This article will review the slides and discuss selected topics in detail.
SDN and large flows, discusses the opportunity presented by large flow control in greater detail.
integrated hybrid OpenFlow, that allows the normal switch forwarding protocols to handle traffic, but offers a way for the controller to intervene and determine the treatment of large flows.
distributed denial of service (DDoS) mitigation. The slide describes current approaches where a DDoS Appliance is added to the network to detect and filter attack traffic. However, large flood attacks aimed at overwhelming the Internet connection (the link between the Router and the Internet cloud in the diagram) cannot be mitigated using on site resources - they must be handled upstream.
DDoS mitigation is a large and growing problem and the market for DDoS mitigation appliances is significant and growing market, DDoS prevention market to grow by double digits through 2014 and Denial of Service Attacks Surge and Expose Enterprise Infrastructure Vulnerabilities and New Needs, IDC Says. There is an opportunity for service providers to capture a share of this market if they can use SDN to monitor and control their existing network infrastructure and deliver DDoS mitigation as a service to protect their customer's Internet connection from flood attacks. By removing the large flood attacks, existing ADC / load balancers / firewalls can be used to mitigate lower volume application layer attacks.The following slide details the elements of the SDN DDoS mitigation solution:
sFlow-RT), which notifies the DDoS SDN application when large DDoS flows are detected. The DDoS SDN application selects a mitigation action and instructs the SDN Controller (OpenDaylight) to push the action to selected switches (for example using an OpenFlow rule to drop traffic associated with the DDoS attack). An example of this technique is described in detail in Physical switch hybrid OpenFlow example - demonstrating that the entire detection and mitigation cycle within 1 to 2 seconds.
Load balancing LAG/ECMP groups.
large flow collisions and sub-optimal throughput.
ECMP load balancing.
The next three slides from the talk describe deployment opportunities for SDN based large flow load balancing.
dominate network usage.
The key to making this approach work is pervasive support for the sFlow standard among switch vendors and recent breakthroughs in real-time sFlow analytics (sFlow-RT) that together deliver the scaleable data center wide monitoring and real-time detection of large flows needed to drive SDN applications.
It's exciting to see SDN solutions maturing and major networking vendors describing practical SDN solutions that address pressing challenges that can realistically be deployed in production networks in the near term. It looks like this is the year that SDN will emerge from proof of concept to deployment in commercially viable solutions.
Update Feb 28, 2014 Video of the talk is now available on YouTube - Flow-Aware Real-Time SDN Analytics | OpenDaylight Summit 2014