Embed Size (px)
Citation preview
OpenFlow/SDN tutorialOFC/NFOEC March, 2012
Srini SeetharamanDeutsche Telekom
Silicon Valley Innovation Center
1
Why OpenFlow?
3
Million of linesof source code
6000+ RFCs Barrier to entry
Billions of gates Bloated Power Hungry
Many complex functions baked into the infrastructureOSPF, BGP, multicast, differentiated services,Traffic Engineering, NAT, firewalls, MPLS, redundant layers, …
An industry with a “mainframe-mentality”, reluctant to change
The Ossified Network
Specialized Packet Forwarding Hardware
OperatingSystem
Feature Feature
Routing, management, mobility management, access control, VPNs, …
4
Open Systems
Performance Fidelity
Scale Real User Traffic?
Complexity Open
Simulation medium medium no medium yes
Emulation medium low no medium yes
Software Switches
poor low yes medium yes
NetFPGA high low yes high yes
Network Processors
high medium yes high yes
Vendor Switches
high high yes low no
gap in the tool spacenone have all the desired attributes!
5
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
App App App
6
Current Internet Closed to Innovations in the Infrastructure
Closed
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
App App App
Network Operating System
App App App
“Software Defined Networking” approachto open it
App
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
App App
Simple Packet Forwarding Hardware Simple Packet
Forwarding Hardware
Network Operating System
1. Open interface to hardware
3. Well-defined open API2. At least one good operating system
Extensible, possibly open-source
The “Software-defined Network”
How does OpenFlow work?
9
Ethernet SwitchEthernet Switch
10
Data Path (Hardware)Data Path (Hardware)
Control PathControl PathControl Path (Software)Control Path (Software)
11
Data Path (Hardware)Data Path (Hardware)
Control PathControl Path OpenFlowOpenFlow
OpenFlow ControllerOpenFlow Controller
OpenFlow Protocol (SSL/TCP)
12
Controller
PC
HardwareLayer
SoftwareLayer
Flow Table
MACsrc
MACdst
IPSrc
IPDst
TCPsport
TCPdport Action
OpenFlow Client
**5.6.7.8*** port 1
port 4port 3port 2port 1
1.2.3.45.6.7.8
OpenFlow Example
13
Controller
PC
OpenFlow usage
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
Alice’s code
Alice’s code
Decision?OpenFlowProtocol
Alice’s Rule
Alice’s Rule
Alice’s Rule
Alice’s Rule
Alice’s Rule
Alice’s Rule
OpenFlow offloads control intelligence to a remote software
OpenFlow Basics Flow Table Entries
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
L4sport
L4dport
Rule Action Stats
1. Forward packet to zero or more ports2. Encapsulate and forward to controller3. Send to normal processing pipeline4. Modify Fields5. Any extensions you add!
+ mask what fields to match
Packet + byte counters
15
VLANpcp
IPToS
ExamplesSwitching
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* 00:1f:.. * * * * * * * port6
Flow Switching
port3
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
Action
00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6
Firewall
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * * * * * 22 drop
16
ExamplesRouting
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * * 5.6.7.8 * * * port6
VLAN Switching
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
Action
* * vlan1 * * * * *
port6, port7,port9
00:1f..
17
OpenFlow: a pragmatic compromise
• + Speed, scale, fidelity of vendor hardware• + Flexibility and control of software and
simulation• Vendors don’t need to expose
implementation• Leverages hardware inside most switches
today (ACL tables)
18
Centralized vs Distributed ControlBoth models are possible with OpenFlow
Centralized Control
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
Controller
Distributed Control
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
Controller
Controller
Controller
19
Flow Routing vs. AggregationBoth models are possible with OpenFlow
Flow-Based
• Every flow is individually set up by controller
• Exact-match flow entries• Flow table contains one
entry per flow• Good for fine grain
control, e.g. campus networks
Aggregated
•One flow entry covers large groups of flows•Wildcard flow entries•Flow table contains one entry per category of flows•Good for large number of flows, e.g. backbone
20
Reactive vs. Proactive (pre-populated)Both models are possible with OpenFlow
Reactive
• First packet of flow triggers controller to insert flow entries
• Efficient use of flow table• Every flow incurs small
additional flow setup time• If control connection lost,
switch has limited utility
Proactive
•Controller pre-populates flow table in switch•Zero additional flow setup time•Loss of control connection does not disrupt traffic•Essentially requires aggregated (wildcard) rules
21
Usage examples
• Alice’s code:– Simple learning switch – Per Flow switching– Network access
control/firewall– Static “VLANs”– Her own new routing protocol:
unicast, multicast, multipath– Home network manager– Packet processor (in
controller)– IPvAlice
– VM migration– Server Load balancing– Mobility manager– Power management– Network monitoring
and visualization– Network debugging– Network slicing
… and much more you can create!
openflow.org/videosopenflow.org/videos
Topology discovery• OpenFlow controller view is not always complete.
