1 / 69

OpenFlow Hands-on Tutorial OFELIA Meeting Feb 7, 2011 at Berlin

OpenFlow Hands-on Tutorial OFELIA Meeting Feb 7, 2011 at Berlin. Srini Seetharaman, DT R&D Lab, USA With help from: Dan Levin, TU Berlin Nadi Sarrar, TU Berlin Andi Wundsam, TU Berlin. Welcome! Getting Started. Copy to your hard disk from Flash Drive/:

ashtyn
Télécharger la présentation

OpenFlow Hands-on Tutorial OFELIA Meeting Feb 7, 2011 at Berlin

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OpenFlow Hands-on TutorialOFELIA MeetingFeb 7, 2011 at Berlin Srini Seetharaman, DT R&D Lab, USA With help from: Dan Levin, TU Berlin Nadi Sarrar, TU Berlin Andi Wundsam, TU Berlin

  2. Welcome! Getting Started • Copy to your hard disk from Flash Drive/: • Corresponding files (terminal, X server, Vmware) for your platform (Win/Mac/Linux) • OpenFlowTutorial-20110131.vmwarevm.zip • unzip OpenFlowTutorial-20110131.vmwarevm.zip • Instructions: http://www.openflow.org/wk/index.php/OpenFlowTutorialOFELIA2011 • VMWare Key (if needed): • 4J09J-3U2E5-58C32-08AK0-8DH42 • Online attendees: Download file from: • http://www.net.t-labs.tu-berlin.de/research/routerlab/oftutorial.zip

  3. Introductions

  4. Agenda

  5. Goals of this Tutorial • By the end, everyone should know: • what OpenFlow is • how it’s used and how you can use it • where it’s going • how OpenFlow compares to other platforms • how OpenFlow fits in the Software-Defined Networking (SDN) spectrum • Present a useful mix of hands-on and lecture-based content • Have fun

  6. Why OpenFlow?

  7. The Ossified Network Feature Million of linesof source code Billions of gates Routing, management, mobility management, access control, VPNs, … Feature 5400 RFCs Barrier to entry Operating System Specialized Packet Forwarding Hardware Bloated Power Hungry Many complex functions baked into the infrastructure • OSPF, BGP, multicast, differentiated services,Traffic Engineering, NAT, firewalls, MPLS, redundant layers, … • An industry with a “mainframe-mentality”, reluctant to change 7

  8. Research Stagnation • Lots of deployed innovation in other areas • OS: filesystems, schedulers, virtualization • DS: DHTs, CDNs, MapReduce • Compilers: JITs, vectorization • Networks are largely the same as years ago • Ethernet, IP, WiFi • Rate of change of the network seems slower in comparison • Need better tools and abstractions to demonstrate and deploy

  9. Closed Systems (Vendor Hardware) • Stuck with interfaces (CLI, SNMP, etc) • Hard to meaningfully collaborate • Vendors starting to open up, but not usefully • Need a fully open system – a Linux equivalent

  10. Open Systems gap in the tool space none have all the desired attributes!

  11. OpenFlow: a pragmatic compromise • + Speed, scale, fidelity of vendor hardware • + Flexibility and control of software and simulation • Vendors don’t need to expose implementation • Leverages hardware inside most switches today (ACL tables)

  12. How does OpenFlow work? 13

  13. Ethernet Switch

  14. Control Path Control Path (Software) Data Path (Hardware)

  15. OpenFlow Controller OpenFlow Protocol (SSL/TCP) Control Path OpenFlow Data Path (Hardware)

  16. MAC src MAC dst IP Src IP Dst TCP sport TCP dport * * * 5.6.7.8 * * port 1 Action OpenFlow Example Controller PC OpenFlow Client Software Layer Flow Table Hardware Layer port 2 port 1 port 3 port 4 5.6.7.8 1.2.3.4

  17. OpenFlow Basics Flow Table Entries Rule Action Stats Packet + byte counters • Forward packet to zero or more ports • Encapsulate and forward to controller • Send to normal processing pipeline • Modify Fields • Any extensions you add! Eth type Switch Port IP Src IP Dst IP ToS IP Prot L4 sport L4 dport VLAN pcp MAC src MAC dst VLAN ID + mask what fields to match

