1. the developing of SDN came with modifying and inventing new network protocols. what are the most important protocols in this issue?
2. the applying of SDN opened the door to many attack risk. the immune of SDN to DDoS attack?
No, SDN in effect creates an overlay network for managing network components, it does not change the network protocols per se.
The main protocol is used with the SDN is the OpenFlow protocol for remote communication with network plane elements for the purpose of determining the path of network packets across network switches.
It uses Ternary Content Addressable Memory (TCAM) tables to route packet sequences (flows). If flows arrive at a switch, a flow table lookup is performed. Depending on the flow table implementation this is done in a software flow table if a vSwitch is used or in an ASIC if it's implemented in hardware, it is based on three different modes: reactive , proactive and hybrid modes.
Hi
network did not change, protocols are as they are. The only new thing added to the network is a controller. The swtiches will never build their switching tables alone like before. they will ask the controller for each flow what to do with it. However, if the controller is down, the netwrok will not die. Switches will work as the old time. So only one protocol came out, OpenFlow, that connects the controller with switches. In this protocol, the switch sends the packet to the controller and the controller sends the action to be taken to the switch. Think about it as we took the brain of the switch and put it somewhere else only. but the brain is out so how to communicate with it? Openflow.
Is SDN immune to DDos? NO are we immune now ? NO. I work with applications of SDN in security. I found alot of issues that can be solved in this approach.
P.S: Networking is about mastering the complexity. In SDN we tried to reduce the complexity of configuration and management. However, we added more stuff.
Sir Masoud, thank you so much for explaining.
so, dose the switch need to forward all the packet to the controller or just a patch? if it need to send all the packet and each packet to the controller, dose not this make a traffic problem in the network specially at the controller?
load yes, delay also yes. not all packets only the first packet of each flow. After that the switch will treat the second packet in the same flow in the same way. But you also can command the switch to forward all packets to the controller and not to construct a flow table. I used this before. However, I couldnot craete much traffic to feel the delay in the network.
As you had worked on this issue before, what is the suitable programing language that required?
It depends on the controller that you will use. I recommend Ryu. It is will documented, easy to use and install. It uses Python and you can very easy start using it. You can modify any written example. It will take a while to use to it. But after that you can manipulate packets in magnificent way. If you need any help with it let me know.
So, I read something about NOX controller and they said it based on c++, I mention it because I have skill in c++. What do you think?
If you can workwith C++, it is easy to work with python. any way try to download documentations of NOX and read it. Ryu is only a recommendation because I used it. May be NOX is better!!
OK, I will try and I will return back to you. thank you so much.
- Badges
- Science topic