1 / 53

OpenFlow /SDN Beginner’s Tutorial June, 2013

OpenFlow /SDN Beginner’s Tutorial June, 2013. Why SDN? What is SDN?. Host 1. Hypervisor. VLAN-101-x. VLAN-101-x. VLAN-101-x. Switch-1. Switch-3. Switch-2. VLAN-101-x. VLAN-101-x. VLAN-101-x. Switch-3. Switch-1. Switch-2. VLAN-101-x. VLAN-101-x. VLAN-101-x. VLAN-101-x.

taite
Télécharger la présentation

OpenFlow /SDN Beginner’s Tutorial June, 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OpenFlow/SDN Beginner’s TutorialJune, 2013

  2. Why SDN? What is SDN?

  3. Host 1 Hypervisor VLAN-101-x VLAN-101-x VLAN-101-x Switch-1 Switch-3 Switch-2 VLAN-101-x VLAN-101-x VLAN-101-x Switch-3 Switch-1 Switch-2 VLAN-101-x VLAN-101-x VLAN-101-x VLAN-101-x VLAN-101-x VLAN-101-x WAN Critical needs for cloud DC networks • Tenant virtualization • Traffic isolation, prioritization and rate limiting • Overlapping IP addressing, along with IPv6 support • Speed up configuration to allow reduced time to revenue: • Automatically create required network configs for new tenants • Transparently bridging a L2 network will help reduce time • Hybrid clouds with bursting • Adding computational capacity (in the form of new VMs) as needed • Lossless live migration VM A1 VM B1 VM C1

  4. Welcome to the Ossified Network Feature Million of linesof source code Billions of gates Routing, management, mobility management, access control, VPNs, … Feature 6000+ RFCs Barrier to entry Operating System Specialized Packet Forwarding Hardware Bloated Power Hungry Many complex functions baked into the infrastructure • OSPF, BGP, multicast, differentiated services,Traffic Engineering, NAT, firewalls, MPLS, redundant layers, … • An industry with a “mainframe-mentality”, reluctant to change 4

  5. Current Internet Closed to Innovations in the Infrastructure Closed Service Service Service Operating System Service Service Service Specialized Packet Forwarding Hardware Operating System Service Service Service Specialized Packet Forwarding Hardware Operating System Service Service Service Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware Service Service Service Operating System Specialized Packet Forwarding Hardware 5

  6. “Software Defined Networking” approach to open it IP routing service LB service FW service Network Operating System Service Service Service Operating System Service Service Service Specialized Packet Forwarding Hardware Operating System Service Service Service Specialized Packet Forwarding Hardware Operating System Service Service Service Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware Service Service Service Operating System Specialized Packet Forwarding Hardware

  7. The “Software-defined Network” North-boundinterface API Unchanged mgmt API IP routing service LB service FW service OpenFlow API Network Operating System Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware

  8. How does OpenFlow work? 8

  9. Ethernet Switch

  10. Control Path Control Path (Software) Data Path (Hardware)

  11. OpenFlow Controller OpenFlow Protocol (SSL/TCP) Control Path OpenFlow Data Path (Hardware)

  12. Alice’s Rule PC Alice’s Rule Alice’s Rule OpenFlow usage Controller Alice’s code OpenFlow Switch Decision? OpenFlow Protocol OpenFlow Switch OpenFlow Switch OpenFlow offloads control intelligence to a remote software

  13. MAC src MAC dst IP Src IP Dst TCP sport TCP dport * * * 5.6.7.8 * * port 1 Action OpenFlow Example Cluster ofControllers OpenFlow-enabled hardware PC OpenFlow Client (e.g., OVS) PC Software Layer OpenFlowprotocol Flow Table Hardware Layer Software Hardware OpenFlow-enabled hardware port 2 port 1 port 3 port 4 5.6.7.8 1.2.3.4

  14. OpenFlow Basics Flow Table Entries Rule Action Stats Packet + byte counters • Forward packet to zero or more ports • Encapsulate and forward to controller • Send to normal processing pipeline • Modify Fields • Any extensions you add! Eth type Switch Port IP Src IP Dst IP ToS IP Prot L4 sport L4 dport VLAN pcp MAC src MAC dst VLAN ID + mask what fields to match + priority + timeout (idle and hard)

  15. Switch Port Switch Port Switch Port MAC src MAC src MAC src MAC dst MAC dst MAC dst Eth type Eth type Eth type VLAN ID VLAN ID VLAN ID IP Src IP Src IP Src IP Dst IP Dst IP Dst IP Prot IP Prot IP Prot TCP sport TCP sport TCP sport TCP dport TCP dport TCP dport Action Action Action Examples IP Routing service * * * * * * 5.6.7.8 * * * port6 VLAN multicast service port6, port7, port9 vlan1 00:1f.. * * * * * * * * Firewall service * * * * * * * * * 22 drop

  16. OpenFlow benefits • Hardware speed, scale, and fidelity for new services • Made possible through unified API supported by hardware platforms from multiple vendors • Flexibility and control of software and simulation • Vendors don’t need to expose implementation • Leverages hardware inside most switches today (ACL tables implemented using TCAMs) 16

  17. Usage examples Network Virtualization Network access control/firewall Load Balancing per flow switching New routing for unicast, multicast, multipath Home network manager Network monitoring and debugging More available at openflow.org/videos … and much more you can create!