  18. Switch Port Switch Port Switch Port MAC src MAC src MAC src MAC dst MAC dst MAC dst Eth type Eth type Eth type VLAN ID VLAN ID VLAN ID IP Src IP Src IP Src IP Dst IP Dst IP Dst IP Prot IP Prot IP Prot TCP sport TCP sport TCP sport TCP dport TCP dport TCP dport Action Action Action Examples Switching 00:1f:.. * * * * * * * * * port6 Flow Switching port3 00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6 Firewall * * * * * * * * * 22 drop

  19. Switch Port Switch Port MAC src MAC src MAC dst MAC dst Eth type Eth type VLAN ID VLAN ID IP Src IP Src IP Dst IP Dst IP Prot IP Prot TCP sport TCP sport TCP dport TCP dport Action Action Examples Routing * * * * * * 5.6.7.8 * * * port6 VLAN Switching port6, port7, port9 vlan1 00:1f.. * * * * * * * *

  20. OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow Switch Centralized vs Distributed ControlBoth models are possible with OpenFlow Centralized Control Distributed Control Controller Controller Controller Controller

  21. Flow Routing vs. AggregationBoth models are possible with OpenFlow Flow-Based • Every flow is individually set up by controller • Exact-match flow entries • Flow table contains one entry per flow • Good for fine grain control, e.g. campus networks • Aggregated • One flow entry covers large groups of flows • Wildcard flow entries • Flow table contains one entry per category of flows • Good for large number of flows, e.g. backbone

  22. Reactive vs. Proactive (pre-populated)Both models are possible with OpenFlow Reactive • First packet of flow triggers controller to insert flow entries • Efficient use of flow table • Every flow incurs small additional flow setup time • If control connection lost, switch has limited utility • Proactive • Controller pre-populates flow table in switch • Zero additional flow setup time • Loss of control connection does not disrupt traffic • Essentially requires aggregated (wildcard) rules

  23. Usage examples Alice’s code: Simple learning switch Per Flow switching Network access control/firewall Static “VLANs” Her own new routing protocol: unicast, multicast, multipath Home network manager Packet processor (in controller) IPvAlice • VM migration • Server Load balancing • Mobility manager • Power management • Network monitoring and visualization • Network debugging • Network slicing … and much more you can create!

  24. Quiz Time • How do I provide control connectivity? Is it really clean slate? • Why aren’t users complaining about time to setup flows over OpenFlow? (Hint: What is the predominant traffic today?) • Considering switch CPU is the major limit, how can one take down an OpenFlow network? • How to perform topology discovery over OpenFlow-enabled switches? • What happens when you have a non-OpenFlow switch inbetween? • What if there are two islands connected to same controller? • How scalable is OpenFlow? How does one scale deployments?

  25. What can you not do with OpenFlow ver1.0 • Non-flow-based (per-packet) networking • ex. Per-packet next-hop selection (in wireless mesh) • yes, this is a fundamental limitation • BUT OpenFlow can provide the plumbing to connect these systems • Use all tables on switch chips • yes, a major limitation (cross-product issue) • BUT an upcoming OF version will expose these

  26. What can you not do with OpenFlow ver1.0 • New forwarding primitives • BUT provides a nice way to integrate them through extensions • New packet formats/field definitions • BUT a generalized OpenFlow (2.0) is on the horizon • Optical Circuits • BUT efforts underway to apply OpenFlow model to circuits • Low-setup-time individual flows • BUT can push down flows proactively to avoid delays

  27. Where it’s going • OF v1.1: Extensions for WAN, spring 2011 • multiple tables: leverage additional tables • tags and tunnels • multipath forwarding • OF v2+ • generalized matching and actions: an “instruction set” for networking

  28. OpenFlow Implementations(Switch and Controller) 29

  29. OpenFlow building blocks Monitoring/debugging tools oftrace oflops openseer Stanford Provided ENVI (GUI) LAVI Expedient Applications n-Casting NOX Beacon SNAC Helios Maestro Controller Slicing Software FlowVisor Console FlowVisor Stanford Provided Commercial Switches Software Ref. Switch NetFPGA Broadcom Ref. Switch HP, NEC, Pronto, Juniper.. and many more OpenFlow Switches OpenVSwitch OpenWRT PCEngine WiFi AP 30

