1 / 46

OpenFlow/SDN tutorial OFC/NFOEC March, 2012

OpenFlow/SDN tutorial OFC/NFOEC March, 2012. Srini Seetharaman Deutsche Telekom Silicon Valley Innovation Center. 1. Why OpenFlow?. 3. Routing, management, mobility management, access control, VPNs, …. Feature. Feature. Million of lines of source code. Operating System.

hwoodard
Download Presentation

OpenFlow/SDN tutorial OFC/NFOEC March, 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OpenFlow/SDN tutorialOFC/NFOEC March, 2012 Srini Seetharaman Deutsche Telekom Silicon Valley Innovation Center 1

  2. Why OpenFlow? 3

  3. Routing, management, mobility management, access control, VPNs, … Feature Feature Million of linesof source code Operating System Specialized Packet Forwarding Hardware Billions of gates The Ossified Network 6000+ RFCs Barrier to entry Bloated Power Hungry Many complex functions baked into the infrastructure OSPF, BGP, multicast, differentiated services,Traffic Engineering, NAT, firewalls, MPLS, redundant layers, … An industry with a “mainframe-mentality”, reluctant to change 4

  4. Open Systems gap in the tool space none have all the desired attributes! 5

  5. App App App Operating System App App App Specialized Packet Forwarding Hardware Operating System App App App Specialized Packet Forwarding Hardware Operating System App App App Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware App App App Operating System Specialized Packet Forwarding Hardware Current Internet Closed to Innovations in the Infrastructure Closed 6

  6. App App App Network Operating System App App App Operating System App App App Specialized Packet Forwarding Hardware Operating System App App App Specialized Packet Forwarding Hardware Operating System App App App Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware App App App Operating System Specialized Packet Forwarding Hardware “Software Defined Networking” approachto open it

  7. 2. At least one good operating system Extensible, possibly open-source 3. Well-defined open API App App App Network Operating System 1. Open interface to hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware The “Software-defined Network”

  8. How does OpenFlow work? 9

  9. Ethernet Switch 10

  10. Control Path Control Path (Software) Data Path (Hardware) 11

  11. OpenFlow Controller OpenFlow Protocol (SSL/TCP) Control Path OpenFlow Data Path (Hardware) 12

  12. MAC src MAC dst IP Src IP Dst TCP sport TCP dport Action * * * 5.6.7.8 * * port 1 OpenFlow Example Controller PC OpenFlow Client Software Layer Flow Table Hardware Layer port 2 port 1 port 3 port 4 5.6.7.8 1.2.3.4 13

  13. Alice’s Rule PC Alice’s Rule Alice’s Rule OpenFlow usage Controller Alice’s code OpenFlow Switch Decision? OpenFlow Protocol OpenFlow Switch OpenFlow Switch OpenFlow offloads control intelligence to a remote software

  14. OpenFlow Basics Flow Table Entries Rule Action Stats Packet + byte counters Forward packet to zero or more ports Encapsulate and forward to controller Send to normal processing pipeline Modify Fields Any extensions you add! Eth type Switch Port IP Src IP Dst IP Prot L4 sport L4 dport IP ToS VLAN ID VLAN pcp MAC src MAC dst + mask what fields to match 15

  15. Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action Examples Switching 00:1f:.. * * * * * * * * * port6 Flow Switching port3 00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6 Firewall * * * * * * * * * 22 drop 16

  16. Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action Examples Routing * * * * * * 5.6.7.8 * * * port6 VLAN Switching port6, port7, port9 vlan1 00:1f.. * * * * * * * * 17

  17. OpenFlow: a pragmatic compromise • + Speed, scale, fidelity of vendor hardware • + Flexibility and control of software and simulation • Vendors don’t need to expose implementation • Leverages hardware inside most switches today (ACL tables) 18

  18. OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow Switch Centralized vs Distributed ControlBoth models are possible with OpenFlow Centralized Control Distributed Control Controller Controller Controller Controller 19

