Transcript slides

REN SDN Use Cases
With OpenFlow and P4 status
TNC2016
Curt Beckmann
[email protected]
Chair of Open Datapath Working Group, ONF
Chief Technology Architect for EMEA
Agenda
• SDN Perspective from 50 km
• SDN Deployments for REN
• OpenFlow Challenges and Progress
• “Next Generation” SDN activity: P4
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY:
2
Agenda
• SDN Perspective from 50 km
• SDN Deployments for REN
• OpenFlow Challenges and Progress
• “Next Generation” SDN activity: P4
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY:
3
SDN: Perspective from 50km
Customer driven movement
• ONF “technical” definition of SDN
Traditional
‒ “Control physically separated from Data Plane”
Controller
• Real customer desire
Control Plane
(software)
‒ “Control and Data are VENDOR separated”
•  “Ecosystem”-ouch!
‒ Oh, and key customers (SPs) also want NFV- yikes!
APIs
• How to “bootstrap” an ecosystem?
‒ Add OpenFlow to legacy boxes (done)
‒ Converge on small # of controllers (done)
‒ Common NB APIs (In process)
‒ Build what early ecosystem buyers want (in process)
‒ Sell “open vertical” solutions (in process)
SDN /
OpenFlow
Router
Control Plane
(software)
Data Plane
(hardware)
Router
Control Plane
(software)
Data Plane
(hardware)
Hybrid
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY
4
SDN: Perspective from 50km
Customer driven movement
• ONF “technical” definition of SDN
Traditional
‒ “Control physically separated from Data Plane”
Controller
• Real customer desire
Control Plane
(software)
‒ “Control and Data are VENDOR separated”
•  “Ecosystem”-ouch!
‒ Oh, and key customers (SPs) also want NFV- yikes!
APIs
• How to “bootstrap” an ecosystem?
‒ Add OpenFlow to legacy boxes (done)
‒ Converge on small # of controllers (done)
‒ Common NB APIs (In process)
‒ Build what early ecosystem buyers want (in process)
‒ Sell “open vertical” solutions (in process)
SDN /
OpenFlow
Router
Control Plane
(software)
Data Plane
(hardware)
Router
Control Plane
(software)
Data Plane
(hardware)
Hybrid
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY
5
Agenda
• SDN Perspective from 50 km
• SDN Deployments for REN
• OpenFlow Challenges and Progress
• “Next Generation” SDN activity: P4
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY:
6
SDN Use Cases
CONTROL
•
•
•
•
•
•
Volumetric Attack Mitigation
Elephant Flow Management
Firewall Bypass
Policy Based Flow Forwarding
Botnet Attack Mitigation
Campus Access Management
AUTOMATION
• SDN Based MPLS Traffic
Engineering
• Bandwidth Scheduler
• Packet-Optical Integration
VISIBILITY
•
•
•
•
WAN Network Virtualization
Flow Metering
SDN Based Wiretap
VXLAN Monitoring
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY:
7
SDN Use Cases… popular in REN context
CONTROL
•
•
•
•
•
•
Volumetric Attack Mitigation
Elephant Flow Management
Firewall Bypass
Policy Based Flow Forwarding
Botnet Attack Mitigation
Campus Access Management
AUTOMATION
• SDN Based MPLS Traffic
Engineering
• Bandwidth Scheduler
• Packet-Optical Integration
VISIBILITY
•
•
•
•
WAN Network Virtualization
Flow Metering
SDN Based Wiretap
VXLAN Monitoring
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC.
8
SDN for Policy-Based Firewall Insertion / Bypass
Operator or sFlow driven policy enforcement for large trusted flows
Evaluating: Indiana U, CERN
REN DC X
One-armed Firewall
REN DC Y
Inline Firewall
WAN
SDN App
Default Traffic Flow
Trusted Traffic Flow
SDN
Controller
Internet
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. :
SDN-based Education Campus Access
Shippingfor
In Planning
v1.1
Dynamic policy for flexible network access control and security
Programmable Access Control
via Northbound API
Path Explorer
Flow
Policy
Policy
Developing: ASU
Evaluating: Cornell
Visual
Engine
I’m consultant for
project Y. Can I
access the RED
network?
