Embed Size (px)
DESCRIPTION
Presentation on Software Defined Networks using OpenFlow and its application to Cloud Infrastructure.
Citation preview
Networking for the Cloud Software Defined Networks - OpenFlow Approach
R.Mahalingam
Netcon Technologies India Pvt Ltd
Coimbatore, India Email: [email protected], Web: http://www.netcon.in
Traditional Network Architecture
• Control and Data Plane together – Control Plane builds and maintains
forwarding tables – Data plane forwards packets based
on the table entries – Primarily destination based
forwarding
• Static • No programmability to
leverage modern cloud technologies
• Device centric • Proprietary
Control Plane
Control Algorithm (RIP/OSPF, Bridging)
Forwarding tables
Forwarding Decision
Forwarding Plane
Control plane
Data plane
Control plane
Data plane
Control plane
Data plane
1 2 3 4
Uplink port
Ports
Traditional Switch
Data Plane
Control traffic (RIP/OSPF/Bridging)
Traditional Network
Can you do innovation in your campus network??
Experiments we’d like to do…
• New network protocols – Application based forwarding
– Mobility management
– Network-wide energy management
– New naming/addressing schemes
– Network access control
• Problem with our networks – Paths are fixed (by the network)
– IP-only
– Addresses dictated by DNS, DHCP, etc
– No means to add our own processing
Software Defined Networking
• Is an emerging and transforming networking architecture for Computer Networking
• In SDN Control plane and data planes are decoupled.
– Separate policy from Mechanism
• 4 Major components
– SDN Switch (only data/forwarding plane)
– Controller
– Open interface between switch & controller (e.g. OpenFlow)
– API for application integration and feature development
• Network intelligence and state are logically centralized
• Underlying network infrastructure is abstracted from the applications.
• OpenFlow is a leading technology frame work for SDN
SDN Switch
SDN Switch
SDN Switch
Controller (Routing, Policy Management)
Controller (Routing, Policy Management)
Open Flow (logical tunnel)
Features (FW, IPS, NMS, etc.)
API API
Applications
Flow Table Flow Table Data Plane Data Plane
1 2 3 4 Ports
SDN Switch
Server
SDN NETWORK
• Open Flow is a network framework that centralizes the control plane of the network
• Open flow is an open interface for controlling the forwarding tables in network switches, routers and access points remotely.
• OpenFlow is specified by Open Networking Forum (ONF)
• OpenFlow is a vendor neutral specification
What is OpenFlow?
Who drives Open Flow?
Open Flow Summary
• Separate Data From Control – A standard protocol between data and
control
• Define a “generalized flow” based data path – Very flexible and generalized flow
abstraction – Delayer or open up layers 1-7
• Hierarchically centralized “open” controller with API – For control and Management applications
• Virtualization of data & control planes • Backward compatible
– Though allows completely new header
Control Path * Control Path * Open flow Open flow
Data Path (Hardware) Data Path (Hardware)
OpenFlow Controller OpenFlow Controller
* Optional for Hybrid switch
Controller PC
Hardware Layer
Software Layer
Flow Table
MAC src
MAC dst
IP Src
IP Dst
TCP sport
TCP dport
Action
OpenFlow Firmware
* * 5.6.7.8 * * * port 1
port 4 port 3 port 2 port 1
1.2.3.4 5.6.7.8
OpenFlow Table Abstraction
80 * * 1.2.3.4 * * port 5
port 5 Proxy Server
+ mask what fields to match
Switch Port
MAC src
MAC dst
Eth type
VLAN ID IP Src IP Dst IP Prot
TCP sport
TCP dport
Rule Action Stats
1. Forward packet to port(s) 2. Encapsulate and forward to controller 3. Drop packet 4. Send to normal processing pipeline 5. Modify Fields
Packet + byte counters
Flow Table Entry
Putting it all together…
Open Interface
(e.g., OpenFlow)
Logically-centralized control
Switches
Smart,
slow
Dumb,
fast
SDN LAN Architecture
The SDN advantage
• Better network visibility
• Better control Better security
• Dynamic Provisioning of Networks
• No need to program 100s and 1000s of switches in large network
• Application programmability
• New protocols
• Seamless network virtualization
Cloud Network Challenge
• Cloud is an advanced evolution of virtualization • Physical machines have 100s of virtual machines • A standard virtual switch enables communication between virtual servers
– Control plane requires additional hardware resources – Each virtual switch need to be statically configured – Virtual servers are created/modified/deleted dynamically – Is the network programmable to handle this dynamic environment? – Which is the bottle neck? Network? – Limitations
• VLAN limit (4096) – Why 4096? • Spanning tree • VM mobility issues – You need the same VLAN extended to multiple physical switches
Networking for the cloud – SDN
• The solution is Open Flow based virtual switch – No need of VLANs or Spanning Tree – Dynamically Programmable – Absolute control – Only lightweight forwarding engine at the virtual
switch – Examples: Open-V Switch
Typical Architecture
Image Source: www.bigswitch.com
OpenStack and SDN • OpenStack is a cloud provisioning tool • OpenFlow based SDN can be integrated with OpenStack
– To provide true Infrastructure As A service (IAAS) • CPU • Memory • Storage • Network
– Dynamically provision the network resources
Image Source: www.openstack.org
Building your own SDN • SDN is not expensive
• You do not require special hardware
• Open Source tools are available.
– E.g. Floodlight controller, NOX, Beacon
• Standard vendors offer OpenFlow based switches
– Extreme, HP, Arista etc
– Even some low end COTS switches can be programmed with OpenFlow firmware!!
• It is great fun to experiment this new technology
OpenFlow Testbed
OpenFlow Switch (Extreme/HP /Netgear/Arista)
vSwitch with Openflow
OpenFlow
OpenFlow
Clean Slate Program
http://cleanslate.stanford.edu
Experimenter’s Dream (Vendor’s Nightmare)
Standard Network
Processing
Standard Network
Processing
hw
sw Experimenter writes
experimental code
on switch/router
User- defined
Processing
User- defined
Processing
References 1. Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott
Shenker, Jonathan Turner, Open Flow: Enabling Innovation in Campus Networks, http://www.openflow.org
2. Open Network Foundation, “Software Defined Networks: New form of Networks”, http://www.openflownetworking.org, 2012
3. OpenFlow Specification 1.3.1, http://www.opennetworking.org
4. Phillip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, Guofei Gu, “A Security Enforcement Kernel for OpenFlow Networks”, ACM SIGCOMM Helsinki, 2012
5. M. Canini, D. Venzano, P. Peresini, D. Kostic, andJ. Rexford. A NICE Way to Test OpenFlow Applications. In Proceedings of the Symposium on Network Systems Design and Implementation, 2012.
6. M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker. Ethane: Taking Control of the Enterprise. In Proceedings of ACM SIGCOMM, 2007.
7. M. Casado, T. Garfinkel, M. Freedman, A. Akella, D. Boneh, N. McKeowon, and S. Shenker. SANE: A Protection Architecture for Enterprise Networks. In Proceedings of the Usenix Security Symposium, 2006.
8. http://h17007.www1.hp.com/in/en/solutions/technology/openflow/index.aspx
9. http://www.cisco.com/web/solutions/trends/open_network_environment/open_networking.html
22
