Software Defined Networking and Network Function Virtualization

Overview

In this course, students learn Software Defined Network architecture and the important protocols related to SDN implementations. This course thoroughly explains what SDN is, how it works, and then does a deep dive into the SDN protocols themselves. SDN can both manage and control physical network elements as well as Network Function Virtualization, allowing network professionals to deploy and maintain a clean integration between cloud environments and the physical network itself.

Often we are asked by network personnel to teach them what the network looks like when it enters the cloud. This is why the study of Network Function Virtualization is a natural progression in this type of study, so we have included both SDN and NFV in one course. This course will clarify what happens at the cloud boundary and then look into the virtual network within the cloud itself. If you are already a networking professional and you take a look at what is going on inside the cloud, you will learn that there is no reason not to take all those good ideas and implement them outside the cloud. The networking control layer as you may currently understand it, will change radically with SDN. We will show you that the change is both amazing and powerful.

In this course, you will build, configure, and deploy the most popular network functions, routing, bridging, and OpenFlow switches along with requisite protocols. You will integrate these components with an emulated physical environment and perform verification testing. The cloud environment will be represented with a *very* deep dive into OpenStack Neutron and Neutron-compute.

openstack Untitled Document.md

Software Defined Networking (SDN) and Network Function Virtualization (NFV)

1. SDN Introduction

  • Southbound Interface and Northbound Interface
    • Controller Southbound Interface (SBI) & Northbound Interface (NBI)
  • Data Plane
    • Classic Forwarding Device
  • Control Plane
    • Distributed Control Plane
  • Problems with the current distributed Control Plane design
    • Interfacing with the Distributed Control Plane
  • Problems solved by the Centralized Control Plane
    • Clean Interface for new Applications
    • Declarative vs Imperative Control
    • What about the Southbound Interface?
  • Data Plane
    • Service Chaining
  • Management Plane Functions
    • RFC 7426 SDN Layers and Architecture Terminology
  • Northbound API Abstractions
    • Recognizing Cloud Types

2. NFV Practical Application

  • Universal Data Center Options
    • Basic Cloud Components
    • Network Fabric
    • NFV Network
    • Controller Node
    • Network Node
    • Compute Nodes
    • Storage Nodes
    • A Data Center Rack - Generic!
    • Compute Node Functions
  • Cisco Data Center Options
    • A Data Center Rack according to Cisco ACI
    • Data Center Layout - Cisco ACI
  • NSX VMware Data Center Options
    • A Data Center Rack according to NSX (VMware)
    • Data Center Layout - NSX Vmware + Cisco-driven Fabric
  • OpenStack Data Center Options
    • A Data Center Rack - Openstack
    • Data Center Layout

3. NFV

  • NFV Terminology
  • NFV Architecture
    • ETSI NFV ISG Interfaces and Architecture IFA WG
    • VNF, Network Service and E2E Network Service
    • Management of NFV Components
    • Management and Orchestration: Architecture
    • Virtualized Infrastructure Manager (VIM)
    • VNF Manager (VNFM)
    • NFV Orchestrator (NFVO)
    • VNF Forwarding Graph and Network Forwarding Path on top of a Network Service
    • Base Information Elements
  • NFV Reference Points
    • MANO Architectural Framework- Reference Points and Interfaces
  • Service Function Chaining Architecture (RFC 7665)
    • Service Chaining

4. NFV Commands

  • net-tools vs iproute2
    • net-tools (Legacy) vs iproute2 (NFV friendly)
  • iproute2
    • iproute2 Package Commands
    • Linux Container Building Blocks
  • Linux Network Devices
    • Linux Network Devices Used in this Course
    • Linux Network Devices Basics – Linux Bridge
    • OVSwitch
    • TAP
    • Physical & Virtual Interfaces
    • Namespaces
    • Introducing the Linux veth
    • Linux veth
    • OVS Bridge Internal
    • iptables
    • Linux Bridge
    • namespaces
  • Bridging namespaces
    • Step 1: create veths
    • Step 2: Connect veth to Linux bridge
    • Step 3: Connect veth to namespace
    • Step 4: Connectivity path between namespaces
  • Bridging VMs
    • Use a tap for connectivity to WM (not veths)
    • Linux tap
  • Forwarding Logic
    • ip tables - Type of Chains
    • Reading an iptables entry
    • An iptables example
    • ip table example per device
    • ip table example by protocol (DHCP example)
    • How to use tcpdump to monitor flows
  • mininet
    • mn (Mininet) Commands
  • ip neigh
  • ip2
    • ip link
    • ip addr
    • ip route
  • ovs vsctl
    • ovs-vsctl command examples
  • TCPDUMP
    • Creating complex tcpdump expressions
    • Other search expression
    • tcpdump Essentials
    • BPF Berkley Packet Filter Primer
  • Troubleshooting
    • a3diff
    • ip address vs. ip link

