Transcript Specialized Packet Forwarding Hardware

OpenFlow/SDN
Beginner’s Tutorial
June, 2013
Srini Seetharaman
Deutsche Telekom Innovation center
1
Why SDN? What is SDN?
2
Critical needs for cloud DC networks
1.
Tenant virtualization
–
–
Traffic isolation, prioritization and rate
limiting
Overlapping IP addressing, along with IPv6
support
Host 1
VM
A1
VM
B1
VM
C1
Hypervisor
2.
Speed up configuration to allow
reduced time to revenue:
–
–
3.
Automatically create required network
configs for new tenants
Transparently bridging a L2 network will
help reduce time
VLAN-101-x
Switch-1
VLAN-101-x VLAN-101-x
VLAN-101-x VLAN-101-x
Switch-1
VLAN-101-x
VLAN-101-x
Switch-3
Switch-2
VLAN-101-x
Switch-2
VLAN-101-x
VLAN-101-x
VLAN-101-x
VLAN-101-x
Hybrid clouds with bursting
–
–
Adding computational capacity (in the form
of new VMs) as needed
Lossless live migration
Switch-3
WAN
Welcome to the Ossified Network
Routing, management, mobility management,
access control, VPNs, …
Feature
Feature
Operating
System
Specialized Packet
Forwarding Hardware
Million of lines
of source code
6000+ RFCs
Barrier to entry
Billions of gates
Bloated
Power Hungry
Many complex functions baked into the infrastructure
OSPF, BGP, multicast, differentiated services,
Traffic Engineering, NAT, firewalls, MPLS, redundant layers, …
An industry with a “mainframe-mentality”, reluctant to change
4
Current Internet
Closed to Innovations in the Infrastructure
Closed
Service
Service
Service
Operating
System
Service
Specialized Packet
Forwarding Hardware
Service
Service
Service
Service
Operating
System
Specialized Packet
Forwarding Hardware
Service
Operating
System
Service
Specialized Packet
Forwarding Hardware
Service
Service
Operating
System
Service
Service
Service
Specialized Packet
Forwarding Hardware
Operating
System
Specialized Packet
Forwarding Hardware
5
“Software Defined Networking” approach to open it
LB
service
IP routing
service
FW
service
Network Operating System
Service
Service
Service
Operating
System
Service
Specialized Packet
Forwarding Hardware
Service
Service
Service
Service
Operating
System
Specialized Packet
Forwarding Hardware
Service
Operating
System
Service
Specialized Packet
Forwarding Hardware
Service
Service
Operating
System
Service
Service
Service
Operating
System
Specialized Packet
Forwarding Hardware
Specialized Packet
Forwarding Hardware
The “Software-defined Network”
North-bound
interface API
Unchanged mgmt API
LB
service
FW
service
IP routing
service
Network Operating System
OpenFlow API
Simple Packet
Forwarding
Hardware
Simple Packet
Forwarding
Hardware
Simple Packet
Forwarding
Hardware
Simple Packet
Forwarding
Hardware
Simple Packet
Forwarding
Hardware
How does OpenFlow work?
8
Ethernet Switch
9
Control Path (Software)
Data Path (Hardware)
10
OpenFlow Controller
OpenFlow Protocol (SSL/TCP)
Control Path
OpenFlow
Data Path (Hardware)
11
OpenFlow usage
Controller
OpenFlow
Alice’sSwitch
Rule
Alice’s code
PC
Decision?
OpenFlow
Alice’sSwitch
Rule
OpenFlow
Protocol
OpenFlow
Alice’sSwitch
Rule
OpenFlow offloads control intelligence to a remote software
OpenFlow Example
Software
Layer
OpenFlow Client (e.g., OVS)
OpenFlow
protocol
Cluster of
Controllers
PC
PC
Flow Table
Hardware
Layer
MAC
src
MAC IP
dst
Src
IP
Dst
TCP
TCP
sport dport
*
*
5.6.7.8
*
*
*
Action
port 1
Software
Hardware
OpenFlow-enabled hardware
port 1
5.6.7.8
port 2
port 3
OpenFlow-enabled hardware
port 4
1.2.3.4
13
OpenFlow Basics
Flow Table Entries
Rule
Action
Stats
Packet + byte counters
1.
2.
3.
4.
5.
