Presentation
Download
Report
Transcript Presentation
The Key to Vendor Agnostic
SDN/OpenFlow Table Type
Patterns (TTP)
Sudhir Modali, Director PLM Pica8
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Is Networking a Single Vendor Play?
ORCHESTRATION
MANAGEMENT/
AUTOMATION
CONTROL PLANE
DATA PLANE
ASICs
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Controller
Openstack
Chef
Puppet
STP/TRILL
L2
OSPF
IPv4/v6
Custom
MPLS
Broadcom
Tivoli
EMS
ISIS
Multicast
Cavium
Tail-f
API
BGP
WAN
Mellanox
Custom
Custom
VPN
PCEP
Traffic
Engineering
Marvell
Custom
QoS
Barefoot
Security
The Network GAP
Software Innovation
Cloud
Big Data
SaaS
“The Network Gap”
Value
PaaS
Virtualization
Multi-Core CPU
L2-VPNs
ASICs
VLANs
VPNs
Fabrics
Technology Evolution
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Overlays
SD-WAN
Controllers
Network Innovation
Three Reasons For The Network Gap
1.
Closed Systems
2.
Protocol Overload
BGP, OSPF,
QinQ, IS-IS
OpenFLow
OVS, OVSDB
DevOps, CLI,
SysAdmin
Copyright © 2015 Pica8 Inc. All Rights Reserved.
3.
Inertia
Table Type Patterns (TTP):
Unicast Routing Pipeline
Utilize all ASIC tables
(VLAN+MAC+IP+TCAM)
via Openflow
Enables flexible pipelines
Group actions
L3 Ecmp
(Select)
L3 FF
(Fast Failover)
L3 Unicast
Redirect
• Choose between priority or LPM algorithms
for lookups
Scale comparable to
incumbent routers/switches
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Phy
Port
Ingress
Port
VLAN
Termination
MAC
Unicast
Routing
Policy
ACL
Table0
Table10
Table20
Table30
Table40
Color
Based
Actions
L2 interface
(indirect)
Meters
L2 Rewrite
(indirect)
Phy
Port
TTP profile
Copyright © 2015 Pica8 Inc. All Rights Reserved.
TTP Closes Network Innovation Gap
TTP
Service
Design
Troubleshooting
Operations
Provisioning
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Development
Normalized
ASIC
Programming
OVS on Linux mode
Multicast
fabric
Host/Service
discovery
Unicast
routing
SDN Controller
Ovs-ofctl
Ovs-dpctl
Ovs-appctl
command
netlink
Remote
Ovsdbclient
Ovs-vsctl
config
DB operation
Save
ovs-vswitchd
Apply
ovsdb-server
ovsdb-tool
First packet
ovsdb
Userspace
Kernel
ovs-kernel
Port 1
Port 2
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Table Type Patterns
Multicast
fabric
Host/Service
discovery
Unicast
Routing
SDN Controller
Ovs-ofctl
Ovs-dpctl
Ovs-appctl
command
netlink
Remote
Ovsdbclient
Ovs-vsctl
config
DB operation
Save
ovs-vswitchd
Apply
ovsdb-server
ovsdb-tool
Software Tables
ovsdb
Userspace
SDK
HardwareTables
ASIC
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Port 1
Port 2
Application TTP
Multicast
fabric
Host/Service
discovery
Unicast
Routing
SDN Controller
Ovs-ofctl
Remote
Ovsdbclient
Ovs-vsctl
config
DB operation
Copy to
CPU/Controller
ovsdb-server
config
Apply
ovsdb-tool
TTP
ovsdb
Userspace
SDK
HardwareTables
ASIC
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Port 1
Port 2
TTP Profiles Can Be Deployed in. . .
Open Networking
NOS
ASIC
Metal
Any network locale
Incumbent alternative
ASIC choice
Normalized network
services
Open shim layer
Data Center Networks
Scale-out spine and leaf
Overlays
Network Virtualization
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Standard L2/L3
Scale out
Automation-heavy
Programmability
with DevOps tools
SDN Solutions
VTEP support
Multi-tenant
clouds
Data center
interconnect
Disaster recovery
SDN App Store
VPN
Traffic Eng.
