WEBVTT 0:00:02.960000 --> 0:00:09.380000 Welcome to this video, which I've titled Controller-based SDN architectures. 0:00:09.380000 --> 0:00:12.580000 We have three main topics that we're going to go through fairly quickly 0:00:12.580000 --> 0:00:16.500000 in this video. We're going to talk about what is an underlay network, 0:00:16.500000 --> 0:00:22.260000 what is an overlay network, and what is this thing called an SDN fabric. 0:00:22.260000 --> 0:00:26.420000 So let's talk about these from a standpoint of architectural elements. 0:00:26.420000 --> 0:00:29.700000 We're going to talk about underlay networks, overlay networks, and the 0:00:29.700000 --> 0:00:31.800000 SDN fabric. So what are they? 0:00:31.800000 --> 0:00:35.120000 Let's start with the first one, the underlay network. 0:00:35.120000 --> 0:00:43.120000 So the underlay network is basically, like it says here, the protocols 0:00:43.120000 --> 0:00:50.300000 and features established to have full IP reachability between your endpoints. 0:00:50.300000 --> 0:00:56.640000 So, fancy way of saying, you've physically connected your routers and 0:00:56.640000 --> 0:01:01.100000 switches together, so those routers and switches, they're physical links, 0:01:01.100000 --> 0:01:04.500000 they're their NIC cards, that's part of the underlay network. 0:01:04.500000 --> 0:01:07.480000 That's all your layer one and your layer two if we're talking the OSI 0:01:07.480000 --> 0:01:12.340000 model here. Then your underlay network is also responsible for giving 0:01:12.340000 --> 0:01:15.180000 IP reachability end to end. 0:01:15.180000 --> 0:01:19.260000 So whatever that is, whether you're configuring EIGRP, OSPF, maybe static 0:01:19.260000 --> 0:01:23.840000 routes, RIP, so you've got some routing protocol now running on all your 0:01:23.840000 --> 0:01:29.340000 layer three switches and your routers to provide end-for-end reachability. 0:01:29.340000 --> 0:01:33.620000 So once that is done and from any point on the network you can ping any 0:01:33.620000 --> 0:01:38.620000 other point, you have now created your underlay network. 0:01:38.620000 --> 0:01:43.960000 So from a software-defined networking, so I'm an SDN perspective, an underlay 0:01:43.960000 --> 0:01:47.740000 network typically has certain characteristics. 0:01:47.740000 --> 0:01:49.620000 What are those characteristics? 0:01:49.620000 --> 0:01:54.140000 Well, number one, all links typically configured as layer three point 0:01:54.140000 --> 0:01:57.920000 to point. So if you studied switching, you've probably learned that you've 0:01:57.920000 --> 0:02:01.300000 probably seen a lot of topology diagrams, they have three, four, five 0:02:01.300000 --> 0:02:03.440000 switches and they're all layer two. 0:02:03.440000 --> 0:02:07.140000 All those switches are maybe in some VLANs with VLAN trunks and ether 0:02:07.140000 --> 0:02:10.580000 channels and maybe there's really not any layer three in those switches, 0:02:10.580000 --> 0:02:13.100000 maybe the first layer three is a router up here. 0:02:13.100000 --> 0:02:16.540000 So you've got four or five switches all doing layer two and this is the 0:02:16.540000 --> 0:02:24.460000 very first doing routing. 0:02:24.460000 --> 0:02:28.400000 Those links connecting switch one to switch two, those would not be VLAN 0:02:28.400000 --> 0:02:33.160000 trunk links, those would be layer three point to point routed links. 0:02:33.160000 --> 0:02:36.660000 So every single link between a router and a router or router and switch 0:02:36.660000 --> 0:02:41.680000 or a switch and a switch would be a layer three routed point to point 0:02:41.680000 --> 0:02:46.080000 link. That is a typical design consideration when doing an underlay network 0:02:46.080000 --> 0:02:49.460000 in software-defined networking. 0:02:49.460000 --> 0:02:53.200000 You would use some common industry standard routing protocols. 