OpenFlow
advertisement
OpenFlow/SDN tutorial OFC/NFOEC March, 2012 Srini Seetharaman Deutsche Telekom Silicon Valley Innovation Center 1 Why OpenFlow? 3 The Ossified Network Routing, management, mobility management, access control, VPNs, … Feature Feature Operating System Specialized Packet Forwarding Hardware Million of lines of source code 6000+ RFCs Barrier to entry Billions of gates Bloated Power Hungry Many complex functions baked into the infrastructure OSPF, BGP, multicast, differentiated services, Traffic Engineering, NAT, firewalls, MPLS, redundant layers, … An industry with a “mainframe-mentality”, reluctant to change 4 Open Systems Performance Scale Fidelity Real User Traffic? Complexity Open Simulation medium medium no medium yes Emulation medium low no medium yes Software Switches poor low yes medium yes NetFPGA high low yes high yes Network Processors high medium yes high yes Vendor Switches high high yes low no gap in the tool space none have all the desired attributes! 5 Current Internet Closed to Innovations in the Infrastructure Closed App App App Operating System App Specialized Packet Forwarding Hardware App App App App Operating System Specialized Packet Forwarding Hardware App Operating System App Specialized Packet Forwarding Hardware App App Operating System App App App Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware 6 “Software Defined Networking” approach to open it App App App Network Operating System App App App Operating System App Specialized Packet Forwarding Hardware App App App App Operating System Specialized Packet Forwarding Hardware App Operating System App Specialized Packet Forwarding Hardware App App Operating System App App App Operating System Specialized Packet Forwarding Hardware Specialized Packet Forwarding Hardware The “Software-defined Network” 2. At least one good operating system Extensible, possibly open-source 3. Well-defined open API App App App Network Operating System 1. Open interface to hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware How does OpenFlow work? 9 Ethernet Switch 10 Control Path (Software) Data Path (Hardware) 11 OpenFlow Controller OpenFlow Protocol (SSL/TCP) Control Path OpenFlow Data Path (Hardware) 12 OpenFlow Example Software Layer Controller PC OpenFlow Client Flow Table Hardware Layer MAC src MAC dst IP Src IP Dst TCP TCP Action sport dport * * * 5.6.7.8 * port 1 5.6.7.8 port 2 * port 3 port 1 port 4 1.2.3.4 13 OpenFlow usage Controller Alice’sSwitch Rule OpenFlow Alice’s code PC Decision? Alice’sSwitch Rule OpenFlow OpenFlow Protocol Alice’sSwitch Rule OpenFlow OpenFlow offloads control intelligence to a remote software OpenFlow Basics Flow Table Entries Rule Action Stats Packet + byte counters 1. 2. 3. 4. 5. Switch VLAN Port ID Forward packet to zero or more ports Encapsulate and forward to controller Send to normal processing pipeline Modify Fields Any extensions you add! VLAN MAC pcp src MAC dst Eth type IP Src IP Dst IP L4 IP ToS Prot sport L4 dport + mask what fields to match 15 Examples Switching Switch MAC Port src * MAC Eth dst type 00:1f:.. * * VLAN IP ID Src IP Dst IP Prot TCP TCP Action sport dport * * * * IP Dst IP Prot TCP TCP Action sport dport * * port6 Flow Switching Switch MAC Port src MAC Eth dst type port3 00:20.. 00:1f.. 0800 VLAN IP ID Src vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6 Firewall Switch MAC Port src * * MAC Eth dst type * * VLAN IP ID Src IP Dst IP Prot TCP TCP Action sport dport * * * * * 22 drop 16 Examples Routing Switch MAC Port src * * MAC Eth dst type * * VLAN IP ID Src IP Dst * 5.6.7.8 * * VLAN IP ID Src IP Dst IP Prot vlan1 * * * TCP TCP Action sport dport port6, port7, * * port9 * IP Prot TCP TCP Action sport dport * port6 VLAN Switching Switch MAC Port src * * MAC Eth dst type 00:1f.. * 17 OpenFlow: a pragmatic compromise • + Speed, scale, fidelity of vendor hardware • + Flexibility and control of software and simulation • Vendors don’t need to expose implementation • Leverages hardware inside most switches today (ACL tables) 18 Centralized vs Distributed Control Both models are possible with OpenFlow Centralized Control Controller OpenFlow Switch Distributed Control Controller OpenFlow Switch Controller OpenFlow Switch OpenFlow Switch OpenFlow Switch Controller OpenFlow Switch 19 Flow Routing vs. Aggregation Both