  19. Flow Routing vs. AggregationBoth models are possible with OpenFlow Flow-Based • Every flow is individually set up by controller • Exact-match flow entries • Flow table contains one entry per flow • Good for fine grain control, e.g. campus networks Aggregated • One flow entry covers large groups of flows • Wildcard flow entries • Flow table contains one entry per category of flows • Good for large number of flows, e.g. backbone 20

  20. Reactive vs. Proactive (pre-populated)Both models are possible with OpenFlow Reactive • First packet of flow triggers controller to insert flow entries • Efficient use of flow table • Every flow incurs small additional flow setup time • If control connection lost, switch has limited utility Proactive • Controller pre-populates flow table in switch • Zero additional flow setup time • Loss of control connection does not disrupt traffic • Essentially requires aggregated (wildcard) rules 21

  21. Usage examples • Alice’s code: • Simple learning switch • Per Flow switching • Network access control/firewall • Static “VLANs” • Her own new routing protocol: unicast, multicast, multipath • Home network manager • Packet processor (in controller) • IPvAlice openflow.org/videos • VM migration • Server Load balancing • Mobility manager • Power management • Network monitoring and visualization • Network debugging • Network slicing … and much more you can create!

  22. Topology discovery • OpenFlow controller view is not always complete. For instance, what does the controller see here? OFswitch OFswitch Non-OFswitch Y X HostB HostA Non-OFswitch Internet HostC

  23. Quiz Time • How do I provide control connectivity? Is it really clean slate? • Why aren’t users complaining about time to setup flows over OpenFlow? (Hint: What is the predominant traffic today?) • Considering switch CPU is the major limit, how can one take down an OpenFlow network? • How to perform topology discovery over OpenFlow-enabled switches? • What happens when you have a non-OpenFlow switch inbetween? • What if there are two islands connected to same controller? • How scalable is OpenFlow? How does one scale deployments? 24

  24. What can you not do with OpenFlow ver1.1 • Non-flow-based (per-packet) networking • e.g., Handling pkt 1 differently from pkt 2 of same flow • yes, this is a fundamental limitation • BUT OpenFlow provides the plumbing to connect devices • New forwarding primitives • BUT provides a nice way to integrate them through extensions • New packet formats/field definitions • BUT a generalized OpenFlow (2.0) is on the horizon • Optical Circuits • BUT efforts underway to apply OpenFlow model to circuits • Low-setup-time individual flows • BUT can push down flows proactively to avoid delays 25

  25. Promoter Members: • Operators and service providers • Make up the board of directors • Have voting rights • Representative of DTAG is Bruno Orth (GTN S&A) Where is it going?The Open Networking Foundation: Textbox Headline The founding Consortium Adopter Members (as of Feb 2012) List of Members: • Big Switch Networks • Broadcom • Brocade • Ciena • Cisco • Citrix • Comcast • CompTIA • Cyan • Dell • Elbrys • Ericsson • ETRI • Extreme Networks • EZchip • Force10Networks • Fujitsu • Netronome • Nicira Networks • Nokia Siemens Networks • Plexxi Inc. • Pronto Systems • Radware • Riverbed Technology • Samsung • Spirent • Tencent • Texas Instruments • Vello Systems • VMware • ZTE Corporation • Hitachi • HP • Huawei • IBM • Infoblox • Intel • IP Infusion • Ixia • Juniper Networks • Korea Telecom • LineRate Systems • LSI • Marvell • Mellanox • Metaswitch Networks • Midokura • NEC • Netgear

  26. Where it’s going • OF v1.1: Extensions for WAN • multiple tables: leverage additional tables • tags and tunnels • multipath forwarding • OF v1.2: Extensible Match structure • Required fields includes IPv6 27

  27. Where it’s going • OF v2+ • generalized matching and actions: an “instruction set” for networking • Several other working groups have been created: • Hybrid group: Specifies how OpenFlow can be included into legacy switches without assuming clean-slate • Config group: Will specify an independent protocol that will help configure OpenFlow parameters out-of-band • .... And more 28

