Openflow Controller Platform for

Carrier-Grade NetworksIDG-CDC2014

Byungjoon LeeETRI SDN Technology Research Section

bjlee@etri.re.kr20/March/2014

2Byungjoon Lee (bjlee@etri.re.kr)

‘Carrier Grade’

Metro Ethernet Forum Definition– describes a set of functionalities and requirements that ar-

chitectures should support in order to fulfill the operational part of network operators• Scalability• Reliability• Quality of Service (QoS)• Service Management

In order to be applied to carrier grade net-works, Openflow must be able to meet these requirements– D. Staessens et al., “Software Defined Networking:

Meeting Carrier Grade Requirements”, Local & Metropol-itan Area Networks (LANMAN), 2011 18th IEEE Workshop on.

3Byungjoon Lee (bjlee@etri.re.kr)

Issues

Scalability– Problems

• Huge number of network elements, including SDN elements• Huge number of flows• Many network domains

– Question• can a controller provide sustainable scalability for all these prob-

lems?

Availability– Problems

• Service providers do not want their network to stop• Reliable failover solution is required

– Question• Is there any controller platform that guarantees non-stop opera-

tion of underlying networks?

4Byungjoon Lee (bjlee@etri.re.kr)

OF 1.3+: How to solve flow table scalability prob-lem

Example: load-balancing application from Broadcom

EnvironmentNo of tables

ConfigurationTotal number of flows re-

quired

Openflow 1.0 1• L4 source port, the load balancing factor• 1 flow entry for each micro flow to load balance the traffic• Load balancing algorithm on the controller

4K

Openflow 1.3 7

• 4 entries in the VLAN flow table to add 4 ingress ports in the VLAN of the ingress traffic

• 1 entry in the Termination MAC flow table that configures the ingress traffic with the router MAC and VLAN

• 1 ECMP group with 4 next hops (and the associated L2 inter-face, L3 unicast groups). This leverages ECMP capabilities of the hardware and the controller is offload with the task

• 1 L3 routing table flow entry to match the IP destination and use the ECMP group as the next hop for the matching traffic

7

Physi-cal port

Ingressportflowtable

VLANflowtable

TerminationMACflowtable

UnicastRouting

MulticastRouting

Bridging

ACLPolicyflowtable

Applyactions

Physi-cal port

5

Group - all

Multicast/broadcast Reduce flow-mod records

Group - indirect

Group – fast failoverGroup – select

ECMP Instead of reactive failover

Red

uce F

low

Tab

le S

ize W

ith

Gro

up

Ta-

ble

En

trie

s

6Byungjoon Lee (bjlee@etri.re.kr)

Question

Switches are now (almost) ready. How about controllers?– Can you scale them if you need more PACKET-IN throughput?– Can you replace the software images without impacting the

network?– Can you make the switches immune to controller failures?

Of course there are ‘elastic’ solutions for this problem, but they are stillnot good enough

ElastiCon: HotSDN 2013

7Byungjoon Lee (bjlee@etri.re.kr)

IRISA Spin-off project from Floodlight

Floodlight– Openflow-based SDN Controller from BigSwitch (Open Source)– Supports Openflow 1.0 (and soon will announce 1.3 support)– Adopted widely by research communities

IRIS (v2.0.0 release is coming)– Yet another Openflow-based SDN Controller from ETRI – With an IO engine implemented from scratch on top of Java NIO– Supports Openflow 1.0~1.3

• Floodlight/Loxigen-based Openflow API

– Provides an Open-source version: OpenIRIS (http://openiris.etri.re.kr) – Provides a northbound API which is fully compliant with that of Floodlight

(to support 3rd party applications from various research communities)– Focus on solving the scalability / availability issues of the

centralized control

8Byungjoon Lee (bjlee@etri.re.kr)

Goal

9Byungjoon Lee (bjlee@etri.re.kr)

