Openflow and SDN
advertisement
Openflow Y SDN Fundamentos de Open Networking. Soluciones Open Flow Miguel Angel Rodríguez Fernández marodriguez@juniper.net Agenda ARQUITECTURA SDN INTRODUCCION a Openflow Casos Prácticos 2 Copyright © 2009 Juniper Networks, Inc. www.juniper.net ARQUITECTURA SDN 3 Copyright © 2009 Juniper Networks, Inc. www.juniper.net En la actualidad:Cajas cerradas y Protocolos distribuidos Ap p Ap p Ap p Operating System Ap p Specialized Packet Forwarding Hardware Ap p Ap p Ap p Ap p Operating System Specialized Packet Forwarding Hardware Ap p Operating System Ap p Specialized Packet Forwarding Hardware Ap p Ap p Operating System Ap p Ap p Ap p Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware 4 Copyright © 2009 Juniper Networks, Inc. 4 www.juniper.net Un Acercamiento a “Software Defined Networking” App App App Network Operating System Ap p Ap p Ap p Operating System Ap p Specialized Packet Forwarding Hardware Ap p Ap p Ap p Ap p Operating System Specialized Packet Forwarding Hardware Ap p Operating System Ap p Specialized Packet Forwarding Hardware Ap p Ap p Operating System Ap p Ap p Ap p Specialized Packet Forwarding Hardware Operating System 5 Specialized Packet Copyright © 2009 Juniper Networks, Inc. Forwarding Hardware www.juniper.net 5 El Concepto “Software-defined Network” 3. Well-defined open API App App App 2. At least one good operating system Extensible, possibly open-source Network Operating System 1. Open interface to hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware 6 Simple Packet Forwarding Hardware Copyright © 2009 Juniper Networks, Inc. www.juniper.net 6 Software Defined Networking (SDN) Los principales objetivos de SDN Abstraer los elementos de la Red desde las Aplicaciones. Control y Gestión centralizadad de los dispositivos de red de diferentes fabricantes. Tener una Red abierta que permita ser programable y crear servicios de forma sencilla. SDN es una arquitectura que divide el plano de conmutación y permite que sea programable de una forma directa. LAS REDES ABIERTAS ADOPTARAN MAYORES INNOVACIONES. 7 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Arquitectura SDN 8 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Introducción a Openflow 10 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Aproximación a openflow Plano de Control separado del plano de conmutación Plano de Control Centralizado. OpenFlow controller(La plataforma). Lógicamente centralizada y fisicamente distribuida. Plano de conmutación distribuido. OpenFlow switches (Pueden ser routers,firewalls). No es necesario tener protocolos de routing . Software (kernel, hypervisor, userspace), Hardware (merchant silicon, ASICs, OpenFlow optimized ASICs) OpenFlow es el protocolo entre el plano de control y de conmutación. 11 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Plano de Control centralizado y conmutación distribuido. OpenFlow controller Plano de control centralizado OpenFlow protocol OpenFlow switch Plano de conmutación 12 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Arquitectura de un openflow controller Applications Replication Scheduler Data Center Multi Tenancy Load Balancer API (not standard) Basic Services Inventory Topology discovery Infrastructure Path computation Event dispatching GUI Protocol Engines OpenFlow CLI OF-Config FlowVisor (network partitioning) 13 Copyright © 2009 Juniper Networks, Inc. www.juniper.net OpenFlow Controller EVOLUCION A OFN Distributed control plane 14 Control Process Secure Channel Simple Controller Forwarding Table Forwarding/Flow Dispatch Table Traditional Router/Switch Copyright © 2009 Juniper Networks, Inc. www.juniper.net OpenFlow Router/Switch Controller Ejemplo de OpenFlow Software Layer PC OpenFlow Client Flow Table Hardware Layer MAC src MAC dst IP Src IP Dst TCP TCP Action sport dport * * * 5.6.7.8 * port 1 15 5.6.7.8 port 2 * port 3 Copyright © 2009 Juniper Networks, Inc. port 1 port 4 www.juniper.net 1.2.3.4 15 TIPOS DE MENSAJES Tres tipos de mensajes y cada mensaje con múltiples subtipos.:, controller-to-switch, asynchronous y symmetric. Controller-to-switch messages are initiated by the controller and used to directly manage or inspect the state of the switch. Features (query capabilities), modify-state(add/delete/modify flow/group entry), read-state, packet-out Asynchronous messages are initiated by the switch and used to update the controller of network events and changes to the switch state. Such as flow-removed, packet-in, port-status Symmetric messages are initiated by either the switch or the controller and sent without solicitation. hello, echo (request/reply), experimenter 16 Copyright © 2009 Juniper Networks, Inc. www.juniper.net OpenFlow Basics Flow Table Entries (1.0) Rule Switch Port Action Stats Packet + byte 1. Forward packet to zero or counters more ports 2. Encapsulate and forward to controller 3. Send to normal processing pipeline 4. Modify Fields 5. Any extensions you add! VLAN ID VLAN MAC pcp src MAC dst Eth type IP Src IP Dst IP ToS IP Prot + mask what fields to match 17 Copyright © 2009 Juniper Networks, Inc. www.juniper.net 17 L4 sport L4 dport Examples (1/2) Switching Switch MAC Port src * MAC Eth dst type 00:1f:.. * * VLAN IP ID Src IP Dst IP Prot TCP TCP Action sport dport * * * * IP Dst IP Prot TCP TCP Action sport dport * * port6 Flow Switching Switch MAC Port src MAC Eth dst type port3 00:20.. 