Keys to Openflow/Software-Defined Networking

OpenFlow BoFInternet2 Joint Techs ClemsonJan 31 2011SectionsOpenFlow introductionOpenFlow use casesCurrent and future deploymentsSoftware and hardwareDemosDiscussionKeys to Openflow/Software-Defined NetworkingSeparation of Control Plane & Data Plane with Open API Between the TwoLogically Centralized Control-Plane with Open API to Applications Network Slicing/Virtualization

Creates Open Interfaces between Hardware, OS and Applications Similar to Computer IndustryIncreases Competition, Enables Innovation

Specialized Packet Forwarding HardwareAppAppAppSpecialized Packet Forwarding HardwareAppAppAppSpecialized Packet Forwarding HardwareAppAppAppSpecialized Packet Forwarding HardwareAppAppAppSpecialized Packet Forwarding HardwareOperatingSystemOperatingSystemOperatingSystemOperatingSystemOperatingSystemAppAppAppNetwork Operating SystemAppAppAppSlide from Nick McKeown at StanfordAppSimple Packet Forwarding HardwareSimple Packet Forwarding HardwareSimple Packet Forwarding HardwareAppAppSimple Packet Forwarding HardwareSimple Packet Forwarding HardwareNetwork Operating System1. Open interface to hardware3. Well-defined open API2. At least one good operating systemExtensible, possibly open-sourceThe Software-defined Network

Slide from Nick McKeown at StanfordWindows(OS)Windows(OS)LinuxMacOSx86(Computer)Windows(OS)AppAppLinuxLinuxMacOSMacOSVirtualization layerAppController 1AppAppController2Virtualization or SlicingAppOpenFlowController 1NOX(Network OS)Controller2Network OSTrendComputer IndustryNetwork IndustrySlide from Nick McKeown at Stanford6OpenFlow Basics7

OpenFlowSwitch.orgOpenFlow Basics (1)Rule(exact & wildcard)ActionStatisticsRule(exact & wildcard)ActionStatisticsRule(exact & wildcard)ActionStatisticsRule(exact & wildcard)Default ActionStatisticsExploit the flow table in switches, routers, and chipsetsFlow 1.Flow 2.Flow 3.Flow N.8OpenFlow Basics (2)Rule(exact & wildcard)ActionStatisticsSmall number of fixed actionse.g. unicast, mcast, map-to-queue, dropExtended via virtual portse.g. tunnels, encapsulate, encrypt As general as possiblee.g. Port, VLAN ID, L2, L3, L4, As wide as possibleCount packets & bytesExpiration time/count9Flow Table Entry OpenFlow 1.0 SwitchSwitchPortMACsrcMACdstEthtypeVLANIDIPSrcIPDstIPProtTCPsportTCPdportRuleActionStatsForward packet to port(s)Encapsulate and forward to controllerDrop packetSend to normal processing pipeline+ maskPacket + byte counters

OpenFlowSwitch.orgOpenFlow Switch specification

Controller

OpenFlow SwitchFlowTableSecureChannelPCOpenFlowProtocolSSLhwswOpenFlow Basics (3) Add/delete flow entries Encapsulated packets Controller discovery

11

OpenFlowSwitch.org

Controller

OpenFlow SwitchPCOpenFlow UsageDedicated OpenFlow Network

OpenFlow Switch

OpenFlow Switch

OpenFlowProtocolChips codeRuleActionStatisticsRuleActionStatisticsRuleActionStatisticsChip

12What will we do with OpenFlow ?1k-3k TCAM Entries in Typical Edge SwitchDifficult to take advantage of:Manual Config, SNMP Writes, RADIUSLimited Actions (allow/deny)Vendor SpecificBut what if you could program these through a standard API ?Possible Uses of Openflow (Quick Wins)Security ApplicationsNACIDS/IPSRemote Packet Capture & InjectionVM MobilityRedirect specific application traffic to remote siteFlow-based forwarding no need to extend entire broadcast domain no STP issues Other Applications Load Balancing n-cast multiple streams over lossy networksLoad balancingPolicy (Firewall)Flow based network provisioning

Intercontinental VM MigrationMoved a VM from Stanford to Japan without changing its IP. VM hosted a video game server with active network connections.

