310 likes | 508 Views
OpenFlow: Experiencias en implementación y operación de testbeds internacionales. Joan A. García-Espín. Jornadas Técnicas de RedIRIS. 28 Noviembre 2012. Introduction.
E N D
OpenFlow: Experienciasen implementación y operación de testbeds internacionales Joan A. García-Espín Jornadas Técnicas de RedIRIS 28Noviembre 2012
Introduction • OF provides a way of controlling the forwarding of packets through a network element from a remote server, using the OF protocol. • OF Testbed Facilities enable researchers to try new ideas over production equipment at an affordable cost • Some facilities (OFELIA) offer it at NO cost for academic research • During the last years i2CAT has been designing, implementing and deploying a Future Internet facility for four main initiatives: • FP7 OFELIAproject • FP7 FIBRE project • Géant3 project • Own facility, codenamed EXPERIMENTA NW Control application OpenFlow controller Switch packet/ circuits Processing
Experience from FP7 OFELIAInitial OF island design and OFELIA Control Framework
OFELIA at a glance - Started September 2010- Duration: 3 years - Total budget 6.3M€, funding 4.45M€ - 12 partners • Academic institutions • Industry partners: DT, NEC, ADVA Optical • Stanford university (Nick McKeown, Guru Parulkar) official partner (control framework, architecture, experience) - 8 OpenFlow-enabled islands at academic institutions - Objective: Create a pan-european Openflow testbed Offer Openflow as a service for European experimenters
OFELIA Offering • The OFELIA facility is open as a best-effort service: • Any user accepting the usage policy is welcome • Connection to the facility through OpenVPNvia the central hub at IBBT in Ghent • Through a GUI, a user can create and run experiments • An experiment/slice consists of: • A number of end points (Xen-based virtual machines, currently) • OpenFlow access to a set of switches that connect the end points • The user’s OpenFlow controller can be deployed on one of the VMs • Links between end points and switch ports: • Best effort (shared), mostly • Dedicated capacity will be available at least on some lines • Instructions, Wiki, Videos, Open Calls, press releases… http://fp7-ofelia.eu Facility is publicly available for experiments Feedback is very much appreciated The control framework software is free Build your own OFELIA islands, connect over to us, develop further
i2CAT OFELIA island overview i2CAT OFELIA island (Barcelona) Multi-vendor extensive L2 deployment. Complete meshed topology on the experimental Openflow network. No “opted-in user” traffic, only experimental traffic. Computing equipment (In production) 5x SuperMicro SYS-6010T-T servers. Network equipment (OF enabled) (In production) 5x NEC IP8800/S3640-24T2XW switches (Ready for production) 3x HP E3500-48G-PoE+yl switches EXPERIMENTA’s i2CAT testbed (not part of OFELIA) (Conn. on demand) 1x Juniper MX480 3D + OF support
Network design:Equipment in the OFELIA island VPN (OpenVPN L2) NFS LDAP DNS Expedient Rest of internal services FV Management NEC NEC VT-AM Experimental Public internet Other testbeds Private (offices, …) Experimental: OpenFlow, connects VMs and OF switches, experimental traffic. • Experimental: OpenFlow, connects VMs and OF switches, experimental traffic. • Control: IPv4, connects infrastructure and gives access to the user services. • Management: IPv4, IM management, no user traffic. Experimental: OpenFlow, connects VMs and OF switches, experimental traffic. Control: Legacy, connects infrastructure and gives access to the users.
Openflow Network design:Federation of OFELIA islands • Unique EthernetsegmentspanningallEuropeforexperimentation • InterconnectionthroughOpenVPNtunnels. In thenextmonths, connectthrough GEANT backbone ( L2 VPN as backup). • Control and management L3 routed IP4 network, with 2 logicalnetworks (VLAN). Routing OSPF • Access through L2 VPN (fromthe Internet) i2CAT Island IBBT IBBT Island Island IP4 ctrl&mgmt tunnel Openflow tunnel
OFELIA Control Framework (OCF)Capabilities • Supported resources • Extensible to new resources: AM Base Class • Easy federation schema: • Federation at AM’s level: isolating administrative domains • Intra federation (homogenous CF) out of the box • Inter federation (heterogenous CF) focused on resource sharing and possible through multiple interfaces (SFA, GENI…) • Multiple user interfaces : OpenFlow Virtualized Servers VirtualWall Switch NetFPGA Optical APs Vertigo(virt. Topologies) Xen … Emulabnodes WebUI CLI …
OCF Current Architecture (v0.x) Expedient: • User WebUI • Plugins: handling visualization, and resource specific communication. • Clearinghouse: projects/slice mgmt, users permissions. VT AM: virtualized servers AM. • API: XMLRPC, custom Rspec. • Agent: VM provisioning and hypervisor comm. OPTIN Manager: OF AM. • FlowVisor (openflow proxy controller). Manage flowvisor flowspace for slicing slice the openflow network • API: GENI XMLRPC, OF RSpec v1
Experience from FP7 FIBREFederation with OMF and intercontinental testbed