0:02:53.200000 --> 0:02:58.640000 Most underlay networks utilize either OSPF or ISIS because they're very 0:02:58.640000 --> 0:03:03.240000 well known, pretty much any vendor's equipment supports them. 0:03:03.240000 --> 0:03:06.360000 We're not really going to look at proprietary routing protocols here when 0:03:06.360000 --> 0:03:08.080000 building our underlay network. 0:03:08.080000 --> 0:03:14.580000 So the reality is you as a network engineer, you've been building and 0:03:14.580000 --> 0:03:17.080000 maintaining underlay networks for years. 0:03:17.080000 --> 0:03:19.840000 You probably just didn't call it that but that's what an underlay network 0:03:19.840000 --> 0:03:25.720000 is. Now what's this thing called an overlay network? 0:03:25.720000 --> 0:03:31.320000 An overlay network is a virtual network that you're creating on top of 0:03:31.320000 --> 0:03:35.420000 or over your underlay network. 0:03:35.420000 --> 0:03:40.760000 So your underlay network is providing your physical connectivity, is providing 0:03:40.760000 --> 0:03:43.420000 the basic IP reachability. 0:03:43.420000 --> 0:03:47.500000 An overlay network is on top of that and is practically implemented via 0:03:47.500000 --> 0:03:52.140000 VRFs, MPLS VPNs, VXLAN or something else. 0:03:52.140000 --> 0:03:54.840000 So let's just draw something here real quick just to demonstrate this 0:03:54.840000 --> 0:03:57.500000 and hopefully bring this home. 0:03:57.500000 --> 0:04:02.940000 Let's say that this is our network right here. 0:04:02.940000 --> 0:04:08.980000 So maybe these boxes are layer three switches. 0:04:08.980000 --> 0:04:20.580000 And here we have some routers and here we have a couple of other layer 0:04:20.580000 --> 0:04:29.280000 three switches. So what I'm drawing right now is my underlay network. 0:04:29.280000 --> 0:04:34.440000 And typically in an underlay network we want as much redundancy as possible. 0:04:34.440000 --> 0:04:37.680000 Multiple redundant links between devices. 0:04:37.680000 --> 0:04:44.520000 So something like this and we'll say R1, R2 and R3. 0:04:44.520000 --> 0:04:52.940000 And let's just put one more layer three switch right here. 0:04:52.940000 --> 0:04:57.580000 Okay. Now as part of building out the underlay network we said that every 0:04:57.580000 --> 0:05:03.060000 single link is a point -to-point routed link. 0:05:03.060000 --> 0:05:08.240000 So this is going to have most likely a slash 30 subnet. 0:05:08.240000 --> 0:05:11.260000 This right here is going to have a slash 30 subnet. 0:05:11.260000 --> 0:05:23.500000 Every single link is going to be underlay network is finished. 0:05:23.500000 --> 0:05:28.460000 Now I've got full IP reachability from every point to every other point 0:05:28.460000 --> 0:05:32.280000 on this network. 0:05:32.280000 --> 0:05:34.820000 Okay. Now what is the overlay network? 0:05:34.820000 --> 0:05:41.100000 All right. So let's say that we have this design. 0:05:41.100000 --> 0:05:51.240000 Okay. Let's say that in the future I'm just going to put this here as 0:05:51.240000 --> 0:05:54.060000 a payroll server one. 0:05:54.060000 --> 0:05:57.400000 And this over here might be payroll server two. 0:05:57.400000 --> 0:06:00.780000 I'm sort of anticipating that those payroll servers are going to be right 0:06:00.780000 --> 0:06:06.920000 there. And what I want to have happen is the moment those payroll servers 0:06:06.920000 --> 0:06:12.920000 actually exist and connect they are going to be authenticated. 0:06:12.920000 --> 0:06:15.960000 So they're going to have to prove themselves to the network by offering 0:06:15.960000 --> 0:06:19.280000 digital certificates or credentials or something. 0:06:19.280000 --> 0:06:22.680000 So we know who and what they are that their payroll servers as in this 0:06:22.680000 --> 0:06:27.440000 example. And once we know their payroll servers the network are SDN controller 0:06:27.440000 --> 0:06:32.860000 I should say will already have a policy in place that says hey whenever 0:06:32.860000 --> 0:06:38.020000 payroll talks to each other they should take this path. 0:06:38.020000 --> 0:06:39.540000 They should go across here. 0:06:39.540000 --> 0:06:44.000000 They should go across here, here, and here. 0:06:44.000000 --> 0:06:48.620000 So payroll should not be allowed to go on any other links beside that. 0:06:48.620000 --> 0:06:53.980000 Furthermore if we have another department that comes online at some point. 