SDN

This chapter describes SDNSoftware-Defined Networking. SDN is an umbrella term encompassing several kinds of network technology aimed at making the network as agile and flexible as the virtualized server and storage infrastructure of the modern data center. and OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network., and the procedure for configuring OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. services. It includes the following topics:

Overview

OpenFlow for WLAN

Clickstream Analysis

Wildcard ACL Support

Overview

SDNSoftware-Defined Networking. SDN is an umbrella term encompassing several kinds of network technology aimed at making the network as agile and flexible as the virtualized server and storage infrastructure of the modern data center. is an architecture that uses OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network.. It enables software programs to manipulate the flow of packets in a network, and manages the traffic to suit the requirements of an application. OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. enables an SDNSoftware-Defined Networking. SDN is an umbrella term encompassing several kinds of network technology aimed at making the network as agile and flexible as the virtualized server and storage infrastructure of the modern data center. controller by allowing dynamic manipulation of a forwarding plane of controllers and routers. In an Instant deployment scenario, OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. runs on every master and slave Instant AP. The Instant APs can connect and communicate with the OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. controller over a TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. channel. However encryption between the OpenFlow agentOpenFlow agent. OpenFlow is a software module in Software-Defined Networking (SDN) that allows the abstraction of any legacy network element, so that it can be integrated and managed by the SDN controller. OpenFlow runs on network devices such as switches, routers, wireless controllers, and APs. and OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. controller takes place through TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. .

Functionalities of SDN

Interoperability

With SDNSoftware-Defined Networking. SDN is an umbrella term encompassing several kinds of network technology aimed at making the network as agile and flexible as the virtualized server and storage infrastructure of the modern data center. and OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network., it is possible to interoperate with, control, and manage third party devices in the network.

Customization or Programmability

SDNSoftware-Defined Networking. SDN is an umbrella term encompassing several kinds of network technology aimed at making the network as agile and flexible as the virtualized server and storage infrastructure of the modern data center. enables network programmability. This flexibility enables customers to build applications that can control and manage network traffic to suit their needs.

OpenFlow for WLAN

Every Instant AP interacts directly with an OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. controller. An Instant AP makes wireless clients connected to the OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. enabled port appear on the OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. controller. When the Instant AP learns about a client connected to the port, the Instant AP sends a gratuitous ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. packet (enclosed in an OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. protocol message) to the OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. controller. Prior to this, the Instant AP exposes all WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. ports and OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. SSIDsService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. as a logical port to the Openflow controller. This way, OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. controller learns about the hosts on some ports of the Instant AP. When an OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. controller pushes the flow of clients to an Instant AP, it can find out the right Instant AP to which the flow needs to be pushed.

Heuristics and RTPA Support

When OpenFlow agentOpenFlow agent. OpenFlow is a software module in Software-Defined Networking (SDN) that allows the abstraction of any legacy network element, so that it can be integrated and managed by the SDN controller. OpenFlow runs on network devices such as switches, routers, wireless controllers, and APs. is enabled, Instant APs can send heuristics and RTPReal-Time Transport Protocol. RTP is a network protocol used for delivering audio and video over IP networks. analysis data to the OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. controller. The controller runs as either Service Controller or as Central.

With the current release of Central, heuristics data is supported only for Skype for Business. When heuristics data is sent to Central, it either allows or denies the RTPReal-Time Transport Protocol. RTP is a network protocol used for delivering audio and video over IP networks. session. Instant APs send RTPReal-Time Transport Protocol. RTP is a network protocol used for delivering audio and video over IP networks. downstream analysis data that includes jitters, delay, packet loss, and RTPReal-Time Transport Protocol. RTP is a network protocol used for delivering audio and video over IP networks. count. This information comes directly from the driver for each Instant AP type.

SDN Skype

When an OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. connection is established between Instant APs and Central, and when clients connected to an Instant AP make a Skype call, the Skype server sends the call details to Central. Based on call details received from the Skype server, Central sends OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. enabled flows to the Instant APs. This way, Skype calls initiated by Instant AP clients are given higher precedence and can experience better call quality. Central contains information about the call details and the call quality.

When a Skype call is terminated, its corresponding sessions gradually ageout.

 

OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. is supported on AP-303P, 303 Series, 318 Series, AP-374, AP-375, AP-377, AP-344, AP-345, AP-203H, AP-303H, AP-365, AP-367, AP-203R, AP-203RP, IAP-214/IAP-215, IAP-314, IAP-315, IAP-324, IAP-325, IAP-334, IAP-335, IAP-207, IAP-304, and IAP-305, platforms.

OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. is not supported on Layer-3 mobility profiles and wired profiles.

You can enable OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. configuration by using the WebUI or the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:

In the Old WebUI

To enable OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.:

1. On the Networks tab of the Instant main window, click the New link. The New WLAN window is displayed.

2. Enter a name that uniquely identifies a WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. network in the Name text box.

