1 / 47

Tutorial: OpenFlow in GENI

Tutorial: OpenFlow in GENI. GENI Project Office. “The current Internet is at an impasse because new architecture cannot be deployed or even adequately evaluated” [PST04].

cerise
Download Presentation

Tutorial: OpenFlow in GENI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tutorial: OpenFlow in GENI GENI Project Office

  2. “The current Internet is at an impasse because new architecture cannot be deployed or even adequately evaluated” [PST04] [PST04]: Overcoming the Internet Impasse through Virtualization, Larry Peterson, Scott Shenker, Jonothan Turner Hotnets 2004 Modified slide from: http://cenic2012.cenic.org/program/slides/CenicOpenFlow-3-9-12-submit.pdf

  3. OpenFlow… • Enables innovation in networking • Changes practice of networking Google’s SDN WAN

  4. OpenFlow basics How OpenFlow works … (1.0) Hand’s on tutorial OpenFlow basics

  5. OpenFlow’s basic idea

  6. OpenFlow’s basic idea

  7. OpenFlow is an API • Control how packets are forwarded • Implementable on COTS hardware • Make deployed networks programmable • not just configurable • Makes innovation easier Modified slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt

  8. Network Devices DHCP access point router DNS proxy VPN gateway firewall NAT switch software Any network device can be OpenFlow enabled

  9. SDN and NFV Slide from: http://docbox.etsi.org/Workshop/2013/201304_FNTWORKSHOP/S07_NFV/BT_REID.pdf

  10. OpenFlow benefits [1] • External control • Enables network Apps • General-purpose computers (Moore’s Law) • Deeper integration • Network hardware becomes a commodity • Centralized control • One place for apps to interact (authentication, auth, etc) • Simplifies algorithms • Global Optimization and planning [1]: OpenFlow: A radical New idea in Networking, Thomas A. LimoncelliCACM 08/12 (Vol 55 No. 8)

  11. Network Types Campus Multiple buildings, heterogeneous IT, groups of users, campus backbone Enterprise Data Centers Security, various sizes, storage, WAN optimizations Data Centers – Clouds Multi-tenant, virutalization, disaster recovery, VM mobility WAN Diversity, multiple domains/carriers/users

  12. Deployment Stories Google global private WAN [1] Connects dozens of datacenters worldwide with a long-term average of 70% utilization over all links Stanford Campus deployment Part of Stanford campus migrated to OpenFlow NTT’s BGP Free Edge Internet 2 - AL2S Can build Layer 2 circuits between any Internet 2 end-points https://www.ntt-review.jp/archive/ntttechnical.php?contents=ntr201310fa3.html [1] B4: Experience with a Globally-Deployed Software Defined WAN, SIGCOMM’13, Jain et al.

  13. GENI and OpenFlow deployment • Key GENI concept: slices & deep programmability • Internet: open innovation in application programs • GENI: open innovation deep into the network OpenFlow switches one of the ways GENI is providing deep programmability Good old Internet Slice 0 Slice 1 Slice 1 Slice 2 Slice 3 Slice 4

  14. GENI OpenFlow Deployment OpenFlow-enabled hardwareswitch at: • Each GENI Rack • Backbone and regional networks

  15. GENI OpenFlow Experiments VDC: real-time load-balancing functionality deep into the network to improve QoE Prasad Calyam, Missouri MobilityFirst: A new architecture for the Internet designed for emerging mobile/wireless service requirements at scale Dipankar (Ray) Raychaudhuri, Rutgers, leads MobilityFirst ActiveCDN: Program content distribution services deep into the network Jae Woo Lee, Columbia

  16. OpenFlow basics Hand’s on tutorial How OpenFlow works … (1.0)

  17. OpenFlow versions (‘11) Open Networking Foundation (ONF) formed to shepherd standards (‘12/’13) OpenFlow 1.3.x Complex & support in progress (Dec ’09) OpenFlow 1.0.0 Simple & widely supported (Oct ‘13) OpenFlow 1.4 (Feb ‘11) OpenFlow 1.1.0 Not implemented by HW vendors (Oct‘13) OpenFlow 1.0.2 Under ratification (Dec ‘11) OpenFlow 1.2 First ONF standard

  18. OpenFlow controllers • Open source controller frameworks • NoX/PoX • Open Daylight (driven by Cisco) • FloodLight (BigSwitch) • Trema (NEC) • Maestro • Ryu • Production controllers • Mostly customized solutions based on Open Source frameworks • ProgrammableFlow - NEC

