Post on 27-Dec-2015
transcript
Introduction to SDN & OpenFlow
Based on Tutorials from:Srini Seetharaman, Deutsche Telekom Innovation Center
FloodLight Open Flow Controller, floodlight.openflowhub.org
Million of linesof source code
6000+ RFCs Barrier to entry
Billions of gates Bloated Power Hungry
Many complex functions baked into the infrastructureOSPF, BGP, multicast, differentiated services,Traffic Engineering, NAT, firewalls, MPLS, redundant layers, …
An industry with a “mainframe-mentality”
The Ossified Network
Specialized Packet Forwarding Hardware
OperatingSystem
Feature Feature
Routing, management, mobility management, access control, VPNs, …
2
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
App App App
3
Current Internet Closed to Innovations in the Infrastructure
Closed
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
App App App
Network Operating System
App App App
“Software Defined Networking” approachto open it
App
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
App App
Simple Packet Forwarding Hardware Simple Packet
Forwarding Hardware
Network Operating System
1. Open interface to hardware
3. Well-defined open API2. At least one good operating system
Extensible, possibly open-source
The “Software-defined Network”
SDN System View
Application tier
Controller tier
Data plane tier
OF Switch
OF Switch
OF Switch
OF Switch
OF Switch
SDN Controller
App
licatio
n
App
licatio
n
App
licatio
n
App
licatio
n
App
licatio
n
Software Defined Networking decouples data, control, and application planes, creating a programmable network
OpenFlow and SDN
OpenFlow-based SDN Controller
App
licatio
n
App
licatio
n
App
licatio
n
App
licatio
n
Northbound API
Southbound API - OpenFlow
App
licatio
n
OF Switch
OF Switch
OF Switch
OF Switch
OF Switch
Controller
PC
OpenFlow usage
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
Alice’s code
Decision?OpenFlowProtocol
Alice’s Rule
Alice’s Rule
Alice’s Rule
OpenFlow offloads control intelligence to a remote software
Controller
PC
HardwareLayer
SoftwareLayer
Flow Table
MACsrc
MACdst
IPSrc
IPDst
TCPsport
TCPdport Action
OpenFlow Client
**5.6.7.8*** port 1
port 4port 3port 2port 1
1.2.3.45.6.7.8
OpenFlow Example
13
OpenFlow Basics Flow Table Entries
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
L4sport
L4dport
Rule Action Stats
1. Forward packet to zero or more ports2. Encapsulate and forward to controller3. Send to normal processing pipeline4. Modify Fields5. Any extensions you add!
+ mask what fields to match
Packet + byte counters
14
VLANpcp
IPToS
OpenFlow: a pragmatic compromise
• + Speed, scale, fidelity of vendor hardware• + Flexibility and control of software and
simulation• Vendors don’t need to expose implementation• Leverages hardware inside most switches
today (ACL tables)
15
ExamplesSwitching
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* 00:1f:.. * * * * * * * port6
Flow Switching
port3
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6
Firewall
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * * * * * 22 drop
16
ExamplesRouting
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * * 5.6.7.8 * * * port6
VLAN Switching
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * vlan1 * * * * *
port6, port7,port9
00:1f..
17
Centralized vs Distributed ControlBoth models are possible with OpenFlow
Centralized Control
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
Controller
Distributed Control
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
Controller
Controller
Controller
18
Flow Routing vs. AggregationBoth models are possible with OpenFlow
Flow-Based
• Every flow is individually set up by controller
• Exact-match flow entries• Flow table contains one
entry per flow• Good for fine grain
control, e.g. campus networks
Aggregated
• One flow entry covers large groups of flows
• Wildcard flow entries• Flow table contains one
entry per category of flows• Good for large number of
flows, e.g. backbone
19
Reactive vs. Proactive (pre-populated)Both models are possible with OpenFlow
Reactive
• First packet of flow triggers controller to insert flow entries
• Efficient use of flow table• Every flow incurs small
additional flow setup time• If control connection lost,
switch has limited utility
Proactive
• Controller pre-populates flow table in switch
• Zero additional flow setup time
• Loss of control connection does not disrupt traffic
• Essentially requires aggregated (wildcard) rules
20
OpenFlow
• Controller to Switch Communication
x86 style instruction set
Based on Ethernet Switch with: OF software client
Hardware flow table
Control channel between switch and controller
TCP / SSL
OpenFlow-based SDN Controller
OpenFlow Client
**5.6.7.8*** port 1
Non-OF Control Path
ActionMAC src
MAC dst
IP Src
IP Dst
TCP sport
TCP dport
Flow table
22
OpenFlow Protocol (1)
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
L4sport
L4dport
Match Fields Action(s) Stats
1. Forward packet to zero or more ports2. Encapsulate and forward to controller3. Modify Fields4. Vendor specific extensions
+ mask what fields to match
Packet + byte counters
VLANpcp
IPToS
©2012 – Big Switch Networks Inc.
