Outline. Traditional computer networks. Software Defined Networking - 3 (SDN) Pag. 1 SDN. Openflow protocol Some issues Advances

Transcription

1 Software Defined Networking (SDN) Andrea Bianco Software Defined Networking - 1 Outline SDN Motivations, definitions, architecture, Flow based forwarding Openflow protocol Some issues Advances Distributed controllers Stateful switches Software Defined Networking - 2 Rexford Computer Network class Traditional computer networks Data plane Local algorithms, dealing with packets Forwarding, filtering, scheduling, buffering, marking, rate-limiting, measuring at the packet level Packet transmission time scale Very fast processing Implemented in HW Software Defined Networking - 3 Pag. 1

2 Rexford Computer Network class Traditional computer networks Control plane Distributed algorithms Topology discovery, topology tracking, route computation, installing forwarding rules, traffic engineering Seconds time scale, flow time scale Slow process Software Defined Networking - 4 Rexford Computer Network class Traditional computer networks Management plane Local/global algorithms with coordination Measurement, configuration, monitoring, protection and restoration Mostly «human» time scale Software Defined Networking - 5 Traditional computer networks Features Incredible success (from research experiments to global commercial infrastructure) «In principle» complexity at the edge «Only» packet forwarding inside Complexity at the edge (SW) enables fast innovation Host running increasingly complex applications (SW) Web, P2P, social networks, virtual reality, video streaming Inside the network? Closed equipments, SW and HW intermixed, vendor specific interfaces, many more features beside forwarding, too many protocols Slow and costly development and management Software Defined Networking - 6 Pag. 2

3 Capone Netsoft 2015 Classic network paradigm Distributed network functions OS Forwarding HW State distribution mechanism (protocols) ensure interoperability OS Forwarding HW OS Forwarding HW Router/switch/appliance Software Defined Networking - 7 Capone Netsoft 2015 Closed platform Configuration interfaces vary Different vendors Different devices of the same vendors Different firmware versions of the same device L3 Routing, L2 switching, ACL, VPNs, etc Control plane Mngmt plane App App OS App Data plane Forwarding HW Protocols guarantee interoperability Software Defined Networking - 8 Capone Netsoft 2015 Too many protocols/standards? Software Defined Networking - 9 Pag. 3

4 Capone Netsoft 2015 Vendors dominated Software Defined Networking - 10 Software Defined Networkig New key elements Clean interface (API) between data and control plane Logically centralized control plane Control plane out of forwarding devices Control plane (SW) may run on general purpose HW Global network view SDN controller or Network Operating Systems Network programmability New architecture Flow based switching Programmed by the centralized controller Very flexible flow definition Network applications running on top of NOS Software Defined Networking - 11 Capone Netsoft 2015 The new (centralized) model Traditional networking Distributed Control-plane Switch Software-Defined Networking Centralized Programmable switch Controlplane Data-plane Control-plane Data-plane Data-plane Data-plane Control-plane Data-plane Data-plane Software Defined Networking - 12 Pag. 4

5 Rexford Computer Network class Centralized control Logically-centralized control smart slow API to the data plane (e.g., protocol) very dumb fast Switches Software Defined Networking - 13 Capone Netsoft 2015 SND architecture: interfaces App App App Northbound interface: Network control API Network OS Southbound interface: HW open interface Simple forwarding HW Simple forwarding HW Simple forwarding HW Simple forwarding HW Software Defined Networking - 14 A Helpful Analogy From Nick McKeown s talk Making SDN Work at the Open Networking Summit, April 2012 Software Defined Networking - 15 Pag. 5

6 N. Mc Keown ONS 2012 Mainframes App App App App App App App App App App App Specialized Applications Open Interface Specialized Operating System Windows (OS) or Linux or Open Interface Mac OS Specialized Hardware Microprocessor/HW Vertically integrated Closed, proprietary Slow innovation Small industry Horizontal Open interfaces Rapid innovation Huge industry Software Defined Networking - 16 N. Mc Keown ONS 2012 Routers/Switches App App App App App App App App App App App Specialized Features Specialized Control Plane Control Plane or Open Interface Control Plane Open Interface or Control Plane Specialized Hardware Merchant Switching Chips Vertically integrated Closed, proprietary Slow innovation Horizontal Open interfaces Rapid innovation Software Defined Networking - 17 Flow-based forwarding Protocol-less or protocol-oblivious forwarding Not exactly true (set of predefined fields) Simple packet-handling rules Pattern/rule: match packet header bits Actions: drop, forward, modify, send to controller Priority: disambiguate overlapping patterns Software Defined Networking - 18 Pag. 6

