SOFTWARE DEFINED SYSTEMS

Course Code: SWEG5108

Target Group: 5th Year Software Engineering

2025
 Outline
Chapter 3 01 SDN concepts, architecture, and APIs

Software Defined Networking 02 Network Virtualization

(SDN) 03 Benefits of SDN

04 SDN use cases

05 SDN and SD-WAN

06 SDN basics and OpenFlow protocol

07 Segment routing

08 Segment routing interworking with

LDP

09 Controller: Floodlight
Software-defined networking (SDN)
 Software-defined networking (SDN) is an architecture that abstracts
different, distinguishable layers of a network to make networks agile
and flexible.
 It is an approach to networking that uses software controllers that
can be driven by application programming interfaces (APIs) to
communicate with hardware infrastructure to direct network traffic.
 The goal of SDN is to improve network control by enabling
enterprises and service providers to respond quickly to changing
business requirements.

Software Defined System 3

Software-defined networking (SDN)
 SDN technology enables IT administrators to configure their networks
using a software application
 SDN software is interoperable, meaning it should be able to work
with any router or switch, no matter which vendor made it.

Software Defined System 4

The Need for a New Network Architecture
 The explosion of mobile devices and content, server virtualization,
and advent of cloud services are among the trends driving the
networking industry to re-examine traditional network architectures.
 Many conventional networks are hierarchical, built with tiers of
Ethernet switches arranged in a tree structure.
 This design made sense when client-server computing was dominant,
but such a static architecture is ill-suited to the dynamic computing
and storage needs of today’s enterprise data centers,

Software Defined System 5

The Need for a New Network Architecture
Some of the key computing trends driving the need for a new
network paradigm include:
 Changing traffic patterns: Within the enterprise data center, traffic
patterns have changed significantly.
 In contrast to client-server applications where the bulk of the
communication occurs between one client and one server, today’s
applications access different databases and servers.

Software Defined System 6

The Need for a New Network Architecture
 The consumerization of IT: Users are increasingly employing mobile
personal devices such as smartphones, tablets, and notebooks to
access the corporate network.
 IT is under pressure to accommodate these personal devices in a fine-
grained manner while protecting corporate data and intellectual
property and meeting compliance mandates

Software Defined System 7

The Need for a New Network Architecture
 The rise of cloud services: Enterprises have enthusiastically embraced
both public and private cloud services, resulting in unprecedented
growth of these services.
 Enterprise business units now want the agility to access applications,
infrastructure, and other IT resources on demand.
 To add to the complexity, IT’s planning for cloud services must be
done in an environment of increased security, compliance, and
auditing requirements.

Software Defined System 8

The Need for a New Network Architecture
 “Big data” means more bandwidth: Handling today’s “big data” or
mega datasets requires massive parallel processing on thousands of
servers, all of which need direct connections to each other.
 The rise of mega datasets is fueling a constant demand for additional
network capacity in the data center.

Software Defined System 9

Limitations of Conventional Networking Technologies

Software Defined System 10

Limitations of Conventional Networking Technologies
 Inability to scale
 Bandwidth limitations
 Vendor dependence
 Lack of flexibility
 Reliability
 Latency
 Complex configuration and management
 Security vulnarabilities
Software Defined System 11
Network virtualization
 Network virtualization is a technology that allows the creation of virtual
networks on top of physical network infrastructure.
 It enables the abstraction of network resources, such as switches, routers, and
firewalls, from the underlying hardware, making it possible to create multiple
virtual networks that operate independently of each other.
 The key idea behind network virtualization is to decouple the network's logical
functions and services from the physical infrastructure.
 This decoupling is achieved by using software-defined networking (SDN) and
network virtualization overlays (NVOs).

Software Defined System 12

Benefits of network virtualization
 Multi-tenancy: Virtual networks enable the creation of isolated environments
for different tenants or applications, allowing them to have their own network
configurations and policies.
 Resource optimization: Network virtualization enables the efficient utilization of
network resources by dynamically allocating them based on demand. This
flexibility improves resource utilization and reduces costs.
 Simplified management: Centralized control and management of the network
through SDN controllers simplify network administration tasks, such as
provisioning, configuration, and troubleshooting.

Software Defined System 13

Benefits of network virtualization
 Increased flexibility: Virtual networks can be easily created, modified, and
scaled, providing agility to adapt to changing business requirements. This
flexibility is particularly beneficial in cloud computing environments.
 Enhanced security: Network virtualization allows for the implementation of
security policies and isolation between virtual networks, improving overall
network security.