  18. OpenFlow design, architecture and protocol evolution 18

  19. Control Path OpenFlow Hardware switch Data path (Hardware) Design choice 1: Modes of SDN Deployment • In-network: Existing/green-field network fabrics upgraded to support OpenFlow • Overlay: WITHOUT changing fabric, the intelligence is added to edge-devices, • as an additional appliance (e.g., bump-in-wire managed by controller) • as enhanced server kernel bridge (e.g., OpenVSwitch in x86 hypervisors) Figure courtesy of Martin Casada @ ONS 2012

  20. OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow Switch Design choice 2: Centralized vs Distributed Control Centralized Control Distributed Control Controller Controller Controller Controller

  21. Design choice 3: Per-Flow Routing vs. Aggregation Flow-Based • Every flow is individually set up by controller • Exact-match flow entries • Flow table contains one entry per flow • Good for fine grain control, e.g. campus networks • Aggregated • One flow entry covers large groups of flows • Wildcard flow entries • Flow table contains one entry per category of flows • Good for large number of flows, e.g. backbone

  22. Design choice 4: Reactive vs. Proactive (pre-populated) Reactive • First packet of flow triggers controller to insert flow entries • Efficient use of flow table • Every flow incurs small additional flow setup time • If control connection lost, switch has limited utility • Proactive • Controller pre-populates flow table in switch • Zero additional flow setup time • Loss of control connection does not disrupt traffic • Essentially requires aggregated (wildcard) rules

  23. Design choice 5: End-to-end OpenFlow vs. Hybrid • Based on how OpenFlow is deployed, there may be issues coexisting with legacy networks • OpenFlow controller view is not always complete. For instance, what does the controller see here? OFswitch OFswitch Non-OFswitch Y X HostB HostA Non-OFswitch HostC Internet

  24. OpenFlow Implementations(Switch and Controller) 24

  25. Open-source controllers 25

  26. Sample Commercial Switches

  27. Hands-on Tutorial

  28. Bootstrap • Install VirtualBox or Vmwareplayer or Vmware Fusion • Import the tutorial VM appliances available at: • 64-bit: (Login: ubuntu, Passwd: ubuntu) http://yuba.stanford.edu/~srini/OpenFlow_tutorial_64bit.ova • 32-bit: (Login: ubuntu, Passwd: ubuntu) http://yuba.stanford.edu/~srini/OpenFlow_tutorial_32bit.ova • Install X-Windows if you do not already have it • Mac user: Install xquartz • Windows user: Install xming • Start the VM, and “ssh -X” to its host-only IP address • VirtualBox: Ensure the vboxnet0 interface is configured for “host-only” • File->Preferences->Network and “Add host-only network” button with default settings.

  29. Inside the Virtual Machine • openvswitch: Virtual switch programmable using OpenFlow • mininet: Network emulation platform • $sudomn --topo single,3 --mac --switch ovsk --controller remote • wireshark: Graphical tool for viewing packets with OF protocol plug-in • Start wireshark: $sudowireshark • Start capture packets going through interface “lo” and Decode as OFP • dpctl: Command-line utility for checking switch status and manually inserting flow entries. • Check supported commands in manual: $ man dpctl • Multiple OpenFlow controllers with sample apps prepackaged • NOX, POX, Ryu, and OpenDayLight

  30. Mininet-based Virtual Topology #1 Controller port6633 OpenFlow Tutorial 3hosts-1switch Topology c0 loopback (127.0.0.1:6633) loopback (127.0.0.1:6634) OpenFlow Switch dpctl (user space process) s1 s1-eth0 s1-eth1 s1-eth2 h1-eth0 h2-eth0 h3-eth0 h1 10.0.0.1 h2 10.0.0.2 h3 10.0.0.3 virtual hosts $ sudomn --topo single,3 --mac --switch ovsk --controller remote

  31. Mininet-based Virtual Topology #2 OpenFlow Tutorial 2hosts-2switch Topology $ sudomn --topolinear --switch ovsk --controller remote

  32. dpctl and wireshark workflow • Before controller is started, execute the following $ dpctl show tcp:127.0.0.1:6634 $ dpctl dump-flows tcp:127.0.0.1:6634 mininet> h1 ping h2 $ dpctl add-flow tcp:127.0.0.1:6634 in_port=1,actions=output:2 $ dpctl add-flow tcp:127.0.0.1:6634 in_port=2,actions=output:1 mininet> h1 ping h2 • Start controller and check OF messages on wireshark (enabling OFP decode) • Openflow messages exchanged between switch and controller: openflow/include/openflow/openflow.h /* Header on all OpenFlow packets. */ structofp_header { uint8_t version; /* OFP_VERSION. */ uint8_t type; /* one of the OFPT_ constants.*/ uint 16_t length; /*Length including this ofp_header. */ uint32_t xid; /*Transaction id associated with this packet..*/ }; All ports of switch shown, but no flows installed. Ping fails because ARP cannot go through Ping works now!