5. OpenFlow

  • OpenDaylight Southbound APIs
    • OpenFlow Interface
  • Active Networking
  • ForCES Architecture
    • ForCES Architecture- FE Model
  • Clean Slate
    • OpenFlow
  • Layers - API vs Control vs Infrastructure
  • Switch Specification
    • OpenFlow Switch Specification
  • Linux Installation and Deployment
    • Installed on a Linux Machine using x86 Hardware
  • Components
    • What is OpenFlow?
  • Main Components the Switch and Controller
    • Main Components of an OpenFlow Switch
    • Open Source Controllers
  • Traditional L2
    • The MAC Address
    • An Ethernet Access
    • The Ethernet Link
    • The Source and Destination IP Addresses
    • Referencing the Host Routing Table
    • Ethernet Broadcast Domain
    • Ethernet Switch MAC Address Learning
    • ARP Response
    • Analyzing the ARP Table
    • Switch Forwarding to “Known” MAC Address
    • MAC table aging on no activity
  • Basic Operations and Messages
    • OpenFlow Learning Bridge example
    • OpenFlow Ethernet Broadcast Domain
    • OpenFlow Learning Switch Application
    • ARP
    • Flow match
    • Packet IN
    • Learning
    • Packet OUT
    • Flooding
    • ARP Response
    • Packet IN
    • Packet OUT
    • L2 Forwarding
    • Flow Timers
    • Populating Flow Entries Reactively
    • HW vs SW Switches
  • Flow Table
    • Flow Table
    • Flow Entries
    • Table ID
    • Priority
    • Packets
    • Match
    • Actions/Instructions
  • Review of OpenFlow Specification (current or 1.1.0, Wire Protocol 0x02)
    • Normal Port
  • Flow Tables, Pipeline Processing
    • Pipeline Processing
    • Multiple Match Tables (MMT)
  • Group Table, Matching, Instructors
    • Instructions
    • Action Set
    • Instructions that modify action set
    • Actions
    • Flow Table Entry
    • Flow Switching/Routing
    • Group Tables (OF 1.1)
    • OpenFlow 1.2
    • OpenFlow 1.3
    • OpenFlow 1.4
    • OF 1.5
  • Segment Routing

6. Open vSwitch

  • Architecture and Components
    • What is Open vSwitch?
    • What is Virtual Switch?
    • Open vSwitch Design
    • Open Virtual Network Architecture
  • OpenvSwitch Daemon
    • ovs-vswitchd
  • ovsdb-server
    • Lifecycle of a VIF
  • Core Tables
    • Open vSwitch
  • Linux Bridge vs. OpenvSwitch Design
    • Virtual Network Topology in OpenStack Example
  • Ovs-ofctl, ovs-dpctl
    • Management
  • Traditional VM Ethernet Processing
  • Intel DPDK intro
  • Intel SR-IOV
  • OVS Kernel Module
    • OVS Kernel Module: openvswitch_mod.ko
  • Intel DPDK Effect
    • Why is OVS-DPDK faster than OVS?
    • OVS vs OVS-DPDK
    • Cross Socket Tests
  • ovs-vswitchd.conf.db(5)
    • ovs-vswitchd.conf.db - Open_vSwitch database schema
    • ovs-vswitchd.conf.db - Open_vSwitch TABLE SUMMARY
    • OpenFlow Switch Specification

7. OpenFlow Controller

  • Northbound vs. Southbound Interfaces
    • Northbound API Abstractions
  • RYU SDN Framework
    • What is Ryu?
    • Supported features/protocols
    • OF/firewall/router REST API
    • IDS Support
    • Ryu Implementation
    • Ryu Architecture
    • Event Dispatcher
    • Event Source/Sink
    • Event Request/Reply
    • Connection to OpenFlow Switch
    • Overview of Ryu Plugin
    • OpenStack L2 Isolation: Physical View
    • Flow Table Usage
    • GRE Tunneling with OpenStack
    • Python
    • AIO Libraries
    • Threading
    • Hello Packets and Discovery
    • Default Match
    • PacketIN and PacketOut
    • Source MAC learning at the controller
    • Simple Switch via FlowMod

