ONF Certified SDN Engineer (OCSE)

 ONF certified engineer   

Examination Details & Blueprint for 
ONF Certified SDN Engineer Exam

 

Exam Title: ONF-Certified SDN Engineer (OCSE-111)

Exam Details: 70 questions in 90 minutes and an overall (all domains) pass score of 70%.

Exam Delivery: Delivered electronically via secure login, with attestation and affirmation of academic integrity by the candidate. Exam to be available in English and Simplified Chinese by Q3 2016.

Exam Fees: $240.00. ONF members will receive a 25% discount. 
Additional fees for remote proctoring may be assessed. Please contact training providers for more details

Credential Awarded: ONF Certified SDN Engineer (OCSE) upon successful completion of the exam.

Exam Purpose: This certification exam attests and formally certifies that the successful candidate has vendor-neutral technical knowledge, skills, and abilities of the major domains of networking practices that support the theory and practice of Software Defined Networking (SDN). It presupposes deeper technical knowledge, skills, and abilities in computer networking practices, and will validate all the major aspects and domains of knowledge and practice in SDN networking environments. The certification will be considered mastery-level validation and certification examination for technical professionals in the domain of SDN networking.

Intended Exam Audience

 Job Position Primary Job Responsibilities 
   
SDN Sales Engineer Create BOM’s
High Level Architecture and Design
Product Comparisons/Capabilties
RFP’s/RFI’s
Product Line Updates

DevOps Engineer Script & Automation IT
Describe/Define IT Automation
Process Re-engineering

Technical Marketing Engineer Product Positioning and Differentiation 
Compare/Contrast Products (Both Internal and External Products)
Sales Enablement
Technical Documentation/White Papers/Collateral

Network Technician Troubleshooting/Problem Isolation
Installation/Migration
Monitoring
Trouble tickets and documenting/communicating issues via wiki etc.

IT Analyst Recommend IT Architectures/Products/Systems
Test Plans (product certifications for ONF)
Performance & Monitoring (see above in Network Technician)
Business ROI Comparisons

Network Technician (Mid-grade Level) Troubleshooting/Problem Isolation
Installation/Migration
Monitoring
Trouble tickets and documenting/communicating issues via wiki etc.

IT Analyst (Mid-grade Level) Recommend IT Architectures/Products/Systems
Test Plans (product certifications for ONF)
Performance & Monitoring (see above in Network Technician)
Business ROI Comparisons
Education (if there is public material or could use high level examples of ROI savings)

System Administrator (Mid-grade Level) Manage IT Systems
Operations Process
Deploy Server/Storage Infrastructure (non-network)
Hypervisors/Overlays/Virtual Switches

Software Engineer (Mid-Grade Level) Design, develop, and maintain software

Consultant/Professional Services Engineer Design/Implement Network Services
ROI/CapEx/OpEx Analysis
Business Proposals authorship, management
Recommendations for Network Architecture/Integration 

Student/Research Lab/EDU Validate course level knowledge for online course in SDN engineering expertise foundations at a practitioner level
Practicing more advanced networking technologies
Tech Evangelizing/White Papers/Speaking
Understanding from Academic/Theory and Practitioner Perspective

Network Engineer/Architect Implementaton/Migration
Design/Architecture
Troubleshooting/Operations

Network Security Engineer Implementation/Migration
Security Assessments for Network Infrastructure
Compliance Reviews 

Information Security/Assurance Engineer Risk Assessment
Compliance Reviews 
Governance
Application/Physical Security Analysis
Malware
Incident Response

Hardware Engineer Chip Design
Platform Design/Implementation

Solution Architect High Level Design
Business Requirements Analysis and Translation
Technology Evangelism
Training and Mentoring
Technical Trainer Course Development
Course Delivery
Technology Evangelism

Prerequisite Knowledge and Recommended Training Materials

In order to pass the ONF OCSE Exam, a deep technical knowledge from a practitioner standpoint of computer networking is assumed, with specific experience with SDN networking also required. While experiences and job responsibilities may vary, only those who have specific hands-on experience with SDN from a technical level should take this exam. Resources that would be helpful include publications on networking from an engineering/practitioner standpoint, mid-level certifications in networking from such organizations as Cisco, Citrix, CompTIA, Juniper, Metro Ethernet Forum (MEF), Microsoft, or others of similar complexity, and materials freely available from Open Networking Foundation. Other materials and resources may be referenced on https://opennetworking.org/sdn-learning-resources.