7 /SDN tutorial, Srini Seetharaman Flow based forwarding: table entries Rule Action Stats Packet + byte counters 1. Forward packet to zero or more ports 2. Encapsulate and forward to controller 3. Send to normal processing pipeline 4. Modify Fields 5. Any extensions you add! Switch Port MAC src MAC dest Eth type VLAN Id + mask what fields to match VLAN Eth pcp Src Dst ToS Prot L4 sport L4 dport Software Defined Networking - 19 Rexford Computer Network class Unifies different kinds of boxes Router Match: longest destination prefix Action: forward out a link Switch Match: destination MAC address Action: forward or flood Firewall Match: addresses and TCP/UDP port numbers Action: permit or deny NAT Match: address and TCP/UDP port Action: rewrite address and port Software Defined Networking - 20 /SDN tutorial, Srini Seetharaman Switching Switch MAC Port src * Flow Switching Switch MAC Port src Examples of boxes MAC dst Eth type VLAN ID Src Dst Prot TCP sport TCP Action dport * 00:1f:.. * * * * * * * port6 port3 00: :1f vlan port4 Firewall Switch MAC Port src * MAC dst MAC dst Eth type Eth type VLAN ID VLAN ID Src Src Dst Dst Prot Prot TCP sport TCP sport TCP Action dport TCP Action dport * * * * * * * * 22 drop Software Defined Networking - 21 Pag. 7

8 /SDN tutorial, Srini Seetharaman Routing Switch MAC Port src * VLAN Switching Switch MAC Port src * Examples of boxes MAC dst Eth type VLAN ID Src Dst Prot TCP sport TCP Action dport * * * * * * * * port3 MAC dst Eth type VLAN ID Src Dst Prot TCP sport * 00:1f.. * vlan1 * * * * * TCP Action dport port6 port7 port9 Software Defined Networking - 22 Bifulco talk at ewsdn2014 to switch interaction Rule to install What should I do? _SCR: _DST: TCP_SRC: 5433 TCP_DST: 80 Forwarding Element _SCR: _DST: TCP_SRC: 5433 TCP_DST: 80 L3_SRC L3_DST L4_SRC L4_DST Action Any 112/8 Any Any Fwd-to: Software Defined Networking - 23 Rexford Computer Network class SDN controller: network programmability Application Network OS Southbound interface Events from switches Topology changes Traffic statistics Arriving packets Commands to switches (Un)install rules Query statistics Send packets Software Defined Networking - 24 Pag. 8

9 Rexford Computer Network class Example of applications Dynamic access control Seamless mobility/migration Server load balancing Network virtualization Using multiple wireless access points Traffic engineering Energy-efficient networking Adaptive traffic monitoring Denial-of-Service attack detection. Software Defined Networking - 25 Rexford Computer Network class Application: Dynamic access control Inspect first packet of a connection Consult the access control policy Install rules to block or route traffic Software Defined Networking - 26 Rexford Computer Network class Application: Seamless mobility/migration See host send traffic at new location Modify rules to reroute the traffic Software Defined Networking - 27 Pag. 9

10 Application Server load balancing Pre-install load-balancing policy Split traffic based on source Rexford Computer Network class src=0* src=1* Software Defined Networking - 28 Traffic engineering: difficult with traditional routing Hp. Destination based routing What if network operator wants u-to-z traffic to flow along uvwz x-to-z traffic to flow xwyz? Need to define link weights so traffic routing algorithm computes routes (or need a new routing algorithm) Does not work Modifies many routes Cannot change weights to route each individual flow Kurose Ross: Computer Networking 2 u 1 5 x v w y z Software Defined Networking - 29 Traffic engineering: difficult with traditional routing What if network operator wants to split u-to-z traffic along uvwz and uxyz (load balancing)? Can t do it (or need a new routing algorithm) Kurose Ross: Computer Networking 5 2 u 1 x v w y z Software Defined Networking - 30 Pag. 10

