Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

OpenFlow…

advertisement 
Tutorial: OpenFlow in GENI
Sponsored by the National Science Foundation
“The current Internet is at an impasse
because new architecture cannot be
deployed or even adequately evaluated”
[PST04]
[PST04]: Overcoming the Internet Impasse through Virtualization, Larry Peterson, Scott Shenker, Jonothan Turner
Hotnets 2004
Modified slide from: http://cenic2012.cenic.org/program/slides/CenicOpenFlow-3-9-12-submit.pdf
Sponsored by the National Science Foundation
2
OpenFlow…
• Enables innovation in networking
• Changes practice of networking
Google’s SDN WAN
Sponsored by the National Science Foundation
3
OpenFlow basics
Sponsored by the National Science Foundation
4
Traditional Switch
Sponsored by the National Science Foundation
5
OpenFlow’s basic idea
Sponsored by the National Science Foundation
6
OpenFlow is an API
• Control how packets are forwarded
• Implementable on COTS hardware
• Make deployed networks programmable
– not just configurable
• Makes innovation easier
Modified slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt
Sponsored by the National Science Foundation
7
Network Devices
DHCP
access
router
point
DNS
proxy
VPN
firewall
switch
gateway
NAT
software
Any network device can be OpenFlow enabled
Sponsored by the National Science Foundation
8
Network Function Virtualization (NFV)
Slide from: http://docbox.etsi.org/Workshop/2013/201304_FNTWORKSHOP/S07_NFV/BT_REID.pdf
Sponsored by the National Science Foundation
9
OpenFlow benefits [1]
• External control
–
–
–
–
Enables network Apps
General-purpose computers (Moore’s Law)
Deeper integration
Network hardware becomes a commodity
• Centralized control
– One place for apps to interact (authentication, auth, etc)
– Simplifies algorithms
– Global Optimization and planning
[1]: OpenFlow: A radical New idea in Networking, Thomas A. Limoncelli CACM 08/12 (Vol 55 No. 8)
Sponsored by the National Science Foundation
10
Network Types
Campus
Multiple buildings, heterogeneous IT, groups of users, campus
backbone
Enterprise Data Centers
Security, various sizes, storage, WAN optimizations
Data Centers – Clouds
Multi-tenant, virtualization, disaster recovery, VM mobility
WAN
Diversity, multiple domains/carriers/users
Sponsored by the National Science Foundation
11
Deployment Stories
Google global private WAN [1]
Connects dozens of datacenters worldwide with a long-term average
of 70% utilization over all links
Stanford Campus deployment
Part of Stanford campus
migrated to OpenFlow
NTT’s BGP Free Edge
Internet 2 - AL2S
Can build Layer 2 circuits between https://www.ntt-review.jp/archive/ntttechnical.php?contents=ntr201310fa3.html
any Internet 2 end-points
[1] B4: Experience with a Globally-Deployed Software Defined WAN, SIGCOMM’13, Jain et al.
Sponsored by the National Science Foundation
12
GENI and OpenFlow deployment
• Key GENI concept: slices & deep programmability
– Internet: open innovation in application programs
– GENI: open innovation deep into the network
Good old
Internet
Slice 0
Slice 1
Slice 1
OpenFlow switches one of
the ways GENI is providing
deep programmability
Sponsored by the National Science Foundation
Slice 2
Slice 3
Slice 4
13
GENI OpenFlow Deployment
OpenFlow-enabled hardware switch at:
– Each GENI Rack
– Backbone and regional networks
Sponsored by the National Science Foundation
14
GENI OpenFlow Experiments
VDC: real-time load-balancing functionality
deep into the network to improve QoE
Prasad Calyam, Missouri
MobilityFirst: A new architecture for the
Internet designed for emerging
mobile/wireless service
requirements at scale
Dipankar (Ray)
Raychaudhuri, Rutgers,
leads MobilityFirst
Active CDN: Program content distribution
services deep into the network
Jae Woo Lee,
Columbia
Sponsored by the National Science Foundation
15
How OpenFlow works … (1.0)
Sponsored by the National Science Foundation
16
OpenFlow versions
(Dec ’09) OpenFlow 1.0.0
Simple & widely supported
(‘11) Open Networking
(‘12/’13) OpenFlow 1.3.x
Foundation (ONF)
Complex &
formed to shepherd
support in progress
standards
(Feb ‘11) OpenFlow 1.1.0
Not implemented by HW vendors
(Dec ‘11) OpenFlow 1.2
First ONF standard
(Oct ‘13) OpenFlow 1.4
(Oct‘13) OpenFlow 1.0.2
Under ratification
Docs at: https://www.opennetworking.org/sdn-resources/onf-specifications/openflow
Sponsored by the National Science Foundation
17
OpenFlow controllers
• Open source controller frameworks
–
–
–
–
–
–
NoX/PoX
Open Daylight
FloodLight (BigSwitch)
Trema (NEC)
Maestro
Ryu
• Production controllers
– Mostly customized solutions based on Open Source
frameworks
– ProgrammableFlow - NEC
Sponsored by the National Science Foundation
18
OpenFlow
Any Host
OpenFlow Controller
OpenFlow Protocol (SSL/TCP)
Switch
Control Path
OpenFlow
• The controller is
responsible for
populating forwarding
table of the switch
• In a table miss the
switch asks the
controller
Data Path (Hardware)
Modified slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt
Sponsored by the National Science Foundation
19
OpenFlow in action
Any Host
OpenFlow Controller
OpenFlow Protocol
(SSL/TCP)
Switch
Control Path
OpenFlow
Data Path (Hardware)
• Host1 sends a packet
• If there are no rules
about handling this
packet
– Forward packet to the
controller
– Controller installs a flow
• Subsequent packets
do not go through the
controller
host1
host2
Modified slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt
Sponsored by the National Science Foundation
20
OpenFlow Basics (1.0)
Rule
Action
Stats
Packet + byte counters
1.
