Post on 26-Oct-2014
transcript
A short tutorial
Omar Baldonado omar@bigswitch.com
OpenFlow
OpenFlow: !
What is it?!Why should I care?!
What can I see in the OpenFlow Lab?!
What are some next steps?!
OpenFlow – !What is it?!
CORE TECHNOLOGY: OPENFLOW PROTOCOL!
Protocol that allows an external server (“controller”) to control the data path of a switch!
OpenFlow Protocol!
…! …! …!
Data Path (Hardware)!
Control Path! OpenFlow!
AN OPENFLOW SWITCH SIMPLIFIED!
Generic primitive that sits on top of switch TCAM, designed to match well with common switch ASICs.!
Example actions:!1. Switching and routing
(port),!2. Firewalling (drop),!3. Using to switchʼs non-
OpenFlow logic (local),!4. Send to controller for
processing (controller)!
Foundation network functions are split between per-packet rules on the switch and high-level decisions at the server!
Controller (Server So,ware)
… … …
Flow Table
MAC src
MAC dst
IP Src
IP Dst
TCP dport
… Action Count
* * * * 10:20:. * port 1 250
* * 5.6.7.8 * * * port 2 300
* 25 * * * * drop 892
* * 192.* * * * local 120
OpenFlow-enabled Switch
* * * * * * controller 11
Core of the OpenFlow switch: the flow table abstraction
Flow table!
OPENFLOW DEPLOYMENT IN PRACTICE!
• Switches: Only the edge switches need to be OpenFlow-enabled!
• VLANs: Only a subset of VLANs on the edge switch need to be enabled for OpenFlow. !
• Forklift: There may areas in your overall network where this may be possible (e.g., a new datacenter)!
Incremental deployments at edge
and growing…
OpenFlow – !Why should I care?!
“OpenFlow architectures !enable!
Virtualization,!Advanced Forwarding, and !
Programmability”!
OPENFLOW PROTOCOL AND OPENFLOW ARCHITECTURES!An architecture of switches, controllers and software applications
THE PROTOCOL!
THE ARCHITECTURE!
Minimal and powerful, like the x86 instruction set!
Rich variety of uses and applications, like x86 + Linux + applications +
python!
EVERY SEGMENT SEES SOMETHING DIFFERENT!OpenFlow has many potential propositions
Large scale datacenter and service provider
Enterprise private cloud
Enterprise Campus LAN
Commercial
Virtualiza)on Mul)-‐tenancy
Mul)-‐team Delegated admin
The “new stackable”
Advanced Forwarding
Fat Trees for Big Data apps
Larger L2 domains, VM mobility
No more spanning tree failures
No more spanning tree failures
Programmability Integra)on with proprietary systems
Vendor choice
NEW STRUCTURE FOR THE NETWORKING INDUSTRY!
System vendor
Applica)on vendors
In-‐House soLware
Open OS
Monolithic Horizontal/Open
Silic
on
Dev
ice
OS
App
s
Merchant silicon Merchant silicon Merchant silicon
Merchant silicon Merchant silicon Hardware vendors
Applica)on vendors
Open OS/Controller PlaPorms
Sound familiar?!
• Mainframe to PC!
• SunOS, HPUX, AIX to Linux to VMware!
• Closed cellphones to App Stores!
Horizontal industry, open system strategy – unleashing innovation
VIRTUALIZATION IS CHANGING ECONOMICS OF COMPUTE…!
0
100
200
300
400
500
600
Company 1 Company 2 Company 3
Before
ALer
$k
$100k
$200k
$300k
$400k
$500k
Company 1 Company 2 Company 3
Before
ALer
Hou
rs to
Pre
p a!
New
Ser
ver!
Tota
l Adm
in C
osts!
The New Economics of Compute Infrastructure!
The Current Economics of Networking Infrastructure!
“The network is in my way.”!
James Hamilton, !Chief Architect, Amazon Data Center!
VMware TCO study!http://www.vmware.com/pdf/TCO.pdf!
… Networking can’t keep up
AN OPENFLOW SWITCH SIMPLIFIED!
Generic primitive that sits on top of switch TCAM, designed to match well with common switch ASICs.!
Example actions:!1. Switching and routing
(port),!2. Firewalling (drop),!3. Using to switchʼs non-
OpenFlow logic (local),!4. Send to controller for
processing (controller)!