0:06:53.980000 --> 0:07:00.700000 Maybe HR. So here's HR right here. 0:07:00.700000 --> 0:07:04.960000 Maybe HR right here. 0:07:04.960000 --> 0:07:09.060000 Well if they ever connect once they're authenticated and we verify who 0:07:09.060000 --> 0:07:19.760000 they are. Well their traffic should take this path. 0:07:19.760000 --> 0:07:24.060000 So what we're building out here is what's called the overlay network. 0:07:24.060000 --> 0:07:28.840000 In other words once payroll connects the software defined networking controller 0:07:28.840000 --> 0:07:34.760000 is going to send down some policies to these devices to this switch right 0:07:34.760000 --> 0:07:40.500000 here, this switch right here, this guy, this guy, and this guy ensuring 0:07:40.500000 --> 0:07:44.840000 that those links exist, ensuring those paths exist, and also putting in 0:07:44.840000 --> 0:07:46.860000 maybe some access lists. 0:07:46.860000 --> 0:07:50.220000 Saying okay when P1 and P2 talk to each other these are the only links 0:07:50.220000 --> 0:07:51.420000 they're allowed to take. 0:07:51.420000 --> 0:07:54.480000 They're not allowed to take any other path. 0:07:54.480000 --> 0:08:04.440000 So we have just built a path and the same thing is going to happen when 0:08:04.440000 --> 0:08:09.020000 HR connects. When HR connects we're going to build path that's going to 0:08:09.020000 --> 0:08:11.980000 be enforced via access lists. 0:08:11.980000 --> 0:08:15.480000 Maybe certain quality of service will be implemented on that path to ensure 0:08:15.480000 --> 0:08:21.300000 certain bandwidth and delay requirements are met. 0:08:21.300000 --> 0:08:26.080000 And now any packets from HR will have to go across this path. 0:08:26.080000 --> 0:08:28.480000 This is considered overlay networks. 0:08:28.480000 --> 0:08:30.780000 We now have two overlay networks. 0:08:30.780000 --> 0:08:34.180000 We have the green overlay network for payroll and we have the red overlay 0:08:34.180000 --> 0:08:37.080000 network for human resources. 0:08:37.080000 --> 0:08:42.080000 Now those overlay networks couldn't even happen unless the underlay network 0:08:42.080000 --> 0:08:43.680000 was there to support it. 0:08:43.680000 --> 0:08:47.220000 If those routers and switches weren't already there, if they weren't already 0:08:47.220000 --> 0:08:50.460000 cabled up, if they didn't already have routing protocols to give end to 0:08:50.460000 --> 0:08:54.400000 end IP reachability, these red and green paths would be meaningless. 0:08:54.400000 --> 0:08:56.660000 There wouldn't be anything to carry them. 0:08:56.660000 --> 0:09:03.260000 So the overlay network is a dynamic path that we program on top of our 0:09:03.260000 --> 0:09:08.420000 supporting structure which is the underlay network. 0:09:08.420000 --> 0:09:10.880000 And these overlay networks can grow and shrink. 0:09:10.880000 --> 0:09:16.400000 They can change just depending on what our policy is at any given time. 0:09:16.400000 --> 0:09:27.080000 And this is the primary job of the now there's one other term I want you 0:09:27.080000 --> 0:09:29.560000 to be familiar with. 0:09:29.560000 --> 0:09:33.880000 So we just talked about underlay and overlay which is something called 0:09:33.880000 --> 0:09:39.820000 the SDN fabric. Now this is just a fancy term for the physical infrastructure 0:09:39.820000 --> 0:09:43.740000 that's used to build the underlay network. 0:09:43.740000 --> 0:09:47.620000 So the fabric is composed of the actual switches, routers, cables, and 0:09:47.620000 --> 0:09:54.840000 internal switching paths used to build the underlay network. 0:09:54.840000 --> 0:09:58.800000 It's typically used to describe only those devices in the underlay network 0:09:58.800000 --> 0:10:04.060000 that can be programmed or controlled by the SDN controller. 