models are possible with OpenFlow Aggregated Flow-Based • • • • Every flow is individually set up by controller Exact-match flow entries Flow table contains one entry per flow Good for fine grain control, e.g. campus networks • • • • One flow entry covers large groups of flows Wildcard flow entries Flow table contains one entry per category of flows Good for large number of flows, e.g. backbone 20 Reactive vs. Proactive (pre-populated) Both models are possible with OpenFlow Reactive Proactive • • • • • First packet of flow triggers controller to insert flow entries Efficient use of flow table Every flow incurs small additional flow setup time If control connection lost, switch has limited utility • • • Controller pre-populates flow table in switch Zero additional flow setup time Loss of control connection does not disrupt traffic Essentially requires aggregated (wildcard) rules 21 Usage examples • Alice’s code: – Simple learning switch – Per Flow switching – Network access control/firewall – Static “VLANs” – Her own new routing protocol: unicast, multicast, multipath – Home network manager – Packet processor (in controller) – IPvAlice openflow.org/videos – – – – – VM migration Server Load balancing Mobility manager Power management Network monitoring and visualization – Network debugging – Network slicing … and much more you can create! Topology discovery • OpenFlow controller view is not always complete. For instance, what does the controller see here? OF switch X OF switch Non-OF switch Y Host B Host A Non-OF switch Internet Host C Quiz Time • How do I provide control connectivity? Is it really clean slate? • Why aren’t users complaining about time to setup flows over OpenFlow? (Hint: What is the predominant traffic today?) • Considering switch CPU is the major limit, how can one take down an OpenFlow network? • How to perform topology discovery over OpenFlow-enabled switches? • What happens when you have a non-OpenFlow switch inbetween? • What if there are two islands connected to same controller? • How scalable is OpenFlow? How does one scale deployments? 24 What can you not do with OpenFlow ver1.1 • Non-flow-based (per-packet) networking – e.g., Handling pkt 1 differently from pkt 2 of same flow – yes, this is a fundamental limitation – BUT OpenFlow provides the plumbing to connect devices • New forwarding primitives – BUT provides a nice way to integrate them through extensions • New packet formats/field definitions – BUT a generalized OpenFlow (2.0) is on the horizon • Optical Circuits – BUT efforts underway to apply OpenFlow model to circuits • Low-setup-time individual flows – BUT can push down flows proactively to avoid delays 25 Where is it going? The Open Networking Foundation: Textbox Headline The founding Consortium Adopter Members (as of Feb 2012) List of Members: Promoter Members: Operators and service providers Make up the board of directors Have voting rights Representative of DTAG is Bruno Orth (GTN S&A) Big Switch Networks Broadcom Brocade Ciena Cisco Citrix Comcast CompTIA Cyan Dell Elbrys Ericsson ETRI Extreme Networks EZchip Force10Networks Fujitsu Hitachi HP Huawei IBM Infoblox Intel IP Infusion Ixia Juniper Networks Korea Telecom LineRate Systems LSI Marvell Mellanox Metaswitch Networks Midokura NEC Netgear Netronome Nicira Networks Nokia Siemens Networks Plexxi Inc. Pronto Systems Radware Riverbed Technology Samsung Spirent Tencent Texas Instruments Vello Systems VMware ZTE Corporation Where it’s going • OF v1.1: Extensions for WAN – multiple tables: leverage additional tables – tags and tunnels – multipath forwarding • OF v1.2: Extensible Match structure – Required fields includes IPv6 27 Where it’s going • OF v2+ – generalized matching and actions: an “instruction set” for networking • Several other working groups have been created: – Hybrid group: Specifies how OpenFlow can be included into legacy switches without assuming clean-slate – Config group: Will specify an independent protocol that will help configure OpenFlow parameters out-of-band – .... And more 28 OpenFlow Implementations (Switch and Controller) 29 Current SDN hardware Juniper MX-series NEC IP8800 WiMax (NEC) HP Procurve 5400 Netgear 7324 PC Engines Pronto 3240/3290 Ciena Coredirector More coming soon... 31 Commercial Switch Vendors Model Virtualize Notes HP Procurve 5400zl