Switch VLAN
Port
ID
Forward packet to zero or more ports
Encapsulate and forward to controller
Send to normal processing pipeline
Modify Fields
Any extensions you add!
VLAN MAC
pcp src
MAC
dst
+ mask what fields to match
+ priority
+ timeout (idle and hard)
Eth
type
IP
Src
IP
Dst
IP
L4
IP
ToS Prot sport
L4
dport
14
Examples
IP Routing service
Switch MAC
Port src
*
*
MAC Eth
dst
type
*
*
VLAN IP
ID
Src
IP
Dst
*
5.6.7.8 *
*
VLAN IP
ID
Src
IP
Dst
IP
Prot
vlan1 *
*
*
TCP
TCP
Action
sport dport
port6,
port7,
*
*
port9
VLAN IP
ID
Src
IP
Dst
IP
Prot
TCP
TCP
Action
sport dport
*
*
*
*
*
IP
Prot
TCP
TCP
Action
sport dport
*
port6
VLAN multicast service
Switch MAC
Port src
*
MAC Eth
dst
type
00:1f.. *
*
Firewall service
Switch MAC
Port src
*
*
MAC Eth
dst
type
*
*
*
22
drop
15
OpenFlow benefits
• Hardware speed, scale, and fidelity for new services
– Made possible through unified API supported by hardware
platforms from multiple vendors
• Flexibility and control of software and simulation
• Vendors don’t need to expose implementation
• Leverages hardware inside most switches today
(ACL tables implemented using TCAMs)
16
Usage examples
– Network Virtualization
– Network access
control/firewall
– Load Balancing
– per flow switching
– New routing for unicast,
multicast, multipath
– Home network manager
– Network monitoring and
debugging
More available at
openflow.org/videos
… and much more you can create!
OpenFlow design, architecture and
protocol evolution
18
Design choice 1: Modes of SDN Deployment
1. In-network: Existing/green-field network fabrics upgraded to support OpenFlow
Hardware
switch
Control Path
OpenFlow
Data path
(Hardware)
2. Overlay: WITHOUT changing fabric, the intelligence is added to edge-devices,
–
–
as an additional appliance (e.g., bump-in-wire managed by controller)
as enhanced server kernel bridge (e.g., OpenVSwitch in x86 hypervisors)
Figure courtesy of
Martin Casada @
ONS 2012
Design choice 2: Centralized vs Distributed Control
Centralized Control
Controller
OpenFlow
Switch
Distributed Control
Controller
OpenFlow
Switch
Controller
OpenFlow
Switch
OpenFlow
Switch
OpenFlow
Switch
Controller
OpenFlow
Switch
20
Design choice 3: Per-Flow Routing vs. Aggregation
Aggregated
Flow-Based
•
•
•
•
Every flow is individually
set up by controller
Exact-match flow entries
Flow table contains one
entry per flow
Good for fine grain
control, e.g. campus
networks
•
•
•
•
One flow entry covers large
groups of flows
Wildcard flow entries
Flow table contains one
entry per category of flows
Good for large number of
flows, e.g. backbone
21
Design choice 4: Reactive vs. Proactive (pre-populated)
Reactive
Proactive
•
•
•
•
•
First packet of flow
triggers controller to insert
flow entries
Efficient use of flow table
Every flow incurs small
additional flow setup time
If control connection lost,
switch has limited utility
•
•
•
Controller pre-populates
flow table in switch
Zero additional flow setup
time
Loss of control connection
does not disrupt traffic
Essentially requires
aggregated (wildcard) rules
22
Design choice 5: End-to-end OpenFlow vs. Hybrid
• Based on how OpenFlow is deployed, there may be issues
coexisting with legacy networks
• OpenFlow controller view is not always complete. For
instance, what does the controller see here?