FIBRE at a glance • What? • Create a common space between the EU and Brazil for Future Internet (FI) experimental research into network infrastructure and distributed applications. • Who? 15 partners, coordinated by i2CAT and UFPA • How? Requested to the EC 1.1M€ and CNPq R$ 2.3 in funding to perform 6 activities • WP1: Project management • WP2, WP3: Building and operating the Brazilian (WP2) and European (WP3) facilities • WP4: Federation of FIBRE-EU and FIBRE-BR facilities • WP5: Joint pilot experiments to showcase the potential of the federated FIBRE facility • WP6: Dissemination and collaboration RNP, UFFUFRJ UFG UNIFACS UPMC UFPA UTH UEssex Nextworks NICTA i2CAT UFSCar CPqD,USP
CONCEPT: What do we want? • Registration in one site – Access from anyone FIBRE-BR Enhanced CF FIBRE-EU Enhanced CF UFPA OFELIA OCF UFG NITOS OMF i2CAT UEssex UFSCar UNIFACS CPqD USP RNP FIBRE UFRJ UFF Federation of testbeds (OCF and OMF –based testbeds) Enhancement of actual CFs Resource sharing
Experience from GEANT3 Network FactoryApply lessons learned to help design a software based OF testbed on top of GEANT3
Participants • GRNET / ICCS(Greece) • SWITCH(Switzerland) • Fundació i2CAT(Catalonia, Spain) • DANTE(United Kingdom) A perfect-fit collaboration of two European NRENs, a Research Instituteand a pan-European R&D Infrastructure Operator
Key facts about OpenFlow in JRA2-T5 Network Factory • A software-switch based facility • Architected so that OpenFlow-enabled hardware switches can be introduced seamlessly • Functionality delivered to end-users: • Slice request submission • Slice instantiation • Slice management • Slice decommissioning functionalities • Experimenting within a slice is not disrupted, while the GÉANT production environment remains unaffected
GN3 OpenFlow PoP Design Principles • 5 OpenFlow PoPs interconnected with a full mesh of L2VPNs over GÉANT • Co-located with GÉANT PoPs • 2 general purpose servers per PoP for: • Open vSwitch • XEN hypervisor to deliver user VMs • Using OpenFlow v1.0 -> VLAN-based slicing • Limited capabilities for non-VLAN slicing for VLAN-based experimentation • Orchestration software: FP7 OFELIA Control Framework (OCF) • Resource allocation and instantiation (per slice) • Authentication/Authorization (AA) and policy framework • Web-based user interface for slice access and management • Robustness, stability and scalability in terms of number of users, support for concurrent experiments and number of managed resources. • Monitoring of slices and the OCF components themselves
GN3 OpenFlow PoPUse Cases • UC#1: LHCONE • LHCONE MPTCP testing group: To carry some of the MPTCP stack & OpenFlow experimentation for LHCONE over the GÉANT OpenFlow testbed. • UC#2Using OpenFlow as a TE mechanism to manage the backbone paths, etc. to serve specialized applications and protocols at the end systems. Examples: • DC live migration middleware • Ultra-high bandwidth data transport • UC#3Using OpenFlow to deliver L2 slices for experimentation at L2 and above on the data and control plane. Examples: • Ethernet OAM testing • Protocol development/research
Graciaspor su atención Más información en: www.fibre-ict.eu www.geant.net www.fp7-ofelia.eu Joan A. García-Espín joan.antoni.garcia@i2cat.net Jornadas Técnicas de RedIRIS
Three project phases to set-up and extend the facility OEFELIA Timeline Explain how an early operative prototype will be gradually expanded and who will do it, including budgetary issues Operation of the individual islands: • Phase i: OF controllers and switches in place, first local experiments concluded • Phase ii: Connect islands and extend OF experimentation to wireless and optics • Phase iii: Automate resource assignment and provide connections to other FIRE and non-European research facilities Open Calls to extend facility & consortium on M5 (jan’11) and M17 (jan’12) - Total budget €830,000 max. 200 K€ funding per experiment • First closed March 2011 • Second closed March 2012 Gradual expansion of early operative facility Open Calls i: Create islands on L2 ii: Connect islandsandextendtowireless/optics iii: Ressource assignmentautomizationandconnectiontootherfacilities M7 M19
OFELIA Control Framework (OCF) Introduction • What is OCF? • OCF is an open source testbed management software originally developed to be used in the OFELIA facility. • Objectives of the OCF • Orchestrate and automate testbed resource sharing • Ensure OFELIA distributed and autonomous nature • Offer Openflow network resources (slices) • Provision L2 aware IT resources (VMs) • Allow resource (both network and IT) basic monitoring • Provide an easy to use web interface (at least)
OCF Roadmap (v1.x) Plugin–based UIs • GUI: plugin-based independent web UI. • CLI: OMNI-based, evolved if required. AM APIs: Driver based APIs • Native OFELIA API, intially based on a GENI evolution towards OFELIA requirements including MONITORING • SFA • NativeGENIv3… WEB UI CLI UI … CH AdministrativeDomain AM ResourcesDomain VT AM OPENFLOW AM (FOAM BASED) ……
eth1.999 vif1.0 | eth0 vif1.0 | eth1 vif1.n | ethn eth2 vifN.0 | eth0 vifN.1 | eth1 ethN vifN.n | ethn Dom0 DomU 1 DomU N peth1.999 eth0 eth1 pethN peth2 Current OFELIA XEN Servers configuration Management interfaces (SSH) Experimentation interfaces Server management interface • eth0 provides access to the server for management and internet. • eth1.999 eth2 ..ethN are linux bridges connecting VIFs (VMs) with physical interfaces of dom0 (server). • eth1.999 tags control traffic (SSH for the VMs) transparently to the user (IP4 out-band network) • eth2…ethN are used for experimental (OF) traffic. • Linux bridge to be replaced by Openvswitch soon.