Transcript PPT

Baraki H. Abay
Nov 04,2011
Outline
1.
2.
Legacy Networks
Software defined networks

3.
Motivation ,Architecture, Principles,
OpenFlow






Principles, Architecture
OpenFlow Basics- Flow table, controller, protocol
How it works
Centralized vs Distributed, Aggregated vs Flow based,
Proactive vs Reactive
Network Slicing - FlowVisor
How to get started to play with OpenFlow
4. Industry trends
5. Demo screen shoots
Current Networking Scheme
 Fully distributed protocols - hard to add a feature to a
network
 Network is closed for research and innovation
 Network administrators and Researchers
can only configure devices
Software is embedded in Industry
Data plan and control plan in the
same device
 Routers and switches are locked
Packet forwarding and decision
controlled by underlined switched and
routers
Closed System
Ap
p
Ap
p
Ap
p
Operating
System
Packet
Forwarding
Hardware
Ap
p
Ap
p
Ap
p
Operating
System
Packet
Forwarding
Hardware
Ap
p
Ap
p
Operating
System
Ap
p
Ap
p
Operating
System
Hardwared
Packet
Forwarding
Ap
p
Packet
Forwarding
Hardware
Ap
p
Mitigation approach
 Open Development environment for Networking
 Isolation:
 regular production Network untouched
 Virtualized and Programmable networks
Software Defined Networking (SDN)
Software Defined Networking(SDN)
 Network Architecture to remotely control
network hardware with software
 To open the closed network
 Enables innovations by researchers, operators,
application/service providers
 Managed by Open Network Foundation
(ONF)
6
SDN Architecture Principles
Separation of data and
control planes

well defined
API/protocol between
the two
Logically centralized
control plane
1.
2.

with an open API for
network applications and
services
Network slicing and
virtualization
3.

to support experimentation
on a production network.
API
ControlPath(Software)
Control
Protocol
Path
Data Path (Hardware)
Software Defined Networking Principles
3. Open API
App
App
2. Operating
System
App
Network Operating System
1. Open Interface to HW
Ap
p
Ap
p
Ap
p
Operating
System
Ap
p
Ap
p
Packet
Forwarding
Hardware
Ap
p
Operating
System
Packet
Forwarding
Hardware
Ap
p
Ap
p
Ap
p
Ap
p
Operating
System
Hardware Packet
Forwarding
Ap
p
Operating
System
Packet
Forwarding
Hardware
Ap
p
OpenFlow
What is OpenFlow?
“OpenFlow is an open standard
to deploy innovative protocols
in production networks”
openflow.org
OpenFlow
 Motivation
 Network changes are sluggish
 The need for programmable networks
 Goal
 Use a centralized controller to determine traffic
forwarding
 Principle
 Separate control plane from data plane
OpenFlow
 SDN protocol(API) that modifies forwarding tables in




network switches.
Added as a feature to commercial Ethernet switches,
routers and wireless access points
Developed by Stanford University
Sits between a switch and controller
Allows the path of network packets through the
network of switches to be determined by software
running on a separate server
OpenFlow
 Vendor independent
 Protocol is open source
 Version status
 OF 1.0 : most widely used version
 OF 1.1: multiple tables and counters
 OF 1.2 : Wire protocol IPv6, basic configuration
 OF 1.3 : Topology discovery, test processes
 OF 1.4 : capability discovery , test labs
Classic Switch Vs OpenFlow Switch
Classic Switch/Router
OpenFlow Enabled
Switch/Router
 Data path and control path
 Separates the data path and
occur on the same device
 Data path- packet forwarding
path
 Control path- routing
decisions
control path
 Data path portion still
resides on the switch
 High level routing decisions
reside in controller
 The OpenFlow switch and
the controller communicate
via the OpenFlow protocol
OpenFlow Specification Basics
 Consists at least three parts
 Flow Table – define how the switch will process each flow
 Secure Channel –to connect to controller
Controller
 OpenFlow Protocol(API)
PC
OpenFlow Switch
sw Secure
Channel
Flow
hw
Table
•Flow table are set up on
switches
•Controller talk to the
switch via the OpenFlow
protocol
Flow table Entry
 Flow table consists of set of entries to compare incoming




packets against
Each flow entry consist of match fields, counters, actions
Matching starts at the first flow table
Flow entries match in priority order
Match found