  19. OpenFlow • The controller is responsible for populating forwarding table of the switch • In a table miss the switch asks the controller Any Host OpenFlow Controller OpenFlow Protocol (SSL/TCP) Switch Control Path OpenFlow Data Path (Hardware) Modified slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt

  20. OpenFlow in action • Host1 sends a packet • If there are no rules about handling this packet • Forward packet to the controller • Controller installs a flow • Subsequent packets do not go through the controller Any Host OpenFlow Controller OpenFlow Protocol (SSL/TCP) Switch Control Path OpenFlow Data Path (Hardware) host2 host1 Modified slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt

  21. OpenFlowBasics(1.0) Rule Action Stats Packet + byte counters • Forward packet to port(s) • Encapsulate and forward to controller • Drop packet • Send to normal processing pipeline • Modify Fields Eth type VLAN PCP Switch Port IP Prot IP Src IP Dst TCP sport TCP dport IP ToS VLAN ID MAC src MAC dst + mask what fields to match slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt

  22. Use Flow Mods • Going through the controller on every packet is inefficient • Installing Flows either proactively or reactively is the right thing to do • A Flow Mod consists of : • A match on any of the 12 supported fields • A rule about what to do matched packets • Timeouts about the rules: • Hard timeouts • Idle timeouts • The packet id in reactive controllers

  23. OpenFlow common PitFalls • Controller is responsible for all traffic, not just your application! • ARPs, DHCP, LLDP • Reactive controllers • Cause additional latency on some packets • UDP – many packets queued to your controller by time flow is set up • Performance in hardware switches • Not all actions are supported in hardware • No STP to prevent broadcast storms

  24. Multiplexing ControllersFlowVisor Any Host Any Host Any Host • Only one controller per switch • FlowVisor is a proxy controller that can support multiple controllers FlowSpacedescribes packet flows : • Layer 1: Incoming port on switch • Layer 2: Ethernet src/dstaddr, type, vlanid, vlanpcp • Layer 3: IP src/dstaddr, protocol, ToS • Layer 4: TCP/UDP src/dst port FlowVisor OpenFlow Controller OpenFlow Controller OpenFlow Protocol (SSL/TCP) Switch OpenFlow Protocol (SSL/TCP) Control Path OpenFlow Data Path (Hardware)

  25. OpenFlow basics How OpenFlow works … (1.0) Hand’s on tutorial Hands on tutorial

  26. OpenFlow Experiments Debugging OpenFlow experiments is hard: • Network configuration debugging requires coordination • Many networking elements in play • No console access to the switch Before deploying your OpenFlow experiment test your controller. http://mininet.github.com/ http://openvswitch.org/

  27. Run an OpenFlow experiment 1 host as OVS switch 3 VMs connected to OVS • Setup OVS • Write simple controllers • e.g. diverge traffic to a different server • use python controller PoX Host2 Host1 OVS Host3

  28. To Save Time … • Slices have been created for you: • Slice name: ofNN • Resources have been added to your slice: • 1 Xen VM running OVS • 3 OpenVZ VMs that act as traffic sources & sinks • Resources are from various InstaGENI racks • Download your private SSH key https://portal.geni.net/secure/profile.php#ssh • Download key and put in a standard place: $ mv ~/Downloads/id_geni_ssh_rsa ~/.ssh/. $ chmod 0600 ~/.ssh/id_geni_ssh_rsa • Add the key to your ssh-agent: $ ssh-add ~/.ssh/id_geni_ssh_rsa

  29. Finding your login information • Browse to this page https://portal.geni.net/secure/slices.php • Click on the slice name (there should be only one) • Scroll down to the Slice Status section • Find the row for the aggregate listed on your worksheet • Click the "Details" button for this row • keep this window open throughout the tutorial • Find your Login information for each of the four nodes used in this exercise (OVS, host1, host2, host3)

  30. Part I: Design/Setup • Obtain Resources • What is OpenFlow, what can I do with Openflow? • Part II: Execute • Configure and Initialize Services • Execute Experiment • Part III: Finish • Teardown Experiment