OF rule
OF 1.3
Matching
Normal Forward
IPsec Tunnel to Secure Resources
Guest
Re-direct
GRE Tunnel to Guest
Network
Campus / DC
Drop
MLXe
• Access based on MAC / IP addresses
• Redirect to IPsec, GRE or MPLS tunnel
• Suitable for consultants, mobile workers for
short-term network access
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC.
SDWAN
SDN Backbone
Long term deployment: Internet2
Evaluating: AARNET
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. :
11
Agenda
• SDN Perspective from 50 km
• SDN Deployments for REN
• OpenFlow Challenges and Progress
• “Next Generation” SDN activity: P4
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY:
12
OpenFlow Deployment: Challenges (1 of 2)
The point: ONF and ODWG are aware of these
• Two main platform categories
‒ Well-deployed “fixed function” ASIC-based
‒ Flexible, NPUs & “programmable ASICs”
• OpenFlow Applicability Challenge
‒ OF1.x too flexible for ASICs, not enough for NPUs
‒ Not all boxes do all things: Need a “config phase”
• API / Interoperability Challenges
‒ Hardware independence means common stable NB APIs
‒ Apps coded for specific devices, extensions often required
Image credit: https://upload.wikimedia.org/wikipedia/commons/a/af/2709_Horses_300.jpg
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC.
OpenFlow Deployment: Challenges (2 of 2)
• Conformance testing challenges
‒ OF1.3 basic test defined
‒ No long term support (LTS) for OF1.4 & OF1.5
• OF Pipeline config solution: “Table Type Patterns” (TTP) v1.0
‒ Upside: Designed to address most OpenFlow challenges
‒ Challenges: limited examples, “machine consumability”, YANG issues
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC.
OpenFlow standards progress
• OF1.6 coming late 2016,
‒ Long term support (LTS) and modularity
‒ Optical / wireless expanding OF down OSI stack
• More adoption of TTPs: China Mobile SPTN, etc
‒ Growing interest in TTP-based conformance testing
• TTP v1.1 syntax is ready, English language spec in process
‒ “machine”/YANG friendly, better Extension support, 1.0  1.1 converter
‒ More examples, TTP 1.1 tools planned or underway
‒ Stage set for Jsonnet or similar on top of TTP
• This abstract language will include Library support for even more re-use
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC.
15
Agenda
• SDN Perspective from 50 km
• SDN Deployments for REN
• OpenFlow Challenges and Progress
• “Next Generation” SDN activity: P4
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY:
16
“Next Generation” SDN activity: P4
• OF and P4 communities overlap
‒ P4 “defines pipelines”, has a “config phase”
‒ P4 leaves control protocol open, so complements OF
• OpenFlow will need some adjustments; ODWG plans to take that up
• OF Lesson: Do more “prelaunch” validation
‒ Despite high interest and strong demos, be conservative
‒ One thorn: platform independent “Intermediate Representation” is tricky
• P4 is packet-centric, needs augmentation for L0 and L1 devices
• OpenFlow transport extensions will offer that augmentation
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC.
17
In 2014, P4 & ONF agreed on a path
• P4 to work IR & flex pipeline via open source
• ODWG subgroup to look at “P4 ecosystem”
• Progress on both… ODWG “TR” is approved for pub
‒ Key OF lessons: Address the “meta technical” issues too
‒ Vital: hybrid OF/P4 deployment models
• Greenfield is too risky… A “P4 for ASICs” option would be very helpful
• ASICs support legacy protocols… P4 devices will interact with legacy… so create std libs
‒ P4 / OpenFlow co-existence eases adoption, and both need stable NB APIs
• P4 (and OpenFlow) need to work w controller projects, unify control protocol
‒ Smart conformance test approach needed… address it NOW
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC
18
Conclusions
• Low level control protocol is important to SDN
‒ OpenFlow is still the only open control protocol
• OpenFlow is facing its challenges, and making progress solving them
• P4 is making progress as well
‒ More tools and examples and “ecosystem readiness” will be needed
‒ OpenFlow compatibility likely
‒ P4’s Value will be easier to establish as SDN traction grows
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC.
19