11 Traffic engineering: difficult with traditional routing What if we wants to route blue and red traffic differently? Can t do it (with destination based forwarding, and LS, DV routing) Kurose Ross: Computer Networking 5 u 1 2 v 2 x w 1 y 5 2 z Software Defined Networking - 31 Kurose Ross: Computer Networking Data plane switches Fast, simple, commodity switches implementing generalized data-plane forwarding in HW Switch flow table computed, installed by controller API for table-based switch control Defines what is controllable and what is not Protocol for communicating with controller SDN: switches routing network-control applications access control load balance northbound API SDN (network operating system) southbound API control plane data plane SDN-controlled switches Software Defined Networking - 32 Kurose Ross: Computer Networking SDN controller (network OS): Maintain network state information Interacts with network control applications above via northbound API Interacts with network switches below via southbound API SDN controller routing network-control applications access control load balance northbound API SDN (network operating system) southbound API control plane data plane SDN-controlled switches Software Defined Networking - 33 Pag. 11

12 Kurose Ross: Computer Networking Network-control apps: Brains of control: implement control functions using lowerlevel services, API provided by SND controller Unbundled: can be provided by 3rd party: distinct from routing vendor, or SDN controller SDN application network-control applications routing access control load balance northbound API SDN (network operating system) southbound API control plane data plane SDN-controlled switches Software Defined Networking - 34 Kurose Ross: Computer Networking SDN controller components routing access control load balance Interface layer to network control apps Abstraction API State management layer Distributed database State of network links, switches etc Communication layer Interface, abstractions for network control apps network graph Network-wide distributed, robust state management Link-state info statistics RESTful API host info flow tables intent switch info SNMP Communication to/from controlled devices Software Defined Networking - 35 SDN: pros and cons Potential benefits Easier and faster innovation Exploits global network view Traffic enginering Traffic steering Security. Simpler switches Less costly Less power hungry «Avoids» device misconfiguration Virtual resource management Potential drawbacks Performance Overheads Scalability Bottleneck Single point of failure Interoperability Software Defined Networking - 36 Pag. 12

13 SDN where? Campus LAN Data center WAN (google) to interconnect data centers ISP? 5G networks Software Defined Networking - 37 The role of the scenario Datacenter Very large number of devices Spatially collocated Low and predictable delays between devices Dedicated network for control Out of band control traffic ISP/POP Lower number of devices Spatially distributed High and unpredictable latencies Control and data share the same resources In band control traffic Software Defined Networking - 38 Flow Based Level of aggregation Group Based Every flow is individually set up by controller Exact-match flow entries Flow table contains one entry per flow Suited for fine grain control, e.g. campus networks One flow entry covers large groups of flows Wildcard flow entries Flow table contains one entry per category/group of flows Suited for large number of flows, e.g. ISPs Software Defined Networking - 39 Pag. 13

14 Level of aggregation High aggregation level Dealing with few large objects Reduced occupation of forwarding table Reduced signaling overhead and controller load Coarse granularity in the control of flow Qos A flow steering moves a large amount of traffic Less elements to deal with for load balancing but more difficult to balance Software Defined Networking - 40 Reactive vs. Proactive Reactive Flow table empty at boot First packet of a flow sent to the controller inserts flow entries Dynamic network Every flow incurs small (?) additional flow setup time Large control traffic Large load on the controller Efficient use of flow table If control connection lost, switch has limited utility Proactive pre-populates flow table in switch at boot Zero additional flow setup time Static network Loss of control connection does not disrupt traffic Essentially requires aggregated (wildcard) rules Reduced table size Software Defined Networking - 41 protocol Andrea Bianco andrea.bianco@polito.it Software Defined Networking - 42 Pag. 14

15 Capone Netsoft 2015 Flow based forwarding Software Defined Networking - 43 /SDN tutorial, Srini Seetharaman protocol Protocol (SSL/TCP) Control Path Data Path (Hardware) Software Defined Networking - 44 /SDN tutorial, Srini Seetharaman protocol use My Rule Switch My code PC Decision? Protocol My Rule Switch My Rule Switch Software Defined Networking - 45 Pag. 15