Tap
Custom solutions
Ecosystem and
controller integration
OEM customers
OpenFlow with L2/L3
Stacking It Together
SDN
Applications
Tools
BGP
Firewall
Services
RESTful API
NETWORK ORCHESTRATION
RESTful API
OSS/BSS
ODL
CONTROLLER
OpenFlow
OVSDB
Data Plane (aka Network OS)
TTP
PicOS
Merchant Silicon
Broadcom
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Traffic Engineering
Analytics
Benefits Realized
Feature
Improvement
Grading
Scale
1000x (upto 2M)
over single table implementation (2k)
Comparable to
incumbent equipment
Performance
Line-rate
Comparable to
incumbent equipment
Security
Linux security tools
(Always) work-in-progress
Interoperability
Support for traditional pipelines and
enhancements dynamically
Onboarding SDN applications on
production environments
Works across multiple
ASIC pipelines
Better than
incumbent equipment
Simplicity
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Case Studies
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Case 1: Routing-a-a-s TOR (Leaf) TTP
Core Router TTP
Internet
Core Network
Data Center
Edge Router TTP
ToR Leaf TTP
Virtualized
Service
Data center
applications
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Data center
applications
Data center
applications
Example TTP pipeline:
- IPv4 and IPV6
- Unicast and multicast
- Service chaining
- Scale/performance =
Trident2
Case 2: WAN Service Border Leaf TTP
Core Router TTP
Example TTP pipeline:
- IPv4 and IPV6
- Unicast and multicast
- Scale/performance =
Trident2
Internet
Core Network
Data Center
Border Leaf TTP
ToR Leaf
Virtualized
Service
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Data center
applications
Data center
applications
Data center
applications
Example TTP pipeline:
- VLAN translation
- IPv4 and IPV6
- Unicast and
multicast
- NAT support
- Scale/performance =
Cavium
Thank You
pica8.com
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Multicast
fabric
multicast-TTP
…....
Unicast
Routing
SDN Controller
Ovs-ofctl
Openflow Controller
Switch
OpenFlow 1.3/1.4
Group actions
L3 Ecmp
(Select)
L3 group_all
(multicast)
Phy
Port
L3 FF
(Fast Failover)
Ingress
Port
VLAN
Termination
MAC
Unicast
Routing
Policy
ACL
Table0
Table10
Table20
Table30
Table40
Color
Based
Actions
Copyright © 2015 Pica8 Inc. All Rights Reserved.
L3 Unicast
Redirect
L2 interface
(indirect)
Meters
L2 Rewrite
(indirect)
Phy
Port
Factors affecting flow scale
Factors
Components
TTP
memory
-
SRAM/DRAM is cheaper than TCAM.
TCAM is embedded in ASIC and hence
has a physical limit in terms of scale.
Dedicated memory to store
VLAN,L2,L3 entries for exact
match.
Lookup time
-
TCAM is a priority driven lookup.
SRAM can be used with newer
sophisticated lookup algorithms
Uses SRAM for matching and
TCAM for policies (qos, security,
ACL) – enables N+N search
tables
-
SRAM best suited for longest prefix
matching
TCAM best suited for wild card matching
(first match)
TCAM Enables User-DefinedFlows (UDF) – flows that capture
a match on user defined pattern
Distributed learning requires
synchronization of information
Programmable data paths enable
deterministic forwarding
Reduces broadcast traffic and
allows exception based routing,
traffic engineering and
application based switching
Scale-out vs scale-in
data path
-
Copyright © 2015 Pica8 Inc. All Rights Reserved.
Software vs Hardware
In hardware switches all packets are going through the ASIC.
This is to avoid delay.
vSwitchd synchronize its state with the ASIC
OVS-vswitchd
User
ASIC
Copyright © 2015 Pica8 Inc. All Rights Reserved.
16
OpenFlow
Copyright © 2015 Pica8 Inc. All Rights Reserved.
22