  30. Current SDN hardware Juniper MX-series NEC IP8800 WiMax (NEC) HP Procurve 5400 Netgear 7324 PC Engines Pronto 3240/3290 Ciena Coredirector More coming soon... 31

  31. Commercial Switch Vendors 32

  32. Controller Vendors 33

  33. Growing Community Vendors and start-ups Providers and business-unit More... More... Note: Level of interest varies 34

  34. Software-Defined Networking (SDN) 35

  35. Current Internet Closed to Innovations in the Infrastructure App App App Closed App App App Operating System Specialized Packet Forwarding Hardware Operating System App App App App App App Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware App App App Operating System Specialized Packet Forwarding Hardware 36

  36. “Software Defined Networking” approachto open it App App App Network Operating System App App App App App App Operating System Specialized Packet Forwarding Hardware Operating System App App App App App App Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware App App App Operating System Specialized Packet Forwarding Hardware 37

  37. The “Software-defined Network” 3. Well-defined open API 2. At least one good operating system Extensible, possibly open-source App App App 1. Open interface to hardware Network Operating System Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware 38

  38. Hands-on Session Flow Resume talk Resume lecture Run hub, turn hub into an Ethernet switch setup VM, play with mininet, use tools Slicing the network with FlowVisor and Expedient On your own add multiple switch support modify switch to handle IP forwarding

  39. Stuff you’ll use • NOX • Reference Controller/Switch • OpenvSwitch • Mininet • cbench • flowvisor • iperf • tcpdump • Wireshark

  40. Tutorial Setup Controller port6633 c0 loopback (127.0.0.1:6633) OpenFlow Tutorial 3hosts-1switch topology loopback (127.0.0.1:6634) OpenFlow Switch dpctl (user space process) s1 s1-eth0 s1-eth1 s1-eth2 h1-eth0 h3-eth0 h4-eth0 h2 10.0.0.2 h3 10.0.0.3 h4 10.0.0.4 virtual hosts

  41. Hands-on Tutorial Next presentation starts at 13:00 www.openflow.org/wk/index.php/OpenFlowTutorialOFELIA2011 • Hope you got the files from the DVD or USB keys • VMWare Key (if needed): • 4J09J-3U2E5-58C32-08AK0-8DH42

  42. Virtualizing OpenFlow 43

  43. Trend App App App App App App Controller 1 Controller 2 Controller 1 Controller 2 NOX (Network OS) Network OS Windows (OS) Linux Mac OS Windows (OS) Linux Mac OS Windows (OS) Linux Mac OS Virtualization or “Slicing” Virtualization layer OpenFlow x86 (Computer) Computer Industry Network Industry

  44. Isolated “slices” Many operating systems, or Many versions App App App App App App App App Network Operating System 1 Network Operating System 2 Network Operating System 3 Network Operating System 4 Open interface to hardware Open interface to hardware Virtualization or “Slicing” Layer Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware

  45. Flow Table Flow Table Controller Controller Switch Based VirtualizationExists for NEC, HP switches but not flexible enough Research VLAN 2 Research VLAN 1 Production VLANs Normal L2/L3 Processing

  46. OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow FlowVisor & Policy Control FlowVisor-based Virtualization Heidi’s Controller Craig’s Controller Aaron’s Controller Topology discovery is per slice OpenFlow Protocol OpenFlow Protocol 47

  47. OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow FlowVisor & Policy Control OpenFlow Protocol FlowVisor-based Virtualization http Load-balancer Multicast Broadcast Separation not only by VLANs, but any L1-L4 pattern dl_dst=FFFFFFFFFFFF tp_src=80, ortp_dst=80 OpenFlow Protocol

  48. FlowSpace: Maps Packets to Slices

  49. Alice Controller Bob Controller Cathy Controller OpenFlow FlowVisor OpenFlow OpenFlow Firmware Data Path FlowVisor Message Handling Rule Policy Check: Is this rule allowed? Policy Check: Who controls this packet? Full Line Rate Forwarding Exception Packet Packet

  50. * * * * * * * * * * * * * * * * * * * * * * * * * * * * 84.65.* 84.65.* Use Case: New CDN - Turbo Coral ++ Basic Idea: Build a CDN where you control the entire network • All traffic to or from Coral IP space controlled by Experimenter • All other traffic controlled by default routing • Topology is entire network • End hosts are automatically added (no opt-in) Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport

More Related