Linking IoT and SDN: How ODL can play a key role in IoT

hello my name is Lionel floret I’m part of the IOT DM project that we have started John Burns is here sitting here can you raise your hand John has produced most of the code that was part of this project and yet Medved is in another room map presenting some content this project is about IOT and what we have done is we have created an application on top of odl it’s not really related to sdn we have used odl as a development platform to build something that is completely is not is not related to it to sdn it is it is an IOT project there are some hooked with sdn and we’ll see this at the end so on the agenda we have well give you an overview of what this project was about then we’ll talk about IOT middleware and we’ll give you an overview of the IOT middleware technology that we have followed here in this case it’s we have followed the specification called 1 m 2 m and then we’ll review the software components and then we’ll see potential links between IOT and sdn IOT DM at the Linux Foundation we started the project in December 2014 the goal was to produce a Nyota middleware over open daylight as i mentioned based on on one m2m and basically we wanted to have the burb own resources support for that so minimal implementation but this would get us started the delivery was in lithium release and you have a pointer to the project page here so the overall architecture is is shown on this slide we have reused infrastructure of odl to build our application we have reused the data store we have reused some plug-in components and and various pieces the the MD sell the ER pcs and on top of that we have our data collection function this is the IOT DM function this coexist with other odl services at the bottom of the of the slide you see various plugins in the case of would yell those plugins connect to network elements for us the elements at the bottom could be network elements but they are mostly things in the context of IOT a network element could be a thing but you could have pacemakers or traffic lights those are things or plugin look very similar to the ones we have in odl we have as a matter of fact we have leveraged the SNMP plugin in some cases we have the HTTP plugin and we have added the co-op plug in here too to communicate with the things the northbound part is the connection with vertical IOT applications northbound soul southbound is really illogical separation I mean it just to explain where how things flow but in fact the way applications access the data store or the way things access the data store are identical for the moment so which IOT problem did we want to address with this with this application there are many challenges in IOT just just one of them here is the variety of things iot an IOT solution is composed of many different components which are unrelated with each other when somebody for example makes a Xerox printer it doesn’t expect the Xerox printer to talk to a light bulb for example and in fact I would wish that the light the Xerox printer in my office talk to light bulb so when I step into the copy machine in the copy room the printer warms up because if there is one thing that I hate is to stand by the printer and wait for it to warm up so if the light bulb motion sensor could know that somebody’s in a copy room and tell it to the the copy machine that would that would be an application but when you build a light bulb you cannot imagine that your light bulb will eventually talk to a copy

machine so the older things are built for a purpose but they are not built to talk to anything to everything else yet so this is challenge number one the challenge number two is solution lock in when you buy an IOT solution these days you buy a full system that works and to end what people don’t realize is that when you buy this system you’re locked into the system itself and this is an example of that in the u.s. we’ve had they there is a big debate going on right now over cameras that you put on police officers and in 2013 the Congress has funded for 50,000 cameras four hundred dollars this price about about for one camera and the idea is for the the officers to to film everything that is happening during their work day when they do that at the end of the day they come back to the office they remove their their camera they put it on the cradle and the video is uploaded an arc ID for five years or a certain amount of years in Oakland nearby we have the biggest deployment it’s 600 body cameras now what’s the police department may not have realized is that when they bought the solution from a specific vendor they bought the cameras but also they bought the backend system that goes with the camera so they can manage the video they also bought the subscription to manage the accounts and and so on and so forth so they bought the whole package what would happen if they are not satisfied with those cameras or they want to introduce a new model or somebody page them that instead of having a brick to your chest you could have a pin camera behind the badge from another another vendor how would they integrate those new cameras into the existing deployment they have well most likely they can’t do it they will have to deploy another system in parallel same with the back end if they are not happy with their back end but you want to keep the cameras since the back end and the cameras were are sold by the same vendor in the proprietary deployments they cannot change the back end because they would have to change all the cameras another way to deploy this is to have this middleware so the iot middleware would get the video feeds during the night so the same operation the police officer at the end of the day they remove their camera they put it on the cradle the video is uploaded not to the video management system but to a staging area an IOT middleware area overnight and then whoever wants to use this content can just go and tap into it so in this way you can add another type of cameras another vendor and you can also have any number of back-end systems that can openly tap into the video stores so here is the enters the middleware so the iot middleware is one of its purpose is to have a standardized api towards the devices and standardized api is towards the applications and you interact with the data repository with crud and so create retrieve update delete and notify verbs on top of that you can lay out a reasoning layer which will massage the data if needed to be so this is the that’s the context in which we are we have produced did this IOT DM data collector now we decided to follow one m2m specification and the reason why did that is because one m2m was the body that was the most advanced at the time we decided to implement this we are not sure we’re not advocating that this standard in particular will dominate the aot space but we just we just saw the we just took the most mature one a little bit of background of about 1m to web so the purpose of what m2m is to have a common embedded iot middleware across various verticals so it’s that when when we say vertical in IOT we mean