2.
3.
4.
5.
Forward packet to port(s)
Encapsulate and forward to controller
Drop packet
Send to normal processing pipeline
Modify Fields
Switch VLAN VLAN MAC
PCP
Port
ID
src
MAC
dst
Eth
type
IP
Src
IP
Dst
IP
Prot
IP
ToS
TCP
sport
TCP
dport
+ mask what fields to match
slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt
Sponsored by the National Science Foundation
21
Use Flow Mods
• Going through the controller on every packet is
inefficient
• Installing Flows either proactively or reactively is
the right thing to do
• A Flow Mod consists of :
– A rule/match on any of the 12 supported fields
– A action about what to do with matched packets
– Timeouts about the rules:
• Hard timeouts
• Idle timeouts
– The packet id in reactive controllers
Sponsored by the National Science Foundation
22
OpenFlow common PitFalls
• Controller is responsible for all traffic, not just your
application!
– ARPs, DHCP, LLDP
• Reactive controllers
– Cause additional latency on some packets
– UDP – many packets queued to your controller by time
flow is set up
• Performance in hardware switches
– Not all actions are supported in hardware
• No STP to prevent broadcast storms
Sponsored by the National Science Foundation
23
Multiplexing Controllers
FlowVisor
• Only one controller per
switch
• FlowVisor is a proxy
controller that can support
multiple controllers
FlowSpace describes packet
flows :
– Layer 1: Incoming port on
switch
– Layer 2: Ethernet src/dst addr,
type, vlanid, vlanpcp
– Layer 3: IP src/dst addr,
protocol, ToS
– Layer 4: TCP/UDP src/dst port
Sponsored by the National Science Foundation
Any Host
Any Host
OpenFlow Controller
OpenFlow Controller
OpenFlow Protocol (SSL/TCP)
Any Host
FlowVisor
OpenFlow Protocol (SSL/TCP)
Switch
Control Path
OpenFlow
Data Path (Hardware)
24
Hands-on
Hand’s
on tutorial
Sponsored by the National Science Foundation
25
OpenFlow Experiments
Debugging OpenFlow experiments is hard:
– Network configuration debugging requires coordination
– Many networking elements in play
– No console access to the switch
Before deploying your OpenFlow experiment
test your controller.
http://mininet.github.com/
Sponsored by the National Science Foundation
http://openvswitch.org/
26
Run an OpenFlow experiment
1 host as OVS switch
3 VMs connected to OVS
Host2
Host1
OVS
• Setup OVS
• Write simple controllers
– e.g. diverge traffic to a
different server
– use python controller PoX
Host3
Sponsored by the National Science Foundation
27
To Save Time …
• Slices have been created for you:
– Slice name: ofNN
• Resources have been added to your slice:
– 1 Xen VM running OVS
– 3 OpenVZ VMs that act as traffic sources & sinks
– Resources are from various InstaGENI racks
• Download your private SSH key
https://portal.geni.net/secure/profile.php#ssh
• Download key and put in a standard place:
$ mv ~/Downloads/id_geni_ssh_rsa ~/.ssh/.
$ chmod 0600 ~/.ssh/id_geni_ssh_rsa
• Add the key to your ssh-agent:
$ ssh-add ~/.ssh/id_geni_ssh_rsa
Sponsored by the National Science Foundation
28
Finding your login information
• Browse to this page
https://portal.geni.net/secure/slices.php
• Click on the slice name (there should be only one)
• Scroll down to the Slice Status section
• Find the row for the aggregate listed on your
worksheet
• Click the "Details" button for this row
– keep this window open throughout the tutorial
• Find your Login information for each of the four
nodes used in this exercise (OVS, host1, host2,
host3)
Sponsored by the National Science Foundation
29
• Part I: Design/Setup
– Obtain Resources
– What is OpenFlow, what can I do with Openflow?
