WEBVTT 0:00:02.760000 --> 0:00:06.360000 Hello and welcome this video, which is a continuation on with a series 0:00:06.360000 --> 0:00:11.020000 of videos of network programmability and automation for the CCNA Bootcamp. 0:00:11.020000 --> 0:00:15.880000 This video is titled Approaches for SDN Controllers. 0:00:15.880000 --> 0:00:19.480000 So, software defined networking controllers. 0:00:19.480000 --> 0:00:22.900000 We've already seen how some of them are appliance-based, physical boxes 0:00:22.900000 --> 0:00:24.440000 you can hold in your hand. 0:00:24.440000 --> 0:00:28.300000 Some of them are purely software-based that you could run in the Cloud. 0:00:28.300000 --> 0:00:34.060000 There's two other distinguishing characteristics of SDN controllers, which 0:00:34.060000 --> 0:00:39.320000 are what we call their approaches or approaches for controller implementation. 0:00:39.320000 --> 0:00:43.620000 There is the imperative approach and the declarative approach. 0:00:43.620000 --> 0:00:49.780000 These are two very different methodologies about how your controller is 0:00:49.780000 --> 0:00:53.200000 going to control your network. 0:00:53.200000 --> 0:00:55.760000 So, let's take a look at each one. 0:00:55.760000 --> 0:00:58.900000 Let's start with the imperative approach. 0:00:58.900000 --> 0:01:04.060000 So, when the concept of software defined networking was first derived, 0:01:04.060000 --> 0:01:08.060000 and the first initial controllers came out like the open daylight controller 0:01:08.060000 --> 0:01:15.360000 and other ones, the idea was that the control plane logic would reside 0:01:15.360000 --> 0:01:16.720000 in the controller. 0:01:16.720000 --> 0:01:17.580000 Now, what is that? 0:01:17.580000 --> 0:01:19.680000 What do we mean by the control plane logic? 0:01:19.680000 --> 0:01:28.440000 So, in routers and switches, any function that is responsible for learning 0:01:28.440000 --> 0:01:33.680000 of data, and that once it learns data populating tables, so those tables 0:01:33.680000 --> 0:01:39.720000 in return can be used for the forwarding of packets, is a control plane 0:01:39.720000 --> 0:01:44.520000 function. For example, a routing protocol is a control plane function. 0:01:44.520000 --> 0:01:48.500000 Routing protocols, learn of routes, they put those routes into their own 0:01:48.500000 --> 0:01:53.480000 tables like an EI-GRP Topology table, or an OSPF Link State database, 0:01:53.480000 --> 0:01:57.440000 all of that is taking place in the control plane, and then they dump what 0:01:57.440000 --> 0:02:00.360000 they've learned into the IP routing table. 0:02:00.360000 --> 0:02:06.320000 So, before SDN was invented, the idea was each device, and if we're talking 0:02:06.320000 --> 0:02:07.300000 about switching, right? 0:02:07.300000 --> 0:02:09.040000 We're talking about MAC address tables. 0:02:09.040000 --> 0:02:13.140000 There's various logic and switches that learns MAC addresses, and then 0:02:13.140000 --> 0:02:17.220000 that logic populates the MAC address table with what it's learned. 0:02:17.220000 --> 0:02:22.260000 That learning process and that populating process is also called the control 0:02:22.260000 --> 0:02:28.100000 plane. So, for the longest time, each device was independently responsible 0:02:28.100000 --> 0:02:32.600000 for running its own control plane, learning what it needed to learn, and 0:02:32.600000 --> 0:02:34.440000 populating its own tables. 0:02:34.440000 --> 0:02:39.220000 Well, the initial approach of software -defined networking was the imperative 0:02:39.220000 --> 0:02:41.960000 approach. They said, hey, let's do this. 0:02:41.960000 --> 0:02:47.100000 Yes. Let's, for example, take a routing protocol as an example. 0:02:47.100000 --> 0:02:51.580000 Let's strip out of our routers all knowledge of routing. 0:02:51.580000 --> 0:02:57.040000 Okay, let's not have, let's not let our routers know what OSPF is, what 0:02:57.040000 --> 0:03:00.360000 EI-GRP is. Let's not do any of that. 0:03:00.360000 --> 0:03:05.620000 Let's just have the routers report back to some central device, the controller, 0:03:05.620000 --> 0:03:06.660000 everything about themselves. 0:03:06.660000 --> 0:03:12.000000 The routers will report who they are, what links they have, if they're 0:03:12.000000 --> 0:03:15.940000 getting CDP, you know, but they'll base it so the controller will learn 0:03:15.940000 --> 0:03:21.520000 itself where all the devices are, who the devices are connected to, and 0:03:21.520000 --> 0:03:27.200000 then we'll have the OSPF protocol as an example run in the brain of that 0:03:27.200000 --> 0:03:29.040000 one central controller. 