Software Defined System 14

SDN Architecture and Components
 To understand software-defined networks, we need to understand
the various planes involved in networking.
 Management/ Application Plane
 Control Plane
 Data Plane (Forwarding Plane)

Software Defined System 15

SDN Architecture and Components
Data Plane (Forwarding Plane)
 The data plane is responsible for the actual forwarding and processing
of network traffic.
 It operates at the network devices (routers, switches, firewalls) and
performs tasks such as packet forwarding, switching, and filtering
based on predefined rules.
 The data plane processes packets based on the information contained
in the packet headers (e.g., source and destination addresses) and
directs them to the appropriate output ports.

Software Defined System 16

SDN Architecture and Components
Control Plane
 The control plane is responsible for making decisions about how network
traffic should be handled and for managing the operation of network
devices.
 It handles tasks such as routing, addressing, and network topology
discovery.
 The control plane communicates with network devices to exchange routing
information, update forwarding tables, and establish paths for network
traffic.
 In traditional networking, the control plane is distributed across network
devices, with each device independently making routing decisions.
Software Defined System 17
SDN Architecture and Components
Management/ Application Plane
 The management plane is responsible for the administration,
configuration, and monitoring of network devices and the network as
a whole.
 It involves tasks such as device configuration, software updates,
performance monitoring, and network troubleshooting.
 The management plane provides network administrators with the
tools and interfaces to interact with network devices, monitor
network performance, and ensure the network is functioning
optimally.

Software Defined System 18

SDN Architecture and Components
APIs
 These three layers communicate
using respective northbound and
southbound APIs.

Software Defined System 19

SDN Architecture and Components
Northbound Interface
 A northbound interface is an application programming interface (API) or protocol
that allows a lower-level network component to communicate with a higher-
level or more central component.
 It provides APIs and protocols that enable applications and services to interact
with the SDN controller.
 The northbound interface allows applications to request network services,
provide policy information, and receive network state information from the
SDN controller.

Software Defined System 20

SDN Architecture and Components
Southbound Interface
 The southbound interface connects the control layer with the infrastructure
layer.
 It consists of communication protocols and APIs that enable the SDN controller
to communicate with the network devices.
 Popular southbound interface standards are Simple Network Management
Protocol (SNMP), OpenFlow, and Open Shortest Path First (OSPF).

Software Defined System 21

OpenFlow Protocol and its Role in SDN
 OpenFlow (OF) is considered one of the first software-defined networking (SDN)
standards.
 It’s an open source standard supported by many vendors, is the first software
defined networking (SDN) control protocol.
 It’s an interface for remotely controlling the forwarding tables in network
switches, routers and access points.
 It separates the control plane (decision-making) from the forwarding plane
(packet routing).

Software Defined System 22

OpenFlow Protocol and its Role in SDN
 OpenFlow is currently in version 1.5 – 2.0 of the specification. (March 2025)
 It is maintained by the Open Network Foundation(ONF).
 OpenFlow is a network control protocol.
 Network traffic does not go through the OpenFlow protocol.
 Instead, OpenFlow sends the control signals that tell the network switches how
to route the network traffic.

Software Defined System 23

OpenFlow Protocol and its Role in SDN
 SDN enables network virtualization, allowing multiple virtual networks to
coexist on a shared physical infrastructure.
 Overlay networks are created on top of the underlying physical network,
providing logical isolation and flexibility for deploying virtual networks.

Software Defined System 24

Origin and Development of OpenFlow
 OpenFlow originated from the Clean Slate Program of Stanford University.
 This program considered how the Internet could be redesigned with a "clean
slate", and aimed to change the network infrastructure that was slightly out of
date and difficult to evolve.
 The project attempted to use a centralized controller to allow network
administrators to easily define security control policies based on network flows
and to apply these security policies to various network devices, thereby
implementing security control over the entire network communication.

Software Defined System 25

Origin and Development of OpenFlow
 Since its first official version 1.0 released at the end of 2009, OpenFlow has
evolved from versions 1.1, 1.2, 1.3, to the latest version 1.5 – 2.0.

Software Defined System 26

How does OpenFlow Works
 The OpenFlow architecture consists of a controller, OpenFlow switch, and
secure channel.
 The controller controls the network in a centralized manner to implement the
functions of the control layer.
 The OpenFlow switch is responsible for forwarding at the data layer; it
exchanges messages with the controller through a secure channel to receive
forwarding entries and report its status.

Software Defined System 27

How does OpenFlow Works
OpenFlow Controller
 An OpenFlow controller is the brain of the
SDN architecture and is located at the control
layer to instruct data forwarding through the
OpenFlow protocol.
 Currently, mainstream OpenFlow controllers
are classified into two types: open-source
controllers and vendor-developed
commercial controllers.
 The widely used open-source controllers
include NOX, POX, and OpenDaylight.
 Huawei's iMaster NCE, Cisco Application
Centric Infrastructure (ACI), HP VAN SDN
Controller, Juniper Contrail, Big Switch
Networks Controller are commercial ones.