OF
switch
X
Host
A
Non-OF
switch
OF
switch
Y
Host
B
Non-OF
switch
Internet
Host
C
OpenFlow Implementations
(Switch and Controller)
24
Open-source controllers
Controller
Notes
Ryu
•Apache license
•Python
NOX/POX
•GPL
•C++ and Python
Stanford’s Beacon
•BSD-like license
•Java-based
Maestro
(from Rice Univ)
•GPL
•Based on Java
NEC’s Trema
•Open-source
•Written in C and Ruby
•Included test harness
Big Switch’s Floodlight
•Apache license
•Java-based
25
Sample Commercial Switches
Model
Virtualize
Notes
HP Procurve
5400zl or 6600
1 OF instance -LACP, VLAN and STP processing
per VLAN
before OpenFlow
-Wildcard rules or non-IP pkts
processed in s/w
-Header rewriting in s/w
-CPU protects mgmt during loop
NEC IP8800
1 OF instance -OpenFlow takes precedence
per VLAN
-Most actions processed in hardware
-MAC header rewriting in h/w
Brocade MLX
routers
Multiple OF
instance per
switch
Pronto 3290 or
3780 with Pica8 or
Indigo firmware
1 OF instance -No legacy protocols (like VLAN, STP)
per switch
-Most actions processed in hardware
-MAC header rewriting in h/w
-Hybrid OpenFlow switch with legacy
protocols and OpenFlow coexisting
-OpenFlow commands can override
state created by legacy protocos
Hands-on Tutorial
27
Bootstrap
1. Install VirtualBox or Vmware player or Vmware Fusion
2. Import the tutorial VM appliances available at:
– 64-bit: (Login: ubuntu, Passwd: ubuntu)
http://yuba.stanford.edu/~srini/OpenFlow_tutorial_64bit.ova
– 32-bit: (Login: ubuntu, Passwd: ubuntu)
http://yuba.stanford.edu/~srini/OpenFlow_tutorial_32bit.ova
3. Install X-Windows if you do not already have it
– Mac user: Install xquartz
– Windows user: Install xming
4. Start the VM, and “ssh -X” to its host-only IP address
– VirtualBox: Ensure the vboxnet0 interface is configured for “host-only”
• File->Preferences->Network and “Add host-only network” button with default settings.
28
Inside the Virtual Machine
• openvswitch: Virtual switch programmable using OpenFlow
• mininet: Network emulation platform
– $sudo mn --topo single,3 --mac --switch ovsk --controller remote
• wireshark: Graphical tool for viewing packets with OF protocol plug-in
– Start wireshark: $sudo wireshark
– Start capture packets going through interface “lo” and Decode as OFP
• dpctl: Command-line utility for checking switch status and manually
inserting flow entries.
– Check supported commands in manual: $ man dpctl
• Multiple OpenFlow controllers with sample apps prepackaged
– NOX, POX, Ryu, and OpenDayLight
29
Mininet-based Virtual Topology #1
OpenFlow Tutorial
3hosts-1switch
Topology
c0
Controller
port6633
loopback
(127.0.0.1:6633)
s1
OpenFlow Switch
s1-eth0
h1-eth0
s1-eth1
h2-eth0
loopback
(127.0.0.1:6634)
dpctl
(user space
process)
s1-eth2
h3-eth0
h1
h2
h3
10.0.0.1
10.0.0.2
10.0.0.3
virtual hosts
$ sudo mn --topo single,3 --mac --switch ovsk --controller remote
30
Mininet-based Virtual Topology #2
OpenFlow Tutorial
2hosts-2switch
Topology
$ sudo mn --topo linear --switch ovsk --controller remote
31
dpctl and wireshark workflow
• Before controller is started, execute the following
$ dpctl show tcp:127.0.0.1:6634
$ dpctl dump-flows tcp:127.0.0.1:6634
mininet> h1 ping h2
All ports of switch shown,
but no flows installed.
Ping fails because ARP
cannot go through
$ dpctl add-flow tcp:127.0.0.1:6634 in_port=1,actions=output:2
$ dpctl add-flow tcp:127.0.0.1:6634 in_port=2,actions=output:1
mininet> h1 ping h2
Ping works now!