0:03:29.040000 --> 0:03:31.860000 That one central controller will decide for itself because it now has 0:03:31.860000 --> 0:03:33.060000 a full view of the topology. 0:03:33.060000 --> 0:03:34.820000 It has learned of all the devices. 0:03:34.820000 --> 0:03:40.060000 That controller will figure out where the routes are, and then the controller 0:03:40.060000 --> 0:03:44.120000 will reach back down to the routers, and the controller will be responsible, 0:03:44.120000 --> 0:03:45.720000 not the routing protocol. 0:03:45.720000 --> 0:03:50.100000 The controller will be responsible for populating the routing tables. 0:03:50.100000 --> 0:03:54.120000 So we've taken that control, that learning plane, that learning process, 0:03:54.120000 --> 0:03:57.680000 and we've moved it to the controller. 0:03:57.680000 --> 0:04:02.040000 So the controller dictates everything that ends up being put in the MAC 0:04:02.040000 --> 0:04:05.220000 -aggress tables, and in the routing tables, all the tables we use for the 0:04:05.220000 --> 0:04:08.680000 actual forwarding of frames and packets. 0:04:08.680000 --> 0:04:11.860000 The controller would program those tables because the controller is the 0:04:11.860000 --> 0:04:15.120000 one that has the logic that has learned where everything is. 0:04:15.120000 --> 0:04:18.900000 So that was the imperative approach. 0:04:18.900000 --> 0:04:23.240000 Now, that's all well and good. 0:04:23.240000 --> 0:04:27.800000 If you're starting from a baseline where every single router, every single 0:04:27.800000 --> 0:04:31.280000 switch you have can work with that. 0:04:31.280000 --> 0:04:36.580000 Every single router, every single switch has got the MAC learning function 0:04:36.580000 --> 0:04:40.380000 stripped out, it's got the routing protocol functionality stripped out, 0:04:40.380000 --> 0:04:44.100000 and all those devices know, hey, all I have to do is give information 0:04:44.100000 --> 0:04:48.880000 about myself to the controller, sit back, and then he'll reach into me 0:04:48.880000 --> 0:04:52.320000 and program my routing table, or he'll reach into me and program my MAC 0:04:52.320000 --> 0:04:57.740000 -aggress table. That's all well and good, but Cisco said, hmm, we have 0:04:57.740000 --> 0:05:02.280000 a problem because we have a ton of devices out there that do all this 0:05:02.280000 --> 0:05:06.640000 stuff already. Our device is already optimized to run the EI-JRP, run 0:05:06.640000 --> 0:05:12.480000 routing protocols to learn of MAC addresses, and it doesn't really work 0:05:12.480000 --> 0:05:15.600000 for us to do the imperative approach. 0:05:15.600000 --> 0:05:19.420000 So instead, Cisco decided, and not just them, I'm sure other companies 0:05:19.420000 --> 0:05:24.280000 as well, they decide to make controllers that use the declarative approach, 0:05:24.280000 --> 0:05:28.900000 which means that the control plane still resides within the networking 0:05:28.900000 --> 0:05:36.100000 device itself. And so the controller simply declares the requirements 0:05:36.100000 --> 0:05:37.800000 of applications. 0:05:37.800000 --> 0:05:40.040000 So what does that mean? 0:05:40.040000 --> 0:05:46.400000 That means something like, you know, the router would still find its own 0:05:46.400000 --> 0:05:49.220000 routes, and the router would still be responsible for figuring out what 0:05:49.220000 --> 0:05:50.940000 routes go into its routing table. 0:05:50.940000 --> 0:05:55.780000 The switch would still learn MAC addresses, populate into MAC-aggress 0:05:55.780000 --> 0:05:57.880000 tables, but what would the controller do? 0:05:57.880000 --> 0:06:01.380000 Well, applications would be speaking to the controller. 0:06:01.380000 --> 0:06:04.720000 So you'd have some application running on a server out there, and that 0:06:04.720000 --> 0:06:08.660000 application, this is all behind the scenes, no human involvement here. 0:06:08.660000 --> 0:06:13.300000 The application would say to the controller, hey, I'm about to send some 0:06:13.300000 --> 0:06:16.060000 packets from point A to point B. 0:06:16.060000 --> 0:06:20.340000 And these packets are going to need a certain level of latency, a certain 0:06:20.340000 --> 0:06:26.120000 level of delay. I want to have certain QoS policies applied. 0:06:26.120000 --> 0:06:29.660000 Now the controller, once it knows that, it looks at the network because 0:06:29.660000 --> 0:06:32.540000 the controller, even in the declarative approach, the controller still 0:06:32.540000 --> 0:06:34.720000 has full visibility over the network. 