Date post: | 08-May-2015 |
Category: |
Technology |
Upload: | malaysia-network-operators-group |
View: | 1,815 times |
Download: | 1 times |
SOFTWARE DEFINED NETWORKING/OPENFLOW: A PATH TO PROGRAMMABLE NETWORKS
Eric Choi
Senior Manager, Product Management
Service Provider Business Unit, APJ
Outline
• OpenFlow Introduction
• Software Defined Networking (SDN) Use Case
• A SDN Architecture
• Internet2 - Case Study
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 2
From Past to Future Bringing modularity to network infrastructure
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 3
Physical Infrastructure Today
Features
OS
Hardware
Features
OS
Hardware
Features
OS
Hardware
Features
OS
Hardware
Features
Device OS
Hardware
Network Controller
OS
Hardware
Features
OS
Hardware
OpenFlow Client
OS
Hardware
OpenFlow Client
OS
Hardware
OpenFlow Client
Features (Applications)
With Software Defined Networking (SDN) • Network Controller abstracts physical network
• Innovation is limited by the capability of the networking vendors
• This approach is decades behind compared to Web 2.0 and SP Cloud provider requirements:
• Scale
• Operational Efficiency
• Service Velocity
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 4
Why Are We Talking About This? Because the network has become the problem!
“We are allowing the network to constrain optimization of the most valuable assets”
- James Hamilton, VP of Cloud Architecture, Amazon
• ONF launched publicly in March, 2011
• Support from more than 50 major companies
• The ONF defines OpenFlow and API specifications
• Founding members of ONF:
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 5
Who is behind Software Defined Networking? Open Networking Foundation (ONF)
Physical Network
OpenFlow
Network OS
Virtualization
App App App App
ONF SDN Model (simplified)
x
Features
OS
Hardware
Features
OS
Hardware
Features
OS
Hardware Features
OS
Hardware Features
OS
Hardware
Orchestration
OpenFlow Introduction
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 6
• In a classical router, the data plane (hardware) and control plane (software) are on the same device
• Part of the control plane functionality supported outside the router
• “Flow table” in a router manipulated by controller • Router and controller communicate via OpenFlow protocol
• Originally developed by the OpenFlow Consortium
• http://www.openflow.org
• OpenFlow is now being developed at the ONF
• http://www.opennetworkingfoundation.org/
OpenFlow Introduction Classical Router
Control Plane
(software)
Data Plane
(hardware)
(A)
(B)
OpenFlow-Enabled Router
OpenFlow
Client
Control Plane
Data Plane Flow Table
OpenFlow Controller
OpenFlow protocol
7 © 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
• OpenFlow-enabled router supports an OpenFlow Client (control plane software)
• OpenFlow Client communicates with an OpenFlow Controller using the OpenFlow protocol
• OpenFlow Controller runs on a server
• OpenFlow-enabled routers support the abstraction of a Flow Table, which is manipulated by the OpenFlow Controller
OpenFlow Introduction
OpenFlow-Enabled Router
OpenFlow
Client
Control Plane
Data Plane
Flow Table
8 © 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
OpenFlow
protocol
Server
OpenFlow Controller
• Flow Table contains Flow Entries
• Each Flow Entry represents a Flow, e.g., packets with a given destination IP address
• The flow table is sorted by flow priority, which is defined by the controller
• Highest priority flows are at the top of the Flow Table
• Incoming packets are matched against the flow entries (in order)
• Matching means: Does the packet belong to this Flow?
• If there is match, flow matching stops, and the set of actions for that flow entry are performed
• Packets that don’t match any flow entry are typically dropped
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 9
OpenFlow-Enabled Router Operation
Flow Table
Matching
search
Highest Priority
Lowest Priority
Flow Entries
Flow Table Entry OpenFlow 1.0
• Each flow table entry contains a set of rules to match (e.g., IP src) and an action list to be executed in case of a match (e.g., forward to port list)
• Forward packet to a port list
• Add/remove/modify VLAN Tag
• Drop packet
• Send packet to the controller
Packet counters, byte counters,
and etc
OpenFlow-Enabled
Router
OpenFlow
Client
Control Plane
Data Plane
Flow Table
Matching Fields Actions Stats
Flow Entry OpenFlow Controller
Ingress
Port
MAC
DA
MAC
SA EtherType
VLAN
ID
IP
Src
IP
Dst
IP
Protocol
TCP/UDP
src port
TCP/UDP
dst port P-bits
IP
DSCP
Layer 2 Layer 3
10 © 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
OpenFlow
protocol
• OpenFlow itself does not define or mandate any specific application
• OpenFlow is a key “enabler” for SDN. OpenFlow is *not* SDN.