  33. Top 3 features in most controllers • Event-driven model • Each module registers listeners or call-back functions • Example async events include PACKET_IN, PORT_STATUS, FEATURE_REPLY, STATS_REPLY • Packet parsing capabilities • When switch sends an OpenFlow message, module extracts relevant information using standard procedures • switch.send(msg), where msg can be • PACKET_OUT with buffer_id or fabricated packet • FLOW_MOD with match rules and action taken • FEATURE_REQUEST, STATS_REQUEST, BARRIER_REQUEST

  34. OpenDayLight controller

  35. Controller Architecture

  36. Java, Maven, OSGi, Interface • Java allows cross-platform execution • Maven allows easier building • OSGi: • Allows dynamically loading bundles • Allows registering dependencies and services exported • For exchanging information across bundles • Java Interfaces are used for event listening, specifications and forming patterns

  37. Setup INSTALL OPENDAYLIGHT (Dependency Maven, JDK1.7) • gitclone https://git.opendaylight.org/gerrit/p/controller.git • mv controller opendaylight; cd opendaylight • cd opendaylight/distribution/opendaylight/ • mvnclean install • cd target/distribution.opendaylight-0.1.0-SNAPSHOT-osgipackage/opendaylight/ • ./run.sh IMPORT OPENDAYLIGHT TO ECLIPSE • Install Eclipse with Maven Integration Version 1.2.0 • File => Import => Maven => Existing Maven Projects • Browse ~/opendaylight/opendaylight/distribution/opendaylight • In distribution.opendaylight, right click on opendaylight-assembleit.launch and select “Run”. Then “Run” opendaylight-application.launch

  38. OpenDayLight web interface

  39. Writing a new application Include the new app in opendaylight/distribution/opendaylight/pom.xml and in the Eclipse“Run Configurations” Clone an existing module (e.g., arphandler) in Eclipse project explorer List dependencies imported and interfaces implemented in the module’s Activator.java Update dependencies and services exported in the new bundle’s pom.xml Update set/unset bindings in the module’s class so as to access other bundle objects Implement the interface functions to handle the async events or use other bundle objects to edit state Add needed northbound REST API and associate with the web bundle Done

  40. Interfaces

  41. Interfaces

  42. Interfaces

  43. The End

  44. Summary • OpenFlow/SDN is evolving to facilitate an ecosystem for innovation through programmability • OpenFlow/SDN is being deployed in over 100 organizations world-wide • Many academic ones, but also includes service provider clouds • SDN provides a simple solution to problems with complex solutions without vendor lock-in

  45. Backup

  46. POX controller

  47. Intro to POX controllerGeneral execution: $ ~/pox/pox.py <dir>.<name>Example: $ ~/pox/pox.py forwarding.hub Parses messages from switch and throws following events FlowRemoved FeaturesReceived ConnectionUp FeaturesReceived RawStatsReply PortStatus PacketIn BarrierIn SwitchDescReceived FlowStatsReceived AggregateFlowStatsReceived TableStatsReceived PortStatsReceived QueueStatsReceived Packets parsed by pox/lib arp dhcp dns eapol eap ethernet icmp igmp ipv4 llc lldp mpls rip tcp udp vlan Example msg sent from controller to switch ofp_packet_out header: version: 1 type: 13 length: 24 xid: 13 buffer_id: 272 in_port: 65535 actions_len: 1 actions: type: 0 len: 8 port: 65531 max_len: 65535

  48. Application 1: Hub(inspect file pox/pox/misc/of_tutorial.py) Hub (3) (4) POX (5) (2) OF Switch (B) (6) (1) (C) (A)

  49. Application 2: MAC-learning switch(convert pox/pox/misc/of_tutorial.py to L2 switch) • Build on your own with this logic: • On init, create a dict to store MAC to switch port mapping • self.mac_to_port = {} • On packet_in, • Parse packet to reveal src and dst MAC addr • Map src_mac to the incoming port • self.mac_to_port[dpid] = {} • self.mac_to_port[dpid][src_mac] = in_port • Lookup dst_mac in mac_to_portdict to find next hop • If found, create flow_mod and send • Else, flood like hub. • Execute: pox/pox.py misc.of_tutorial msg = of.ofp_flow_mod() msg.match = of.ofp_match.from_packet(packet) msg.buffer_id = event.ofp.buffer_id action = of.ofp_action_output(port = out_port) msg.actions.append(action) self.connection.send(msg)

  50. Ryu controller

More Related