Possible Uses of Openflow(Quick Wins)Dynamic Circuit ProvisioningDont need to extend layer-2 end-to-endSimply direct specific flows down a engineered path with guaranteed priority Dont have to rely on scripted SSH sessions, SNMP or other sub-optimal ways to programmatically configure switches/routers.

Possible Uses of Openflow(Grand Challenges)Distributed Control-Plane Architecture Requires a Lot of State to be Synchronized Across Many DevicesMany Protocols Needed for Synchronization Internally to Networks (OSPF, RSVP, STP, etc)Can these internal protocols eventually be removed entirely with only BGP for inter-domain route advertisements ? DeploymentsGENIGENI OpenFlow deployment on 8 campusesInternet2 and NLR backbonesIntegrated with Production hardware on campusesBackbone, Regionals (funded in GENI Solicitation 3) and Campuses interconnectedOutreach to more campuses in future?

OpenFlow and GENI8 Universities, GPO/BBN, & 2 National BackbonesInternet2 and NLRInternet2 Backbone of 5 NEC IP8800Multiple 1G connections (in each direction)L2circuits between sitesNLR Backbone of 5 HP 6600-24XG10 G wave between sites

NLR I2 OpenFlow Core

IU Campus DeploymentFocused on Edge (Closet) DeploymentGoals:Stress-Test Current ImplementationsVerify Sandboxing of Openflow Develop Monitoring Tools Prepare for Production DeploymentsIU DeploymentHP switches in Testlab and Production 4 6600s in Bloomington testlab 1 5406in Testlab/Wireless2 5406 used by Engineering3500 in GigapopPronto switches (w/ Purdue Calumet)NetGear switchesNetFPGA 10G and 1G?

3 New EU Projects:OFELIA, SPARC, CHANGEEU Project ParticipantsGermanyDeutsch Telekom LaboratoriesTechnishche Universitat BerlinEuropean Center for ICTADVA AG Optical NetworkingNEC Europe Ltd.EurescomUnited KingdomUniversity of EssexLancaster UniversityUniversity College LondonSpaini2CAT FoundationUniversity of the Basque Country, BilbaoRomaniaUniversitatea Politehnica Bucuresti

SwedenACREO AB (Sweden)Ericsson AB Sweden (Sweden)HungaryEricsson Magyarorszag Kommunikacios Rendszerek KFTSwitzerlandDreamlab TechnologiesEidgenossische Technische Hochschule ZurichItalyNextworksUniversita` di PisaBelgiumInterdisciplinary Institute for Broadband TechnologyUniversite catholique de Louvain

OpenFlow Deployment in Japan NEC and JGN2Plus (NICT)30Network virtualization and slicingHD video distribution in different slicesBaseball gameSnow festival

Global Interest

Current Trials and Deployments68 Trials/Deployments - 13 Countries

USA-AcademiaStanford University, CA University of Washington, WA Rutgers University, NJ Princeton University, NJ Clemson University, SC Georgia Tech, GA University of Wisconsin at Madison, WI Indiana UniversityICSI Berkeley, CA University of Massachusetts at Lowell Clarkston University Columbia University (course offered) University of Kentucky UC San Diego UC Davis iCAIR/NorthwesternRice University Purdue University Northern Arizona University Current Trials and DeploymentsUSA-Industry Internet2 Cisco Juniper HP Ciena Deutsche Telekom R&D Lab Marvell Broadcom Google Unnamed Data Center CompanyToroki Nicira Big switch networks Orange Labs

USA-GovernmentBBN Unnamed Federal AgencyBrazil University of Campinas Federal University of Rio de Janeiro Federal University of Amazonas Foundation Center of R&D in Telecomm.CanadaUniversity of Toronto Germany T-Labs Berlin Leibniz Universitt HannoverFrance ENS Lyon/INRIA India VNITMahindra SatyamItaly Politecnico di TorinoUnited Kingdom University College LondonLancaster UniversityUniversity of EssexTaiwanNational Center for High-Performance Computing Chunghwa Telecom Co Current Trials and DeploymentsJapan NEC JGN PlusNICT University of Tokyo Tokyo Institute of Technology Kyushu Institute of Technology NTT Network Innovation Laboratories KDDI R&D Laboratories Unnamed UniversitySouth Korea KORENSeoul National University Gwangju Institute of Science & TechPohang University of Science & TechKorea Institute of Science & TechETRIChungnam National UniversityKyung Hee UniversitySpain University of Granada Switzerland CERN Software and HardwareControllersThe Network OSOpen SourceNOXNiciraC++/Python BeaconBigSwitchJavaMaestroRice Java