• Start controller and check OF messages on wireshark (enabling OFP decode)
– Openflow messages exchanged between switch and controller:
openflow/include/openflow/openflow.h
/* Header on all OpenFlow packets. */
struct ofp_header {
uint8_t version; /* OFP_VERSION. */
uint8_t type;
/* one of the OFPT_ constants.*/
uint 16_t length; /*Length including this ofp_header. */
uint32_t xid;
/*Transaction id associated with this packet..*/
};
32
Top 3 features in most controllers
A. Event-driven model
– Each module registers listeners or call-back functions
– Example async events include PACKET_IN, PORT_STATUS,
FEATURE_REPLY, STATS_REPLY
B. Packet parsing capabilities
– When switch sends an OpenFlow message, module extracts
relevant information using standard procedures
C. switch.send(msg), where msg can be
– PACKET_OUT with buffer_id or fabricated packet
– FLOW_MOD with match rules and action taken
– FEATURE_REQUEST, STATS_REQUEST, BARRIER_REQUEST
33
OpenDayLight controller
34
Controller Architecture
35
Java, Maven, OSGi, Interface
• Java allows cross-platform execution
• Maven allows easier building
• OSGi:
– Allows dynamically loading bundles
– Allows registering dependencies and services exported
– For exchanging information across bundles
• Java Interfaces are used for event listening,
specifications and forming patterns
36
Setup
INSTALL OPENDAYLIGHT (Dependency Maven, JDK1.7)
• git clone https://git.opendaylight.org/gerrit/p/controller.git
• mv controller opendaylight; cd opendaylight
• cd opendaylight/distribution/opendaylight/
• mvn clean install
• cd target/distribution.opendaylight-0.1.0-SNAPSHOTosgipackage/opendaylight/
• ./run.sh
IMPORT OPENDAYLIGHT TO ECLIPSE
• Install Eclipse with Maven Integration Version 1.2.0
• File => Import => Maven => Existing Maven Projects
• Browse ~/opendaylight/opendaylight/distribution/opendaylight
• In distribution.opendaylight, right click on opendaylight-assembleit.launch
and select “Run”. Then “Run” opendaylight-application.launch
37
OpenDayLight web interface
38
Writing a new application
Clone an existing module
(e.g., arphandler) in
Eclipse project explorer
Update set/unset
bindings in the module’s
class so as to access
other bundle objects
Implement the interface
functions to handle the
async events or use other
bundle objects to edit state
Include the new app in
opendaylight/distribution/ope
ndaylight/pom.xml and in the
Eclipse“Run Configurations”
List dependencies
imported and interfaces
implemented in the
module’s Activator.java
Add needed northbound
REST API and associate
with the web bundle
Update dependencies
and services exported
in the new bundle’s
pom.xml
Done
39
Interfaces
Package/OSGi Bundle
arphandler
Exported Interfaces
•IHostFinder
•IListenDataPacket
•IForwardingStaticRouting
forwarding.staticrouti •ICacheUpdateAware
ng
•IfNewHostNotify
•IConfigurationContainerAware
•IContainerListener
•ISwitchManagerAware
•IForwardingRulesManager
forwardingrulesmana
•IInventoryListener
ger
•ICacheUpdateAware
•IConfigurationContainerAware
•IFlowProgrammerListener
•ISwitchManagerAware
•IInventoryListener
hosttracker
•IfIptoHost
•IfHostListener
•ITopologyManagerAware
Description
Component responsible for
learning about host location
by handling ARP.
Provide the necessary hooks
to inject in the area
controlled by the controller,
routes to reach traditional IP
networks.
Manager of all the
Forwarding Rules, this
component take care of
forwarding rules and is the
one that manage conflicts
between them.
Track the location of the host
relatively to the SDN
network.
40
Interfaces
Package/OSGi Bundle
Exported Interfaces
routing.dijkstra_imple •ITopologyManagerAware
mentation
•IRouting
•IReadService
•IPluginOutTopologyService
•ITopologyService
•IInventoryService
sal.implementation •IPluginOutInventoryService
•IFlowProgrammerService
•IPluginOutFlowProgrammerService
•IPluginOutDataPacketService
•IDataPacketService
•IListenDataPacket
samples.loadbalancer
•IConfigManager
•IInventoryListener
samples.simpleforwar
•IfNewHostNotify
ding
•IListenRoutingUpdates
Description
Implementation of Dijkstra
routing algorithm over the
network graph as seen by
the topology manager.
Implements the services
that SAL export to the
applications using it as well
to the protocol plugins.
Implementation of a simple
load-balancer.
Sample implementation of
an application simulating a
traditional IP network.