16 /SDN tutorial, Srini Seetharaman An example Software Layer Client PC Hardware Layer MAC src MAC dst Src Flow Table Dst TCP sport TCP Action dport * * * * * port 1 port 1 port 2 port 3 port Software Defined Networking - 46 protocol messages -to-switch Initiated by the controller and used to directly manage or inspect the state of the switch Features, Config, Modify State, Read State, Packet Out, Barrier Asynchronous Sent to the controller without controller soliciting Packet-in, Flow Removed/Expiration, Port status, Error, Symmetric Sent without solicitation in any direction Hello, Echo, Experimenter/Vendor Software Defined Networking - 47 (main) messages Packet_in Switch to controller Carries a packet copy (possibly only the header) What is best? Generated by default in case of table miss Packet_out to switch Send the packet out of a specified port Carries the full packet or the switch buffer id Flow_mod to switch Modify flow tables Carries match-action rule to install Software Defined Networking - 48 Pag. 16

17 example Software Defined Networking - 49 Packet processing Packets arrive and leave through ports Packets are matched to flow in flow tables using classifiers Flows contain set of instructions and actions applied to each packet in the match Software Defined Networking - 50 Packet lifecycle On packet arrival a key is built Metadata (arrival time, arrival port, memory location) Fields in packet header Key is use to select a flow in the table Actions associated with the flow are applied Drop, mutate, queue, forward, move to next table Software Defined Networking - 51 Pag. 17

18 Packet matching Software Defined Networking - 52 describing and Software Defined Networking is available on the Open Networking Foundation website ( This specification covers the components and the basic functions of the switch, and the switch protocol to manage an switch from a Openflow implementation remote controller. Channel Protocol Channel Control Channel Switch Group Table Datapath Meter Table Port Port Flow Table Flow Table Pipeline Flow Table Port Port Figure 1: Main components of an switch. Software Defined Networking - 53 has a match that does not wildcards all match fields can be used if the flow table supports it, however this is not a table-miss flow entry. Using such flow entry would make sense only if a table-miss flow entry is not used, because if a table-miss flow entry exists they would overlap and matching is then undefined. For this reason, it is recommended that the controller does not create non-table-miss flow entries that use the lowest priority switch (0). implementation 5.5 Instructions Find highest flow entry Flow Tab l e priority flow entry m atching flow entry flow entry Apply Instructions flow entry Match Act io n Se t Pip e lin e Field s Pack et Extract header fields flow entry table miss flow entry Apply-actions {list of actions} modify packet update match fields update pipeline fields if output or group clone packet Clear-actions empty action set Write-actions {set of actions} merge in action set Goto-table {table-id} Flow Table Execute Action Set Packet clones Egress Figure 4: Matching and Instruction execution in a flow table. Software Defined Networking - 54 Each flow entry contains a set of instructions that are executed when a packet matches the entry. These Pag. 18

19 Openflow versions Published by Open Networking Foundation No profit Funded by Deutsche Telekom, Facebook, Google, Microsoft, Verizon, etc. Software Defined Networking - 55 SDN architecture in action Andrea Bianco andrea.bianco@polito.it Software Defined Networking - 56 From Kurose Ross: Computer Networking An example network graph statistics Link-state info host info 2 s1 Dijkstra s link-state Routing RESTful API 1 s3 s2 flow tables SNMP s4 intent switch info S1, experiencing link failure using port status message to notify controller SDN controller receives message, updates link status info Dijkstra s routing algorithm application has previously registered to be called when ever link status changes. It is called. Dijkstra s routing algorithm access network graph info, link state info in controller, computes new routes Software Defined Networking - 57 Pag. 19

20 From Kurose Ross: Computer Networking An example network graph statistics Link-state info Dijkstra s link-state Routing RESTful API 2 host info flow tables SNMP intent switch info 5 6 Link state routing app interacts with flow-tablecomputation component in SDN controller, which computes new flow tables needed uses to install new tables in switches that need updating 1 s1 s3 s2 s4 Software Defined Networking - 58 Some issue? Andrea Bianco andrea.bianco@polito.it Software Defined Networking - 59 Topology discovery Through LLDP Link Layer Discovery Protocol Software Defined Networking - 60 Pag. 20

21 /SDN tutorial, Srini Seetharaman Topology discovery view is not always complete. For instance, what does the controller see here? OF switch X Non-OF switch OF switch Y Host A Non-OF switch Host B Internet Host C Software Defined Networking - 61 Protection/restoration Current network heavily rely on SDH Ring based topology Fast automatic reconfiguration SDN centralized approach may be slow Alternative port can be specified Need to ensure consistency while modifying a policy Software Defined Networking - 62 traffic: an (extreme) example Given a network application and a topology, empirical model to evaluate the Openflow traffic Based on real controllers (ONOS / OpenDaylight) and applications (layer 2 fwd) Goal: evaluate impact of (in band) control traffic in real networks Software Defined Networking - 63 Pag. 21

