Transcript PPT
Baraki H. Abay
Nov 04,2011
Outline
1.
2.
Legacy Networks
Software defined networks
3.
Motivation ,Architecture, Principles,
OpenFlow
Principles, Architecture
OpenFlow Basics- Flow table, controller, protocol
How it works
Centralized vs Distributed, Aggregated vs Flow based,
Proactive vs Reactive
Network Slicing - FlowVisor
How to get started to play with OpenFlow
4. Industry trends
5. Demo screen shoots
Current Networking Scheme
Fully distributed protocols - hard to add a feature to a
network
Network is closed for research and innovation
Network administrators and Researchers
can only configure devices
Software is embedded in Industry
Data plan and control plan in the
same device
Routers and switches are locked
Packet forwarding and decision
controlled by underlined switched and
routers
Closed System
Ap
p
Ap
p
Ap
p
Operating
System
Packet
Forwarding
Hardware
Ap
p
Ap
p
Ap
p
Operating
System
Packet
Forwarding
Hardware
Ap
p
Ap
p
Operating
System
Ap
p
Ap
p
Operating
System
Hardwared
Packet
Forwarding
Ap
p
Packet
Forwarding
Hardware
Ap
p
Mitigation approach
Open Development environment for Networking
Isolation:
regular production Network untouched
Virtualized and Programmable networks
Software Defined Networking (SDN)
Software Defined Networking(SDN)
Network Architecture to remotely control
network hardware with software
To open the closed network
Enables innovations by researchers, operators,
application/service providers
Managed by Open Network Foundation
(ONF)
6
SDN Architecture Principles
Separation of data and
control planes
well defined
API/protocol between
the two
Logically centralized
control plane
1.
2.
with an open API for
network applications and
services
Network slicing and
virtualization
3.
to support experimentation
on a production network.
API
ControlPath(Software)
Control
Protocol
Path
Data Path (Hardware)
Software Defined Networking Principles
3. Open API
App
App
2. Operating
System
App
Network Operating System
1. Open Interface to HW
Ap
p
Ap
p
Ap
p
Operating
System
Ap
p
Ap
p
Packet
Forwarding
Hardware
Ap
p
Operating
System
Packet
Forwarding
Hardware
Ap
p
Ap
p
Ap
p
Ap
p
Operating
System
Hardware Packet
Forwarding
Ap
p
Operating
System
Packet
Forwarding
Hardware
Ap
p
OpenFlow
What is OpenFlow?
“OpenFlow is an open standard
to deploy innovative protocols
in production networks”
openflow.org
OpenFlow
Motivation
Network changes are sluggish
The need for programmable networks
Goal
Use a centralized controller to determine traffic
forwarding
Principle
Separate control plane from data plane
OpenFlow
SDN protocol(API) that modifies forwarding tables in
network switches.
Added as a feature to commercial Ethernet switches,
routers and wireless access points
Developed by Stanford University
Sits between a switch and controller
Allows the path of network packets through the
network of switches to be determined by software
running on a separate server
OpenFlow
Vendor independent
Protocol is open source
Version status
OF 1.0 : most widely used version
OF 1.1: multiple tables and counters
OF 1.2 : Wire protocol IPv6, basic configuration
OF 1.3 : Topology discovery, test processes
OF 1.4 : capability discovery , test labs
Classic Switch Vs OpenFlow Switch
Classic Switch/Router
OpenFlow Enabled
Switch/Router
Data path and control path
Separates the data path and
occur on the same device
Data path- packet forwarding
path
Control path- routing
decisions
control path
Data path portion still
resides on the switch
High level routing decisions
reside in controller
The OpenFlow switch and
the controller communicate
via the OpenFlow protocol
OpenFlow Specification Basics
Consists at least three parts
Flow Table – define how the switch will process each flow
Secure Channel –to connect to controller
Controller
OpenFlow Protocol(API)
PC
OpenFlow Switch
sw Secure
Channel
Flow
hw
Table
•Flow table are set up on
switches
•Controller talk to the
switch via the OpenFlow
protocol
Flow table Entry
Flow table consists of set of entries to compare incoming
packets against
Each flow entry consist of match fields, counters, actions
Matching starts at the first flow table
Flow entries match in priority order
Match found
Apply the instructions
Match not found
forwarded to the controller over the OpenFlow channel,
dropped
may continue to the next flow table
Table entry
Rule
Action
Stats
•Per table
•Per flow
•Per table
Packet + byte counters
1.
