OpenFlow - UET Taxila

Download Report

Transcript OpenFlow - UET Taxila

MOBILE COMMUNICATION AND
INTERNET TECHNOLOGIES
http://web.uettaxila.edu.pk/CMS/AUT2014/teMCITms/
Software Defined Networks and
OpenFlow
Courtesy of:
AT&T Tech Talks
MODULE OVERVIEW
Motivation
What is OpenFlow
Deployments
Conclusion
2
We have lost our way
Routing, management, mobility management,
access control, VPNs, …
App
App
App
Operating
System
Specialized Packet
Forwarding Hardware
Million of lines
of source code
5400 RFCs
Barrier to entry
500M gates
10Gbytes RAM
Bloated
Power Hungry
IPSec
Firewall
Router
Software
Control
OSPF-TE
HELLO
HELLO
RSVP-TE
HELLO
Hardware
Datapath
Many complex functions packed into the infrastructure
OSPF, BGP, multicast, differentiated services,
Traffic Engineering, NAT, firewalls, MPLS, redundant layers, …
An industry with a “mainframe-mentality”
Process of innovation made worse by
captive standards process
Deployment
Idea
Standardize
Wait 10 years
• Driven by vendors
• Consumers largely locked out
• Layer by layer innovation
New Generation Providers already Buying into It
In a nutshell
Driven by cost and control
Started in data centers….
What New Generation Providers have been Doing Within
the Datacenters
Buy bare metal switches/routers
Write their own control/management applications on a
common platform
6
Change is happening in non-traditional markets
App
App
App
Network Operating System
Ap
p
Ap
p
Ap
p
Operating
System
Ap
p
Specialized Packet
Forwarding Hardware
Ap
p
Ap
p
Ap
p
Ap
p
Operating
System
Ap
p
Specialized Packet
Forwarding Hardware
Operating
System
Ap
p
Specialized Packet
Forwarding Hardware
Ap
p
Ap
p
Operating
System
Ap
p
Ap
p
Ap
p
Operating
System
Specialized Packet
Forwarding Hardware
Specialized Packet
Forwarding Hardware
The “Software-defined Network”
2. At least one good operating system
Extensible, possibly open-source
3. Well-defined open API
App
App
App
Network Operating System
1. Open interface to hardware
Simple Packet
Forwarding
Hardware
Simple Packet
Forwarding
Hardware
Simple Packet
Forwarding
Hardware
Simple Packet
Forwarding
Hardware
Simple Packet
Forwarding
Hardware
Trend
App
App
App
Windows
Windows
Windows
(OS)
(OS)
(OS)
Linux
Linux
Linux
App
App
App
Mac
Mac
Mac
OS
OS
OS
Virtualization layer
x86
(Computer)
Computer Industry
Controller11
NOX
Controller
(Network OS)
Controller
Controller
Network
OS
22
Virtualization or “Slicing”
OpenFlow
Network Industry
Simple common stable hardware substrate below+ programmability + strong isolation
model + competition above = Result : faster innovation
What is OpenFlow?
Short Story: OpenFlow is an API
• Control how packets are forwarded
• Implementable on COTS hardware
• Make deployed networks programmable
– not just configurable
• Makes innovation easier
• Result:
– Increased control: custom forwarding
– Reduced cost: API  increased competition
Ethernet Switch/Router
Control Path (Software)
Data Path (Hardware)
OpenFlow Controller
OpenFlow Protocol (SSL/TCP)
Control Path
OpenFlow
Data Path (Hardware)
OpenFlow Flow Table Abstraction
Software
Layer
Controller
PC
OpenFlow Firmware
Flow Table
Hardware
Layer
MAC
src
MAC IP
dst
Src
IP
Dst
TCP
TCP
Action
sport dport
*
*
5.6.7.8
*
port 1
5.6.7.8
*
port 2
*
port 3
port 1
port 4
1.2.3.4
OpenFlow Basics
Flow Table Entries
Rule
Action
Stats
Packet + byte counters
1.
2.
3.
4.
5.
Switch VLAN
Port
ID
Forward packet to port(s)
Encapsulate and forward to controller
Drop packet
Send to normal processing pipeline
Modify Fields
MAC
src
MAC
dst
+ mask what fields to match
Eth
type
IP
Src
IP
Dst
IP
Prot
TCP
sport
TCP
dport
Examples
Switching
Switch MAC
Port src
*
MAC Eth
dst
type
00:1f:.. *
*
VLAN IP
ID
Src
IP
Dst
IP
Prot
TCP
TCP
Action
sport dport
*
*
*
*
IP
Dst
IP
Prot
TCP
TCP
Action
sport dport
*
*
port6
Flow Switching
Switch MAC
Port src
MAC Eth
dst
type
port3 00:20.. 00:1f.. 0800
VLAN IP
ID
Src
vlan1 1.2.3.4 5.6.7.8
4
17264 80
port6
Firewall
Switch MAC
Port src
*
*
MAC Eth
dst
type
*
*
VLAN IP
ID
Src
IP
Dst
IP
Prot
TCP
TCP
Forward
sport dport
*
*
*
*
*
22
drop
Examples
Routing
Switch MAC
Port src
*
*
MAC Eth
dst
type
*
*
VLAN IP
ID
Src
IP
Dst
*
5.6.7.8 *
*
VLAN IP
ID
Src
IP
Dst
IP
Prot
vlan1 *
*
*
TCP
TCP
Action
sport dport
port6,
port7,
*
*
port9
*
IP
Prot
TCP
TCP
Action
sport dport
*
port6
VLAN Switching
Switch MAC
Port src
*
*
MAC Eth
dst
type
00:1f.. *
OpenFlow Usage
Controller
Dedicated OpenFlow Network
Aaron’s code
PC
OpenFlow
Rule Switch
Action
Statistics
OpenFlow
Protocol
OpenFlow
Action
Switch
Rule
OpenFlowSwitch.org
Statistics
OpenFlow
Action
Switch
Rule
Statistics
Network Design Decisions
Forwarding logic (of course)
Centralized vs. distributed control
Fine vs. coarse grained rules
Reactive vs. Proactive rule creation