  28. OpenFlow Implementations(Switch and Controller) 29

  29. Current SDN hardware Juniper MX-series NEC IP8800 WiMax (NEC) HP Procurve 5400 Netgear 7324 PC Engines Pronto 3240/3290 Ciena Coredirector More coming soon... 31

  30. Commercial Switch Vendors 32

  31. Open-source controllers 33

  32. Virtualizing OpenFlow 34

  33. App App App App App App Controller 1 Controller 2 Controller 1 Controller 2 Linux Mac OS Windows (OS) NOX (Network OS) Network OS Linux Mac OS Windows (OS) Linux Mac OS Windows (OS) Virtualization or “Slicing” Virtualization layer x86 (Computer) OpenFlow Trend Computer Industry Network Industry

  34. Isolated “slices” Many operating systems, or Many versions App App App App App App App App Network Operating System 1 Network Operating System 2 Network Operating System 3 Network Operating System 4 Open interface to hardware Virtualization or “Slicing” Layer Open interface to hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware 36

  35. OpenFlow FlowVisor & Policy Control OpenFlow Switch OpenFlow Switch OpenFlow Switch FlowVisor-based Virtualization Heidi’s Controller Craig’s Controller Aaron’s Controller Topology discovery is per slice OpenFlow Protocol OpenFlow Protocol 38

  36. OpenFlow Protocol OpenFlow FlowVisor & Policy Control OpenFlow Switch OpenFlow Switch OpenFlow Switch FlowVisor-based Virtualization http Load-balancer Multicast Broadcast Separation not only by VLANs, but any L1-L4 pattern dl_dst=FFFFFFFFFFFF tp_src=80, ortp_dst=80 OpenFlow Protocol 39

  37. * * * * * * * * * 84.65.* * * * * * * * * * 84.65.* * * * * * * * * * * Use Case: New CDN - Turbo Coral ++ Basic Idea: Build a CDN where you control the entire network • All traffic to or from Coral IP space controlled by Experimenter • All other traffic controlled by default routing • Topology is entire network • End hosts are automatically added (no opt-in) Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Researcher Admin 42

  38. OpenFlow/SDN for carriers 43

  39. SDN is a hammer for what nail?

  40. 1. Packet and Circuit convergence • Most service providers own and operate 2 independent networks : IP and Transport • managed and operated independently • minimal cross-layer awareness • resulting in duplication of functions and resources in multiple layers • and significant capex and opex burdens Convergence to reduce costs and provide value-added services. The Flow Abstraction presents a unifying abstraction

  41. Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action OpenFlow-based unified control plane • Packet flows • Circuit flows • using the cross-connect table in circuit switches VCG Signal Type VCG Signal Type

  42. Interface: OpenFlow Protocol Packet & Circuit Switches pac.c Controller Unified Control Plane Converged Network

  43. Demonstration of pac.c NOX OpenFlow Protocol NEW YORK SAN FRANCISCO GE links OC-48 links (2.5 Gbps) HOUSTON 48

  44. NETWORK OPERATING SYSTEM 2. Improving IP/MPLS control • Basic Idea • Retain MPLS data-plane operations • Replace IP/MPLS control plane • Demonstrate TE & its features • All made simpler – some greatly (eg. AutoRoute) • Some made possible only with SDN (eg. global-optimization) TE 2.0 VPNs 2.0 Optimized FRR/ AutoBw MPLS-TP Control Multi-layer Control Routing Discovery Label Distribution Recovery

  45. Summary • OpenFlow/SDN is evolving to facilitate an ecosystem for innovation • OpenFlow is being deployed in over 100 organizations world-wide • GEC9 in Nov, 2010 showcased nation-wide OF • Internet 2 and NLR starting to serve as the GENI Backbone • OpenFlow is essential for Service Providers • Custom control for Traffic Engineering • Combined Packet/Circuit switched networks

  46. Are you innovating in your network? 51

More Related