2.
3.
4.
Switch MAC
Port
src
MAC
dst
Forward packet to port(s)
Encapsulate and forward to controller
Drop packet
Send to normal processing pipeline
Eth
type
VLAN
ID
IP
Src
IP
Dst
IP
Prot
TCP
sport
TCP
dport
Actions:
1. Switching and routing
2. Firewall
3. Using non-OpenFlow
logic
4. Send to controller
Secure channel
OpenFlow Switch
Controller
PC
Secure
sw Channel
Flow
hw
Table
SSL Connection, site-specific key
Controller discovery protocol
Encapsulate packets for controller
Send link/port state to controller
OpenFlow Protocol Message Types
Controller-to-switch
To directly manage or inspect the state of the switch
may or may not require a response from the switch
Operations/msg types: features, configuration, Ready-State,
Modify-State, barrier
Asynchronous
To update the controller of network events and changes to the
switch state.
sent without the controller soliciting them from a switch
To tell controller a packet arrival, switch state change, or error
Msg. types: Packet-in ,Flow-Removed , Port-status, Error
Symmetric – Msg. types: Hello , Echo, Experimenter
The OpenFlow controller
Remotely control and manipulate flow table in switches
Available open-source controllers
NOX
Beacon
SNAC
FlowVisor- a special type of controller
Act as a proxy between OpenFlow switches and multiple
controllers
Slices network resource and delegate controller to each
How OpenFlow
works ?
Switch
Packet In
from
network
Check
matchin
g
No
match
Match
Send to
controller over
secure channel
Apply Actions
Controller
Packet In
from
switch
•Extract the destination address of the packet
•Define a table entry to create a path for the
packet
•Send message to each switch in the path the
packet will traverse
192.10.0.2
10.5.0.2
192.10.0.1
10.4.0.2
Entry
Available?
192.168.0.2
10.4.0.2
OFS
192.168.0.1
OFS
Rule
Action
Statistics
OFS
Rule
Action
Statistics
PC
10.4.0.2
Rule
OFS
Action
Statistics
Controller
192.168.0.2
10.4.0.2
Flow match Examples
Flow Rule(match)
Action
Controller Usage Models
Centralized vs Distributed control
Centralized Control
Distributed Conrol
Controller
Controller
PC
OFS
PC
Controller
OFS
PC
Controller
OFS
OFS
PC
OFS
OFS
Flow Routing vs Aggregation
Flow-based
Aggregated
Every flow is individually set
One flow entry covers large
up by controller
Exact match flow entries
Flow table contains one entry
per flow
Good for fine grain control
groups of flows
Wildcard flow entries
Flow table contains one entry
per category of flows
Good for large # of flows
Reactive vs Proactive
Reactive
Proactive
First packet of flow triggers
Controller pre-populates flow
controller to insert flow entries
Efficient use of flow table
Every flow incurs small
additional set up time
Switch has limited utility of
connection control is lost
table in switch
Zero additional flow set up
time
Loss of control connection
doesn’t disrupt connection
Requires aggregated rules
Open Controllers
Controller name
Language
Platform
NOX
C++, Python
Linux
Beacon
Java
Win, Mac, Linux, Android
Maestro
Java
Win, Mac, Linux
Trema
Ruby, C
Linux
Network Slicing concept
Divide the production network into logical slices
each slice/service controls its own packet forwarding
Multiple controllers (NOS)
Slicing Layer
Switch data
plane
FlowVisor
A tool for slicing OpenFlow Networks
creating multiple isolated and programmable logical
networks on the same physical topology
Puts Slicing Policies
The policy specifies resource limits for each slice:
– Link bandwidth
– Maximum number of forwarding rules
– Topology
– Fraction of switch/router CPU
Virtual networks through FlowVisor
Research 1 controller
PC
Prod. nkt controller
PC
Research 2
controller
PC
OpenFlow
protocol
OFS
OFS
OpenFlow
protocol
OFS
Flow Visor