41
Interfaces
Package/OSGi Bundle
statisticsmanager
switchmanager
topologymanager
usermanager
Exported Interfaces
•IStatisticsManager
•IListenInventoryUpdates
•ISwitchManager
•ICacheUpdateAware
•IConfigurationContainerAware
•IListenTopoUpdates
•ITopologyManager
•IConfigurationContainerAware
•ICacheUpdateAware
•IUserManager
•IConfigurationAware
northbound
web
•IDaylightWeb
Description
Component in charge of
using the SAL ReadService to
collect several statistics from
the SDN network.
Component holding the
inventory information for all
the known nodes in the
controller.
Component holding the
whole network graph.
Component taking care of
user management.
JAXRS implementation of
REST API for each module.
Component tracking the
several pieces of the UI
depending on bundles
installed on the system. 42
The End
43
Summary
• OpenFlow/SDN is evolving to facilitate an ecosystem
for innovation through programmability
• OpenFlow/SDN is being deployed in over 100
organizations world-wide
– Many academic ones,
but also includes service provider clouds
• SDN provides a simple solution to problems with
complex solutions without vendor lock-in
Backup
45
POX controller
46
Intro to POX controller
General execution: $ ~/pox/pox.py <dir>.<name>
Example: $ ~/pox/pox.py forwarding.hub
Parses messages from switch
and throws following events
Packets parsed
by pox/lib
Example msg sent from
controller to switch
FlowRemoved
FeaturesReceived
ConnectionUp
FeaturesReceived
RawStatsReply
PortStatus
PacketIn
BarrierIn
SwitchDescReceived
FlowStatsReceived
AggregateFlowStatsReceived
TableStatsReceived
PortStatsReceived
QueueStatsReceived
arp
dhcp
dns
eapol
eap
ethernet
icmp
igmp
ipv4
llc
lldp
mpls
rip
tcp
udp
vlan
ofp_packet_out
header:
version: 1
type: 13
length: 24
xid: 13
buffer_id: 272
in_port: 65535
actions_len: 1
actions:
type: 0
len: 8
port: 65531
max_len: 65535
Application 1: Hub
(inspect file pox/pox/misc/of_tutorial.py)
Hub
(3)
(4)
POX
(2)
(5)
OF Switch
(1)
(B)
(6)
(C)
(A)
Application 2: MAC-learning switch
(convert pox/pox/misc/of_tutorial.py to L2 switch)
• Build on your own with this logic:
– On init, create a dict to store MAC to switch port mapping
• self.mac_to_port = {}
– On packet_in,
• Parse packet to reveal src and dst MAC addr
• Map src_mac to the incoming port
– self.mac_to_port[dpid] = {}
– self.mac_to_port[dpid][src_mac] = in_port
• Lookup dst_mac in mac_to_port dict to find next hop
• If found, create flow_mod and send
msg = of.ofp_flow_mod()
• Else, flood like hub.
msg.match = of.ofp_match.from_packet(packet)
msg.buffer_id = event.ofp.buffer_id
• Execute:
pox/pox.py misc.of_tutorial
action = of.ofp_action_output(port = out_port)
msg.actions.append(action)
49
self.connection.send(msg)
Ryu controller
50
Intro to RYU: OpenFlow Controller
Topology
Viewer
Firewall
Statistics
simple_
switch
ofctl_
rest
app
quantum
plugin
lib
base
app_manager
RYU Controller
1.0
1.2
1.3
handler
dpset
event
controller
ofp_event
ofp_handler
controller
OF Switch
OF Switch
of_parser
–
–
Provides interface for control and state and
generates events
Communicates using message passing
lib
ofproto
OF Switch
Components:
of_header
Libraries:
– Functions called by components
– Ex: OF-Config, Netflow, sFlow,
Netconf, OVSDB
51
Application 1: Hub
ryu-manager --verbose ryu/ryu/app/tutorial_l2_hub.py
Hub
(3)
(4)
RYU
(2)
(5)
(A)
OF Switch
(1)
(6)
(B)
(C)
Application 2: MAC-learning switch
• Build on your own with this logic:
– On init, create a dict to store MAC to switch port mapping
• self.mac_to_port = {}
– On packet_in,
• Parse packet to reveal src and dst MAC addr
• Map src_mac to the incoming port
– self.mac_to_port[dpid] = {}
– self.mac_to_port[dpid][src_mac] = in_port
• Lookup dst_mac in mac_to_port dict to find next hop
• If found, create flow_mod and send
• Else, flood like hub.
Pssst… solution in
53
tutorial_l2_switch.py