ONF Certified SDN Engineer Examination Blueprint

 Domain % of Exam
   
1. SDN Concepts 10%
2. OpenFlow 20%
3. SDN Architecture and Ecosystem 15%
4. SDN Implementation and Migrations 25%
5. Troubleshooting and Testing 15%
6. SDN Security 10%
7. SDN Futures 5%

 

Domain 1: SDN Concepts

Describe how SDN solves network issues and implements use cases.

  • SDN Value Proposition
  • Implementing the SDN Forwarding Plane
  • Implementing the SDN Control Plane
  • Evolution of Switches and Control Plane
  • Protocol Limitations that SDN solves
  • Inadequacies in Networks today
  • SDN Devices and Device Functions
  • Application workflow
  • Programmability (Netconf, Yang, REST)
  • NFV and SDN Use Cases

 

Domain 2: OpenFlow®

Describe and list the OpenFlow® Protocol message structures, features, and headers.

  • Message Types and Headers
  • Basic Operation/Packet Matching
  • Proactive vs Reactive Flows
  • Statistics/Counters
  • Flow Timers
  • Group Tables
  • IPv6
  • Optical Port Properties
  • Port groups and Mapping
  • Message Structures
  • Instructions and actions
  • OpenFlow® Management and Configuration Protocol (OF-Config, OAM, OFDPA, OVSDB, etc.)
  • Action Lists, Sets and Buckets
  • Detailed Packet Matching/TLV’s
  • Sub-Actions
  • Metering

 

Domain 3: SDN Architecture and Ecosystem

Identify SDN architectural component design, API principals and SDN network design.

  • Hybrid switch modes
  • Reactive versus Proactive Applications
  • Common API Primitives
  • API Communication Protocols (REST, RESTCONF, JAVA)
  • Controllers
    • Open Source versus Vendor Specific
    • Anatomy of a Controller
    • Controller Redundancy
    • Imperative/Declarative Paradigms
    • Topology Discovery
    • NBI Models/Implementations
  • Software vs Hardware switches
  • Managing Scalability

 

Domain 4: SDN Implementations and Migrations

List various SDN migration strategies and deployment options and considerations

  • Controller Placement Design and Considerations/Implementations
  • Application Considerations
  • Scalability Considerations
  • TCAM Limitations
  • Simplifying OpenFlow® with Table Type Patterns (TTP’s)
  • Controller Clustering
  • Controller Federations
  • Hierarchical Controllers
  • Migration Strategies Greenfield/Hybrid/Mixed
  • Migration Approaches
    • Direct
    • Phased
  • Migration Planning
  • Migration Best Practices
  • Implications of a mixed network
  • Carrier Ethernet Network Virtualization
  • Packet-Optical Integration
  • Optical Network Service Provider Data Center Interconnection (DCI)
  • OpenStack and SDN Controller interaction

 

Domain 5: Troubleshooting and Testing

Given a scenario, demonstrate knowledge of how to configure and monitor and test an SDN Network.

  • Troubleshooting Flow Table Scenarios
  • Reading Flow Table Entries
  • Packet/Wireshark Decoding/Debugging
  • REST Messaging Types/Wireshark
  • Curl debugging
  • Mininet set-up
    • ovs-ofctl
    • mn sudo
    • curl
  • Description of the test program
    • Test Profiles
    • Standards
    • Specifications
  • Performance Benchmarking
  • Tool Sets
    • of-test
    • wireshark dissector
    • flowsim
    • flowvisor

Domain 6: SDN Security

Identify ways to secure SDN controllers and switches.