FlowSpace: Maps Packets
to Slices
Topology discovery is per slice
OpenFlow gains
Increased network control
Increased Network in flexibility
Shared Infrastructure – make innovation easier
Current network infrastructure, LAN and WAN, does not
allow for much experimenting. In many cases, it is a
production network, there are firmware limitations, or
both
Some OpenFlow applications
Wireless mobility/migration
Redirect specific application traffic to remote site
Network Virtualization
Power management
Load balancing
Traffic engineering
Security Applications
Load balancing
Firewall
Current version OpenFlow limitations
Non-flow-based(per-packet) networking
Use all tables on switch chips
New forwarding primitives
New packet formats/field definitions
Low-setup time individual flows
But can push flows proactively
Industry support
Many vendors implemented OpenFlow in their devices
How to get started with OpenFlow
Switch
Software switches
Linux User-space Switch
Reference Linux Kernel-space Switch
Open vSwitch
Hardware switches
OpenFlow enabled commercial switches – ex. pronto
Controller
Reference Learning Switch Controller
NOX, Beacon, SNAC
What can we do with OpenFlow
Write- configure – deploy
Experimenting our networks
Develop network applications on top of existing
controllers (ex. NOX, Beacon)
Customize controllers
Extend existing controllers
Developing our own controller
Example Developing on NOX
Basics – components and events
Develop components that handle events
Components can be developed using
C++
Python or
Combination of them
NOX built-in component
Core apps
Network apps
Web apps
Third-part y extensions
Example – a component
Events
Drives execution in NOX
Core events
Data_path_join event, Packet_in_event
Application events
Host_in event, flow_in event etc
post events for other
applications to handle
Register for packet_in event
OpenFlow Practice
Using virtual machines
Required softwares
Virtualization software (Virtual box)
X server - (windows Xming , max X11, linux X server
installed)
Development tools
Mininet
Wireshark
Benchmark Controller w/iperf
What can we do in the tutorial
Create learning switch
NOX controller (Python, C++)
Beacon (java)
Control a Slice of a real Network
Creating router
Creating Firewall
Some
Demos
Dynamic Flow Aggregation on an OpenFlow Network
Dynamically define flow granularity by wildcarding arbitrary Header
fields
Granularity is on the switch flow entries, no packet rewrite or
encapsulation
Elastic Tree: reducing energy in data centers
Shuts off links and switches to
reduce data center power
OpenFlow provides network
routes and port statistics
Some OpenFlow Demos
Aster*x: Load-Balancing Web Traffic over Wide-Area Networks
load balancing system for services
hosted in different services
considers network congestion and
server load
handles the dynamical adding
and removing of resources
By Stanford
OFELIA - Pan-European Test Facility for OpenFlow
Experimentation
test facility for network
experiments based on OpenFlow
allows the dynamic creation of
virtual machines to be used as
sources, sinks, and controllers for
OpenFlow switches
Network Virtualization using EXOS OpenFlow
flexible definitions of virtual
networks,
dynamic scaling of the virtual
networks, and
isolation of the virtual networks
from physical network changes.
Industry trend
Increased interest
In Data centers
Service providers
For example to slice their networks based on bandwidth
Enterprise networks
Questions?
References
http://www.openflow.org/
http://opennetsummit.org/
Openflow white paper
http://noxrepo.org/wp/
Slides from
Brandon Heller (stanford)
SriniSeetharaman
Martin Casado
Internet2 Joint Techs – Clemson
Open Network Summit 2011 talks and slides