1 / 55

Software Defined Networks (SDN)/ OpenFlow Experience sharing

Software Defined Networks (SDN)/ OpenFlow Experience sharing. Baraki H. Abay Nov 04,2011. Outline. Legacy Networks Software defined networks Motivation ,Architecture, Principles, OpenFlow Principles, Architecture OpenFlow Basics- Flow table, controller, protocol How it works

faxon
Télécharger la présentation

Software Defined Networks (SDN)/ OpenFlow Experience sharing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software Defined Networks (SDN)/ OpenFlowExperience sharing Baraki H. Abay Nov 04,2011

  2. Outline • Legacy Networks • Software defined networks • Motivation ,Architecture, Principles, • OpenFlow • Principles, Architecture • OpenFlow Basics- Flow table, controller, protocol • How it works • Centralized vs Distributed, Aggregated vs Flow based, Proactive vs Reactive • Network Slicing - FlowVisor • How to get started to play with OpenFlow • Industry trends • Demo screen shoots

  3. Current Networking Scheme • Fully distributed protocols - hard to add a feature to a network • Network is closed for research and innovation • Network administrators and Researchers can only configure devices • Software is embedded in Industry • Data plan and control plan in the same device • Routers and switches are locked • Packet forwarding and decision controlled by underlined switched and routers

  4. Closed System Operating System App App App Packet Forwarding Hardware Operating System Packet Forwarding Hardware App App App App App App Operating System Packet Forwarding Hardware Operating System HardwaredPacket Forwarding App App App

  5. Mitigation approach • Open Development environment for Networking • Isolation: • regular production Network untouched • Virtualized and Programmable networks Software Defined Networking (SDN)

  6. Software Defined Networking(SDN) • Network Architecture to remotely control network hardware with software • To open the closed network • Enables innovations by researchers, operators, application/service providers • Managed by Open Network Foundation (ONF) 6

  7. SDN Architecture Principles • Separation of data and control planes • well defined API/protocol between the two • Logically centralized control plane • with an open API for network applications and services • Network slicing and virtualization • to support experimentation on a production network. API Control Path(Software) Protocol Control Path Data Path (Hardware)

  8. Software Defined Networking Principles App App App 2. Operating System 3. Open API Network Operating System App App App 1. Open Interface to HW Operating System App App App App App App Packet Forwarding Hardware Operating System Packet Forwarding Hardware Operating System App App App Operating System Packet Forwarding Hardware Hardware Packet Forwarding

  9. OpenFlow

  10. What is OpenFlow? “OpenFlow is an open standardto deploy innovative protocolsin production networks” openflow.org

  11. OpenFlow • Motivation • Network changes are sluggish • The need for programmable networks • Goal • Use a centralized controller to determine traffic forwarding • Principle • Separate control plane from data plane

  12. OpenFlow • SDN protocol(API) that modifies forwarding tables in network switches. • Added as a feature to commercial Ethernet switches, routers and wireless access points • Developed by Stanford University • Sits between a switch and controller • Allows the path of network packets through the network of switches to be determined by software running on a separate server

  13. OpenFlow • Vendor independent • Protocol is open source • Version status • OF 1.0 : most widely used version • OF 1.1: multiple tables and counters • OF 1.2 : Wire protocol IPv6, basic configuration • OF 1.3 : Topology discovery, test processes • OF 1.4 : capability discovery , test labs

  14. Classic Switch Vs OpenFlow Switch Classic Switch/Router OpenFlow Enabled Switch/Router • Data path and control path occur on the same device • Data path- packet forwarding path • Control path- routing decisions • Separates the data path and control path • Data path portion still resides on the switch • High level routing decisions reside in controller • The OpenFlow switch and the controller communicate via the OpenFlow protocol

  15. OpenFlow Specification Basics • Consists at least three parts • Flow Table – define how the switch will process each flow • Secure Channel –to connect to controller • OpenFlow Protocol(API) Controller PC OpenFlow Switch OpenFlow Protocol(SSL) sw Secure Channel • Flow table are set up on switches • Controller talk to the switch via the OpenFlow protocol Flow Table hw

  16. Flow table Entry • Flow table consists of set of entries to compare incoming packets against • Each flow entry consist of match fields, counters, actions • Matching starts at the first flow table • Flow entries match in priority order • Match found • Apply the instructions • Match not found • forwarded to the controller over the OpenFlow channel, • dropped • may continue to the next flow table

  17. Table entry Rule Action Stats • Per table • Per flow • Per table Packet + byte counters • Forward packet to port(s) • Encapsulate and forward to controller • Drop packet • Send to normal processing pipeline Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport

  18. Actions: Switching and routing Firewall Using non-OpenFlow logic Send to controller

  19. Secure channel Controller OpenFlow Switch PC OpenFlow Protocol(SSL) Secure Channel sw Flow Table hw • SSL Connection, site-specific key • Controller discovery protocol • Encapsulate packets for controller • Send link/port state to controller

  20. OpenFlow Protocol Message Types • Controller-to-switch • To directly manage or inspect the state of the switch • may or may not require a response from the switch • Operations/msg types: features, configuration, Ready-State, Modify-State, barrier • Asynchronous • To update the controller of network events and changes to the switch state. • sent without the controller soliciting them from a switch • To tell controller a packet arrival, switch state change, or error • Msg. types: Packet-in ,Flow-Removed , Port-status, Error • Symmetric – Msg. types: Hello , Echo, Experimenter