8. SAL

  • Model Driven Service Abstraction Layer
    • MD-SAL’s Interaction with the Controller
    • MD-SAL’s Successful Older Brother
    • MD-SAL Lowers Capex and Opex
  • Standardization
    • Diagram of Standardization
    • MD-SAL Improves Application Programming
    • MD-SAL Communication Model
  • Interacting Applications
    • Consumers, Producers and RPCs
  • Restful Interface YANG
    • MD-SAL’s Restful Interface
    • Yang Model
    • MD-SAL Builds On Open Standards
  • Controller Functionality
    • MD-SAL Extends Controller Functionality
    • Off Controller Interaction
    • Quick Summary of controller functionality
    • Critical Northbound Applications
  • Network Abstraction
    • Network Abstraction functionality
    • Open Daylight Boron Network Abstraction
  • Alto Protocol
    • Alto Protocol Manager
    • Sample Alto Code (note the cost value pairs)
    • Alto syntax
    • Alto Use Cases
  • Fabric as a Service
    • New, Fabric as a Service (FaaS)
  • Group Based Policy Service
    • Diagram
  • Group Based Policy Service Example
    • Step One: Create Rules
    • Step Two: Create Groups and Associate Rule Sets
    • Step Three: Create Group Members
    • Network Intent Composition Lofty Goals
  • Intents
    • Many Computer Language have goals
    • But Network Intent Composition
    • Intents
  • Network Modeling Language NEMO
    • New, Nemo – A NEtwork MOdeling Language
    • Nemo is strictly North Bound GBP is internal the controller

9. OpFlex

  • Cisco Overview
    • OpFlex Background
    • Cisco proposal: An informational RFC
    • Summarizing the RFC
  • Big Picture Diagramming
  • Cisco OpFlex Support
  • Example
    • Registering an endpoint on an OVS switch

10. NETCONF and YANG

  • Overview of Network Configuration
    • What is NETCONF and YANG?
    • Why NETCONF and YANG?
    • YANG: Data Schema for Networking
  • Introduction to SDN with NETCONF
    • NETCONF Configuration Data Stores
    • NETCONF Layers
    • NETCONF Transactions, Network-wide Transactions
    • NETCONF Base Operations
    • NETCONF Example Configuration Sequence
  • Introduction to SDN with YANG
    • YANG Data Modeling Nodes
    • Example
    • Toaster
  • SDN Programming with YANG
    • Structure
    • Header
    • Identities
    • Container
    • RPC Example
    • RPC example 2
    • Notifications
  • SDN Programming with NETCONF
    • NETCONF RFC 6241 Optional Capabilities
    • Non-base NETCONF Capabilities
    • NETCONF <hello> Operation
    • NETCONF <get-config> Operation
    • NETCONF <edit-config> Operation
    • NETCONF <lock>, <unlock> Operation
    • NETCONF <get> Operation
    • NETCONF <close-session> Operation
    • Additional NETCONF operations by capabilities
  • VPN Scenario
    • VPN Scenario
  • RFC 7149
    • RFC 7149 A Perspective from within a Service Provider Environment
    • RFC 7426 SDN Layers and Architecture Terminology

11. Overlays and Underlays

  • Architecture for Overlay Networks (draft-ietf-nvo3-arch-04)
    • An Architecture for Data Center Network Virtualization Overlays
  • Security Requirements of NVO3 (draft-ietf-nvo3-security-requirements-07)
    • Security Requirements of NVO3 (draft-ietf-nvo3-security-requirements-07)
    • Introduction to Cloud Overlay Networks
    • L3 Based Fabric Advantages
    • L3: A Better Design
    • Tunnels in the Physical World
    • VXLAN: Virtual eXtensible LAN
    • How do VTEPs handle BUM (Broadcast, Unknown Unicast, Multicast)?
    • VXLAN: Virtual eXtensible LAN
    • VXLAN Service Node
    • How many L2 networks in this picture?
    • VLAN
    • How L2 VLAN tagging works
    • How many L2 networks in this picture? Four!
    • Again, how many L2 networks in this picture? Four!
    • VXLAN Packet Headers
    • GRE Packet Headers
    • How L2 VLAN tagging works with L3 subnets
    • VTEP allows L2 connectivity despite L3 boundaries
    • Examining VXLAN tagging in Wireshark
    • Decode as VXLAN
    • Now Wireshark shows vxlan-encapsulated internal packets!

