對網管而言,SDN很吸引人的原因在於降低網路複雜化與充分運用資源不浪費,尤其資料連結層、網路層。
在傳統網路架構,「多路徑」僅適用IP層,路由器透過演算法交換資料,計算從來源至目的地之最佳路由;但是這個概念在資料連結層不存在,為防止L2迴圈形成廣播風暴,因此制定IEEEE 802.1D STP技術。
通常是為了保留備用線路,才形成交換器的迴圈;交換器會透過交換器優先權或埠成本進行選舉,選出root switch、root port、designated port,最後進入收斂狀態。
在完成收斂狀態的網路,優點是防止迴圈而形成廣播風暴,如下圖
然而STP致命缺點是僅允許存在一條路徑,導致備用埠無法被充分使用而造成資源的閒置與浪費。加上乙太網路表頭沒有跳數(hop count)的概念,若關閉STP將導致訊框成指數複製並癱瘓區域網路。
這些內容在CCNA RS有詳細描述;因此新興的SDN概念可以解決STP與資料連結層的缺點。
網路設備一般由管理板、控制板和資料板組成,管理板通常由廠商自行設計;控制板處理規劃路徑、交換路由;資料板處理資料的轉發、執行控制板策略的實體。
SDN架構模型由低至高為基礎架構層(infrastructure layer)、控制層(control layer)、應用層(app layer)。SDN基礎架構層定義了網路設備,也就是路由器交換器,並整合多路徑、策略路由等IP層的優點。
與SDN概念相近的協定,OpenFlow被認為是SDN第一個標準。其實在SDN思想,OpenFlow非首創,在公共交換電話網路(PSTN,Public Switched Telephone Network)已有類似技術。
SDN之三大核心機制:以流(flow)為基礎來轉發、基於中心控制的路由、針對應用驅動的網路程式設計。
OpenFlow將控制板與資料板隔離,改以軟體實作控制板,使網管不用變動網路設備,以中心方式重新規劃網路,這種「可程式化」提供網路流量最佳化。
而OpenFlow交換器會儲存「路由表(flow table)」,路由表會標記流,紀錄如何處理該流的資料,該路由表通常用TCAM(Ternary Content Addressable Memory)實現;
OpenFlow路由表項主要有6部分:比對域(match fields)、優先權(priority)、計數器(counter)、逾時(timeout)、指令(instruction)、cookie。
「流」類似點對點虛擬電路,指傳輸具有相同屬性資料的邏輯通道,縱跨了資料連結層到傳輸層的概念;
假設路由表項定義入方向端口port 1與目標IP 10.1.1.1 / 32,所有從port 1進入平行處理轉發往10.1.1.1 / 32的資料都屬於一個流。
OpenFlow交換器資料處理流程示意
比對域(match field):請參考下方值
OpenFlow 1.3 Match Fields
0:Switch input port
1:Switch physical input port
2:Metadata passed between tables
3:Ethernet destination address
4:Ethernet source address
5:Ethernet frame type
6:VLAN ID
7:VLAN priority
8:IP DSCP(6 bits in ToS field)
9:IP ECN(2 bits in ToS field)
10:IP protocol
11:IPv4 source address
12:IPv4 desination address
13:TCP source port
14:TCP destination port
15:UDP source port
16:UDP destination port
17:SCTP source port
18:SCTP destination port
19:ICMP type
20:ICMP code
21:ARP opcode
22:ARP source IPv4 address
23:ARP target IPv4 address
24:ARP source hardware address
25:ARP target hardware address
26:IPv6 source address
27:IPv6 destination address
28:IPv6 Flow Label
29:ICMPv6 type
30:ICMPv6 code
31:Target address for ND(Neighbor Discovery)
32:Source link. Layer for ND
33:Target link. Layer for ND
34:MPLS label
35:MPLS TC(Traffic Class)
36:MPLS BoS bit
37:PBBI-SID(Prefix-Based Bitmap Intersection Security ID)
38:Logical Port Metadata
39:IPv6 Extension Header pseudo-field
優先權(priority):每條路由表項包含1個優先順序,指明路由表項比對次序。
計數器(counter):每條路由表項包含1系列計數器,紀錄「流」符合的資料數目、位元數等資訊。
指令(instruction):每條路由表項包含1個操作值,對於高相容性的OpenFlow交換器而言,有4種操作值,轉發至特定介面、封裝並轉發至控制器、丟棄、將資料交由傳統協定堆疊處理。
逾時(timeout):每條路由表項包含1個逾時值,紀錄最大比對時間長度或流的有效時間,以保障路由表空間效率,該值可由網管修改。
cookie:過濾流的統計資料、流改變、流移除,僅由控制器設定該值。
您可以看到比對域結構涵蓋資料連結層、網路層甚至傳輸層,因此在OpenFlow網路不再區分路由器、交換器,統稱「OpenFlow交換器」。SDN架構改變(解耦)了傳統網路設備中控制板與資料板的緊耦合關係。
SD-WAN顧名思義就是SDN應用在廣域網路。隨著使用者SaaS需求不斷提高,在傳統廣域網路結構,因為其嚴格限制而面臨越來越多挑戰。
主要有3個問題:
(1)雲端使用者體驗不佳。
因為傳統的網路設計為集中式DMZ管理,這可能使流量髮夾彎(繞遠路),使SaaS流量是一個低效路徑。如圖
圖片來源:Improving SaaS Performance Using SD-WAN
(2)企業的低頻寬。
因為業務需求頻寬的成長速度遠超過站點固定頻寬,導致應用程式通過固定站點容易發生流量壅塞。
(3)SaaS服務託管的路由可變性。
事實上,網際網路路徑經常改變,這是因為BGP策略路由,它會感測某段路徑品質,自動切換最佳路由。然而也意味著SaaS託管位置在相同的連續時間內有不同的負載。既是優點也是缺點。
為了SaaS服務提供更好的使用者體驗,需要流量在特定時段選擇固定出口與路線。
可以用SolarWinds公司的NPM service觀察圖形化路徑追蹤,請參考圖。
For MIS, attractive reason of SDN that reduce network complex and make the most of resources. There are datalink and network layer especially.
