OpenDaylight VTN Policy

www.opendaylight.org

OpenDaylight

Virtual Tenant Network

Policy

January 25, 2015

Masashi Kudo


Contribution from NEC based technology from our products

Consists of VTN Manager and VTN Coordinator

OpenDaylight Virtual Tenant Network(VTN)

VTN

Coordinator

VTN

Manager

・Offers VTN API (northbound)

・Build VTN model using

OpenDaylight API

・Control VTN spanning

multiple SDN controllers

VTN Coordinator:

・Offers virtual node feature

・End-to-end dynamic path

control per VTN

VTN Manager:


• Two policy models on VTN multi tenant virtual network

• Flow Filter Model

• Path Map Model

• Multi tenancy ensures that policies of one VTN do not

affect other VTNs

• Inheritance

• VTN-level policy is inherited to all elements belonging to

the VTN

• Element-level policy overrides VTN-level policy

• Current implementation makes best use of OpenFlow

protocol

VTN Policy


Flow Filter Model (only part of full VTN model)

+type = {in|out}+locationOne of: vtn | vBridge | vNode_name+IF

+statisticsGeneral per IF and FFEntry and per flow

+flowfilterentries: Flow Filter Entry

Flow Filter

+vNode_name+interface_name+new dst MAC+new src MAC+direction

redir_dst

+name: String+flowlistentries: Flow List Entry

Flow List

+matchSimilar to OF match+sequence number

Flow List Entry

+flowlists: Flow List+sequence number+action_type = {pass, drop, redirect}+redirect_destination: redir_dst+set = {priority|dscp}Mark packets on the wire

Flow Filter Entry1

1

1

1

1

*

*

Match:

This selects the traffic

to apply markings

Combine:

Allows to create

different sets of

traffic

Action:

Action type

and marking

Policy Target:

Where in topology

to apply markings


Policy Target Description

VTN logical representation of tenant network

Virtual

node

(vNode)

vBridge logical representation of L2 switch function

vRouter logical representation of L3 router function

vTerminal

Logical representation of virtual node that is

connected to an interface mapped to a physical

port

vTunnellogical representation of Tunnel

(consists of vTEPs and vBypass(es))

vTEP logical representation of Tunnel End Point (TEP)

vBypasslogical representation of connectivity between

controlled networks

Virtual

InterfaceInterface

representation of end point on the virtual node

(VM, servers, appliance, vBridge, vRouter, etc)

Flow Filter Model: Policy Target (VTN info model)


VTN Example

DC 1 DC 2 DC 3

Inter-DC

network

Controller 1 Controller 3

VTN

vRouter

vBridge vBridgevBridge vBridgevTunnel

Controller 2

Logical Network

interface vLink

Physical Network

VTN(Underlay)

vTep vTepvBypass


Fields for matching conditions

Flow Filter Model: Matching Conditions

Command Number Description

mac-destination-address <mac-address> 1 Destination Mac Address

mac-source-address <mac-address> 2 Source Mac Address

mac-ether-type <ether-type-number> 3 Ether type

mac-vlan-priority <vlan-priority-number> 4 VLAN Priority

ip-destination-address <ip-address>/<prefix-length> 5 Destination IP Address

ip-source-address <ip-address>/<prefix-length> 6 Source IP Address

ip-protocol <protocol-number> 7 Protocol Type

ip-dscp <dscp-number> 8 DSCP

l4-destination-port <port-number> [ to <end-port> ] 9 Destination Port

l4-source-port <port-number> [ to <end-port> ] 10 Source Port

DataSrcMAC

VLANPriority

SrcIP

TCP/UDPDst Port

TCP/UDPSrc Port

DstMAC

DstIP

IngressPort

EtherTypeVLANid

IPToS

IPProto

Ｌ１Ｌ２Ｌ３Ｌ４

1 2 3 4 5 6 7 8 9 10


Flow Filter Model: Actions

Intent Description Behavior

Pass Pass packets

Drop Drop packets

Redirect Redirect packets to

a specified point

Priority Set a priority of

packets

Bandwidth Set policing

Statistics Collect statistics

information

PassFlowFilter pass

DropFlowFilter drop

RedirectFlowFilter redirect

FlowFilter statistics Collect Statistics

PriorityFlowFilter priority

FlowFilter pass


Flow Filter Model: Action: Drop

vtn Tenant1

{

vbridge vBridge1

{

flow-filter in

{

sequence-number 1

{

match flow-list match-list-a

action drop

}

(snip)

}

Prohibit traffic

Server-BServer-A

Tenant1vBridge1

Example Configuration

Intent VTN Model

Flow FilterFlow List: match-list-a

flow-list match-list-a type ipv4 {

sequence-number 10 {

ip-destination-address 192.168.10.3/32

}

}

192.168.10.3


Flow Filter Model: Action: Priority

vtn Tenant1

{

vbridge vBridge1

{

flow-filter in

{

sequence-number 1

{


set ip-dscp 55

}

(snip)

}

Traffic priority

Server-BServer-A

Tenant1vBridge1


Intent VTN Model

192.168.10.3


Flow Filter Model: Action: Bandwidth

policing profile POLICING1 {

sequence-number 10{


two-rate three-color {

meter rate-unit kbps cir 6000 cbs 48128 pir 8000 pbs 64000

green-action pass

yellow-action penalty priority 5 ip-dscp 12 drop-precedence 2

red-action drop

(snip)

}

vtn Tenant1

{

vbridge vBridge1

{

policing map profile POLICING1

(snip)

}

Throughput thresholds

and limits

Server-BServer-A

Tenant1vBridge1


Intent VTN Model

192.168.10.3


Flow Filter Model: Action: Redirect

Intent VTN Model

Redirect traffic

Server-BServer-A

Tenant1vBridge1

vtn Tenant1

{

vbridge vBridge1

{

flow-filter in

{

sequence-number 1

{


action redirect

redirect-destination vnode vTerminal1 interface if1

}

(snip)

}


Server-C

vTerminal1

192.168.10.3


Policy target

Path: Set cost on physical link and select a shortest (smallest-cost) path

Matching condition

Specify flows with OpenFlow matching condition

Action

Correlate selected paths with specified flows on physical n/w and/or VTN

Path Map Model

Intent Description Behavior

path map Select a path for flows

which match the

matching condition.

(destination is same)

(mentioned

earlier)

redirect

Redirect packets to a

specified point

(destination is changed)

Path Map

RedirectFlowFilter redirect


Path map consists of:

Flow condition --- equivalent to flow list in flow filter model

Path policy --- defines associated cost for network path

Path map --- correlates flow condition to path policy

Path Map Model

1000

10001000

1000000

10001000

Path policy

SW

SW

SW

SW

SW

SW

SWEP1

Match1 = Path1

Match2 = Path2

Match3 = Path3

Path Map

SW EP2

Path1

Path2

Path3

Demo

Service Chaining Demo

OpenDaylight VTN Policy

Presentations & Public Speaking

Transcript of OpenDaylight VTN Policy