23
OpenFlow Protocol (2)
Switch port
MAC src
MAC dst
Eth type
VLAN ID
IP Src IP Prot TCP sport
TCP dport
Action
Switching * * 00:1f:..
* * * * * * Port6
Flow switching
Port3 00:20..
00:1f..
0800 Vlan1 1.2.3.4 5.6.7.8 4 17264 Port6
Firewall * * * * * * * * 22 Drop
Routing * * * * * * 5.6.7.8 * * Port6
VLAN switching
* * 00:1f..
* Vlan1 * * * * Port6,port7, port8
©2012 – Big Switch Networks Inc.
OpenFlow in Action
SDN Controller
App
licatio
n
App
licatio
n
App
licatio
n
App
licatio
n
App
licatio
n
OF Switch
Rule Action Stats
OF Switch
OF Switch
Rule Action Stats Rule Action Stats
0101001010
Usage examples• Alice’s code:
– Simple learning switch – Per Flow switching– Network access
control/firewall– Static “VLANs”– Her own new routing protocol:
unicast, multicast, multipath– Home network manager– Packet processor (in
controller)– IPvAlice
Stanford demonstrated– VM migration– Server Load balancing– Mobility manager– Power management– Network monitoring
and visualization– Network debugging– Network slicing
… and much more you can create!
Ciena Coredirector
NEC IP8800
Current SDN hardwareJuniper MX-series
HP Procurve 5400
Pronto 3240/3290
WiMax (NEC)
PC EnginesNetgear 7324
27
Commercial Switch VendorsModel Virtualize Notes
HP Procurve 5400zl or 6600
1 OF instance per VLAN
-LACP, VLAN and STP processing before OpenFlow-Wildcard rules or non-IP pkts processed in s/w-Header rewriting in s/w-CPU protects mgmt during loop
NEC IP8800 1 OF instance per VLAN
-OpenFlow takes precedence-Most actions processed in hardware-MAC header rewriting in h/w
Pronto 3240 or 3290 with Pica8 or Indigo firmware
1 OF instance per switch
-No legacy protocols (like VLAN and STP)-Most actions processed in hardware-MAC header rewriting in h/w
28
Controller VendorsVendor Notes
Nicira’s NOX
•Open-source GPL•C++ and Python•Researcher friendly
Nicira’s ONIX
•Closed-source•Datacenter networks
SNAC •Open-source GPL•Code based on NOX0.4•Enterprise network•C++, Python and Javascript•Currently used by campuses
Vendor Notes
Stanford’s Beacon
•Open-source•Researcher friendly•Java-based
BigSwitch controller
•Closed source•Based on Beacon•Enterprise network
Maestro (from Rice Univ)
•Open-source•Based on Java
NEC’s Helios •Open-source•Written in C
29
Windows(OS)
Windows(OS)
Linux MacOS
x86(Computer)
Windows(OS)
AppApp
LinuxLinuxMacOS
MacOS
Virtualization layer
App
Controller 1
AppApp
Controller2
Virtualization or “Slicing”
App
OpenFlow
Controller 1NOX(Network OS)
Controller2Network OS
Trend
Computer Industry Network Industry
Simple Packet Forwarding Hardware
Network Operating System 1
Open interface to hardware
Virtualization or “Slicing” Layer
Network Operating System 2
Network Operating System 3
Network Operating System 4
App App App App App App App App
Many operating systems, orMany versions
Open interface to hardware
Isolated “slices”
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
32
Switch Based VirtualizationExists for NEC, HP switches but not flexible enough
Normal L2/L3 Processing
Flow Table
Production VLANs
Research VLAN 1
Controller
Research VLAN 2
Flow Table
Controller
33
FlowVisor-based Virtualization
OpenFlow Switch
OpenFlowProtocol
OpenFlow FlowVisor & Policy Control
Craig’sController
Heidi’sControllerAaron’s
Controller
OpenFlowProtocol
OpenFlow Switch
OpenFlow Switch
34
Topology discovery is
per slice
OpenFlowProtocol
OpenFlowFlowVisor & Policy Control
Broadcast Multicast
OpenFlowProtocol
httpLoad-balancer
FlowVisor-based Virtualization
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
35
Separation not onlyby VLANs, but any
L1-L4 pattern
dl_dst=FFFFFFFFFFFF tp_src=80, ortp_dst=80