it's a way of
Trying to put control of how the network gets configured in some sense into the hands of programmers
Rather than just leaving it to a bunch network protocols
I've talked in the past a bit about Ip routing and you've got the idea there that there's routers which are
Computers that have multiple network cards in that are interconnected
And they run some software on the routers and the software implements a particular Routing protocol
link state Protocol whatever it might be and
so the
Software on the route has exchanges packets
with other instances that software and
They work out the state of the network and they figure out how everything's laid out and they work out how to route through that
Network and then when data comes in other packets come into the network all through just know what to do they look at the packets
Destination address they work out where to send it so it gets towards its destination
So that's kind of traditional networking with software defined networking
The approach is basically is essentially saying that you want to go from that quite distributed
Control where you configure things, but then the protocols is run in the background and work out
What's going on to a much more substantial eyes control?
So you have software running which is going to actually tell all of the routers or switches typically?
It's usually done at the lower layer things, so it's usually done at an ethernet layer rather than at my peeler
They tell the switches okay when you see this thing this packet come in
You should do this with it, and so it's much more direct kind of poking everything internet
but poking all the rules in and saying what should happen if you've got a sort of traditional network you might have a bunch of
Switches or breeders have you wanna call them let's take the case of Ethernet spanning tree
There's a protocol running called spanning tree
Which designates that this is going to be the root switch in the network and then that runs a protocol to work out a spanning?
Tree so this is a structure on a graph
Which is essentially the minimal set of links that?
Will allow you to reach every other thing in the graph every other node in the graph
So in this case depending on how the network set up
perhaps it would be that link would be in that link would be in that link might be in that link might be in and
That leak might be in so these two links in that case would not be in the spanning tree
So there's a protocol that runs in the background that maintains that so one of these
Selected links say this one would were to go down you'd end up with maybe this one would come in
So it sort of responds to things like that, but all the switch is running that protocol continuously in the background
And they're all kind of in some sense. They're almost running it independently in that they're all doing their own thing and
participating this protocol
With the software defined networking firstly on each of these switches you now have a piece of software running
Which is able to control the switch
I'll come back to what exactly it does in a minute, and then you have another piece of software which is called a
controller and this piece of software the controller makes a connection to each of
These bits of software on each of these switches
There's obviously a bootstrap problem here about how it gets to make that connection given it's about to control the network
So that's a process. That's be gone through but basically you end up with a controller
Able to talk to each of these switches
And then it talks a protocol called open flow
This is the kind of the height what there are actually two or three other alternatives this P4 and puffs are two of them
But this is the one that seems to have got out there in the industry
And it's actually supported by switch manufacturers to some extent and essentially you can insert into each of the switches
Rules that say when you see a packet coming in that matches this each rule has got basically a match
Clause and then it's got an action associated with it
And so it might be that a match says well if the source IP address equals 10 dot 0 dot 0 dot
And we want to drop it or it might be that it says you know destination IP address
Equals 10 dot 0 dot 0 dot - we want to forward it out of port number 3 so it's more
Explicitly saying to each of the switches this is what you should do. This is what you do
This is what you should do in these particular cases
So it then becomes about explicitly managing those rules and because this is a piece of software here, you can write
whatever sort of algorithms you want here to do things in different ways or to treat traffic in different ways each of these bits of
software running on the switches that
Open for Switch might have a default rule that says if I see a packet, and I don't know what to do with it
I should send it to the controller
So it can then send the packets. It's never seen before - controller controller can look at the packet and go oh
This is somebody trying to make a connection to that web server
I should put in a
Rule that says that make sure that that connection always goes through the firewall or make sure that that connection always goes through
Some of the proxy middle box of some kind. What's the main benefits over traditional math again?
It gives you more explicit control so with these kind of methods either with this sort of protocol or with the IP routing protocols
You essentially control everything by setting weights, and then you allow the network to work things out
There's one way to think of it in this case you control things by explicitly saying what you want to happen, so you can
And you you so you've got that the ability to be more specific about what should what should occur?
So you can tell what's gonna happen hopefully more easily
In practice is a very complicated network very complicated rule sets in might not be so simple
But that's the kind of the map. I think part of the motivation behind it spanning tree for example
It's essentially drop or forward out of a particular port in IP routing
It's drop or fault out of a port and you do a couple of things in passing so you determine the TTL fields for example
You might check it checksum and drop it
It doesn't matter checksum
But it's still fairly simplistic with the controller actions aren't just dropping forward or forward to control it you can also rewrite
Certain fields for example, so you might say well packet comes through here with these details in the header
I'm gonna rewrite some of those fields before I send it on
You've got more complex rule sets so you can with certain with more recent versions of the Openflow protocol
You can start to chain tables together this you say well, here is a table of rules, and then if it matches this rule
it's going to go and be processed by this table of Rules and
You can build up state as you move the packet between tables so as you as you traverse through a sequence of tables you can
Remember things about how you got there essentially it's statistics for example about how many packets matched
Against which of these rules how many packets how many bytes matched against which of these rules and so you're getting this kind of?
sort of feed of information from
It's an interesting question there's a lot of research interest in these kind of systems and actually they go back to
At least to the ninth 90s. There was work for example back in the late 90s. Just around time
I started my phd
So I was done here in Cambridge
Which was looking at how to do this kind of control system for an ATm network so that a synchronous transfer mode not cash machines
So, but it was a very similar thing where you'd have you have some kind of layer of software on each switch
You have the ability for some sort of control process just put information into though into that software to say what should happen when?
cells came in on particular
virtual circuits that general idea has been
It's kind of been around for a bit
And there's a lot of interest in the research community that's kind of waxed and waned over the years probably the biggest
Deployment that I know of that is using this in some sense is google. So for Google's network
They use that apparently to manage their global
Network to make it work in the way. They wanted to more efficiently than they can achieve use into traditional kind of protocols
I
Guess it's yeah, it's not unlikely. I don't know I'm not an expert on Google's infrastructure, but it seems not unlikely that that's what happened
Hopefully at least 200 more
We'd like to thank audible.com for supporting computerphile if you go to audible.com slash computerphile
You can sign up for a 30 day free trial now
Today, I'd like to recommend a game of thrones
Everyone's been talking about the TV series, but the books are absolutely fantastic
And what's better is the graphics are all up here?
So that makes them quite a lot better than TV CGI in my humble opinion
I've inhaled the books and I'm waiting with bated breath for the next one. I'm surprised
I haven't actually recommended these before as I've just worked my way through them and just loved every second of it
So remember audible.com slash competes file for that 30 day free trial. Thanks once again to them for supporting computerphile
The problem is that if I obtain a cookie of you which is supposed to be secure?
then I can send that to let's say Amazon or to a shop and
Say, I'm sure and please you know what's in a shopping basket. What's his address? What's his credit card details?