  21. The OpenFlow controller • Remotely control and manipulate flow table in switches • Available open-source controllers • NOX • Beacon • SNAC • FlowVisor- a special type of controller • Act as a proxy between OpenFlow switches and multiple controllers • Slices network resource and delegate controller to each

  22. How OpenFlow works ?

  23. Send to controller over secure channel Switch No match Check matching Packet In from network Apply Actions Match Controller • Extract the destination address of the packet • Define a table entry to create a path for the packet • Send message to each switch in the path the packet will traverse Packet In from switch

  24. Statistics Statistics Statistics Statistics Action Action Action Action Rule Rule Rule Rule 192.10.0.2 10.5.0.2 192.168.0.2 192.10.0.1 10.4.0.2 Entry Available? 192.168.0.1 192.168.0.2 OFS OFS 10.4.0.2 OFS Inst. rule Inst. rule PC 10.4.0.2 OFS Inst. rule Controller 192.168.0.2 10.4.0.2

  25. Flow match Examples Flow Rule(match) Action

  26. Controller Usage Models

  27. Centralized vs Distributed control Centralized Control Distributed Conrol Controller Controller PC PC OFS OFS Controller PC Controller OFS OFS PC OFS OFS

  28. Flow Routing vs Aggregation Flow-based Aggregated • Every flow is individually set up by controller • Exact match flow entries • Flow table contains one entry per flow • Good for fine grain control • One flow entry covers large groups of flows • Wildcard flow entries • Flow table contains one entry per category of flows • Good for large # of flows

  29. Reactive vs Proactive Reactive Proactive • First packet of flow triggers controller to insert flow entries • Efficient use of flow table • Every flow incurs small additional set up time • Switch has limited utility of connection control is lost • Controller pre-populates flow table in switch • Zero additional flow set up time • Loss of control connection doesn’t disrupt connection • Requires aggregated rules

  30. Open Controllers

  31. Network Slicing concept • Divide the production network into logical slices • each slice/service controls its own packet forwarding Multiple controllers (NOS) Slicing Layer Switch data plane

  32. FlowVisor • A tool for slicing OpenFlow Networks • creating multiple isolated and programmable logical networks on the same physical topology • Puts Slicing Policies • The policy specifies resource limits for each slice: • Link bandwidth • Maximum number of forwarding rules • Topology • Fraction of switch/router CPU

  33. Virtual networks through FlowVisor Research 2 controller Research 1 controller Prod. nkt controller PC PC PC OpenFlow protocol OFS OpenFlow protocol Flow Visor FlowSpace: Maps Packets to Slices Topology discovery is per slice OFS OFS

  34. OpenFlow gains • Increased network control • Increased Network in flexibility • Shared Infrastructure – make innovation easier • Current network infrastructure, LAN and WAN, does not allow for much experimenting. In many cases, it is a production network, there are firmware limitations, or both

  35. Some OpenFlow applications • Wireless mobility/migration • Redirect specific application traffic to remote site • Network Virtualization • Power management • Load balancing • Traffic engineering • Security Applications • Load balancing • Firewall

  36. Current version OpenFlow limitations • Non-flow-based(per-packet) networking • Use all tables on switch chips • New forwarding primitives • New packet formats/field definitions • Low-setup time individual flows • But can push flows proactively

  37. Industry support • Many vendors implemented OpenFlow in their devices

  38. How to get started with OpenFlow • Switch • Software switches • Linux User-space Switch • Reference Linux Kernel-space Switch • Open vSwitch • Hardware switches • OpenFlow enabled commercial switches – ex. pronto • Controller • Reference Learning Switch Controller • NOX, Beacon, SNAC

  39. What can we do with OpenFlow • Write- configure – deploy • Experimenting our networks • Develop network applications on top of existing controllers (ex. NOX, Beacon) • Customize controllers • Extend existing controllers • Developing our own controller

  40. Example Developing on NOX • Basics – components and events • Develop components that handle events • Components can be developed using • C++ • Python or • Combination of them • NOX built-in component • Core apps • Network apps • Web apps • Third-part y extensions

  41. Example – a component

  42. Events • Drives execution in NOX • Core events • Data_path_join event, Packet_in_event • Application events • Host_in event, flow_in event etc post events for other applications to handle Register for packet_in event

  43. OpenFlow Practice • Using virtual machines • Required softwares • Virtualization software (Virtual box) • X server - (windows Xming , max X11, linux X server installed) • Development tools • Mininet • Wireshark • Benchmark Controller w/iperf

  44. What can we do in the tutorial • Create learning switch • NOX controller (Python, C++) • Beacon (java) • Control a Slice of a real Network • Creating router • Creating Firewall

  45. Some Demos

  46. Dynamic Flow Aggregation on an OpenFlow Network • Dynamically define flow granularity by wildcarding arbitrary Header fields • Granularity is on the switch flow entries, no packet rewrite or encapsulation

  47. Elastic Tree: reducing energy in data centers • Shuts off links and switches to reduce data center power • OpenFlow provides network routes and port statistics

  48. Some OpenFlow Demos Aster*x: Load-Balancing Web Traffic over Wide-Area Networks • load balancing system for services hosted in different services • considers network congestion and server load • handles the dynamical adding and removing of resources By Stanford

More Related