MOBILE COMMUNICATION AND INTERNET TECHNOLOGIES http://web.uettaxila.edu.pk/CMS/AUT2014/teMCITms/ Software Defined Networks and OpenFlow Courtesy of: AT&T Tech Talks MODULE OVERVIEW Motivation What is OpenFlow Deployments Conclusion 2 We have lost our way Routing, management, mobility management, access control, VPNs, … App App App Operating System Specialized Packet Forwarding Hardware Million of lines of source code 5400 RFCs Barrier to entry 500M gates 10Gbytes RAM Bloated Power Hungry IPSec Firewall Router Software Control OSPF-TE HELLO HELLO RSVP-TE HELLO Hardware Datapath Many complex functions packed into the infrastructure OSPF, BGP, multicast, differentiated services, Traffic Engineering, NAT, firewalls, MPLS, redundant layers, … An industry with a “mainframe-mentality” Process of innovation made worse by captive standards process Deployment Idea Standardize Wait 10 years • Driven by vendors • Consumers largely locked out • Layer by layer innovation New Generation Providers already Buying into It In a nutshell Driven by cost and control Started in data centers…. What New Generation Providers have been Doing Within the Datacenters Buy bare metal switches/routers Write their own control/management applications on a common platform 6 Change is happening in non-traditional markets App App App Network Operating System Ap p Ap p Ap p Operating System Ap p Specialized Packet Forwarding Hardware Ap p Ap p Ap p Ap p Operating System Ap p Specialized Packet Forwarding Hardware Operating System Ap p Specialized Packet Forwarding Hardware Ap p Ap p Operating System Ap p Ap p Ap p Operating System Specialized Packet Forwarding Hardware Specialized Packet Forwarding Hardware The “Software-defined Network” 2. At least one good operating system Extensible, possibly open-source 3. Well-defined open API App App App Network Operating System 1. Open interface to hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Trend App App App Windows Windows Windows (OS) (OS) (OS) Linux Linux Linux App App App Mac Mac Mac OS OS OS Virtualization layer x86 (Computer) Computer Industry Controller11 NOX Controller (Network OS) Controller Controller Network OS 22 Virtualization or “Slicing” OpenFlow Network Industry Simple common stable hardware substrate below+ programmability + strong isolation model + competition above = Result : faster innovation What is OpenFlow? Short Story: OpenFlow is an API • Control how packets are forwarded • Implementable on COTS hardware • Make deployed networks programmable – not just configurable • Makes innovation easier • Result: – Increased control: custom forwarding – Reduced cost: API increased competition Ethernet Switch/Router Control Path (Software) Data Path (Hardware) OpenFlow Controller OpenFlow Protocol (SSL/TCP) Control Path OpenFlow Data Path (Hardware) OpenFlow Flow Table Abstraction Software Layer Controller PC OpenFlow Firmware Flow Table Hardware Layer MAC src MAC IP dst Src IP Dst TCP TCP Action sport dport * * 5.6.7.8 * port 1 5.6.7.8 * port 2 * port 3 port 1 port 4 1.2.3.4 OpenFlow Basics Flow Table Entries Rule Action Stats Packet + byte counters 1. 2. 3. 4. 5. Switch VLAN Port ID Forward packet to port(s) Encapsulate and forward to controller Drop packet Send to normal processing pipeline Modify Fields MAC src MAC dst + mask what fields to match Eth type IP Src IP Dst IP Prot TCP sport TCP dport Examples Switching Switch MAC Port src * MAC Eth dst type 00:1f:.. * * VLAN IP ID Src IP Dst IP Prot TCP TCP Action sport dport * * * * IP Dst IP Prot TCP TCP Action sport dport * * port6 Flow Switching Switch MAC Port src MAC Eth dst type port3 00:20.. 00:1f.. 0800 VLAN IP ID Src vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6 Firewall Switch MAC Port src * * MAC Eth dst type * * VLAN IP ID Src IP Dst IP Prot TCP TCP Forward sport dport * * * * * 22 drop Examples Routing Switch MAC Port src * * MAC Eth dst type * * VLAN IP ID Src IP Dst * 5.6.7.8 * * VLAN IP ID Src IP Dst IP Prot vlan1 * * * TCP TCP Action sport dport port6, port7, * * port9 * IP Prot TCP TCP Action sport dport * port6 VLAN Switching Switch MAC Port src * * MAC Eth dst type 00:1f.. * OpenFlow Usage Controller Dedicated OpenFlow Network Aaron’s code PC OpenFlow Rule Switch Action Statistics OpenFlow Protocol OpenFlow Action Switch Rule OpenFlowSwitch.org Statistics OpenFlow Action Switch Rule Statistics Network Design Decisions Forwarding logic (of course) Centralized vs. distributed control Fine vs. coarse grained rules Reactive vs. Proactive rule creation Likely more: open research area Centralized vs Distributed Control Centralized