Current Status

OpenIRIShttsp://github.com/bjlee72/IRIS

1.3.2-master-xen-final

master

loxigen

Link Discovery,Topology ManagerDevice Manager,Learning Switch,Firewall,State Manager,Storage Manager,

Link Discovery,Topology ManagerDevice Manager,Learning Switch,State Manager,Storage Manager,Firewall (Enhanced),Net Failover (New),Static Entry Pusher (OF1.3 support)

10Byungjoon Lee (bjlee@etri.re.kr)

OpenIRIS and IRIS

OpenIRIS IRIS

Floodlight/Loxi-gen

Performance-Optimized Floodlight/Loxi-gen

Not Supported

Not Supported

Not Supported

3Q

3Q

Portability

Byungjoon Lee (bjlee@etri.re.kr)

IRIS I/O Handling Architecture

11

OFController

queue Thread

queue Thread

queue Thread

queue Thread

process()

handleConnectedEvent()

handlePacketIn()

handleGeneric()

handleReadEvent()

Abstract methods

ClientChannelWatcher

msgs

Connection.read();(implemented on OpenflowJ-IRIS)

ClientChannelWatcher

ClientChannelWatcher

* The number of threads is configurable

OFProtocol

Byungjoon Lee (bjlee@etri.re.kr)

Single-box performance

12

IRIS 1.0.0

IRIS-Xen

IRIS-Loxi-1

11,000,000 flows/sec

10,500,000 flows/sec

2,500,000 flows / sec

Ubuntu 12.04 LTS 64bit (Kernel : 3.5.0-23-generic)CPU : Intel Xeon E5-2690 v2 3.00GHz (20 physical core)RAM : 64G

Testingenvironment

Benchmarking Cbench : 1 corecontroller: max 19 core

IRIS-Loxi-2 5,000,000 flows / sec (Loxigen + ByteBuffer support)

IRIS-Loxi-3 FUTURE PLAN (Hopefully) 10,000,000 flows / sec (IRIS-Loxi-2 + Further Optimization)

13Byungjoon Lee (bjlee@etri.re.kr)

Scalability and Availability support in IRIS

Assumptions– A (large) network is possibly split into multiple unit networks– A unit network is managed by a controller (cluster)

Design– Scalability & Availability for a (large) unit network is

provided by a controller cluster• A cluster consists of multiple controller instances• All controller instances are connected by a ‘middleware’

– Interoperability between unit networks is provided by a controller hierarchy

14Byungjoon Lee (bjlee@etri.re.kr)

Scalability and Availability support in IRIS (1)

Considerations– Addresses exposed to data

plane– Transparency– Horizontal scalability– High availability– State sharing

Functionalities– Load balancing among

physical controller in-stances

– Switch migration• For failed controller in-

stances• For newer controller in-

stances

– Security• Immune to attack such as

DDoS

OF

swit

chS

A C

on-

trolle

r

UnitOpenflowNetwork

IP #1

IP #2

IRISController(Cluster)

Openflow-basedmiddleware (IRIS-HiSA)* security, reliability, scalability

Haze

lcast

Controller instance

Controller instance

Controller instance

Controller instance

Controller instance

We believe OF-basedbrokering middleware

will be one of the promisingapplications of Openflow

15Byungjoon Lee (bjlee@etri.re.kr)

Scalability and Availability support in IRIS (2)

Controllers forms IS-A relationships via controller hierarchySub-controllers flood their topological information to super-controllers

UnitOpen-flow

Network

UnitOpen-flow

Network

UnitOpen-flow

Network

Controller-to-Super ControllerCommunication channels

Controller

Network Topol-ogy

Controllers are able to apply flow records reactively or proactively to the data plane elements at network bordersSub-controllers are able to ask queries to a super-controller about the destinations that it does not know

16Byungjoon Lee (bjlee@etri.re.kr)

Scalability and Availability support in IRIS (3)

Floodlight/IndigoA Network as a “Big Switch”:Recursive Abstraction of Large Networkinto a single switch with many ports

17