Controller 1AppAppController2Virtualization or SlicingAppOpenFlowController 1NOX(Network OS)Controller2Network OSFlowvisorSends traffic from the same switch(es) to multiple controllersActs like a Hypervisor for network equipmentRule set similar to OpenFlow rules that send traffic to multiple controllersMost GENI shared infrastructure will use Flowvisor to have multiple controllers control the same switches

FvctlFvctl used to control flowvisor (over XMLRPC)Can create slice, direct traffic to slices, seeFlowspace is the set of mapping rules Devices Identified by DPID

chsmall@flowvisor:~$ fvctl listDevicesDevice 0: 0e:83:00:23:47:c8:bc:00Device 1: 0e:83:00:26:f1:40:a8:00

chsmall@flowvisor:~$ fvctl listFlowSpacerule 0: FlowEntry[dpid=[all_dpids],ruleMatch=[OFMatch[]],actionsList=[Slice:meas_manager=4],id=[236],priority=[10],]

Expedient / Opt-In managerSoftware to tie campus OpenFlow deployments to GENI.Allows Aggregate Providers (Campus) to make a sliver of a switch available to researchersIntegrates with Flowvisor XMLRPC interface and GENI AAA infrastructurehttp://www.openflowswitch.org/foswiki/bin/view/OpenFlow/Deployment/HOWTO/ProductionSetup/InstallingExpedientOIM----- Meeting Notes (1/13/11 11:40) -----Aloos sp 39SNACSimple Network Policy ControllerWeb-Based Policy managerIU production SNAC at snac-prod.grnoc.iu.eduCan provide distributed firewall servicesSome statistics collected

OpenFlow Hardware

Cisco Catalyst 6kNEC IP8800HP Procurve 5400Juniper MX-series

WiMax (NEC)PC Engines

Quanta LB4G

NetgearMore Equipment SoonNetFPGA and IndigoNetFPGA FPGA card to test protocols in hardware4 x 1G and 4 x 10G modelsOpenFlow 1.0 implementationGoogle used it for testing OpenFlow-MPLS code http://www.nanog.org/meetings/nanog50/presentations/Monday/NANOG50.Talk17.swhyte_Opensource_LSR_Presentation.pdfIndigoUserspace Firmware Reference ReleaseSupport for Broadcom chips used in Pronto/Quanta

Switch IssuesHw vs Sw rulesOptional items in OF SpecNo one is really implementing rewrite right nowControl Channel resource exhaustionCPU exhaustion and isolationPreventing OF traffic affecting production vlansSecurity 48bit vs 64 bit DPIDsGeneral strangenessHPs built off live train, NEC uniqueness

OpenVSwitchhttp://openvswitch.orgVM-aware virtual switch, run distributed over hardware;

OpenFlowSpecprocesshttp://openflow.orgV1.0: December 2009V1.1: November 2010Open but adhoc process among 10-15 companiesFuture Planninga more standard process from 2011Measurement ManagerMeasurement ManagerSoftware built by IU for monitoring OpenFlow networksTies into Flowvisor to get list of devices and topology (using LLDP)Acts as OF Controller to gather statisticsOutputs Nagios, GMOC, SNAPP formats

Measurement Manager

DemosVM Migration DemoMoving a VM between subnetsMeasurement Manager showing Backbone DeploymentsTopology and Statistic collection in a controller based environmentHands-on Workshophttp://www.openflowswitch.org/wk/index.php/HOTITutorial2010

VM Migration Demo

IndianapolisBloomingtonSubnet 192.168.99/24 Subnet 192.168.100/24 VM 192.168.99.1

How to get involvedExperiment with ControllersNOX: http://noxrepo.orgBeacon: http://www.openflowhub.org/SwitchesSoft switches / Mininet OpenFlow tutorial VMHardware switches you already may have