Control Controller OpenFlow Switch Distributed Control Controller OpenFlow Switch Controller OpenFlow Switch OpenFlow Switch OpenFlow Switch Controller OpenFlow Switch Flow Routing vs. Aggregation Both models are possible with OpenFlow Flow-Based Every flow is individually set up by controller Exact-match flow entries Flow table contains one entry per flow Good for fine grain control, e.g. campus networks Aggregated One flow entry covers large groups of flows Wildcard flow entries Flow table contains one entry per category of flows Good for large number of flows, e.g. backbone Reactive vs. Proactive Both models are possible with OpenFlow Reactive Proactive First packet of flow triggers controller to insert flow entries Efficient use of flow table Every flow incurs small additional flow setup time If control connection lost, switch has limited utility Controller pre-populates flow table in switch Zero additional flow setup time Loss of control connection does not disrupt traffic Essentially requires aggregated (wildcard) rules OpenFlow Application: Network Slicing • Divide the production network into logical slices o each slice/service controls its own packet forwarding o users pick which slice controls their traffic: opt-in o existing production services run in their own slice e.g., Spanning tree, OSPF/BGP • Enforce strong isolation between slices o actions in one slice do not affect another • Allows the (logical) testbed to mirror the production network o real hardware, performance, topologies, scale, users o Prototype implementation: FlowVisor Add a Slicing Layer Between Planes Slice 2 Controller Slice 1 Controller Slice 3 Controller Slice Policies Rules Control/Data Protocol Data Plane Excepts Network Slicing Architecture • A network slice is a collection of sliced switches/routers • Data plane is unmodified – Packets forwarded with no performance penalty – Slicing with existing ASIC • Transparent slicing layer – each slice believes it owns the data path – enforces isolation between slices • i.e., rewrites, drops rules to adhere to slice police – forwards exceptions to correct slice(s) Slicing Policies • The policy specifies resource limits for each slice: – Link bandwidth – Maximum number of forwarding rules – Topology – Fraction of switch/router CPU – FlowSpace: which packets does the slice control? FlowSpace: Maps Packets to Slices Real User Traffic: Opt-In • Allow users to Opt-In to services in real-time o Users can delegate control of individual flows to Slices o Add new FlowSpace to each slice's policy • Example: o "Slice 1 will handle my HTTP traffic" o "Slice 2 will handle my VoIP traffic" o "Slice 3 will handle everything else" • Creates incentives for building high-quality services FlowVisor Implemented on OpenFlow Server Custom Control Plane OpenFlow Controller Servers OpenFlow Controller OpenFlow Controller OpenFlow Network Stub Control Plane Data Plane OpenFlow Protocol FlowVisor OpenFlow OpenFlow Firmware OpenFlow Firmware Data Path Data Path Switch/ Router Switch/ Router OpenFlow Controller FlowVisor Message Handling Alice Controller Bob Controller Cathy Controller OpenFlow Policy Check: Is this rule allowed? Policy Check: Who controls this packet? FlowVisor OpenFlow Full Line Rate Forwarding Packet Packet OpenFlow Firmware Data Path Rule Exception OpenFlow Deployments OpenFlow has been prototyped on…. • Ethernet switches – HP, Cisco, NEC, Quanta, + more underway • IP routers – Cisco, Juniper, NEC • Switching chips – Broadcom, Marvell Most (all?) hardware switches now based on Open vSwitch… • Transport switches – Ciena, Fujitsu • WiFi APs and WiMAX Basestations Deployment: Stanford • Our real, production network o 15 switches, 35 APs o 25+ users o 1+ year of use • Same physical network hosts 7 different Stanford demos Deployments: GENI (Public) Industry Interest • Google has been a main proponent of new OpenFlow 1.1 WAN features – ECMP, MPLS-label matching – MPLS LDP-OpenFlow speaking router: NANOG50 • NEC has announced commercial products – Initially for datacenters, talking to providers • Ericsson – “MPLS Openflow and the Split Router Architecture: A Research Approach“ MPLS2010 at Conclusions • Current networks are complicated • OpenFlow is an API – Interesting apps include network slicing • OpenFlow has potential for Service Providers – Custom control for Traffic Engineering – Combined Packet/Circuit switched networks Q&A Assignment #6 – Write Notes on the terms highlighted in Red in slides 36 and 37 – Write a summary of the paper “MPLS Openflow and the Split Router Architecture: A Research Approach“ at MPLS2010