810 likes | 1.02k Views
OpenFlow e redes definidas por software. Um novo paradigma de controle e inovação em redes de pacotes. Agenda. Introdução Fundamentos do protocolo OpenFlow O que é? Porque? Como? Tendencia: Software-Defined Networking Implementações, produtos e interesse da industria
E N D
OpenFlow e redes definidas por software Um novo paradigma de controle e inovação em redes de pacotes
Agenda • Introdução • Fundamentos do protocolo OpenFlow • O que é? Porque? Como? • Tendencia: Software-Defined Networking • Implementações, produtos e interesse da industria • Cenarios de aplicação e exemplos • CPqD RouteFlow • Projeto, Arquitetura, Comunidade open-source
Black-Box Networking vs. Software Defined Networking App App App App App App App App App App App Interface Aberta Funcionalidades especializadas Plano de Controle Plano de Controle Plano de Controle ou ou Plano de Controle Especializado Interface Aberta Hardware Especializado Chip Comercial (commodity) Horizontalização Interfaces abertas Inovação rápida Verticalização Fechado, proprietário Inovação lenta
Tendência App App App App App App Controller 1 Controller 2 Controller 1 Controller 2 Linux Mac OS Windows (OS) NOX (Network OS) Network OS Linux Mac OS Windows (OS) Linux Mac OS Windows (OS) Virtualization or “Slicing” Virtualization layer x86 (Computer) OpenFlow “Mainframe” Network Industry Computer Industry Oportunidade para que se crie uma industria nacional para software de (gerenciamento e controle) de rede.
Short Story: OpenFlow is an API • Control how packets are forwarded (and manipulated) • Implementable on COTS hardware • Make deployed networks programmable • not just configurable (e.g., via CLI) • vendor-independent • Makes innovation easier • Goal (experimenter’s perspective): • Validate experiments on deployed hardware with real traffic at line speed • Goal (industry perspective): • Reduced equipment costs through commoditization and competition in the controller / application space • Customization and in-house (or 3rd party) development of new networking features (e.g. protocols).
The Ossified Network Feature Million of linesof source code Billions of gates Routing, management, mobility management, access control, VPNs, … Feature 5400 RFCs Barrier to entry Operating System Specialized Packet Forwarding Hardware Bloated Power Hungry Many complex functions baked into the infrastructure • OSPF, BGP, multicast, differentiated services,Traffic Engineering, NAT, firewalls, MPLS, redundant layers, … • An industry with a “mainframe-mentality”, reluctant to change
Research: Open Systems gap in the tool space none have all the desired attributes!
OpenFlow: a pragmatic compromise + Speed, scale, fidelity of vendor hardware + Flexibility and control of software and simulation • Vendors don’t need to expose implementation • Leverages hardware inside most switches today (ACL tables)
Control Path Control Path (Software) Data Path (Hardware)
OpenFlow Controller OpenFlow Protocol (SSL/TCP) Control Path OpenFlow Data Path (Hardware)
MAC src MAC dst IP Src IP Dst TCP sport TCP dport * * * 5.6.7.8 * * port 1 Action OpenFlow Example PC OpenFlow Client Software Layer Controller Flow Table Hardware Layer port 2 port 1 port 3 port 4 5.6.7.8 1.2.3.4
OpenFlow Basics Flow Table Entries Rule Action Stats Packet + byte counters • Forward packet to zero or more ports • Encapsulate and forward to controller • Send to normal processing pipeline • Modify Fields • Any extensions you add! Eth type Switch Port IP Src IP Dst IP ToS IP Prot L4 sport L4 dport VLAN pcp MAC src MAC dst VLAN ID + mask what fields to match
Examples Switch Port Switch Port Switch Port MAC src MAC src MAC src MAC dst MAC dst MAC dst Eth type Eth type Eth type VLAN ID VLAN ID VLAN ID IP Src IP Src IP Src IP Dst IP Dst IP Dst IP Prot IP Prot IP Prot TCP sport TCP sport TCP sport TCP dport TCP dport TCP dport Action Action Action Switching 00:1f:.. * * * * * * * * * port6 Flow Switching port3 00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6 Firewall * * * * * * * * * 22 drop
Examples Switch Port Switch Port MAC src MAC src MAC dst MAC dst Eth type Eth type VLAN ID VLAN ID IP Src IP Src IP Dst IP Dst IP Prot IP Prot TCP sport TCP sport TCP dport TCP dport Action Action Routing * * * * * * 5.6.7.8 * * * port6 VLAN Switching port6, port7, port9 vlan1 00:1f.. * * * * * * * *
Centralized Control OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow Switch Centralized vs Distributed ControlBoth models are possible with OpenFlow Distributed Control Controller Controller Controller Controller