Software Defined System 28

How does OpenFlow Works
OpenFlow Secure Channel
 A secure channel is established between a
controller and an OpenFlow switch.
 Through this channel, the controller
controls and manages the switch, and
receives feedback from the switch.
 The messages exchanged over the
OpenFlow secure channel must comply
with the format specified by the
OpenFlow protocol.
 The OpenFlow secure channel is usually
encrypted using Transport Layer Security
(TLS)

Software Defined System 29

How does OpenFlow Works
OpenFlow Switch
 As a core component of the OpenFlow
network, an OpenFlow switch is mainly
responsible for forwarding at the data
layer.
 It can be a physical or virtualized
switch/router.

Software Defined System 30

What are the advantages of OpenFlow?
 The SDN nature of OpenFlow allows for quick response to changes and failures.
 It is also highly flexible and can manage highly complex rules.
 Centralized Network Control
 Network Programmability
 Scalability and Flexibility
 Rapid Network Innovation
 Traffic Engineering and Optimization
 Interoperability and Vendor Neutrality
 Network Monitoring and Troubleshooting
Software Defined System 31
 OpenFlow? : Example
 To illustrate the use of OpenFlow, imagine a campus area network (CAN) with
many buildings, switches and two internet connections. For normal operation,
the network traffic flows through the closest connections to get to its
destination. If a link connecting two buildings goes down, the switches can
report the connection status to the controller, which then sends new flow rules
out to the affected switches with a new forwarding path. If an internet
connection goes down it can also route any internet-bound traffic over the good
link. A large CAN with many different types of devices could also quickly become
full of unwanted traffic, but it would be expensive to put a firewall between
each building or even each floor within a building. The flow rules could be set to
drop unwanted traffic such as broadcast requests or Apple Bonjour so they
don't go out to the entire network and quickly overwhelm it.

Software Defined System 32

SDN Use Cases
Data Center Networks
 SDN is widely used in data centers to improve network agility, simplify
management, and support virtualization and cloud computing environments. It
enables automated provisioning, network slicing, and seamless migration of
virtual machines.
Wide Area Networks (WANs)
 SDN can optimize WAN performance and manage traffic across multiple sites by
enabling centralized control and dynamic path selection. It simplifies WAN
management, reduces costs, and improves application performance.

Software Defined System 33

SDN Use Cases
Campus and Enterprise Networks
• SDN brings flexibility and automation to campus and enterprise networks,
enabling policy-based network management, simplified network configuration,
and secure access control. It supports dynamic network partitioning and
prioritization of traffic.
Internet of Things (IoT) Networks
• SDN provides a scalable and flexible infrastructure for managing large-scale IoT
deployments. It enables efficient device connectivity, dynamic routing, and
security enforcement, facilitating IoT deployments in various industries.

Software Defined System 34

SD-WAN (Software-Defined Wide Area Networking)
• SD-WAN is a software-defined approach to managing the WAN.
• It uses software-defined networking (SDN) principles to abstract the underlying
network infrastructure and provide centralized control and management of the
WAN.
• Multiprotocol Label Switching (MPLS) enables Enterprises and Service Providers
to build next-generation intelligent networks that deliver a wide variety of
advanced, value-added services over a single infrastructure.

Software Defined System 35

SD-WAN (Software-Defined Wide Area Networking)
• SD-WAN evolved from MPLS technology, which has powered private connectivity
for more than two decades.
• It brings secure, private connectivity that's agnostic to all kinds of links and
providers and is cloud-aware.
• While MPLS handled failure scenarios with backup links, SD-WAN handles them
with real-time traffic steering based on centralized policy.
• Also, since SD-WAN unifies the entire WAN backbone, it delivers comprehensive
analytics across the network globally.
• This wasn't possible before, because of disparate pieces of infrastructure and
policy.
Software Defined System 36
SD-WAN (advantages)
• Reducing costs with transport independence across MPLS, 4G/5G LTE, and other
connection types.
• Improving application performance and increasing agility.
• Optimizing user experience and efficiency for software-as-a-service (SaaS) and
public-cloud applications.
• Simplifying operations with automation and cloud-based management.

Software Defined System 37

Network Function Virtualization (NFV)
• NFV, is a virtualization technology that allows network functions to be run on
standard servers, rather than on specialized hardware.
• Common Network functions include Routing, switching, firewalls, load
balancers, intrusion detection systems , Virtual private network(VPN), Network
address translation(NAT), Quality of service(QoS), Domain Name System (DNS),
Security etc…
• NFV virtualizes network functions, enabling them to run on standard servers for
increased agility and cost savings.

