OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari...
-
Upload
alyson-nicholson -
Category
Documents
-
view
239 -
download
5
Transcript of OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari...
![Page 1: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/1.jpg)
OpenFlow:Enabling Innovation in Campus Networks
101064541 葉幸宜
Nick McKeown Tom Anderson Hari Balakrishnan Stanford University University of Washington MIT
Guru Parulkar Larry Peterson Jennifer RexfordStanford University Princeton University Princeton University
Scott Shenker Jonathan Turner University of California, Berkeley Washington University in St. Louis
ACM SIGCOMM Computer Communication Review 2008
2013/5/30
![Page 2: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/2.jpg)
Outlines
• Introduction and Motivation• OpenFlow– Goal– Concepts– Network Architecture– Flow Table Structure– Controller– More Examples
• Conclusion2013/5/30 1/14
![Page 3: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/3.jpg)
Introduction and Motivation
• Experiments we’d like to do– Mobility Management– New Naming/Addressing Schemes– Network Access Control
• If we design our own prototypes …– Closed network– No way to test the prototypes
2013/5/30 2/14
![Page 4: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/4.jpg)
Introduction and Motivation
• Why Internet is closed for innovations?– Commercial vendor won’t open software and
hardware development environment• Complexity to support• Market protection & Barrier-to-entry for competitors
• Existing Solutions– Software only• Performance is not good
– Hardware/Software• Fanout too small
2013/5/30 3/14
![Page 5: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/5.jpg)
OpenFlow
• Goal– Open Platform• For researchers to test new ideas at scale production
networks• Without requiring vendors to expose internal workings
– Bring future Internet to legacy Internet
2013/5/30 4/14
![Page 6: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/6.jpg)
OpenFlow’s Concept
2013/5/30 5/14
Ethernet Switch
OpenFlow Protocol (SSL)
Software Control Plane
Hardware Data Plane
Control Plane
Hardware Data Plane
OpenFlow
OpenFlow Controller
![Page 7: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/7.jpg)
OpenFlow Network Architecture
2013/5/30 6/14
OpenFlowController
OpenFlow-enableCommercial Switch
FlowTableFlowTable
SecureChannelSecure
Channel
PCOpenFlow
Protocol
SSL
HW
SW
OpenFlow Switch specification
NormalSoftwareNormal
Software
NormalDatapathNormal
Datapath
![Page 8: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/8.jpg)
OpenFlow Flow Table Structure
2013/5/30 7/14
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
Rule Action Statistics
1. Forward packet to port(s)2. Encapsulate and forward to controller3. Drop packet4. Send to normal processing pipeline
Packet + byte counters
OpenFlow Switch
HW
SWNormal
SoftwareNormal
SoftwareSecure
ChannelSecure
Channel
NormalDatapathNormal
DatapathFlowTableFlowTable
![Page 9: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/9.jpg)
OpenFlow Flow Table Structure
2013/5/30 7/14
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
Rule Action Statistics
1. Forward packet to port(s)2. Encapsulate and forward to controller3. Drop packet4. Send to normal processing pipeline
Packet + byte counters
OpenFlow Switch
HW
SWNormal
SoftwareNormal
SoftwareSecure
ChannelSecure
Channel
NormalDatapathNormal
DatapathFlowTableFlowTable
![Page 10: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/10.jpg)
OpenFlow Flow Table Example
• Ethernet Switching
• IP Routing
• Application Firewall
2013/5/30 8/14
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
* * 00:2D.. * * * * * * * Port5
Action
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * * * * * * 22 Drop
* * * * * * 140.114.. * * * Port3
![Page 11: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/11.jpg)
OpenFlow Controller
• Centralized intelligential agency– Allow multiple researchers create their accounts
to control the flows independently– Add or remove flow-entries
• NOX is an open-source OpenFlow Controller
2013/5/30 9/14OpenFlow SwitchOpenFlow Switch OpenFlow Switch
NOX Controller
![Page 12: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/12.jpg)
Secure Channel
• SSL Connection• Controller discovery protocol• Encapsulate packets for controller• Send link/port state to controller
2013/5/30 10/14
![Page 13: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/13.jpg)
OpenFlow Operation Example
2013/5/30 11/14
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
Amy Access Control
Scheme!
FlowTable
FlowTable
FlowTable
FlowTable
RulesRulesRulesRules
![Page 14: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/14.jpg)
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Amy
Amy Access Control
Scheme!
11/14
![Page 15: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/15.jpg)
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Amy
Amy Access Control
Scheme!
11/14
![Page 16: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/16.jpg)
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Amy
Amy Access Control
Scheme!
11/14
![Page 17: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/17.jpg)
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Amy
Amy Access Control
Scheme!
11/14
![Page 18: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/18.jpg)
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Amy
Amy Access Control
Scheme!
11/14
![Page 19: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/19.jpg)
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Amy
Amy Access Control
Scheme!
11/14
![Page 20: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/20.jpg)
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Bob
Amy Access Control
Scheme!
11/14
![Page 21: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/21.jpg)
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
O-FlowTable
Bob
Amy Access Control
Scheme!
11/14
![Page 22: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/22.jpg)
More Examples for OpenFlow
• Network Management and Access Control– Ex: Phones can only use HTTP service
• VLANs• Mobile wireless VoIP clients– Allowing seamless handover
• Non-IP network– OpenFlow packets could be any kinds of formats
• Processing packets rather than flows2013/5/30 12/14
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
![Page 23: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/23.jpg)
23
OpenFlow Products
2013/5/30
• NEC
• HP
• Pronto
13/14
![Page 24: OpenFlow: Enabling Innovation in Campus Networks 101064541 葉幸宜 Nick McKeownTom AndersonHari Balakrishnan Stanford UniversityUniversity of WashingtonMIT.](https://reader035.fdocuments.net/reader035/viewer/2022062217/56649e705503460f94b6ea41/html5/thumbnails/24.jpg)
Conclusion
• OpenFlow– Standard way to control flow-tables in commercial
switches and routers– An open development environment for all
researchers– Real environment for Future Internet Technologies
2013/5/30 14/14