• OpenFlow enables a large set of applications due to its flexibility
• Supported applications should increase over time as new functionality is added to the OpenFlow specification
• E.g., flow policing/rate limiting
• Ideal for automating common operations
• E.g. security via ACLs, isolation via VLANs or VRFs etc.
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 11
OpenFlow Applications What can we do with OpenFlow?
SDN USE CASE
Network Virtualization
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 12
For Hyper-Scale Data Centers
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 13
Network Virtualization A SDN Application
SP Physical Infrastructure
� A SDN application that enables the creation of logical networks (multi-tenancy) over a common physical network
� Logical networks contain VMs and physical workloads (e.g., physical servers, firewalls, etc)
� Enables seamless control of network resources regardless of location
� Logical networks can be used to bridge private and public clouds
VM VM VM
PHY PHY
VM VM VM
PHY PHY
VM VM VM
PHY PHY
Network Virtualization Using L2 over L3 Tunnels
• VxLAN (IETF draft, August 2011)
• Author: VMware
• NVGRE (IETF draft, September 2011)
• Author: Microsoft
• STT (IETF draft, March 2012
• Author: Nicira
TUNNEL TECHNOLOGY: RECENT INDUSTRY PROPOSALS
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 14
BROCADE SOLUTIONS WILL BE TUNNEL AGNOSTIC
L2 over L3 tunnel
L2 L2 L2 L3
Payload Tunnel header
VXLAN (Virtual eXtensible LAN) Optimizing Data Center Networking
October 18, 2012 © 2012 Brocade Communications Systems, Inc. CONFIDENTIAL 15
VXLAN VXLAN
IP Network With Multicast
IP+UDP Ethernet UDP Payload
Layer 2 Network Overlay Over IP Networks
ETH HDR VXLAN HDR Original Ether Frame
Enhanced Efficiency • Extend L2 across or within data centers
enabling infrastructure elasticity
Enhanced Flexibility • Preserve simplicity of L2 characteristics
• Spanning Tree Protocol is not needed
Enhanced Scalability • Offer 16 million VXLAN L2 segments
• Conceal VM MACs from L2 backbone
October 18, 2012 © 2012 Brocade Communications Systems, Inc. CONFIDENTIAL 16
VXLAN Tunnel Discovery and IP Multicast
IP Network with Multicast
VM 4 VM 1
10.1.1.1 20.1.1.1
ESX 1
50.1.1.1
ESX 2
10.1.1.2
VM 2
60.1.1.1
ESX 3
VM 5 VM 3
10.1.1.3 20.1.1.2
70.1.1.1
VNI IP Multicast Group
5001 223.1.1.1
5002 223.1.1.2
MAC Address VTEP
VM2 60.1.1.1 (ESX2)
vShield*
Manager
Dynamic Learning
Provisioning VTEP 1 MAC: MCAST MAC : VTEP 1 IP :223.1.1.1: VXLAN HDR : ARP 10.1.1.2
Outer L2 Outer L3 VXLAN Payload
5001
*vSphere 5.1 supports VXLAN
VTEP performs (*, G) join via IGMP
ARP for 10.1.1.2?