Flow-Based Every flow is individually set up by controller Exact-match flow entries Flow table contains one entry per flow Good for fine grain control, e.g. campus networks Flow Routing vs. AggregationBoth models are possible with OpenFlow • Aggregated • One flow entry covers large groups of flows • Wildcard flow entries • Flow table contains one entry per category of flows • Good for large number of flows, e.g. backbone
Reactive First packet of flow triggers controller to insert flow entries Efficient use of flow table Every flow incurs small additional flow setup time If control connection lost, switch has limited utility Reactive vs. Proactive (pre-populated)Both models are possible with OpenFlow • Proactive • Controller pre-populates flow table in switch • Zero additional flow setup time • Loss of control connection does not disrupt traffic • Essentially requires aggregated (wildcard) rules
Operating System Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware Current Internet • Closed to Innovations in the Infrastructure Closed App App App App App App App App App App App App App App App Source: N. McKeown et al. http://www.openflow.org
Network Operating System Operating System Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware “Software Defined Networking”bring to the networking industry what we did to the computing world App App App App App App App App App App App App App App App App App App Source: N. McKeown et al. http://www.openflow.org
App App App Network Operating System Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware 3. Well-defined open API 2. At least one good operating system Extensible, possibly open-source The “Software-defined Network” 1. Open interface to hardware e.g., OpenFlow Source: N. McKeown et al. http://www.openflow.org
Interlúdio • Nos chegamos no conceito do SDN a partir da disponibilidade de uma interface padrão (i.e., OpenFlow) para conversar com o hardware. • MAS, essa é só uma parte (habilitadora mas não essencial) de SDN. • Grande problema é a (especialmente nfalta de abstrações em redeso plano de controle)! • Compare com outras ciências (ex: computação) com fundamentos, principios e abstrações bem definidos (ex: S.O., arquivos, estruturas de dados, linguagens programação) • Vide palestra do Scott Shenker: • https://www.youtube.com/watch?v=WVs7Pc99S7w
Layers are Main Network Abstractions • Layers provide nice data plane service abstractions • IP's best effort delivery • TCP's reliable byte-stream • Aside: good abstractions, terrible interfaces • Don’t sufficiently hide implementation details • Main Point: No control plane abstractions • No sophisticated management/control building blocks Source: Scott Shenker
No Abstractions = Increased Complexity • Each control requirement leads to new mechanism • TRILL, LISP, etc. • We are really good at designing mechanisms • So we never tried to make life easier for ourselves • And so networks continue to grow more complex • But this is an unwise course: • Mastering complexity cannot be our only focus • Because it helps in short term, but harms in long term • We must shift our attention from mastering complexity to extracting simplicity…. Source: Scott Shenker
Current Networks Software-Defined Networking (v1) Protocols Protocols Control Program Global Network View Network Operating System Control via forwarding interface
Major Change in Paradigm • No longer designing distributed control protocols • Now just defining a centralized control function • Control program: Configuration = Function(view) • Why is this an advance? • Much easier to write, verify, maintain, reason about, …. • NOS handles all state dissemination/collection • Abstraction breaks this off as tractable piece • Serves as fundamental building block for control
Moving from SDNv1 to SDNv2 Abstract Network View Nypervisor Control Program Global Network View Network Operating System
One Simple Example: Access Control Abstract Network View Full Network View
We need three main abstractions for networking! • Forwarding interface: abstract forwarding model • Shields higher layers from forwarding hardware • Distribution interface: global network view • Shields higher layers from state dissemination/collection • Specification interface: abstract network view • Shields control program from details of physical network Source: Scott Shenker
Alice’s code: Simple learning switch Per Flow switching Network access control/firewall Static “VLANs” Her own new routing protocol: unicast, multicast, multipath Home network manager Packet processor (in controller) IPvAlice Usage examples • VM migration • Server Load balancing • Mobility manager • Power management • Network monitoring and visualization • Network debugging • Network slicing … and much more you can create!