transportation energy education I mean various home and those are specific verticals that usually IOT the systems are optimized for one and two M wants to cut across and have a common layer for all of these so it it enables the interoperability as i mentioned across multiple devices and it was created by a group of s do switch realized about three years ago that they were working on the same thing so instead of developing parallel and the same thing in different places they realize that merging the efforts was of the benefit for everybody and notice that those has the O’s come from all continents so this is really a global effort there are about 200 member companies in in one m2m at the moment so specifically what they are defining is a set of services as I mentioned those services would provide data exchange and that’s too that’s the piece that we have implemented in the odl IOT GM project remote device management security and access control and connectivity handling these common services or have interfaces to applications they have interfaces to the network in the sense that they will be able to interact with the network and consume services that the network may offer and also it has an interface towards other instances so this could be fully distributed in fact when this is deployed in the one m2m spirit you would have one m2m instances on gateways and then you can have a year key of gateways and eventually have a data center instance so it’s a restful architecture all IOT entities are represented in the tree as resources applications devices data access rights billing everything goes into a resource tree the attributes of the resource tree describe how the system should manage the resource tree you can imagine that if you start collecting data from things your resource tree may may grow at an exponential speed and you want to be able to have the knobs so you keep in check the size of your tree and the shape of your tree for example you may want to say I want to collect data but I don’t want to collect to keep them more than one hour or one day or one month I want to limit the number of instance of measurements I collect for a specific specific device all of these are all of this information is embedded into the IOT resource tree the tree representation is standardized so any entity that wants to access this tree will know how to navigate the tree but the implementation itself of the tree is not so we have implemented this inside the odl infrastructure using the the in-memory data store but you somebody else could implement it the same tree with the same facade if you will but of course on a completely different technology so by understanding a common tree IOT components can interoperate if everybody everybody knows how to navigate the tree and where to find information in the tree they will know where to find the measurements they will know what where to find the access rights they will know how to limit access to certain portion of the of the subtree and this is all published by one m2m this is an example of of the resource tree as per one m2m specification the the Square rectangles or the resources and the bubble the bubbles are the attributes so you have for each resource you have a set of attributes that tells the system what to do with the resource and how to manage it for example who created it max the maximum number of instances you have on the tree the location of the of the resource so who where it was created where the record is coming from etc so this is all metadata that is well defined and published some resources are very interesting so when when somebody

wants to observe the tree for example an application wants to know if things change in the tree they can create a subscription under a specific resource and if this resource changes then the external application can get a notification for example you could say notify me if the temperature of this of this room exceed a certain a certain level then you’ll get you can get a notification or if you have a new measure of something then you can get a notification if something changes in the position of an object then you can get a notification another interesting attribute is this ontology reference ontology references the it’s a pointer to the explanation of what the data means because once the data is deposited into the resource tree for other entities to consume it they need to understand what it means they need to understand that number five is kilos or meter per second or something else so in the standard they have thought about this layer of reasoning on top of that and this is one of the hooks the ontology reference I don’t know if this yeah this is coming this is just an example of one application we have we have implemented it just one of the one resource tree representing this application it’s called location application entity and what we have done is basically we have we have created an app that can find objects based on different technologies so if my I if my phone supports gps my phone can also be located with Wi-Fi if I walk in this room and and into a there is indoor y5 Wi-Fi there could be another way to locate my position or i can have bluetooth and I beacons in the room and I can even more precisely locate my position so there are several ways to locate things and in the application we have we had created we had this resource tree where we have the mac address i can actually can use my pointer so you have the mac address here of the things that we are we are locating and under each thing we have put the technology that we have used to locate those things so the resource tree looks like this and you have in the resource tree if an application wants to know where the mac address of the phone one is located the only thing that this application is to know is how to get to how to get to mac address of phone one and then the tree below it is just it’s each technology for locating this this phone is represented there so you have several positioning data below so it’s very easy for an application that has nothing to do with iPhones and has nothing to do with the objects your locating to find the location of those objects so how would it work in terms of a cold floor you turn on the phone you turn on an object a device what happens so this is a simplified cold flow you can have other options but this I think gets the point across when you turn on a device the device will just authenticate itself and will communicate its credentials that may have been burnt into the device at in the in the factory floor when the device was manufactured or maybe somebody has put credentials inside the device in one way or another so those green shells are are communicated to the authentication server the authentication server will validate those credentials and send back a token to the device also along with the IU TDM this is the IOT data collector IP address and maybe some other configuration for the device and so the device now is well equipped to upload its data to the IOT data collector so did what the device does in the data transfer section over here it will just send a crud create a resource send along its token the IOT DM receives that will validate the the token and if the token is valid then it can execute the creation of a resource in the context of our project we have not implemented the token and the security peace we just we have just implementing implemented the the writing so far now initium as it stands any device when that you turn on the device device can