MAC Address VTEP
VM1 50.1.1.1 (ESX1)
Dynamic Learning
PHY1
PHY2
• L2 over L3 tunnels used to create Logical Networks (multi-tenancy) over physical network
• Supports virtual (VM) and physical workloads (PHY)
Network Virtualization using L2 over L3 Tunnels Hyper-Scale Data Centers
SDN Controller
Service Provider Data Center
Customer A
Server
Customer B
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 17
vSwitch
VM3
vSwitch: software switch
Customer A (Logical Network)
SP DC
VM1 VM2 PHY 1
VM1
Server
vSwitch
VM4 VM2
L2 over L3 tunnels
Physical workloads
L3 VPN or Internet
Virtual workloads
Customer B (Logical Network)
SP DC Customer DC
VM3 VM4 PHY VM VM PHY 2
VM VM VM VM
The network “edge” has moved!
VXLAN Gateway VXLAN G/W and L4-7 Application Delivery Service
October 18, 2012 © 2012 Brocade Communications Systems, Inc. CONFIDENTIAL
18
VXLAN G/W
VXLAN
VXLAN
VLAN
Internet
L3 Routing
Load Balancing
L2 Bridging
Internet
Tenant 1
Tenant 2
VXLAN Tunnel Termination
SDN USE CASE
Flow Management with OpenFlow
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 19
for Metro/WAN
• OpenFlow is well suited for flow management in the metro/WAN
• Facilitates deployment of innovative new applications, e.g.,
• Global network optimizations
• Solving complex traffic engineering challenges
• Support traffic engineering incorporating business rules
• Applicable to Layer 2, Layer 3, and MPLS networks
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 20
Flow Management in the Metro/WAN A SDN Application using OpenFlow
Network Controller
OS
Hardware
Features
OS
Hardware
OpenFlow Client
OS
Hardware
OpenFlow Client
OS
Hardware
OpenFlow Client
Features (Applications)
OpenFlow
Physical Networking Infrastructure
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 21
Flow Management in the Metro/WAN http://www.ietf.org/id/draft-pan-sdn-dc-problem-statement-and-use-cases-02.txt
OpenFlow for WAN Flow Management: Example
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
Network Operation Center
1 2
5
Customer
Site A
Customer
Site B 3 4
Service Provider OpenFlow Controller used
to setup a traffic tunnel between
customer sites A and B OpenFlow Controller pushes the
tunnel configuration to the required
LERs and LSRs
Service is enabled and traffic flows
between customer sites
Congestion sets in on network node.
Customer flow needs to use an
alternate path.
OpenFlow Controller is used to set up
alternate path and to tear down old
path.
New York San
Francisco
Dallas
Chicago
Network Operation Center
Customer
Site A
Customer
Site B
New York San
Francisco
Dallas
Chicago
SDN USE CASE
Service Insertion with OpenFlow
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 23
for Metro/WAN
Use Case: Flexible Value Added Service Creation Programmable Logical forwarding path for different Virtual Machine
24
FW DPI Analytics Caching Application
Optimization
A B C D
Data Centre Router
OpenFlow Controller
Rule Action Stats
Flow Table Entry
A B C D
A B C D
SDN USE CASE
Real Time Big Data Analytics
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 25
For Hyper-Scale Data Centers
12/7/20
12
© 2012 Brocade Communications Systems, Inc.