0:06:34.720000 --> 0:06:36.320000 It knows where everything is. 0:06:36.320000 --> 0:06:39.260000 It's reached into all your routers and switches, and it knows what the 0:06:39.260000 --> 0:06:40.740000 routing tables look like. 0:06:40.740000 --> 0:06:44.600000 It knows how what interfaces are congested right now. 0:06:44.600000 --> 0:06:48.000000 That controller might even occasionally be doing trace routes and pings 0:06:48.000000 --> 0:06:50.660000 and all sorts of stuff behind the scenes, so it even knows what the actual 0:06:50.660000 --> 0:06:53.100000 delay is from one point to the other. 0:06:53.100000 --> 0:06:56.680000 So by the time this particular application server says, I need to send 0:06:56.680000 --> 0:07:00.100000 packets from point A to point B, and I need the path to look like this. 0:07:00.100000 --> 0:07:02.600000 I need the path to have these certain characteristics. 0:07:02.600000 --> 0:07:06.700000 The controller can say, ah, okay, well, here's what I'm going to do. 0:07:06.700000 --> 0:07:11.880000 I'm going to reach down to these five routers in this line, and I'm going 0:07:11.880000 --> 0:07:15.660000 to dynamically configure some access lists to those routers so that they 0:07:15.660000 --> 0:07:20.320000 will permit the traffic from this application, but deny everything else. 0:07:20.320000 --> 0:07:23.580000 So while this application is running, everything else is denied, which 0:07:23.580000 --> 0:07:27.280000 frees up the bandwidth, reduces the congestion. 0:07:27.280000 --> 0:07:31.000000 So you see what's happening here is the controller is not actually programming 0:07:31.000000 --> 0:07:34.240000 the forwarding tables of the routers and the forwarding tables of the 0:07:34.240000 --> 0:07:38.080000 switches. The controller is listening to what the needs are of the application. 0:07:38.080000 --> 0:07:41.120000 The application is saying, this is what I need the network to look like 0:07:41.120000 --> 0:07:43.660000 right now to do what I need to do. 0:07:43.660000 --> 0:07:46.300000 And then the controller is reaching down into the routers and switches 0:07:46.300000 --> 0:07:49.220000 and says, this is what I need you to make happen. 0:07:49.220000 --> 0:07:51.440000 I need you to implement this QOS. 0:07:51.440000 --> 0:07:54.100000 I need you to implement this ACL. 0:07:54.100000 --> 0:07:56.740000 I need you to implement this firewall policy. 0:07:56.740000 --> 0:08:00.680000 And then it can report back to the applications and say, go, you're good, 0:08:00.680000 --> 0:08:01.980000 you're set up ready to go. 0:08:01.980000 --> 0:08:06.840000 So that is the declarative approach to controllers. 0:08:06.840000 --> 0:08:11.620000 Where the controller declares the requirements of the applications, right? 0:08:11.620000 --> 0:08:13.960000 It reaches down the routers and switches and says, hey, I've got an application 0:08:13.960000 --> 0:08:16.960000 out here that needs this, this, and this. 0:08:16.960000 --> 0:08:21.380000 And then the networking devices themselves figure out how to make that 0:08:21.380000 --> 0:08:25.480000 happen. So in reality, the controller might not be saying, hey, let me 0:08:25.480000 --> 0:08:29.120000 program you with access list one on one, permit IP, blah, blah. 0:08:29.120000 --> 0:08:30.620000 The controller might not do that. 0:08:30.620000 --> 0:08:34.520000 The controller might simply say, hey, I need you to have security permitting 0:08:34.520000 --> 0:08:37.600000 this TCP socket going to that TCP socket. 0:08:37.600000 --> 0:08:42.180000 And then the router that's talking to the controller will say, oh, okay, 0:08:42.180000 --> 0:08:46.040000 well, for me to implement that, I need to program on myself access list 0:08:46.040000 --> 0:08:48.180000 one on one, permit TCP. 0:08:48.180000 --> 0:08:51.320000 So the controller itself might not actually be sending down to the router, 0:08:51.320000 --> 0:08:56.120000 the switch, the same iOS command line that you are used to when you're 0:08:56.120000 --> 0:08:57.360000 programming something. 0:08:57.360000 --> 0:09:01.080000 It's just sending down to the router, switch the requirements saying, 0:09:01.080000 --> 0:09:02.580000 this is what I need you to do. 0:09:02.580000 --> 0:09:04.040000 I need you to do this. 0:09:04.040000 --> 0:09:07.620000 And then the router switch will use its own command line to actually make 0:09:07.620000 --> 0:09:12.520000 that happen. That is in the declarative approach. 0:09:12.520000 --> 0:09:16.260000 So that concludes this particular video on the two different approaches 0:09:16.260000 --> 0:09:19.860000 of implementing SDN controllers into a network.