just go into the IOT DM and not yellin and just right into the resource tree but this this would be a typical way that the device would access IOT DM so software components the various software components involved here typically you have so first of you you have a client and you have the the middle we’re running on a deal the exchange between the two if one follow the one m2m specification will be in form of JSON we have we support Jason one m2m has also provision for XML we decided to only support Jason because we feel that it makes more sense it’s more compact and for real scenario deployments we expect that Jason will be mostly mostly used so basically what m2m has specified this the format of this message at the bottom here and you have a client the client could be an IOT application or it could be your toothbrush or your fridge and you have the server on the right-hand side with the data store the client has an IOT application the iut application running in the client is the logic that defines what this device is supposed to do so if the device is supposed to measure temperature than this I UT application is the interface between the physical part of the client if you will and and produces useful data the IOT application will call some methods from a device plug in what the device plug in typically will do it will present to the IOT application functions to call classes to call in the native language that the IOT app is written and we’ll turn this into a JSON format so you don’t have to so the the person writing the IOT application doesn’t really have to understand or to build by hand the the JSON payload that is compliance to the one m2m specification although this is possible that those two pieces the device plugin and the IOT application could also be bundled but we expect that it will be easier to produce IH applications when the device plugin is already very freely available so you don’t have to to mess too much with with Jason we have in the context of the IOT DM project we have produced a Python client and also a Java clients that we have made available then you go to the protocol binding so your your JSON format your JSON payload has to write over something co-op HTTP is what we support we will add the support for MQTT in beryllium and then the data flows onto the data collector to OD Liu TDM and the reverse operation so there is the southbound plug in here at the bottom and it communicates with the protocol plug-in which basically received the JSON payload turns around calls an RPC and send send the data to the core functions the core functions of our HTM will receive this JSON payload will check if it’s valid we’ll go over the one m2m procedures to write into the data store and eventually the resource tree is built this way so we use postman a lot we have placed a an instance of IU TDM on the internet so if you want to do cruds to it you can certainly do so here in this case what you’re saying here is a is an example so we have we have a sandbox at this address and this is what you’re saying here is a well formatted message for to create a a container inside the resource tree now there is a protocol binding that takes place meaning that when when you want to create something into the resource 31 and 2m space will specify the format of the payload and Jason but also will indicate to you which header you have to use in order to to create