Software Defined System 38

NFV vs SDN
• NFV (Network Functions Virtualization) and SDN (Software-Defined Networking)
are two distinct but closely related concepts in the field of computer networking.
• While they share common goals of network flexibility and agility, they address
different aspects of network architecture and service delivery.
NFV (Network Functions Virtualization):
• NFV focuses on virtualizing and decoupling network functions from dedicated
hardware appliances.
• It aims to replace traditional, specialized network appliances with software-
based virtualized network functions (VNFs) that can run on standard servers.

Software Defined System 39

NFV vs SDN
NFV (Network Functions Virtualization):
• NFV enables the dynamic deployment, scaling, and chaining of network
functions, providing flexibility, cost savings, and scalability.
• It allows network operators to optimize resource utilization, rapidly introduce
new services, and enhance service agility.
SDN (Software-Defined Networking):
• SDN separates the control plane from the data plane in network devices,
centralizing network control and management.
• It involves abstracting the control logic into a software-based controller that can
dynamically configure and manage network devices.

Software Defined System 40

NFV vs SDN
SDN (Software-Defined Networking):
• SDN provides programmability and fine-grained control over network behavior,
making networks more flexible, scalable, and adaptable.
• It enables network automation, policy-based management, and the ability to
create virtual networks and network slices.
• SDN can be used to optimize network traffic, enhance security, and enable
network slicing for different applications or tenants.
• SDN is typically implemented through open protocols such as OpenFlow, and it
requires compatible network devices and SDN controllers.

Software Defined System 41

NFV vs SDN
SDN NFV
SDN architecture mainly focuses on NFV is targeted at service providers
data centers. or operators.

NFV helps service providers or

SDN separates control plane and operators to virtualize functions like
data forwarding plane by load balancing, routing, and policy
centralizing control and management by transferring
programmability of network. network functions from dedicated
appliances to virtual servers.

SDN uses OpenFlow as a There is no protocol determined yet

communication protocol. for NFV.

Software Defined System 42

NFV vs SDN
SDN NFV
SDN supports Open Networking NFV is driven by ETSI NFV Working
Foundation. group.

Various enterprise networking Telecom service providers or

software and hardware vendors are operators are prime initiative
initiative supporters of SDN. supporters of NFV.

Corporate IT act as a Business Service providers or operators act as

initiator for SDN. a Business initiator for NFV.

SDN applications run on industry- NFV applications run on industry-

standard servers or switches. standard servers.

Software Defined System 43

NFV vs SDN
SDN NFV
NFV increases scalability and agility
as well as speed up time-to-market
SDN reduces cost of network
as it dynamically allot hardware a
because now there is no need of
level of capacity to network
expensive switches & routers.
functions needed at a particular
time.

•Application of NFV: Routers,

firewalls, gateways
•Application of SDN:Networking •WAN accelerators
•Cloud orchestration •SLA assurance
•Video Servers
•Content Delivery Networks (CDN)
Software Defined System 44
Micro segmentation
• Microsegmentation is a security method of managing network access between
workloads.
• With microsegmentation, administrators can manage security policies that limit
traffic based on the principle of least privilege and Zero Trust.
• Organizations use microsegmentation to reduce the attack surface, improve
breach containment and strengthen regulatory compliance.
• Microsegmentation software with network virtualization technology is used to
create zones in cloud deployments.
• These granular secure zones isolate workloads, securing them individually with
custom, workload-specific policies.
Software Defined System 45
 • Next-generation firewalls (NGFWs)
are advanced security appliances or
software solutions that combine
traditional firewall capabilities with
additional features and
• A logical router is a virtualized
functionalities to provide enhanced
networking device that operates at
network protection.
the network layer (Layer 3) of the OSI
model.
 Deep Packet Inspection (DPI)
• It provides routing functionality  Intrusion Prevention System (IPS)
within a virtualized or software-  Application Awareness and Control
defined networking (SDN)  User Identity and Access Control
environment.  Web Filtering and Content Inspection
 Threat Intelligence and Advanced Threat
Protection
 VPN and Secure Remote Access
 Centralized Management and Reporting
Software Defined System 46
Intent-based networking (IBN)
• IBN is an approach to network management and automation that focuses on
aligning network behavior with the desired intent of the organization or network
administrator.
• IBN aims to simplify network operations, improve agility, and enhance security
by translating high-level business objectives into specific network configurations
and policies.

Software Defined System 47

Intent-based networking (IBN)

Software Defined System 48

 THANK YOU
?
"Software-defined networking:
Unleashing the power of code to
reshape the digital landscape,
connecting possibilities and
redefining the future of
networking."

Software Defined System 49