  31. Configure OVS OVS is a virtual switch running on a xen VM • The interfaces of the node are the ports of the switch • Configure an ethernet bridge • add all dataplane ports to the switch • Can be an OpenFlow switch • Need to specify the controller (for convenience run on the same host but it can be anywhere) • Userspace OVS for this exercise

  32. Configure and Initialize OVS • Log in to OVS host and configure software switch: $ ifconfig $ sudoifconfig eth1 0 $ sudoifconfig eth2 0 $ sudoifconfig eth3 0 $ sudoovs-vsctl add-port br0 eth1 $ sudoovs-vsctl add-port br0 eth2 $ sudoovs-vsctl add-port br0 eth3 $ sudoovs-vsctl list-ports br0 $ sudoovs-vsctl set-controller br0 tcp:127.0.0.1:6633 $ sudoovs-vsctl set-fail-mode br0 secure $ sudoovs-vsctl show Host2 Host1 eth2 eth1 OVS eth3 Host3

  33. Part I: Design/Setup • Obtain Resources • What is OpenFlow, what can I do with Openflow? • Part II: Execute • Configure and Initialize Services • Execute Experiment • Part III: Finish • Teardown Experiment

  34. Experiments (1/4) • Use a Learning Switch Controller: • See the traffic flow changes between hosts as the controller is started or stopped. • Soft versus hard timeouts for traffic flows.

  35. Experiments (1/4) • Login host1 and start ping host2 $ ping 10.10.1.2 • Start learning switch controller: $ cd /local/pox $ ./pox.py --verbose forwarding.l2_learning • Look at ping… now works. • Kill controller (Ctrl-c) • Look at ping… still running,

  36. Experiments (2/4) • Write and run a Traffic Duplication Controller: • Controller will duplicate traffic to a different port on the OVS switch. • Use tcpdump to see the packet duplication.

  37. Experiments (2/4) • Open 2 windows on OVS host • Start tcpdump for on OVS:if1and OVS:if2 • Run duplication controller on OVS:if2 $ cd /local/pox $ ./pox.py --verbose myDuplicateTraffic --duplicate_port=<data_interface_name> • Look at ping from host1 to host2. • Kill controller (Ctrl-c)

  38. Experiments (3/4) • Write and run a port forwarding controller: • Controller will do port forwarding on your OVS Switch to port specified. • Use two netcat servers on host2 to see traffic delivery.

  39. Experiments (3/4) • Two windows on host2 run the following: $ nc -l 5000 $ nc-l 6000 • Start learningswitchcontroller: • On host1: $ nc 10.10.1.2 5000  • Seewhathappens to traffic • Killcontroller(Ctrl-c) • Retrywith port forwardingcontroller and seewhathappens to traffic, and killwhendone.

  40. Experiments (4/4) 4. Write and run a server proxy controller • To redirect packets to a proxy: • What fields do you need to overwrite? • Which packets needs special handling? • Use netcat to see the deflection

  41. Experiments (4/4) • On host 3: $ nc –l 7000 • Run proxy controller: $ cd /local/pox $ ./pox.py --verbose myProxy • On host1: $ nc 10.10.1.2 5000 • Look at host3 window, shouldnowbegettingnctraffic.

  42. Part I: Design/Setup • Obtain Resources • What is OpenFlow, what can I do with Openflow? • Demo: Using OpenFlow in GENI • Part II: Execute • Configure and Initialize Services • Execute Experiment • Part III: Finish • Teardown Experiment

  43. Part III: Finish Experiment When your experiment is done, you should always release your resources. • Normally this is when you would archive your data • Delete your slivers at each aggregate sliver credentials sliver project RSpec resource user AM API aggregate certificate slice

  44. Backup

  45. Core Networks NLR committed to 2013 meso-scale expansion following reorganization Internet2 adding 10GbE paths to Advanced Layer 2 Services (AL2S) at 4 of 5 OpenFlow meso-scale/ProtoGENI Pops GENI Aggregate Manager in Internet2 AL2S and dynamic stitching with GENI coming in Spiral 5 Internet2 SDN networks

  46. FOAM • An OpenFlow Aggregate Manager • It’s a GENI compliant reservation service • Helps experimenters reserve flowspace in the FlowVisor • Speaks AM API v1 • Rspecs GENI v3, openflow v3 extension

  47. Racks and Campuses • GENI Rack projects are expanding available GENI infrastructure in the US. • Racks provide reservable, sliceable compute and network resources using Aggregate Managers. • GENI AM API compliance

More Related