your resource tree so it’s I mean this is fairly easy to do we have a set of John has put together a set of of calls that you can use in order to just create create objects so here for example we are getting the root of the tree those abbreviations here they look a little bit cryptic but those are one m2m fields and they are basically telling you what this resource tree is about it it’s it’s describing what I showed you in the graph was the bubble the bubble diagram it’s it’s showing the name of the of the tree it’s showing the the identity of the tree the type of resources supported and so on and so forth so here so those are again it’s a library of of creds that you can reuse as you send you send you can see the for example here I just created a an application and TT container and so here there is the there is no metadata related to this to this container so it’s very straightforward and again easy for you two to test because the the instance is running on the internet so you don’t even have to to install anything on on your local system now there are some cases where you cannot modify the client you may interface for example with routers or with devices that you don’t control if that’s the case then there is also an option to connect non one m2m aware clients if those want em to non 1 M 2 mm where clients talk another protocol then what you have is the need to develop a proprietary plug in one example of that it’s not really proprietary but it’s not what I’m to M is when we connect two routers we want it for example to know the load of a of a specific port to a router so we used SNMP and in this case well the payload and the proprietary communication is actually SNMP to router so the router is the clients it does the routing business it talks as an MP chew they the southbound protocol plugin from odl and then the proprietary plug in basically takes the SNMP payload formatted in one m2m format turns around and calls and send it north to the the core functions over an hour PC very easy very easy plug in to develop so when when could you contribute if you wanted to contribute you may want to contribute in the core functions by adding or expanding this one m2m features you can also contribute in terms of protocol plugins you can contribute with the device plug in if for example you want to develop a plug a device plug in for phones and then that would be very useful for the community of course I duty applications is something that can be developed now where is the intersection between sdn and IOT as I mentioned earlier all our project was using odl as a development platform for for IOT but there are once once you have the IOT data on the on the controller there are things that you may want to do that could be interesting so Moore’s law says that you will have a IOT devices will be more and more intelligent and we will create very complex networks as we go you may have seen other presentations in the week and those networks that IOT will produce will grow larger and larger so manual management is not going to be an option for these all of these things and will have to to find a way to steer the traffic or to maintain a traffic of IOT in and to manage this this this this myriad of little bursts of traffic will get into the data store so two main topics emerge is the the data plane

management and NFV so data plan management meaning maybe you want to isolate the the IOT traffic maybe you want to protect the IOT traffic maybe you want to isolate a certain flow because you want to observe it from a given device so this is definitely a topic of interest NFV of course is in the mix because you may want to send the traffic of a certain of a device into a firewall because you have detected that all of a sudden your fridge was downloading downloading hundreds of megabytes of data from your network and so that’s not what a fridge is supposed to do so maybe you want to observe that fridge and maybe you want to take just this flow and send it into a deep packet inspection or or intrusion intrusion detection system so security is also a big deal so data data plan management security you want you want access control policies and authentications maybe you want to nail statically the to pair the devices to a given I you TDM instance so if a device comes online you want to make sure that this device actually exchanged information only with one data store and not not anywhere else so it goes only to this one one I otdam instance that you have defined for this this class of device traffic engineering capabilities as I mentioned it can help segregate or block some Network passes and the policy distribution also so GBP may be playing a role here those are things that we are we are actually looking at so in conclusion odl has proven to be a flexible platform for for IOT for us and the iu TDM projects was released as part of lithium it brings IOT data awareness to an SDN controller and there is synergy between iucn sdn and security and resource management SAR definitely two topics worse exploring if you’re interested in more and you want to participate to a project well first if you’re just interested in seeing how it works you can go to the developers at cisco.com and you can find the IOT GM sandbox this is where we put the the instance of IOT DM so you don’t have to install anything if you’re a developer and you you have you have to need to interact with a 1 m2m compliant system then you can do it for free here so again if your developer that’s that’s something you can do or you can also install the IOT middleware locally we have instructions on how to do that you went as you install odl on your system you just enable the OTL dash 1 m2m feature and off you go you’re your own autonomous and you can you can credit to your to your system locally if you’re a Java developer and you want to contribute to the IOT middleware then you can come to our page and and find us there this is it do you have questions on this topic the no questions yes so your question is I’m not sure if I am if I her there is a lot of background now he’s here so so the devices do a lot of things and you want to manage to manage yes yes yes yes yes I understand so thank you for

