Unit-I

Introduction

Software-Defined Networking (SDN) is an innovative approach to designing,

building, and managing networks that separates the network's control (brains) and
forwarding (muscle) planes to enable more flexible and efficient network management.
SDN provides a way to centrally control and program networks using software
applications, abstracting the underlying network infrastructure from the applications
and network services.

Evolving Network Requirements

A number of trends are driving network providers and users to re evaluate

traditional approaches to network architecture. These trends can be grouped under
the categories of demand, supply, and traffic patterns.

✓ Demand Is Increasing(Cloud Computing,Big Data,IoT,Mobile Traffic..)

✓ Traffic Patterns Are More Complex
✓ Traditional Network Architectures are Inadequate
✓ Static, complex architecture
✓ Inability to scale
✓ Inconsistent policies
The SDN Approach
This section provides an overview of SDN and shows how it is designed to meet
evolving network requirements.Software-Defined Networking (SDN) is a revolutionary
networking architecture that separates the control plane from the data plane. This
allows for more flexible and programmable network management.

Key Components of SDN

Control Plane:

Network Controllers: Centralized software that manages the flow control to the
networking devices.

SDN Applications: These run on top of the SDN controllers and manage specific
networking functions such as load balancing, security, etc.
Data Plane:

Network Devices: Routers, switches, and other hardware that handle data
forwarding based on the instructions from the control plane.

Centralized Network Control:

A central SDN controller manages the entire network, providing a holistic view
and enabling centralized decision-making.

Programmability:

Networks can be dynamically adjusted and managed via software applications,

offering greater agility and customization.

Northbound APIs:

Interfaces between the SDN controller and the applications. These APIs enable
the applications to communicate with the controller, providing a means for software-
defined policies and network control.

Southbound APIs:

Interfaces between the SDN controller and the network devices. These APIs
allow the controller to send instructions to the networking hardware.

Layered Architecture:

Application Layer: Consists of the SDN applications that provide various network
functionalities.

Control Layer: Includes the SDN controller that serves as the brain of the network.

Infrastructure Layer: Comprises the physical network devices and links.

Benefits of SDN

Simplified Network Management:

Centralized control simplifies the management and configuration of network

devices. It reduces the complexity of managing individual devices separately.
 Increased Agility and Flexibility:

SDN allows for dynamic adjustment of network resources and policies. It

enables rapid deployment of new applications and services without the need for
manual reconfiguration.

Enhanced Network Efficiency:

Optimizes resource utilization by providing a global view of the network. Allows

for more efficient traffic engineering and load balancing.

Improved Security:

Centralized control provides better visibility and control over network traffic.
SDN can dynamically enforce security policies and respond to threats more effectively.

Cost Reduction:

Reduces the need for expensive proprietary hardware by leveraging commodity

hardware. Simplifies network management, leading to lower operational costs.

Requirements

Adaptability: Networks must adjust and respond dynamically, based on

application needs, business policy, and network conditions.

Automation: Policy changes must be automatically propagated so that manual

work and errors can be reduced.

Maintainability. Introduction of new features and capabilitie (software

upgrades, patches) must be seamless with minimal disruption of operations.

Model management: Network management software must allow management

of the network at a model level, rather than implementing conceptual changes by
reconfiguring individual network elements.

Mobility: Control functionality must accommodate mobility including mobile

user devices and virtual servers.

Integrated security: Network applications must integrate seamless security as

a core service instead of as an add-on solution.
Comparison about Traditional network and SDN

In traditional networking, the control plane and data plane are integrated within
each network device, resulting in a distributed and device-centric architecture.
Configuration and management are manual and specific to each device, making it
time-consuming and prone to errors. This architecture limits flexibility and scalability,
as changes often require physical upgrades and extensive reconfiguration.
Additionally, the cost is higher due to the reliance on proprietary hardware and the
complexity of managing multiple devices individually. Security policies are
implemented at the device level, which can lead to inconsistencies and vulnerabilities.
Conversely, Software-Defined Networking (SDN) separates the control plane from the
data plane, centralizing control in an SDN controller. This centralization allows for
automated, network-wide configuration and management, significantly enhancing
flexibility and scalability. Changes can be made programmatically, enabling dynamic
adaptation to network demands. SDN also reduces costs by utilizing commodity
hardware and simplifying network management. Security policies are centrally
managed, ensuring consistent implementation and rapid response to threats. Overall,
SDN provides a more efficient, scalable, and cost-effective approach to networking
compared to traditional methods.
SDN Architecture

Software-Defined Networking (SDN) is an approach to networking that

separates the control plane from the data plane. This decoupling allows for more
flexible, programmable, and centralized network management, enabling dynamic
response to varying network conditions and requirements.