3. Click Show advanced options.

4. Select the Openflowcheckbox.

To enable OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. authentication:

1. Click the Services link under More on the Instant main window. The Services window is displayed.

2. Click the Openflow tab.

3. Update the controller IP address in the OFC IP/FQDN textbox.

4. Update the port address in the Port text box.

5. Select the TLS checkbox.

6. Click OK.

In the New WebUI

To enable OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.:

1. Go to Configuration > Networks and click + or select a profie from the list of networks and click Edit.

2. Under Basic, enter a name that uniquely identifies a WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. network in the Name text box.

3. Click Show advanced options.

4. Under miscellaneous, toggle the Openflow switch to enable.

To enable OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. authentication:

1. Go to Configuration > Services.

2. Expand Openflow.

3. Update the controller IP address in the OFC IP/FQDN textbox.

4. Update the port address in the Port text box.

5. Toggle the TLS switch to enable.

6. Click Save.

In the CLI

To configure an OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. enabled SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. in a WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. profile:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# openflow-enable

To enable OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. through TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. and TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. channels:

(Instant AP)(config)# openflow-server {host <addr> tcp-port <port> | tls-enable}

Wired Port Support

Starting from Aruba Instant 8.4.0.0, all clients connected to a wired port will be listed on ACP through the same packet_in method used for wireless ports. For trusted ports, all packets will be sent to ACP through the packet_in method if the packet matches the flow installed using the OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. ACL104. This allows learning of all AirGroup devices connected upstream to ACP.

Clickstream Analysis

Clickstream is a record of user activity on the Internet. Clickstream data is very useful as it helps understand the Internet customer's behavior. Clickstream data is collected either in the form of website log files or in the form of direct decoding of the Internet request data payload.

When customers require HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. payload related information of the user's web traffic, data is fed to their clickstream analytics engine through Central. To support this, Instant APs use OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. as the SDNSoftware-Defined Networking. SDN is an umbrella term encompassing several kinds of network technology aimed at making the network as agile and flexible as the virtualized server and storage infrastructure of the modern data center. protocol to transfer clickstream data from the access point infrastructure to Central.

An Instant AP datapath extracts clickstream data of the HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. session of every client, and sends it to the OpenFlow agentOpenFlow agent. OpenFlow is a software module in Software-Defined Networking (SDN) that allows the abstraction of any legacy network element, so that it can be integrated and managed by the SDN controller. OpenFlow runs on network devices such as switches, routers, wireless controllers, and APs. through a socket. The OpenFlow agentOpenFlow agent. OpenFlow is a software module in Software-Defined Networking (SDN) that allows the abstraction of any legacy network element, so that it can be integrated and managed by the SDN controller. OpenFlow runs on network devices such as switches, routers, wireless controllers, and APs. maintains this data in a ring buffer and dumps it into the OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. controller either on a full buffer basis or on a periodic timeout basis. On receiving this message, OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. controller segregates the data based on the flow type and forwards it to the clickstream application for further processing.

The Instant AP datapath can extract six TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. segments for an HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. POSTPower On Self Test. An HTTP request method that requests data from a specified resource. message. However, it can extract only two TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. segments for other HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. methods such as GETGET refers HTTP request method or an SNMP operation method. The GET HTTP request method submits data to be processed to a specified resource. The GET SNMP operation method obtains information from the Management Information Base (MIB)., HEAD, PUT, PATCH, and DELETE. Instant does not support the extraction of HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. methods such as TRACE, CONNECT, and OPTIONS.

You can obtain details about a clickstream data feed by executing the show openflow clickstream-statistics command on the Instant CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..

 

The ring buffer size of clickstream data is modified according to the requirements of the Central deployments.

Wildcard ACL Support

Wildcard ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. enable ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device.  requests or responses to match with the ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. flow. The wildcard flow installed by OFC can be programmed to have any of the five tuple information—source IP address, destination IP address, source port, destination port, or protocol. This flow is used to either allow, deny, or send packet count to the Openflow controller.

Wildcard ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. support introduces the following:

Support for New Openflow Wildcard ACL

Wireless Client ARP Handling

Packet Out Implementation for mDNS

Support for New Openflow Wildcard ACL

The OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. wildcard ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. in datapath is 104. When OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. is enabled on an SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., packets are subjected to ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. 104 in the slow path. Depending on the packet type, the packet is copied to the user space OFALD process. The user space then sends the data in the packet_in format to the OFC.

Wireless Client ARP Handling

OFC installs a wildcard ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. flow that allows matching ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. requests and responses. Accordingly if the ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. request or response matches the ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. flow, a copy of the ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. packet is sent via PACKET_IN to OFC.

Packet Out Implementation for mDNS

When the ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. cache times out on the OFC after 8 minutes, it sends out an ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. request to the Instant AP using the packet out protocol option. When Instant AP receives the packet out, it removes the OpenFlowOpenFlow is an open communications interface between control plane and the forwarding layers of a network. headers and sends out the ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. packet request to its downstream clients. If the client is still connected to the SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., it responds with an ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. response that is in turn sent to the OFC using the packet_in method.