the question so the question is you have a plethora of devices and the export very unrelated information and how do you how do you reuse that information as you receive it this this data repositories generic so you can receive information from any type of device doing any any sort of things what the device needs to do is it needs to be programmed to know where to write its information and once it it knows where to write the information in the resource tree it will deposit its information there any application can come and consume that information that the device has deposited so this is for the information exchange now devices can also be should be managed and actuated and operated this is another part of the one m2m specification that we have not implemented yet but the way the information is deposited can be easily retrieved by any entity whatsoever so this is really the point of this project is to enable to decouple the application yo-yoji application space and the device space yes yes yes thank you for the question so there is a time series data project that is going on which allows any type of data to be written into known databases Cassandra h2 and other SQL this is for us one of the biggest benefits of being an application running on on UDL because we will get this for free so we will have this API the API of this project and we can just push data onto towards this project and we get the benefit of having those databases behind odl so for us it’s fantastic and so I mentioned other southbound plugins that we we were reusing from odl earlier there is excess ql also this is was another project which can turn this resource tree into an SQL structure we can export to SQL we can export to CSV and we haven’t we haven’t done it we have we have just reused what was there from the existing odl infrastructure in in the case of that time time series data yes it will be an external database right right now is just the resource tree the the in-memory data store that everybody uses we have reduced the same facility totally possible you remember the JSON format so the JSON format has fields for attributes for the various resources and then there is a field for the actual content of the data this content could be encrypted itself so it could be a series of string and that string is could be the encryption the encrypted representation of actual data and in this case a reasoner that would be installed on odm to massage the data would not understand that that piece but there is a benefit steel which is the data exchange between different parties now those different parties need to have the keys and the algorithm to decrypt that piece so that string that an encrypted string but at least it everybody knows where it is it can be accessed so in the case of this the video example that I mentioned earlier the video file could be encrypted and could be deposited there and if you have the right kid and you know where to get it and that’s very easy yeah so so the question is how do you

how do you push data to the device and how do you deal with rogue devices if the device starts to misbehave pushing data to the device you can send notifications to the device now it’s depend on the underlying protocol for example HTTP does not really support that you have to do a post to the device if you want you to do so HTTP is not it would not be the best web socket if you this this is in the plans its is being defined one m2m so this is a way to communicate bi-directionally where’s the devices and to wake up the device co-op is also another way so co-op allows the device to keep the connection in an observed state so you can observe resources and then the data store can send notifications to the device this way so it will depend on the underlying protocol the SD I believe as the N can also be a way to deal with the rogue devices so if you realize by observing the resource tree that a device is not really quite behaving properly then this is this is maybe a good place for Sdn to play and to as i mentioned redirect transparently the flow from the device to a some sort of inspection engines virtualized functions before the the flow arrives to the data store so the question is if you have multiple protocols in the access Bluetooth zigbee Wi-Fi how do you actually control those devices or access those devices from the perspective of IOT DM we expect IP and we expect some wire protocol over this we are not aware of the underlying mechanisms of the communication so in this case Jason runs over HTTP which runs over the whole stack Bluetooth Wi-Fi all of this or below they are a big problem in the field of IOT but for us in the regard of data exchange we’re we’re a layer above if you will right so we are unaware that the device is connected Bluetooth or if it’s a simple one dollar device or a huge locomotive train for us it’s just an IP stream coming at us it could be this way or it could be that the device is connected Wi-Fi to a gateway to a Wi-Fi access point and then you run IP over this from the device to the IOT DM but you could also have an intelligent gateway that deals with the connectivity you could have a gateway in a car that connects to a real real time Ethernet environments and some some very bizarre Modbus or some other some other as specific vertical specific protocols this gateway may turn around and be the one m2m client to us it’s also possible we could also have if the gateways powerful enough we could also have odl running on that gateway you’re absolutely correct we are we’re looking at oh I see at the moment and we believe that one m2m and oh I see should be a bridge together in the real world you will not have a space that will be solely dominated by one one set of standards you will have in real life evander a and vendor be it will happen to have implemented different

specifications so OIC is definitely something we want to bridge into one m2m has just proposed a work item to define a gateway function between OIC and one m2m with this is something we could certainly implement here and we’re we’re waiting for this this work to develop a little bit and maybe we’ll come back to it and and make it available in IOT DM so we could accommodate the multi tendencies in various ways you could have your tenants in in the same tree so you could have one branch for one tenant another branch for another talent one implements for that they have access control policies that you embed into the resource tree that will tell you exactly who can access what branch so it’s it’s a but the tenant ID inside the Jason what do you mean by that is oh so the authentication piece you want to make sure that you authenticate the device properly so so this I view this as an external function to this project this project will get a token as as I mentioned you remember the call flow so you get a token from a device and with this token you will IOT GM will verify with the authentication server if the device is I mean what the device can do in the resource tree basically and what is the realm of that device but I Oh TDM itself will not do the active authentication the verification of identity will rely on something external yes when m2m is defined in the spirit of having multiple customers in it we could also support actually we do support multiple trees so we could have several instances of resource trees per customer this is something that we can also do yes yes definitely so you could have a resource tree for coca-cola research three four Pepsi so you could have separate resource to eat or you could have one massive resource way with access control policies which will segregate and segments who can do what in in the tree other questions thank you thank you for your time thank you