For instance, what does the controller see here?
InternetInternet
HostA
HostA
XX YYNon-OFswitch
Non-OFswitch
Non-OFswitch
Non-OFswitch
OFswitch
OFswitch
OFswitch
OFswitch
HostB
HostB
HostC
HostC
Quiz Time• How do I provide control connectivity? Is it really clean slate?
• Why aren’t users complaining about time to setup flows over OpenFlow? (Hint: What is the predominant traffic today?)
• Considering switch CPU is the major limit, how can one take down an OpenFlow network?
• How to perform topology discovery over OpenFlow-enabled switches?
• What happens when you have a non-OpenFlow switch inbetween?
• What if there are two islands connected to same controller?
• How scalable is OpenFlow? How does one scale deployments?
24
What can you not do with OpenFlow ver1.1
• Non-flow-based (per-packet) networking– e.g., Handling pkt 1 differently from pkt 2 of same flow– yes, this is a fundamental limitation– BUT OpenFlow provides the plumbing to connect devices
• New forwarding primitives– BUT provides a nice way to integrate them through extensions
• New packet formats/field definitions – BUT a generalized OpenFlow (2.0) is on the horizon
• Optical Circuits– BUT efforts underway to apply OpenFlow model to circuits
• Low-setup-time individual flows– BUT can push down flows proactively to avoid delays
25
Where is it going?The Open Networking Foundation:
Textbox Headline
The founding Consortium
Promoter Members: Operators and service
providers Make up the board of
directors Have voting rights Representative of DTAG is
Bruno Orth (GTN S&A)
Adopter Members (as of Feb 2012)
List of Members:
Big Switch Networks
Broadcom Brocade Ciena Cisco Citrix Comcast CompTIA Cyan Dell Elbrys Ericsson ETRI Extreme
Networks EZchip Force10Netwo
rks Fujitsu
Hitachi HP Huawei IBM Infoblox Intel IP Infusion Ixia Juniper
Networks Korea
Telecom LineRate
Systems LSI Marvell Mellanox Metaswitch
Networks Midokura NEC Netgear
Netronome
Nicira Networks
Nokia Siemens Networks
Plexxi Inc.
Pronto Systems
Radware Riverbed
Technology
Samsung Spirent Tencent Texas
Instruments
Vello Systems
VMware ZTE
Corporation
Netronome
Nicira Networks
Nokia Siemens Networks
Plexxi Inc.
Pronto Systems
Radware Riverbed
Technology
Samsung Spirent Tencent Texas
Instruments
Vello Systems
VMware ZTE
Corporation
Where it’s going• OF v1.1: Extensions for WAN
– multiple tables: leverage additional tables– tags and tunnels– multipath forwarding
• OF v1.2: Extensible Match structure– Required fields includes IPv6
27
Where it’s going• OF v2+
– generalized matching and actions: an “instruction set” for networking
• Several other working groups have been created:– Hybrid group: Specifies how OpenFlow can be included
into legacy switches without assuming clean-slate– Config group: Will specify an independent protocol that
will help configure OpenFlow parameters out-of-band– .... And more
28
OpenFlow Implementations(Switch and Controller)
29
Ciena Coredirector
NEC IP8800
Current SDN hardware
More coming soon...