Likely more: open research area
Centralized vs Distributed Control
Centralized Control
Controller
OpenFlow
Switch
Distributed Control
Controller
OpenFlow
Switch
Controller
OpenFlow
Switch
OpenFlow
Switch
OpenFlow
Switch
Controller
OpenFlow
Switch
Flow Routing vs. Aggregation
Both models are possible with OpenFlow
Flow-Based
Every flow is individually set up
by controller
Exact-match flow entries
Flow table contains one entry per
flow
Good for fine grain control, e.g.
campus networks
Aggregated
One flow entry covers large
groups of flows
Wildcard flow entries
Flow table contains one entry per
category of flows
Good for large number of flows,
e.g. backbone
Reactive vs. Proactive
Both models are possible with OpenFlow
Reactive
Proactive
First packet of flow triggers
controller to insert flow
entries
Efficient use of flow table
Every flow incurs small
additional flow setup time
If control connection lost, switch
has limited utility
Controller pre-populates flow table
in switch
Zero additional flow setup time
Loss of control connection does
not disrupt traffic
Essentially requires aggregated
(wildcard) rules
OpenFlow Application: Network Slicing
• Divide the production network into logical slices
o each slice/service controls its own packet forwarding
o users pick which slice controls their traffic: opt-in
o existing production services run in their own slice
 e.g., Spanning tree, OSPF/BGP
• Enforce strong isolation between slices
o actions in one slice do not affect another
• Allows the (logical) testbed to mirror the production network
o real hardware, performance, topologies, scale, users
o
Prototype implementation: FlowVisor
Add a Slicing Layer Between Planes
Slice 2
Controller
Slice 1
Controller
Slice 3
Controller
Slice
Policies
Rules
Control/Data
Protocol
Data
Plane
Excepts
Network Slicing Architecture
• A network slice is a collection of sliced switches/routers
• Data plane is unmodified
– Packets forwarded with no performance penalty
– Slicing with existing ASIC
• Transparent slicing layer
– each slice believes it owns the data path
– enforces isolation between slices
• i.e., rewrites, drops rules to adhere to slice police
– forwards exceptions to correct slice(s)
Slicing Policies
• The policy specifies resource limits for each slice:
– Link bandwidth
– Maximum number of forwarding rules
– Topology
– Fraction of switch/router CPU
– FlowSpace: which packets does the slice control?
FlowSpace: Maps Packets to Slices
Real User Traffic: Opt-In
• Allow users to Opt-In to services in real-time
o Users can delegate control of individual flows to Slices
o Add new FlowSpace to each slice's policy
• Example:
o "Slice 1 will handle my HTTP traffic"
o "Slice 2 will handle my VoIP traffic"
o "Slice 3 will handle everything else"
• Creates incentives for building high-quality services
FlowVisor Implemented on OpenFlow
Server
Custom
Control
Plane
OpenFlow
Controller
Servers
OpenFlow
Controller
OpenFlow
Controller
OpenFlow
Network
Stub
Control
Plane
Data
Plane
OpenFlow
Protocol
FlowVisor
OpenFlow
OpenFlow
Firmware
OpenFlow
Firmware
Data Path
Data Path
Switch/
Router
Switch/
Router
OpenFlow
Controller
FlowVisor Message Handling
Alice
Controller
Bob
Controller
Cathy
Controller
OpenFlow
Policy Check:
Is this rule
allowed?
Policy Check:
Who controls
this packet?
FlowVisor
OpenFlow
Full Line Rate
Forwarding
Packet
Packet
OpenFlow
Firmware
Data Path
Rule
Exception
OpenFlow Deployments
OpenFlow has been prototyped on….
• Ethernet switches
– HP, Cisco, NEC, Quanta, + more underway
• IP routers
– Cisco, Juniper, NEC
• Switching chips
– Broadcom, Marvell
Most (all?) hardware
switches now based on
Open vSwitch…
• Transport switches
– Ciena, Fujitsu
• WiFi APs and WiMAX Basestations
Deployment: Stanford
• Our real, production network
o 15 switches, 35 APs
o 25+ users
o 1+ year of use
• Same physical network
hosts 7 different Stanford
demos
Deployments: GENI
(Public) Industry Interest
• Google has been a main proponent of new OpenFlow 1.1 WAN
features
– ECMP, MPLS-label matching
– MPLS LDP-OpenFlow speaking router: NANOG50
• NEC has announced commercial products
– Initially for datacenters, talking to providers
• Ericsson
– “MPLS Openflow and the Split Router Architecture: A Research Approach“
MPLS2010
at
Conclusions
• Current networks are complicated
• OpenFlow is an API
– Interesting apps include network slicing
• OpenFlow has potential for Service Providers
– Custom control for Traffic Engineering
– Combined Packet/Circuit switched networks
Q&A
Assignment #6
– Write Notes on the terms highlighted in Red in slides
36 and 37
– Write a summary of the paper “MPLS Openflow and
the Split Router Architecture: A Research Approach“
at MPLS2010