or 6600 1 OF instance per VLAN -LACP, VLAN and STP processing before OpenFlow -Wildcard rules or non-IP pkts processed in s/w -Header rewriting in s/w -CPU protects mgmt during loop NEC IP8800 1 OF instance per VLAN -OpenFlow takes precedence -Most actions processed in hardware -MAC header rewriting in h/w Pronto 3290 or 3780 with Pica8 or Indigo firmware 1 OF instance per switch -No legacy protocols (like VLAN and STP) -Most actions processed in hardware -MAC header rewriting in h/w 32 Open-source controllers Vendor Notes Vendor Notes Nicira’s NOX •GPL •C++ and Python Stanford’s Beacon •BSD-like license •Java-based SNAC •GPL •Code based on NOX0.4 •Enterprise network •C++, Python and Javascript •Currently used by campuses Maestro (from Rice Univ) •GPL •Based on Java NEC’s Trema •Open-source •Written in C and Ruby •Included test harness 33 Virtualizing OpenFlow 34 Trend App App App Windows Windows Windows (OS) (OS) (OS) Linux Linux Linux App App App Mac Mac Mac OS OS OS Virtualization layer x86 (Computer) Computer Industry Controller11 NOX Controller (Network OS) Controller Controller Network OS 22 Virtualization or “Slicing” OpenFlow Network Industry Isolated “slices” App App Network Operating System 1 Many operating systems, or Many versions App App Network Operating System 2 App App App Network Operating System 3 App Network Operating System 4 Open interface to hardware Virtualization or “Slicing” Layer Open interface to hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware 36 FlowVisor-based Virtualization Heidi’s Controller Aaron’s Controller Craig’s Controller Topology discovery is per slice OpenFlow Protocol OpenFlow Switch OpenFlow FlowVisor & Policy Control OpenFlow Protocol OpenFlow Switch OpenFlow Switch 38 FlowVisor-based Virtualization Separation not only by VLANs, but any L1-L4 pattern Multicast Broadcast OpenFlow Protocol dl_dst=FFFFFFFFFFFF OpenFlow Switch http Load-balancer tp_src=80, or tp_dst=80 OpenFlow FlowVisor & Policy Control OpenFlow Protocol OpenFlow Switch OpenFlow Switch 39 Use Case: New CDN - Turbo Coral ++ Basic Idea: Build a CDN where you control the entire network – – – – All traffic to or from Coral IP space controlled by Experimenter All other traffic controlled by default routing Topology is entire network End hosts are automatically added (no opt-in) Admin Researcher Switch MAC Port src MAC Eth dst type VLAN IP ID Src IP Dst IP Prot TCP TCP sport dport * * * * * * * * 84.65.* * * * * * * * 84.65.* * * * * * * * * * * * * * 42 OpenFlow/SDN for carriers 43 SDN is a hammer for what nail? 1. Packet and Circuit convergence • Most service providers own and operate 2 independent networks : IP and Transport – managed and operated independently – minimal cross-layer awareness – resulting in duplication of functions and resources in multiple layers – and significant capex and opex burdens Convergence to reduce costs and provide value-added services. The Flow Abstraction presents a unifying abstraction OpenFlow-based unified control plane • Packet flows Switch MAC Port src MAC Eth dst type VLAN IP ID Src IP Dst IP Prot TCP TCP sport dport Action • Circuit flows – using the cross-connect table in circuit switches In Port VCG Starting Signal In Lambda Time-Slot Type Out Port VCG Starting Signal Out Lambda Time-Slot Type pac.c Unified Control Plane Controller Interface: OpenFlow Protocol Packet & Circuit Switches Converged Network Demonstration of pac.c NOX OpenFlow Protocol NEW YORK SAN FRANCISCO GE links OC-48 links (2.5 Gbps) HOUSTON 48 2. Improving IP/MPLS control • Basic Idea – Retain MPLS data-plane operations – Replace IP/MPLS control plane • Demonstrate TE & its features • All made simpler – some greatly (eg. AutoRoute) • Some made possible only with SDN (eg. global-optimization) TE 2.0 VPNs 2.0 Routing Optimized FRR/ AutoBw Discovery MPLS-TP Control Label Distribution NETWORK OPERATING SYSTEM Multi-layer Control Recovery Summary • OpenFlow/SDN is evolving to facilitate an ecosystem for innovation • OpenFlow is being deployed in over 100 organizations world-wide – GEC9 in Nov, 2010 showcased nation-wide OF – Internet 2 and NLR starting to serve as the GENI Backbone • OpenFlow is essential for Service Providers – Custom control for Traffic Engineering – Combined Packet/Circuit switched networks Are you innovating in your network? 51