Juniper MX-series
HP Procurve 5400
Pronto 3240/3290
WiMax (NEC)
PC EnginesNetgear 7324
31
Commercial Switch VendorsModel Virtualize Notes
HP Procurve 5400zl or 6600
1 OF instance per VLAN
-LACP, VLAN and STP processing before OpenFlow-Wildcard rules or non-IP pkts processed in s/w-Header rewriting in s/w-CPU protects mgmt during loop
NEC IP8800 1 OF instance per VLAN
-OpenFlow takes precedence-Most actions processed in hardware-MAC header rewriting in h/w
Pronto 3290 or 3780 with Pica8 or Indigo firmware
1 OF instance per switch
-No legacy protocols (like VLAN and STP)-Most actions processed in hardware-MAC header rewriting in h/w 32
Open-source controllersVendor Notes
Nicira’s NOX
•GPL•C++ and Python
SNAC •GPL•Code based on NOX0.4•Enterprise network•C++, Python and Javascript•Currently used by campuses
Vendor Notes
Stanford’s Beacon
•BSD-like license•Java-based
Maestro (from Rice Univ)
•GPL•Based on Java
NEC’s Trema •Open-source•Written in C and Ruby•Included test harness
33
Virtualizing OpenFlow
34
Windows(OS)
Windows(OS)
Linux MacOS
x86(Computer)
Windows(OS)
AppApp
LinuxLinuxMacOS
MacOS
Virtualization layer
App
Controller 1
AppApp
Controller2
Virtualization or “Slicing”
App
OpenFlow
Controller 1NOX(Network OS)
Controller2Network OS
Trend
Computer Industry Network Industry
Simple Packet Forwarding Hardware
Network Operating System 1
Open interface to hardware
Virtualization or “Slicing” Layer
Network Operating System 2
Network Operating System 3
Network Operating System 4
App App App App App App App App
Many operating systems, orMany versions
Open interface to hardware
Isolated “slices”
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
36
FlowVisor-based Virtualization
OpenFlow Switch
OpenFlowProtocolOpenFlowProtocol
OpenFlow FlowVisor & Policy Control
Craig’sController
Heidi’sControllerAaron’s
Controller
OpenFlowProtocolOpenFlowProtocol
OpenFlow Switch
OpenFlow Switch
38
Topology discovery is
per slice
Topology discovery is
per slice
OpenFlowProtocol
OpenFlowFlowVisor & Policy Control
BroadcastMulticast
OpenFlowProtocol
httpLoad-balancer
FlowVisor-based Virtualization
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
39
Separation not onlyby VLANs, but any
L1-L4 pattern
Separation not onlyby VLANs, but any
L1-L4 pattern
dl_dst=FFFFFFFFFFFFdl_dst=FFFFFFFFFFFF tp_src=80, ortp_dst=80tp_src=80, ortp_dst=80
Use Case: New CDN - Turbo Coral ++Basic Idea: Build a CDN where you control the entire network– All traffic to or from Coral IP space controlled by Experimenter– All other traffic controlled by default routing– Topology is entire network– End hosts are automatically added (no opt-in)
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
* * * * * 84.65.* * * * *
* * * * * * 84.65.* * * *
* * * * * * * * * *
42
Adm
inA
dmin
Res
earc
her
Res
earc
her
OpenFlow/SDN for carriers
43
SDN is a hammer for what nail?
1. Packet and Circuit convergence
• Most service providers own and operate 2 independent networks : IP and Transport– managed and operated independently– minimal cross-layer awareness– resulting in duplication of functions and resources
in multiple layers– and significant capex and opex burdens
Convergence to reduce costs and provide value-added services.The Flow Abstraction presents a unifying abstraction
Convergence to reduce costs and provide value-added services.The Flow Abstraction presents a unifying abstraction
OpenFlow-based unified control plane
• Packet flows
• Circuit flows– using the cross-connect table in circuit switches
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
Action
Signal Type
VCG Signal Type
VCG
pac.c
Controller
Interface: OpenFlow Protocol
Packet & Circuit Switches
Converged Network
Unified ControlPlane
Demonstration of pac.c
SANFRANCISCO
HOUSTON
NEW YORK
NOX
OpenFlow Protocol
48
GE links
OC-48 links (2.5 Gbps)
2. Improving IP/MPLS control• Basic Idea
– Retain MPLS data-plane operations – Replace IP/MPLS control plane
• Demonstrate TE & its features • All made simpler – some greatly (eg. AutoRoute)• Some made possible only with SDN (eg. global-optimization)
NETWORK OPERATING SYSTEM
RoutingRouting DiscoveryDiscovery Label Distribution
Label Distribution RecoveryRecovery
TE 2.0TE 2.0 VPNs 2.0VPNs 2.0 Optimized FRR/ AutoBw
Optimized FRR/ AutoBw
MPLS-TP Control
MPLS-TP Control
Multi-layer Control
Multi-layer Control
Summary• OpenFlow/SDN is evolving to facilitate an ecosystem
for innovation
• OpenFlow is being deployed in over 100 organizations world-wide– GEC9 in Nov, 2010 showcased nation-wide OF– Internet 2 and NLR starting to serve as the GENI Backbone
• OpenFlow is essential for Service Providers– Custom control for Traffic Engineering– Combined Packet/Circuit switched networks
Are you innovating in your network?
51