  • Benefits to networks by SDN architecture
  • TCP level secure channel/communication/session establishment between controller/switch
  • In-Band and Out-of-Band management security considerations
  • Controller HA
  • The Implications of SDN on Network Security
  • Securing the OpenFlow® Protocol
  • Securing the OpenFlow® data plane
  • Software Development Lifecycle
  • Controller/Element Hardening
  • Securing users in a Wi-Fi environment

Domain 7: SDN Futures

List and describe SDN future projects and developments.

  • Describe the purpose of Protocol Independent Forwarding (PIF) and P4, and other packet forwarding innovations beyond OpenFlow?
  • Segment Routing
  • Open Source Initiatives (ONF, ODL, Ryu, ONOS, OPNFV, OCP, ODCA, Open Config)
  • TTP Use Cases
  • Mobile traffic offload
  • Pipeline Compiling
  • Optical Extensions
  • Security Extensions
  • Wireless/Mobility Extensions

List of Abbreviations & Acronyms

Please Note: terms and basic definitions referenced to Wikipedia and TechTerms.com, reference texts, as well as other non-proprietary sources, including ONF publications posted at http://wwwopennetworking.org.

 Term/Abbreviation/Acronym Full Text Name
   
3GPP third generation partnership project
Abstraction a representation of an entity in terms of selected characteristics, while hiding or summarizing characteristics irrelevant to the selection criteria.
ACL access control list
A-CPI application-controller plane interface
AES advanced encryption standard
API application program interface
ARP address resolution protocol
ASIC application-specific intergrated circuit
BGP border gateway protocol
Broadcast Broadcast or flooding is a simple routing algorithm in which every incoming packet is sent through every outgoing link except the one it arrived on.
CAPEX capital expenditure
CHAP challenge handshake redundancy protocol
CLI command line interface
CO central office
Controller see SDN Controller
CPU central processing unit
Data link layer The second lowest layer of the seven-layer Open Systems Interconnection (OSI) model of computer networking.
DDoS distributing denial of service
DHCP dynamic host configuration protocol
DPI deep packet inspection
DNS domain name system
East-West SDN Architecture how entities within the same plane of the SDN architectures interrelate
FEC forward error correction
Flood Flooding is a simple routing algorithm in which every incoming packet is sent through every outgoing link except the one it arrived on.
Frame a unit of data transferred over a L2 network
FTP file transfer protocol
FOSS free and open source software
HTTP hypertext transfer protocol
HTTPS hypertext transfer protocol secure
iBGP interior border gateway protocol
ICMP internet control message protocol
IDS intrusion detection system
Information model a set of entities, together with their attributes and the operations that can be performed on the entities. An instance of an information model is visible at an interface.
IPS intrusion prevention system
IP internet protocol
IP address the unique value assigned to each host on a computer network that is employing the Internet Protocol for addressing
IPsec internet protocol security
IPv4 internet protocol version 4, using a 32-bit integer value for host addressing
IPv6 internet protocol version 6, using a 128-bit interger value for host addressing
ISIS intermediate system to intermediate system protocol
Layer a stratum in a framework that is used to describe recursion within the data plane. Adjacent layers have a client-server relationship.
Layer 1, Layer One, L1 see Physical layer in the OSI model
Layer 2, Layer Two, L2 see data link layer in the OSI model
Layer 3, Layer Three, L3 see the network layer in the OSI model
Layer 4, Layer Four, L4 see the transport layer in the OSI model
Layer 5, Layer Five, L5 see the session layer in the OSI model
Layer 6, Layer Six, L6 see the presentation layer in the OSI model
Layer 7, Layer Seven, L7 see the application layer in the OSI model
Level a stratum of hierarchical SDN or networking abstraction
LAN local area network
LIFO last in/first out
LLDP link layer discovery protocol
MAC media access control
MAN metropolitan area network
MPLS multiprotocol label switching protocol
Network layer Provides the functions and processes that allow data to be transmitted from sender to receiver across multiple intermedia networks.
NFV network function virtualization
NOC network operations center
NOS network operating system
NV-GRE network visualization using generic routing encapsulation
OFA OpenFlow® agent
OFC OpenFlow® controller
OPEX operational expense
OS operating system
OSPF open shortest path first
OVSDB Open vSwitch database management protocol
Packet a unit of data transferred over an L3 network.
Packet switch A packet switch is a node in a network which uses the packet switching paradigm for data communication. Packet switches can operate at a number of different levels in a protocol suite; although the exact technical details differ, fundamentally they all perform the same function: they store and forward packets.
Physical layer lowest layer of the seven layer Open Systems Interconnection (OSI) model of computer networking.
PKI public key infrastructure
Port A virtual data connection between computer programs connected through a computer network
RDP remote desktop protocol
Router A router is a networking device that forwards data packets between computer networks. A router is connected to two or more data lines from different networks (as opposed to a network switch, which connects data lines from one single network). When a data packet comes in on one of the lines, the router reads the addres information in the packet to determine its ultimate destination. Then, using information in its routing table or routing policy, it directs the packet to the next network on its journey.
RSVP resource reservation protocol
SDN software defined networking
SDN Architecture The SDN architecure is:

  • Directly programmable: Network control is directly programmable because it is decoupled from forwarding functions.
  • Agile: Abstracting control from forwarding lets administrators dynamically adjust network-wide traffic flow to meet changing needs.
  • Centrally managed: Network intelligence is (logically) centralized in software-based SDN controllers that maintain a global view of the network, which appears to applications and policy engines as a single, logical switch.
  • Programmatically configured: SDN lets network managers configure, manage, secure, and optimize network resources very quickly via dynamic, automated SDN programs, which they can write themselves because the programs do not depend on proprietary software.
  • Open standards-based and vendor-neutral: When implemented through open standards, SDN simplifies network design and operation because instructions are provided by SDN controllers instead of multiple, vendor-specific devices and protocols.
SDN Controller A software entity that has exclusive control over an abstract set of data plane resources. An SDN controller may also offer an abstracted information model instance to at least one client.
SLA service level agreement
SNMP simple network management protocol
Switch A network switch (also called switching hub, bridging hub, officially MAC bridge) is a computer networking device that connects devices together on a computer network, by using packet switching to receive, process and forward data to the destination device. A network switch forwards data only to one or multiple devices that need to receive it, rather than broadcasting the same data out of each of its ports.
TCP transmission control protocol
TLS transport-layer security
UDP user datagram protocol
Virtualization an abstraction whose selection criterion is dedication of resources to a particular client of application. When the context is general, for example when speaking of virtual network elements (VNEs), the term virtual may be used even when abstract might suffice. Virtual is also sometimes used colloquially to mean non-physical.
VM virtual machine
WAN wide area network
WLAN wireless local area network
XML extensible markup language

Recommended Equipment & Software Buildout

Note: The ONF Certified SDN Engineer certification presupposes that the candidate have experience with the actual building and deployment of SDN networks, to that end, the candidate should familiarize him/herself with the following tools and build or otherwise have access to the following tools, preferably in a testing (non-operational) network. In this manner, the candidate can build, examine, test, and evaluate SDN tools, architectures, and networks thoroughly.

Equipment

  • Patch Panels
  • Punch downs blocks
  • Layer 3 Switch
  • Router
  • Firewall
  • Two basic PCs
  • Access point
  • Media converters
  • Configuration terminal (with telnet and SSH)

Hardware

  • NICs
  • Network switches/hubs
  • Power supplies
  • GBICs
  • SFPs

Spare parts

  • Patch cables
  • RJ-45 connectors, modular jacks

Tools

  • Telco/network crimper
  • Cable tester
  • Punch down tool
  • Cable striper
  • Coaxial crimper
  • Wire cutter
  • Tone generator

Software

  • Packet Sniffer
  • Protocol Analyzer
  • Mininet
  • Flowsim

Terminal Emulation Software

  • Linux/Windows OSs
  • Software Firewall
  • Software IDS / IPS
  • Network mapper
  • Virtual network environment

References

Links to relevant material may also be found at https://opennetworking.org/sdn-learning-resources.