00:1f.. 0800 VLAN IP ID Src vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6 Firewall Switch MAC Port src * 18 * MAC Eth dst type * * VLAN IP ID Src IP Dst IP Prot TCP TCP Action sport dport * * * * * Copyright © 2009 Juniper Networks, Inc. 22 www.juniper.net 18 drop Examples (2/2) Routing Switch MAC Port src * * MAC Eth dst type * * VLAN IP ID Src IP Dst * 5.6.7.8 * * VLAN IP ID Src IP Dst IP Prot vlan1 * * * TCP TCP Action sport dport port6, port7, * * port9 * IP Prot TCP TCP Action sport dport * port6 VLAN Switching Switch MAC Port src * 19 * MAC Eth dst type 00:1f.. * Copyright © 2009 Juniper Networks, Inc. www.juniper.net 19 OpenFlow v1.0 Switch OpenFlow v1.0 Switch sw Secure Channel OpenFlow Protocol SSL/TLS hw 20 Flow Table Copyright © 2009 Juniper Networks, Inc. www.juniper.net OpenFlow Controller OpenFlow v1.1 Switch OpenFlow v1.1 Switch OpenFlow Protocol Secure Channel Flow Table … Flow Table SSL/TLS Group Table Pipeline 21 Copyright © 2009 Juniper Networks, Inc. www.juniper.net OpenFlow Controller OpenFlow v1.1 Switch OpenFlow v1.1 Switch OpenFlow Protocol Secure Channel Flow Table … Flow Table SSL/TLS Group Table Table Pipeline 22 Copyright © 2009 Juniper Networks, Inc. www.juniper.net OpenFlow Controller CASOS PRACTICOS 23 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Google 24 Keynote at Open Networking Symposium 2012 Urs Hölzle, Senior Vice President Technical Infrastructure Google deployed OpenFlow in I-Scale network In production to connect all Google datacenters Replaced traditional routing protocols Google built OpenFlow switches themselves (but will buy if available) Cost savings (e.g. 100% link utilization, easier management) New opportunities http://www.youtube.com/watch?v=VLHJUfgxEO4 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Data center interconnect wan Openflow instead of routing protocols Logically centralized OpenFlow controller OpenFlow switch no routing protocols 25 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Data center con Arquitectura de SDN Centralized Orchestration Virtualized storage Virtualized services Physical IP Fabric Virtualized Network Virtualized Compute 26 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Multi-tenancy using overlay networks Virtual machine Virtual switch Hypervisor Overlay tunnel 27 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Virtualized services Virtual firewall service 28 Copyright © 2009 Juniper Networks, Inc. www.juniper.net centralized orchestration OF compute, storage, and network Centralized Orchestration Compute Storage Network OpenFlow The IP fabric was not touched Posicionamiento de SDN Juniper is the recognized leader of the network programmability movement, which is the conceptual foundation underlying the SDN approach. Long before the term “SDN” was coined, our disruptive network architectures were built on the premise of using innovative software to give customers unprecedented levels of flexibility and control, with an end goal of transforming the economics and experience of networking. By simultaneously simplifying and opening up the network, Juniper pioneered the core capabilities and concepts behind SDNs. Open network Technologies FOR Innovation Network-aware Apps OSS/BSS Topology Client Path Client ... Juniper and Custom Space UIs / Workflows SNMP NETCONF SYSLOG HTTP RESTful Web Services Juniper and Custom Application APIs Network Orchestration ALTO Any OF server controller Junos Space SDK Junos Space (Orchestration, Management, Monitoring Plane) BGP-TE Common Interfaces ALTO ALTO OpenFlow OpenFlow (extensible) Junos SDK: Automation PCP DMI PCE Custom Apps + APIs Custom Packet Processing Apps + APIs Custom Apps + APIs on any OS Common APIs, RE APIs, Services APIs, Remote (VE) APIs Junos Service Plane (Service Engine) Junos Control Plane (Routing Engine) Network Devices Junos Data Plane (Packet Forwarding Engine) Juniper Custom Silicon Juniper Platform Element Juniper Application Element Junos Virtual Plane (Virtual Engine Environment) GRACIAS. PREGUNTAS