In traditional network, "multiple routes" is suitable IP layer only. Routers can to exchange data each other by algorithm, calculate the best route from source to destination.
But this concept is not exist in datalink layer. It avoid L2 loop perform broadcast-storm so formulate IEEE 802.1D STP technology.
Usually, to reserve the backup line, so loop of the exchanger is formed. Switches are election by switch priority or port cost, to select root switch, root port, designated port. And be convergence status finally.
If network are finished convergence, advantage is prevent L2 loop to perform broadcast storm. Follow image
[image]
However, deadly shortcoming of STP is exist one path only. It cause alternate port can not utilized, cause resource idle and waste.
And also, there is not concept of hop count in ethernet header. If you disable STP, it will cause index replication with frame and to paralyzed LAN.
There is detail content at CCNA RS. So SDN concept can resolve disadvantage of STP and data-link layer.
Network devices is consist of management, control and data plane. Management plane is usually designed by manufacturer. Control plane handle design routes, switching routing.
Data plane handle forward data, execute policy of control plane.
SDN model from bottom to top that are infrastructure layer, control layer and app layer. The infrastructure layer has defined network device, they are router and switch.
And integrated advantages of IP layer such as multiple routes, policy route and so on.
There is protocol with SDN-like. OpenFlow is considered first standard for SDN. Actually, OpenFlow is not first protocol in SDN concept. There was technology-like in PSTN(Public Switched Telephone Network).
SDN concept has three core mechanisms:flow-based to forwarding, central control-based for routing, for app driven network programing.
OpenFlow had isolated control plane with data plane, to change implement control plane by software. Make MIS not need change network device, to replanning network by central method.
It is "programmable" optimizes network traffic.
OpenFlow switch can store "flow table". The flow table has tag flow, and record how handle these data of flow. Flow table is usually implementation by TCAM(Ternary Content Addressable Memory).
OpenFlow table entries has 6 elements:match fields, priority, counter, timeout, instruction, cookie.
The "flow" is like point-to-point virtual circuit. It transport same attribute data by logical channel. Its concept is over datalink layer and network layer.
Assume flow table entry defined ingress interface of port 1, and destination IP address 10.1.1.1 / 32. All data from port 1 being parallel processing to forward 10.1.1.1 / 32, they are belong one flow.
OpenFlow switch data processing illustration
[image]
match field:please refer the values below
OpenFlow 1.3 Match Fields
{ ...... }
Priority:Every flow table entry include 1 priority order. It mean flow table entry match order.
Counter:Every flow table entry include 1 series counters. It record "flow" has match number of data, bit and other info.
Instruction:Every flow table entry include 1 operate value. For better compatible OpenFlow switch, it have 4 operate values:forward to specific interface, encapsulation and forward to controller, drop, take data to traditional stack protocol.
Timeout:Every flow table entry include 1 timeout value. It can record maximum comparison time length or valid time of flow. To ensure flow table space efficiency. The value can be modify by MIS.
Cookie:Filter statistical data of flow, change of flow, remove of flow. The value is set only by controller.
You can see structure of match fields that contain datalink layer, network layer and transport layer. So we are no longer make a distinction router and switch in OpenFlow network.
Collectively called "OpenFlow switch".
SDN structure has changed(decouple) that control plane and data plane with tight couple membership in traditional network device.
The SD-WAN, just as the name implies that SDN applies at WAN. As user SaaS requirements continue to increase, we face more and more challenges in traditional WAN infrastructure because its restricted strictly.
There are 3 questions:
(1) Cloud UX is not good.
Because traditional network design is centralized management of DMZ. It maybe cause network traffic perform hairpin(take the long route). It cause SaaS traffic is an inefficient path. Follow image.
[image]
Image source:Improving SaaS Performance Using SD-WAN
(2) Low bandwidth at branch.
Because bandwidth of business that grow speed is more exceeded fixed bandwidth of site. It cause network traffic congested easily when app over fixed site.
(3) SaaS service hosting that routes variation.
Actually, Internet routes were often change, because BGP policy-based routing. It can sensing some quality of path, and switching best route automatically. However, also mean SaaS hosting location are different load in same continuous time. It is advantage but also disavantage.
In order to SaaS service can provide better UX, we need network traffic select fixed export and routes in specific timing.
You can use SolarWinds corp NPM service, to observe track routes of GUI. Please follow image.
[image]
留言列表