Handling BIG Data in Real Time Stream Computing
Current fact finding
Analyze data in motion – before it is stored
Low latency paradigm, push model
Data driven – bring data to the analytics
Historical fact finding
Find and analyze information stored on disk
Batch paradigm, pull model
Query-driven: submits queries to static data
Traditional Computing Stream Computing
Real-time Analytics
© 2012 Brocade Communications Systems, Inc. CONFIDENTIAL — For Internal Use Only
Network Analytics: Solution Components Telemetry-enabled Brocade MLX Series performs three key functions
Existing Network Brocade or Non-Brocade
SPAN Ports
TAP Ports
Analytics Tool Farm
HTTP Analyzer
VoIP Analyzer
Intrusion Detection
Custom Application (Billing)
Aggregation
Filtering
Replication
Telemetry Enabled
27
Openflow Controller
Brocade MLX
SDN Architecture
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 28
For Hyper-Scale Data Centers and WAN Networks
What if you could …
Build your next data center
optimized for highest demands
in flexibility, reliability, and
scale
Virtualize your network starting now for greater responsiveness and increased
asset utilization
Create and deliver
customized services and new offerings at the
speed of customer need
Unlock the intelligence from your network for
real-time orchestration and analytics
� Isolation
� Security
� SLAs
� Shared Services
� Service Interposition
© 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA 30
Why Can’t You Do These Things Today? The Network Is the Constraint
Pod Pod Pod Pod
VM VM
VM VM
VM VM
VM VM
VM VM
VM VM
VLANs
ACLs
QoS
PVLANs
Service Routing
Hierarchical Monolithic Closed North/South-optimized Inflexible
31
Cloud-Optimized Networks via SDN are the Solution Brocade delivers a clear path to Software Defined Networking
• Network changes are quick and easy
• Rapid deployment of new services
• Flexible, on demand networks
• Highly automated environments
More Resilient
Open Personalized
Flexible
Automated
Network Fabric
VM VM VM
PHY PHY VM VM VM
PHY PHY
VM VM VM
PHY PHY
Network Controller
Cloud Management
System
32
Cloud-Optimized Networking Architecture for building the software-defined network
Enabling
Technologies
Key
Benefits
Cloud-Optimized
Network Stack
Cloud APIs: OpenStack, VMware,
Microsoft, CloudStack, etc.
Automation and
orchestration Cloud Management Layer
Programmatic Control:
OpenFlow; OpenScript
Personalization and
monetization Services Layer
Overlay Networking:
VXLAN, NVGRE, STT; MPLS
Flexibility and efficient
asset utilization Network Virtualization Layer
Any-to-any connectivity:
Ethernet Fabrics; TRILL; IP routing
Reliability and
simplicity Network Fabric Layer
The Path to Software-Defined Networking
SDN-ready Simpler & automated
Open High performance
Start now with no risk
SDN-ready
network
SDN-Enabled Programmable Hybrid-mode
Non-disruptive
Layer in value-added services
Value added
services
SDN-enabled
network
Software-Defined Predictive Flexible
Intelligent
Transform your infrastructure
Value added
capabilities Software-Defined
Network
Internet2 Case Study Software Defined Networking (SDN) in the Wide Area Network (WAN)
© 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA 34
Internet2 OpenFlow Enabled 100GbE Nationwide Backbone
© 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA 35
Exchange Point
Internet 2 • 49 Custom Location
Facilities • 15,500 miles of dark Fiber • 8.8 Tbps of Optical Capacity • Hybrid Mode with protected
OpenFlow traffic
Seattle
Kansas City
Chicago (3)
Salt Lake City
Los Angeles
Houston (2)
Atlanta
Washington DC
Cleveland New York (2)
Boston Albany
Philadelphia Pittsburgh
Buffalo
Detroit
Raleigh
Charlotte
Jacksonville
Baton Rouge
Jackson
Chattanooga
Nashville
Louisville
Cincinnati Ashburn Indianapolis
St. Louis
Memphis Tulsa
Dallas
Madison
Minneapolis
San Antonio
El Paso
Albuquerque
Denver
Bismarck
Fargo Dickinson
Miles City
Billings
Bozeman
Missoula
Spokane
Boise
Las Vegas
Phoenix Tucson
San Diego
IP router node Optical add/drop facility
Reno
Olympia
Portland
Eugene
Sacramento
Sunnyvale
San Luis Obispo
SDN WAN USE CASE
Internet2 NDDI Initiative
• Platform for network innovation
• Collaboration between Internet2, Indiana University and the Clean Slate Program at Stanford University
• Goal: Provide a radically new platform upon which researchers and students will be able to innovate
• OpenFlow provides an API that allows researchers to control the network directly
• New Internet2 service called “Open Science, Scholarship and Services Exchange (OS3E)” on top of the NDDI infrastructure
Network Development and Deployment Initiative
Internet2 Innovation Platform
• Massive bandwidth through a 100GbE Layer 2 connection
• Address traditional bottleneck and aggregation points to pass high-bandwidth traffic and provide performance monitoring/verification thru implementation and support of a Science DMZ
• Introduce SDN capabilities to support the development and deployment of new applications
© 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA 37
Thank You
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA
Only 38