Foundation network functions are split between per-packet rules on the switch and high-level decisions at the server!
Controller (Server So,ware)
… … …
Flow Table
MAC src
MAC dst
IP Src
IP Dst
TCP dport
… Action Count
* * * * 10:20:. * port 1 250
* * 5.6.7.8 * * * port 2 300
* 25 * * * * drop 892
* * 192.* * * * local 120
OpenFlow-enabled Switch
* * * * * * controller 11
Core of the OpenFlow switch: the flow table abstraction
Flow table!
1. Private Cloud Delegated Administration
2. VM Mobility
3. Virtual + Physical Policy!
4. Fat Tree / Non-Spanning-Tree Topologies!
5. Reduce Spanning Tree Risk for Large L2 Domains!
DATACENTER PROBLEMS AND ARCHITECTURES!A compilation of what we’ve been seeing…
1. Delegated Administration
2. NAC / Guest Access
3. Virtual Desktop / Bring-Your-Own Hardware Deployments!
CAMPUS PROBLEMS AND ARCHITECTURES!
What can I see in the InteropNet OpenFlow Lab?!
LOTS OF EXAMPLE FUNCTIONALITY ENABLED BY OPENFLOW!
Booth #2019 - a dozen switch vendors and controller vendors with standards-based, interoperable products
One example:!“Streamline app deployment !
by creating a !ʻBig Virtual Switchʼ !
for the hosts and the admins”!
EXAMPLE: PAYMENT APP FROM LAB TO PRODUCTION!
Ingredients!• Admin Consoles/Terminals (offce + DC)!• 2+ Payment Server VMs (DC)!
Application Requirements!• Require L2 connectivity!• Require ACLs in front of the VMs!
Other Constraints!• VMs may move around as we re-work DC capacity planning!• Need to be ready for PCI DSS compliance: password rotation, bi-annual audit, etc. driven by payment team!• Admin console/terminals may change location, driven by the employee office location!
Apps are typically designed with a simple network in mind
EXAMPLE: PRODUCTION IS ALWAYS HARDER THAN THE LAB!Target production environment: a mix of physical and virtual machines
• L2/L3 problem for initial roll-out!• ACL placement problem for initial roll-out!• Scale-up problem as we add VMs!• M/A/C problem on terminal & admin console!
=> None of these can be solved by the payment team admin alone!
EXAMPLE: THE BENEFITS OF A BIG VIRTUAL SWITCH!
For the architect…! For the team admin…!
EXAMPLE: VIRTUAL SWITCHES BASED ON OPENFLOW!
Switch hardware!
Switch hardware!
Switch !hardware!
Switch hardware!
Switch hardware!
Network Virtualization Controller!
Accounting Virtual Switch
Support Apps Virtual Switch
Quarantine Virtual Switch
Payment!Virtual Switch
Switch hardware!
Switch hardware!
Smooth roll-out and smooth scale-out
• Recall: “OpenFlow architectures enable virtualization, advanced forwarding, and programmability”!
• Virtualization!• Administration of a big virtual switch is roughly the same basic training
(and software) as administration of a physical switch!• VM mobility (and any other mobility) is a solved problem in this approach!
• Advanced Forwarding & Programmability!• Use of OpenFlow-oriented forwarding to take advantage of resources in
the network (tunnels, firewalls, IDS/IPS…)!• Scaling out networks (i.e., with non-tree topologies) becomes possible and
doesnʼt require L2/L3 redesigns!• Integration with other systems (e.g., VMware vCenter)!
EXAMPLE: NEW ARCHITECTURE, NEW CAPABILITIES!Some of the subtle implications of this approach
OpenFlow – !What are some next steps?!
• Reference/Specification/Commmunities!www.openflow.org !www.openflowhub.org!www.opennetworkingfoundation.org!
• Open-Source Controllers, Switches, Tools!Controllers - Beacon, Maestro, Nox, SNAC, Trema!Switches - Indigo, Open vSwitch!Tools – Mininet, Beacon Workbench, test suites!
GO ONLINE AND START EXPERIMENTING!Lots of info, open source, articles – and more on the way!
Thanks – and come see the OpenFlow booth!
(#2019)