0:10:04.060000 --> 0:10:07.840000 Now if you've watched any other videos, you've gotten a taste of the fact 0:10:07.840000 --> 0:10:12.600000 that when the SDN controller is speaking to my networking devices and 0:10:12.600000 --> 0:10:18.040000 controlling them, there's a variety of languages used to support that. 0:10:18.040000 --> 0:10:22.820000 It might be something like simply in a CLI session over SSH which pretty 0:10:22.820000 --> 0:10:28.540000 much any device supports or might be more programmatic like net conf yang 0:10:28.540000 --> 0:10:33.540000 or rest conf yang which only certain router switches support. 0:10:33.540000 --> 0:10:39.000000 So whatever the mechanism, whatever the language or protocol that the 0:10:39.000000 --> 0:10:45.480000 SDN controller and our automation tools are using to build those overlay 0:10:45.480000 --> 0:10:50.560000 networks, well our underlay devices have to support that. 0:10:50.560000 --> 0:10:52.800000 Now that's not always possible. 0:10:52.800000 --> 0:10:58.140000 Sometimes we have an existing network that's already in place that when 0:10:58.140000 --> 0:11:01.220000 we get our controller in there, if our controller is speaking for example, 0:11:01.220000 --> 0:11:06.420000 net conf yang as a native language, maybe our existing devices don't support 0:11:06.420000 --> 0:11:09.960000 that. And so instead what we decide to do is well we're going to buy some 0:11:09.960000 --> 0:11:15.700000 new devices at the edge that do support net conf yang that natively speak 0:11:15.700000 --> 0:11:19.240000 that language but our sort of interior of our existing network doesn't 0:11:19.240000 --> 0:11:23.520000 support that. Well a lot of times this term the fabric will be relating 0:11:23.520000 --> 0:11:28.500000 to those new devices we just bought that speak the same language as the 0:11:28.500000 --> 0:11:32.400000 controller. So the controller doesn't really have any direct influence 0:11:32.400000 --> 0:11:37.120000 or impact over those middle devices necessarily but it does on the outer 0:11:37.120000 --> 0:11:42.760000 devices. Now in an ideal world every single device you have, every firewall, 0:11:42.760000 --> 0:11:47.520000 every router, every switch would support the exact same language as the 0:11:47.520000 --> 0:11:51.920000 controller. So the controller could reach out and command and control 0:11:51.920000 --> 0:11:53.800000 all of those devices. 0:11:53.800000 --> 0:11:58.000000 That's not always possible but that is an ideal situation. 0:11:58.000000 --> 0:12:05.340000 So a lot of times in documents and papers when they have a little device 0:12:05.340000 --> 0:12:10.680000 can be controlled by your SDN controller. 0:12:10.680000 --> 0:12:14.980000 And the last thing I want to mention here is that in an ideal world your 0:12:14.980000 --> 0:12:17.480000 fabric would be fully meshed. 0:12:17.480000 --> 0:12:20.580000 There'd be multiple connections to get everywhere, there'd be multiple 0:12:20.580000 --> 0:12:24.560000 equal cost paths to get between destinations so you could do, you could 0:12:24.560000 --> 0:12:26.220000 take advantage of load balancing. 0:12:26.220000 --> 0:12:32.400000 That's not always practically possible but this term the fabric a lot 0:12:32.400000 --> 0:12:34.040000 of times assumes that. 0:12:34.040000 --> 0:12:38.020000 So the term, an SDN fabric a lot of times assumes that you've got a network 0:12:38.020000 --> 0:12:42.500000 where every single device supports whatever the language is that the controller 0:12:42.500000 --> 0:12:48.300000 is using to control them and that we have multiple equal cost paths between 0:12:48.300000 --> 0:12:52.040000 destinations. Even if that's not necessarily true that's a lot of the 0:12:52.040000 --> 0:12:54.660000 assumption that goes behind this. 0:12:54.660000 --> 0:12:58.020000 So that brings us to the end of this video. 0:12:58.020000 --> 0:12:58.820000 Thank you for watching.