Apply the instructions
 Match not found
 forwarded to the controller over the OpenFlow channel,
 dropped
 may continue to the next flow table
Table entry
Rule
Action
Stats
•Per table
•Per flow
•Per table
Packet + byte counters
1.
2.
3.
4.
Switch MAC
Port
src
MAC
dst
Forward packet to port(s)
Encapsulate and forward to controller
Drop packet
Send to normal processing pipeline
Eth
type
VLAN
ID
IP
Src
IP
Dst
IP
Prot
TCP
sport
TCP
dport
Actions:
1. Switching and routing
2. Firewall
3. Using non-OpenFlow
logic
4. Send to controller
Secure channel
OpenFlow Switch
Controller
PC
Secure
sw Channel
Flow
hw
Table
SSL Connection, site-specific key
Controller discovery protocol
Encapsulate packets for controller
Send link/port state to controller
OpenFlow Protocol Message Types
 Controller-to-switch



To directly manage or inspect the state of the switch
may or may not require a response from the switch
Operations/msg types: features, configuration, Ready-State,
Modify-State, barrier
 Asynchronous





To update the controller of network events and changes to the
switch state.
sent without the controller soliciting them from a switch
To tell controller a packet arrival, switch state change, or error
Msg. types: Packet-in ,Flow-Removed , Port-status, Error
Symmetric – Msg. types: Hello , Echo, Experimenter
The OpenFlow controller
 Remotely control and manipulate flow table in switches
 Available open-source controllers
 NOX
 Beacon
 SNAC
 FlowVisor- a special type of controller


Act as a proxy between OpenFlow switches and multiple
controllers
Slices network resource and delegate controller to each
How OpenFlow
works ?
Switch
Packet In
from
network
Check
matchin
g
No
match
Match
Send to
controller over
secure channel
Apply Actions
Controller
Packet In
from
switch
•Extract the destination address of the packet
•Define a table entry to create a path for the
packet
•Send message to each switch in the path the
packet will traverse
192.10.0.2
10.5.0.2
192.10.0.1
10.4.0.2
Entry
Available?
192.168.0.2
10.4.0.2
OFS
192.168.0.1
OFS
Rule
Action
Statistics
OFS
Rule
Action
Statistics
PC
10.4.0.2
Rule
OFS
Action
Statistics
Controller
192.168.0.2
10.4.0.2
Flow match Examples
Flow Rule(match)
Action
Controller Usage Models
Centralized vs Distributed control
Centralized Control
Distributed Conrol
Controller
Controller
PC
OFS
PC
Controller
OFS
PC
Controller
OFS
OFS
PC
OFS
OFS
Flow Routing vs Aggregation
Flow-based
Aggregated
 Every flow is individually set
 One flow entry covers large
up by controller
 Exact match flow entries
 Flow table contains one entry
per flow
 Good for fine grain control
groups of flows
 Wildcard flow entries
 Flow table contains one entry
per category of flows
 Good for large # of flows
Reactive vs Proactive
Reactive
Proactive
 First packet of flow triggers
 Controller pre-populates flow
controller to insert flow entries
 Efficient use of flow table
 Every flow incurs small
additional set up time
 Switch has limited utility of
connection control is lost
table in switch
 Zero additional flow set up
time
 Loss of control connection
doesn’t disrupt connection
 Requires aggregated rules
Open Controllers
Controller name
Language
Platform
NOX
C++, Python
Linux
Beacon
Java
Win, Mac, Linux, Android
Maestro
Java
Win, Mac, Linux
Trema
Ruby, C
Linux
Network Slicing concept
 Divide the production network into logical slices
 each slice/service controls its own packet forwarding
Multiple controllers (NOS)
Slicing Layer
Switch data
plane
FlowVisor
 A tool for slicing OpenFlow Networks
 creating multiple isolated and programmable logical
networks on the same physical topology
 Puts Slicing Policies
 The policy specifies resource limits for each slice:
– Link bandwidth
– Maximum number of forwarding rules
– Topology
– Fraction of switch/router CPU
Virtual networks through FlowVisor
Research 1 controller
PC
Prod. nkt controller
PC
Research 2
controller
PC
OpenFlow
protocol
OFS
OFS
OpenFlow
protocol
OFS
Flow Visor
FlowSpace: Maps Packets
to Slices
Topology discovery is per slice
OpenFlow gains
 Increased network control
 Increased Network in flexibility
 Shared Infrastructure – make innovation easier

