education Network
- 84. But don’t forget the human
• Pengembangan human resource
• SDN/NFV community in ITB
• Activity: discussion, small labs, seminar
• Next step: meetup, small workshop
• Extending to: seminar, workshop, training
- 85. SDNRG ITB
• SDN Research Group at ITB
• http://sdnrg.itb.ac.id
• sdnrg@itb.ac.id
• twitter.com/sdnrgitb
• facebook.com/sdnrgitb
• Special Interest Groups on Networking and Connected
Services (e.g. OpenStack, Internet of Thing)
- 86. But why?
• SDN & Cloud Computing is multidiscipline topics
• No entities can understand it all completely
• Academics, Operators & Vendors needs each others:
• Academics need real use case for their research
• Operators need help for their problems
• Vendors need customers to propose their solutions
- 87. SDNRG ITB can bridge the gaps
• Academic can get real use case from practitioners
• Networkers can get help understanding SDN tech
• Vendors can promote SDN tech to educated community
- 88. After the gaps is small, whats next?
• Educated researchers can build SDN tech solutions for
practitioners that fit to the real use case
• Educated networkers can architect better SDN solutions
that leads to better network, with help from researchers &
vendors
• Educated vendors can propose SDN solutions to the
right customers
- 91. The Message
• Saya tunjukkan bagaimana sebuah perguruan tinggi
teknologi membuat jaringan dalam kampus menjadi
platform riset teknologi SDN/NFV tanpa mengganggu
jaringan production