12. OpenStack Neutron Networking

  • Bare Metal Interfaces
    • Same Tenant, Same VM
    • Neutron Networking same compute, same subnet
    • Neutron Networking same compute, different subnet, no DVR
    • Neutron Networking VXLAN Option without DVR
    • Neutron Networking same compute, different subnet, with DVR
    • Neutron Networking different compute, different subnet
    • Neutron Networking same compute, different subnet, no DVR
  • Type Drivers – VLAN
    • Neutron ML2 Type Drivers
    • Neutron ML2 Mechanism Drivers Drivers
  • Neutron Network Types
  • Type Drivers – VXLAN
    • OpenStack VXLAN
  • Neutron Network Types – Overlay Networks
    • Networking a Freshly Bootstrapped Neutron
  • Neutron Subnets
  • Neutron Subnet Pool
  • Neutron Routers
    • Neutron Router Interface
    • Neutron Router Gateway
  • Neutron Network Types – Overlay Networks
    • Tenant Networks
  • Neutron Ports
  • Neutron Namespaces
  • OpenvSwitch
    • Neutron Architecture (OVS)
  • Architecture
    • Compute Node Network OVS Integration
  • Linux Bridge
    • Neutron Architecture (Linux Bridge)
  • neutron-server
  • Neutron Security Group
    • Compute Node Network OVS Integration
  • neutron-server – ML2Plugin
    • Neutron ML2 Plugin
  • neutron-server – L3 Agent
    • Neutron ML2 Plugin
  • neutron-server – OVS L2 Agent
    • Neutron L2 Agent

13. Introduction to OpenDaylight

  • Fundamentals for OpenDaylight Programming
    • Open Daylight- 4th Release “Beryllium” Production-Ready Open SDN Platform
  • Setup
    • OPEN DAYLIGHT Versions
  • OSGI
    • As the Architect Designed it
    • As the Boss Changed it
    • Business Requirements Changed it
    • As the programmer developed it
    • Design vs Deployment without OSGI
    • As the programmer Maintains the Code
    • Unknown Dependencies!?
    • How OSGI Helps
    • Open Service Gateway Initiative (OSGI)
  • Fundamentals – Maven and Project Building
    • Maven Package Manager for Java
  • Apache Karaf
    • Karaf: OSGI Management
  • Fundamentals – Mininet
    • Apache Karaf Overview

14. Writing an Application Using OpenDaylight

  • Writing an Application Using OpenDaylight
  • Restful Interface
    • Writing an Application using RESTful API

15. ONOS Controller

  • East-West ONOS Cluster
    • ONOS without Open_vSwitch table summarization
  • Shared Aggregate Network Topology
    • ONOS Open_vSwitch with summarization (east)
    • ONOS Open_vSwitch view after summarization
  • Provider Clustering Diagram
    • Open_vSwitch TABLE SUMMARY
  • ONOS0
  • ONOS1
  • Ecosystem
    • ONOS Ecosystem
  • Control and Data Planes
    • ONOS Control & Data Planes
    • Redundant ONOS Controllers
  • Network Slicing
    • Network topology determined by slice aggregation
    • ONOS controllers topology map sharing.
    • An ONOS primary controller is elected per slice
    • ONON network when a primary controller fails
    • Rapid Raft Consensus Protocol
  • Versions
    • ONOS after controller recovery

16. Securing SDN

  • Securing the Controller
    • Security Challenges
  • Security Challenges
    • SDN-Specific Security Challenges
  • Security Principles
  • Attack Model

SDN Labs

  • Lab 00 - Student Setup for SDN Labs
  • Lab 01 - Linux Networking Basics
  • Lab 02 - Using TCPdump to make pcap Files for Wireshark
  • Lab 03 - Virtual Interfaces
  • Lab 04 - Linux Bridge
  • Lab 05 - ADVANCED - Augmenting bash for working with Network Namespaces
  • Lab 06 - Open vSwitch (OVS)
  • Lab 07 - Introduction to Using Wireshark
  • Lab 08 - Introduction to Mininet
  • Lab 09 - Using MiniEdit to create custom MiniNet Topologies
  • Lab 10 - Mininet Namespaces -Learning about Linux Network Namespaces
  • Lab 11 - ADVANCED - SDN Topology Analysis using Python
  • Lab 12 - Using Wireshark to Capture OpenFlow v1.3 Traffic
  • Lab 13 - OPTIONAL - Using vim
  • Lab 14 - Introducing the Controllers (Ryu)
  • Lab 15 - Writing a FlowMod to Handle a Table-Miss - Controller Application (ryu-app)
  • Lab 16 - PacketIn Hub logic with an SDN (Ryu)
  • Lab 17 - Deploying Simple Switch logic with an SDN (Ryu)
  • Lab 18 - Deploying Simple Switch logic with an SDN (Ryu) Part 2
  • Lab 20 - Neutron Networking
  • Alta3 Research

    Software Defined Networking and Network Function Virtualization


    Duration: 5 Days with hands on labs

    Delivery: Onsite, Virtual

    Price:
    Instructor-led (via web):
    $2,595 USD
    Onsite: Contact us for onsite quotes

    Public Course Dates (Online, Instructor-led):
    Oct 30-Nov 3, 2017
    December 11-15, 2017
    January 22-26, 2017
    March 12-16, 2018

    Buy Virtual