OpenFlow/SDN Timeline Source: G. Appenzeller (BigSwitch)
OpenFlow building blocks Monitoring/debugging tools oftrace oflops openseer Stanford Provided ENVI (GUI) LAVI Expedient Applications n-Casting NOX Beacon SNAC Helios Maestro Controller Slicing Software FlowVisor Console FlowVisor Stanford Provided Commercial Switches Software Ref. Switch NetFPGA Broadcom Ref. Switch HP, NEC, Pronto, Juniper.. and many more OpenFlow Switches OpenVSwitch OpenWRT PCEngine WiFi AP 45
Current OpenFlow hardware Juniper MX-series NEC IP8800 UNIVERGE PF5240 WiMax (NEC) HP Procurve 5400 Netgear 7324 PC Engines Pronto 3240/3290 Ciena Coredirector More coming soon...
Growing Community Vendors and start-ups Providers and business-unit More... More... Note: Level of interest varies
Industry commitment • Big players forming the Open Networking Foundation (ONF) to promote a new approach to networking called Software-Defined Networking (SDN). http://www.opennetworkingfoundation.org/
Cenarios de Aplicação • redes corporativas: novos mecanismos de controle de acesso e segurança, gerência integrada de rede cabeada e sem fio, configuração de VLANs, suporte à mobilidade, etc. (CASADO et al., 2007); • backbone: convergência de redes de pacotes e circuitos, como, por exemplo, agregação e gerência dinâmica e flexível do tráfego, novos mecanismos de roteamento e engenharia de tráfego e recuperação de falhas; balanceamento do tráfego Web; Common control plane for “Layer 3” and “Layer 1” networks; etc. (GUDLA et al., 2010); • redes celulares: uso transparente (bi/tri-casting) de diversas redes de acesso (Wi-Fi/3G/WiMAX), separação do provedor de infraestrutura do provedor de serviços (por exemplo, virtual network operators), etc. (YAP et al., 2010) • data center: técnicas de conservação de energia, engenharia de tráfego, roteamento plano e multicaminho, suporte à virtualização de hosts e software switches, automação da gerencia da infraestutura de rede (switches fisicos e virtuais) e integrada com sistemas de TI e OSS/BSS (KOPONEN et al., 2010); • redes domésticas: terceirização (outsourcing) da gerência de rede, compartilhamento da rede com vários provedores de serviços e usuários, como, por exemplo, Open Wi-Fi, e gerência de energia com medidores inteligentes, como smart grid;
Projeto RouteFlow is an open-source project to provide IP routing & forwarding services in OpenFlow networks
Lógica de Controle RIP BGP OSPF ISIS Servidor de Controle Sistema Operacional API OpenFlow Sistema Operacional Driver Switch Programável Hardware Dedicado
Software Defined IP Routing Open interface Specialized Features Controller Specialized Control Plane Open interface Specialized Hardware OpenFlow Switch BGP OSPF ISIS LDP Low cost (commodity) Multi-vendor Open source Fast innovation pace High costSpecialized config. Closed source Slow innovation pace
Design What's new? Database layer JSON-based IPC Core state Programmer-friendly Multi-Controller support NOX POX Floodlight (ongoing) Resillience, component names, debugging, user-control, GUI, etc.