22 Distributed controllers Andrea Bianco Software Defined Networking - 64 Srini Seetharaman, /SDN tutorial Centralized vs Distributed Control Centralized Control Distributed Control Switch Switch Switch Switch Switch Switch Software Defined Networking - 65 Why distributed/multiple controllers? To enhance resilience to failures failures can be managed Still to deal with failures in data and control plane To solve scalability issues Faster controllers Limited scaling More proactive rules to reduce number of requests Limited flexibility Multiple controllers Permit load balancing to reduce processing load Permit switch migration Software Defined Networking - 66 Pag. 22

23 Switchcontroller traffic Software Defined Networking Distributed controllers Virtual topology among controllers to coordinate the operations of the controllers peer, hierarchical, master/slave Network view maintenance different levels of consistency (strong/weak) among the controllers affects the reactivity may lead to temporary rule conflicts Software Defined Networking - 67 Control plane in distributed controllers Switch-controller (Sw-Ctr) traffic Standardized -controller (Ctr-Ctr) traffic (East-West-bound interfaces) Proprietary To get consistent view May be non neglibile Critical for reactivity Inter-controller traffic Software Defined Networking - 68 Data authoritative model A single controller is owner of the shared data e.g. network graph, association switch to controller Single data owner model Read/write operations always forwarded by the local controller to the data owner controller distributed architecture only for high availability implemented in clustered version of OpenDaylight Multiple data owner model Read/write operations are local and then forwarded (asynchronously) to the data owner controller Software Defined Networking - 69 Pag. 23

24 Inter controller traffic Single data owner Setting up the shortest path to the source for all switches Software Defined Networking - 70 Reactivity for Multi Data Ownership Data owner controller Data owner controller Data owner controller T R T R = Sw-Ctr RTT Switch S1 Update data Response Flood update Software Defined Networking - 71 Reactivity for Single Data Ownership Algorithm for strong consistency Data owner controller T R T R = Sw-Ctr RTT+2 Ctr-Ctr RTT Switch S1 Update data Raft request Log replicatiom Log reply Log commit (on majority) Response Software Defined Networking - 72 Pag. 24

25 placement 3 controllers each point correspond to a different controller placement Software Defined Networking - 73 Control plane: ctr-ctr traffic Traffic exchanged (in band) between controllers to synchronize the shared data structures within a cluster of SDN controllers Topology store in ONOS (fixed topology, LLDP refresh only) Software Defined Networking - 74 Stateful data plane Andrea Bianco andrea.bianco@polito.it Software Defined Networking - 75 Pag. 25

26 Stateful SDN dataplane Stateless approach () Stateless switches, all the states in the controller Limited reactivity due to the (logically) centralized approach Stateful approach: OpenState, OpenPacketProcessor (OPP), P4 Permit some level of stateful processing (e.g., finite state machines) within switches OpenState adds a state table (IF state A THEN IF state B THEN) OpenPacketProcessor: state defined with multiple variables, counters, P4 much more flexible (description language of HW behavior) Enabled by new generation of hardware 6.5Tbps Tofino Barefoot Networks Software Defined Networking - 76 Hardware implementation Software Defined Networking - 77 Naive load balancer Toy example Forward up 0 1 Forward down Traditional SDN controller Stateless switch Other examples Interaction with a classifier Port knocking FSM State 01 Forward up Forward down Stateful SDN controller Forward up FSM State 10 Forward down Stateful switch Software Defined Networking - 78 Pag. 26

27 Traffic classification Mirror a pre-defined number of packets to traffic classifier for each flow Interrupt the mirroring if the flow is identified Software Defined Networking - 79 Traffic classification Two approaches Simple Count Down Memory purging issued by the controller to avoid waiting for the timeout Software Defined Networking - 80 Traffic classification Compact Count Down Countdown interruption envisioned Software Defined Networking - 81 Pag. 27