Fig: SDN Architecture

Key Components of SDN Architecture

1.SDN Controller

Acts as the central control unit, managing and orchestrating the network's operation.

Functions:

✓ Network topology discovery

 ✓ Path computation
✓ Policy enforcement
✓ Monitoring and analytics
✓ Examples: OpenDaylight, ONOS, Ryu

2.Network Devices

Hardware or software entities (switches, routers) that forward data packets

based on the rules set by the SDN controller.

Characteristics:

✓ Simple, focused on packet forwarding

✓ Lack of embedded control logic (unlike traditional devices)
3. Northbound Interfaces (NBI)
Facilitate communication between the SDN controller and higher-level
applications or orchestration systems.

Characteristics:

✓ Typically RESTful APIs

✓ Enable programmability and customization of network behaviour

4.Southbound Interfaces (SBI)

Enable communication between the SDN controller and the network devices.
Examples:

✓ Open Flow: The most common protocol, defining how the control plane
interacts with the data plane.
✓ NETCONF: Used for device configuration.
✓ OVSDB: Manages the configuration of Open vSwitch instances.

SDN Architecture Layers

1.Application Layer

Hosts network applications that deliver services like traffic management, load
balancing, firewall, and security.

Functionality:

✓ Defines network policies and behavior

✓ Interfaces with the SDN controller via NBIs
2.Control Layer
Consists of the SDN controller, which serves as the network’s "brain."

Functionality:
✓ Centralized decision-making and policy enforcement
✓ Maintains a global view of the network
✓ Communicates with both the application layer (via NBIs) and the infrastructure
layer (via SBIs)
3.Infrastructure Layer

Comprises physical and virtual network devices that handle data packet
forwarding.

Functionality:
✓ Executes the rules and policies set by the control layer
✓ Relays network state information back to the control layer
Benefits of SDN Architecture

i)Programmability
ii)Centralized Management

iii)Cost Efficiency
iv) Scalability

v) Enhanced Security
Use Cases of SDN Architecture
Data Centres

Optimizes resource allocation, traffic management, and automates network

operations, enhancing performance and efficiency.

Enterprise Networks
Simplifies network management, improves performance, and enhances
security by providing centralized control and automation.
Telecommunications

Facilitates network slicing, on-demand service provisioning, and efficient

traffic management, essential for 5G networks.

Cloud Networking
Supports the dynamic and scalable nature of cloud services, enabling elastic
and efficient networking solutions.
Software Defined Networking for IoT Security
Internet of things (IoT) poses challenges that are different from traditional
Internet in different aspects — heterogeneous communication technologies,
application-specific QoS requirements, massive influx of data, and unpredictable
network conditions. On the other hand, software-defined networking (SDN) is a
promising approach to control the network in a unified manner using rule-based
management. The abstractions provided by SDN enable holistic control of the network
using high-level policies, without being concerned about low-level configuration
issues. Hence, it is advantageous to address the heterogeneity and application-
specific requirements of IoT.

Security Approach

Intrusion detection and mitigation approach, the overall operation of which is

depicted in Figure, provides security in SDN-based networks by automated, intelligent
analysis of network flows, followed by mitigation actions being taken in accordance
with the decision of the intrusion detection component. The end-to-end intrusion
detection and mitigation process relies on three main applications in the application
layer, namely Feature Creator, RF classifier, and Attack Mitigator.

Fig :SDN-based Security Solution Architecture.

 The Feature Creator collects network flows from the switches at regular
intervals and calculates the values of features that are required by the RF classifier for
each flow. The RF classifier applies its pre-built intrusion detection model on the flow
instance and passes the result to the Attack Mitigator. The Attack Mitigator then
determines the action to take based on the classification result and installs flow rules
into the corresponding switches to mitigate the attack if necessary

Feature Creation:

✓ Implementing custom firewalls, Intrusion detection systems,& Access Control

✓ Optimizing the flow of Data(Reduce latency, Improve Throughput)
✓ Automatically adjusting the routing path(Dynamic Routing)
Random Forest Tree:
✓ It is a Machine algorithm
✓ It uses technique called Bootstrap Aggregating(To create a multiple dataset
from the original dataset)
✓ Reduce over fitting, High accuracy
Attack Mitigation:

✓ It respond cybersecurity threads

✓ Prevention(Firewalls, Access control, Patch management)

Software-Defined Networking (SDN) offers several advantages when integrated

with IoT (Internet of Things) networks,

✓ Centralized Management
✓ Enhanced Flexibility and Agility
✓ Improved Network Visibility and Monitoring
✓ Optimized Network Performance
✓ Enhanced Security
✓ Interoperability and Integration
✓ Improved Data Management