• Part II: Execute
– Configure and Initialize Services
– Execute Experiment
• Part III: Finish
– Teardown Experiment
Sponsored by the National Science Foundation
30
Configure OVS
OVS is a virtual switch running on a xen
VM
• The interfaces of the node are the ports
of the switch
– Configure an ethernet bridge
– add all dataplane ports to the switch
• Can be an OpenFlow switch
– Need to specify the controller (for convenience run
on the same host but it can be anywhere)
• Userspace OVS for this exercise
Sponsored by the National Science Foundation
31
Configure and Initialize OVS
• Log in to OVS host and configure software switch:
$ ifconfig
$ sudo ifconfig eth1 0
Host2
Host1
$ sudo ifconfig eth2 0
eth2
eth1
$ sudo ifconfig eth3 0
$ sudo ovs-vsctl add-port br0 eth1
OVS
$ sudo ovs-vsctl add-port br0 eth2
eth3
$ sudo ovs-vsctl add-port br0 eth3
Host3
$ sudo ovs-vsctl list-ports br0
$ sudo ovs-vsctl set-controller br0 tcp:127.0.0.1:6633
$ sudo ovs-vsctl set-fail-mode br0 secure
$ sudo ovs-vsctl show
Sponsored by the National Science Foundation
32
• Part I: Design/Setup
– Obtain Resources
– What is OpenFlow, what can I do with Openflow?
• Part II: Execute
– Configure and Initialize Services
– Execute Experiment
• Part III: Finish
– Teardown Experiment
Sponsored by the National Science Foundation
33
Experiments (1/4)
1. Use a Learning Switch Controller:
1. See the traffic flow changes between hosts as
the controller is started or stopped.
1. Soft versus hard timeouts for traffic flows.
Sponsored by the National Science Foundation
34
Experiments (1/4)
• Login host1 and start ping host2
$ ping 10.10.1.2
• Start learning switch controller:
$ cd /local/pox
$ ./pox.py --verbose forwarding.l2_learning
• Look at ping… now works.
• Kill controller (Ctrl-c)
• Look at ping… still running,
Sponsored by the National Science Foundation
35
Experiments (2/4)
2. Write and run a Traffic Duplication Controller:
a) Controller will duplicate traffic to a different
(physical) port on the OVS switch.
b) Use tcpdump to see the packet duplication.
Sponsored by the National Science Foundation
36
Experiments (2/4)
• Open 2 windows on OVS host
• Start tcpdump for on OVS:if1 and OVS:if2
• Run duplication controller on OVS:if2
$ cd /local/pox
$ ./pox.py --verbose myDuplicateTraffic -duplicate_port=<data_interface_name>
• Look at ping from host1 to host2.
• Kill controller (Ctrl-c)
Sponsored by the National Science Foundation
37
Experiments (3/4)
3. Write and run a (TCP) port forwarding
controller:
a. Controller will do port forwarding on your OVS
Switch to port specified.
b. Use two netcat servers on host2 to see traffic
delivery.
Sponsored by the National Science Foundation
38
Experiments (3/4)
• Two windows on host2 run the following:
$ nc -l 5000
$ nc -l 6000
• Start learning switch controller:
• On host1:
$ nc 10.10.1.2 5000
• See what happens to traffic
• Kill controller (Ctrl-c)
• Retry with port forwarding controller and see
what happens to traffic, and kill when done.
Sponsored by the National Science Foundation
39
Experiments (4/4)
4. Write and run a server proxy controller
a. To redirect packets to a proxy:
•
•
What fields do you need to overwrite?
Which packets needs special handling?
b. Use netcat to see the deflection
Sponsored by the National Science Foundation
40
Experiments (4/4)
• On host 3:
$ nc –l 7000
• Run proxy controller:
$ cd /local/pox
$ ./pox.py --verbose myProxy
• On host1:
$ nc 10.10.1.2 5000
• Look at host3 window, should now be
getting nc traffic.
Sponsored by the National Science Foundation
41
• Part I: Design/Setup
– Obtain Resources
– What is OpenFlow, what can I do with Openflow?
– Demo: Using OpenFlow in GENI
• Part II: Execute
– Configure and Initialize Services
– Execute Experiment
• Part III: Finish
– Teardown Experiment
Sponsored by the National Science Foundation
42
Part III: Finish Experiment
AM API
aggregate
slice
When your experiment is done, you should always
release your resources.
– Normally this is when you would archive your data
– Delete your slivers at each aggregate
Sponsored by the National Science Foundation
43
Related documents
OpenFlow/SDN at Georgia Tech
OpenFlow/SDN at Georgia Tech
Automatic Configuration of Routing Control Platforms in OpenFlow
Automatic Configuration of Routing Control Platforms in OpenFlow
OFNet: Open Flow Network Emulator for SDN Testing
OFNet: Open Flow Network Emulator for SDN Testing
ppt - Rob-sherwood.net
ppt - Rob-sherwood.net
Notes: This test paper consists of single
Notes: This test paper consists of single
Document
Document
Estinet open flow network simulator and emulator.
Estinet open flow network simulator and emulator.
Download
advertisement