Current network infrastructure, LAN and WAN, does not
allow for much experimenting. In many cases, it is a
production network, there are firmware limitations, or
both
Some OpenFlow applications
 Wireless mobility/migration
 Redirect specific application traffic to remote site







Network Virtualization
Power management
Load balancing
Traffic engineering
Security Applications
Load balancing
Firewall
Current version OpenFlow limitations
 Non-flow-based(per-packet) networking
 Use all tables on switch chips
 New forwarding primitives
 New packet formats/field definitions
 Low-setup time individual flows
 But can push flows proactively
Industry support
 Many vendors implemented OpenFlow in their devices
How to get started with OpenFlow
 Switch
 Software switches



Linux User-space Switch
Reference Linux Kernel-space Switch
Open vSwitch
 Hardware switches

OpenFlow enabled commercial switches – ex. pronto
 Controller


Reference Learning Switch Controller
NOX, Beacon, SNAC
What can we do with OpenFlow
 Write- configure – deploy
 Experimenting our networks
 Develop network applications on top of existing
controllers (ex. NOX, Beacon)
 Customize controllers
 Extend existing controllers
 Developing our own controller
Example Developing on NOX
 Basics – components and events
 Develop components that handle events
 Components can be developed using
 C++
 Python or
 Combination of them
 NOX built-in component




Core apps
Network apps
Web apps
Third-part y extensions
Example – a component
Events
 Drives execution in NOX
 Core events

Data_path_join event, Packet_in_event
 Application events

Host_in event, flow_in event etc
post events for other
applications to handle
Register for packet_in event
OpenFlow Practice
 Using virtual machines
 Required softwares
 Virtualization software (Virtual box)
 X server - (windows Xming , max X11, linux X server
installed)
 Development tools
 Mininet
 Wireshark
 Benchmark Controller w/iperf
What can we do in the tutorial
 Create learning switch
 NOX controller (Python, C++)
 Beacon (java)
 Control a Slice of a real Network
 Creating router
 Creating Firewall
Some
Demos
Dynamic Flow Aggregation on an OpenFlow Network
Dynamically define flow granularity by wildcarding arbitrary Header
fields
Granularity is on the switch flow entries, no packet rewrite or
encapsulation
Elastic Tree: reducing energy in data centers
Shuts off links and switches to
reduce data center power
OpenFlow provides network
routes and port statistics
Some OpenFlow Demos
Aster*x: Load-Balancing Web Traffic over Wide-Area Networks
 load balancing system for services
hosted in different services
 considers network congestion and
server load
 handles the dynamical adding
and removing of resources
By Stanford
OFELIA - Pan-European Test Facility for OpenFlow
Experimentation
test facility for network
experiments based on OpenFlow
allows the dynamic creation of
virtual machines to be used as
sources, sinks, and controllers for
OpenFlow switches
Network Virtualization using EXOS OpenFlow
 flexible definitions of virtual
networks,
dynamic scaling of the virtual
networks, and
 isolation of the virtual networks
from physical network changes.
Industry trend
 Increased interest
 In Data centers
 Service providers

For example to slice their networks based on bandwidth
 Enterprise networks
Questions?
References
 http://www.openflow.org/
 http://opennetsummit.org/
 Openflow white paper
 http://noxrepo.org/wp/
 Slides from

Brandon Heller (stanford)

SriniSeetharaman
Martin Casado
Internet2 Joint Techs – Clemson
Open Network Summit 2011 talks and slides