28 Port knocking: tables Software Defined Networking - 82 Stateful benefits Improve network reactivity Simple local decisions at the switch Reduced controller load Reduced signaling overhead Permits to gracefully move functionalities Balance central vs distributed control Not all switches need to be stateful State positioning or distribution Software Defined Networking - 83 Time based operation Andrea Bianco andrea.bianco@polito.it Software Defined Networking - 84 Pag. 28

29 A toy example Enables synchronous operations In elastic optical networks (grid based WDM) permits to reduce the disruption time induced by lightpath swapping If a new request of 2 slots from A to D arrives, to accept it we need to move currently allocated lightpaths If done asynchronously it would imply longer reconfiguration times Software Defined Networking - 85 Hands on SDN Andrea Bianco andrea.bianco@polito.it Software Defined Networking - 86 Openflow switches Openflow hardware switches are still expensive since aimed at high-professional market (e.g. data centers, network operators) Openflow software switches OpenvSwitch open-source virtual software switch can be installed on a pc, on a VM, within the kernel supports Openflow Software Defined Networking - 87 Pag. 29

30 Network emulator Mininet Network of OF switches Linux hosts API to issue commands Very basic controller available SDN emulators Software Defined Networking - 88 SDN controllers (too) many controllers are available you can easily write your own Software Defined Networking - 89 SDN s Open-source controllers POX phython, just for test OpenDaylight vendor-funded project the universal controller for data centers and TLC operator quite complex but flexible ONOS focused for large telecom networks well-documented and relatively simple to use Ryu good compromise between simplicity and flexibility Software Defined Networking - 90 Pag. 30

31 First hands on Openflow Download the VM Follow the instructions Enjoy! Software Defined Networking - 91 SDN and NFV Andrea Bianco andrea.bianco@polito.it Software Defined Networking - 92 SDN and virtualization Are SDN and virtualization related? Yes and no Are virtualization and network slicing related? Yes and no SDN and NFV related? Yes and no Virtualization/Network slicing/nfv exist without SDN Virtualization already available for CPU, resources, disk, virtual machines, SDN makes it easier to exploit virtualization at the network level Software Defined Networking - 93 Pag. 31

32 Definitions Virtualization Abstraction of resources Hiding irrelevant aspects Network slicing Network partitioning Possibly of virtual resource NFV Exploits virtualization to virtualize nodes and functions (typically in chain) Software Defined Networking - 94 /SDN tutorial, Srini Seetharaman Isolated slices Many operating systems, or Many versions Ap p Ap p Network Operating System 1 Ap p Ap p Network Operating System 2 Ap p Ap p Network Operating System 3 Ap p Virtualization or Slicing Layer Ap p Network Operating System 4 Open interface to hardware Open interface to hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Software Defined Networking - 95 FlowVisor Example of network virtualization with Openflow (2009) Partition the flow tables in each Openflow switch which flow belongs to each controller flowspace defines a network slice Packet header used to identify the flowspace FlowVisor acts as a proxy between the Openflow switches and the controllers Software Defined Networking - 96 Pag. 32

33 FlowVisor Architecture FlowVisor Custom Control Plane Network Stub Control Plane Data Plane Server Protocol Firmware Data Path Servers FlowVisor Firmware Data Path Switch/Router Switch/Router Software Defined Networking - 97 /SDN tutorial, Srini Seetharaman Switch Based Virtualization Research VLAN 2 Research VLAN 1 Production VLANs Flow Table Flow Table Normal L2/L3 Processing Software Defined Networking - 98 SDN and NFV Software-driven networking solution Open software and standard hardware NFV: run NFs on industry standard hardware SDN: run controller and software switch (vswitch) on industry standard hardware Software Defined Networking - 99 Pag. 33

34 Reciprocal support SDN-NFV NFV supports SDN SDN controller and/or network applications can run on a VM in a cloud leverage reliability and elasticity SDN supports NFV SDN provides the logical routing across a chain of functions SDN provides network connectivity and provides end-2-end performance guarantees Software Defined Networking SDN and NFV differences Separation NFV aims at decoupling NFs from specialized hardware SDN aims at separating the packet forwarding from the network control Legacy NFV can work on existing networks SDN needs new network equipment Software Defined Networking SDN and NFV differences Granularity NFV works at service level SLA at L7 level SDN works at flow level at L2-L4 level Data plane works at packet-by-packet Software Defined Networking Pag. 34