SD-WAN

Hi everyone,

I am working on SDN for 2 years. Now, I need to deploy a new SDN architecture. The main issue with this architecture is that the SDN network (switch, hosts...) is located in two different areas. The first one is located in city 1 and the second one, in the city 2. The attached picture presents this architecture.

Constraints :

- The SDN controller is located in City 1. So, each switch located in City 2 need to use the Internet network to connect to the controller. This is the Controle Plane.

- When Host 1 (located in City 1) need to send data to Host 2 (located in City 2) using the Data Plane, flow need to use the Internet network to reach Host 2.

The previous constaints implies that Control Plane AND Data Plane need to share the same network (the Internet) between the two cities.

Implementation :

- Control Plane : For the Control Plane, there is no issue. I have set up the RIPv2 routing protocol between switch 1 and switch 2 (as depicted in the attached picture). Each switch located in City 2 can then be connected to the SDN controller using the Internet network. Done!

- Data Plane : For the Data Plane, this is a little bit more complicated. When Host 1 send a PING request (we assume that there is no ARP request) to Host 2, the SDN controller tells:

- the switch S6 to forward data to switch S1

- the switch S1 to forward data to the Internet network (using egress-only-port configuration)

When switch S2 receive the data, it will use the "normal processing pipeline". So the SDN controller will not be aware of the new packet IN. I think this is because S2 can't differentiate if the paquet comes from Control or Data Plane.

Questions :

Firstly, is this architecture can be implemented using SDN? If yes, using HP switches, like Aruba?

Secondly, if we can implement this using HP switches, could you explain what are the mistakes I made?

I really appreciate any remarks about this architecture and mistakes I made.

I thank you in advance.

Best Regards,

Marius

Hi Marius,

I think a key question is whether you have multiple IP addresses for S2 that can communicate over the Internet to the SDN controller, or whether you have a single IP address/VLAN over which it can communicate.

Assuming there's only a single IP for S2-to-Controller communication, I think you'd encounter issues with any switch/controller that complies with the OF standard. The reason why is that for the OF 1.3 standard the default behavior is to drop all packets (in the SDN instance) after the OF connection is established with the controller. This means that you'd see the switch connect to the controller, then instantly stop responding until the connection timed out.

On the switch side, we do have an "openflow instance <INST> default-miss-action" command to override the OF 1.3 standard behavior for situations like this. However, I have not tested that using "openflow instance <INST> default-miss-action output-normal" would make this configuration workable. I'd certainly be interested to hear your findings.

Shaun

By the way, typically when the VAN SDN controller is used in conjunction with HPE Aruba switches, we recommend using hybrid mode. It avoids requiring the SDN controller to handle every new flow, which would be rather cumbersome in a configuration like this. You can read more about VAN's hybrid mode at the following references:

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04630186

https://community.arubanetworks.com/aruba/attachments/aruba/SDN/43/1/4AA5-6738ENW.PDF