OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth)...
Transcript of OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth)...
![Page 1: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/1.jpg)
OpenFlow BoF
Internet2 Joint Techs – Clemson Jan 31 2011
![Page 2: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/2.jpg)
Sec=ons
• OpenFlow introduc=on • OpenFlow use cases • Current and future deployments • SoBware and hardware • Demos • Discussion
![Page 3: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/3.jpg)
Keys to Openflow/SoBware-‐Defined Networking
• Separa=on of Control Plane & Data Plane with Open API Between the Two
• Logically Centralized Control-‐Plane with Open API to Applica=ons
• Network Slicing/Virtualiza=on
• Creates Open Interfaces between Hardware, OS and Applica=ons Similar to Computer Industry
• Increases Compe==on, Enables Innova=on
![Page 4: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/4.jpg)
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App
App
App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
Opera=ng System
Opera=ng System
Opera=ng System
Opera=ng System
Opera=ng System
App App App
Network Opera=ng System
App App App
Slide from Nick McKeown at Stanford
![Page 5: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/5.jpg)
App
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
App App
Simple Packet Forwarding Hardware Simple Packet
Forwarding Hardware
Network Opera=ng System
1. Open interface to hardware
3. Well-‐defined open API 2. At least one good opera=ng system
Extensible, possibly open-‐source
The “SoBware-‐defined Network”
Slide from Nick McKeown at Stanford
![Page 6: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/6.jpg)
Windows (OS) Windows (OS)
Linux Mac OS
x86 (Computer)
Windows (OS)
App App
Linux Linux Mac OS Mac OS
Virtualiza=on layer
App
Controller 1
App App
Controller 2
Virtualiza=on or “Slicing”
App
OpenFlow
Controller 1 NOX (Network OS)
Controller 2 Network OS
Trend
Computer Industry Network Industry
Slide from Nick McKeown at Stanford
![Page 7: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/7.jpg)
OpenFlow Basics
![Page 8: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/8.jpg)
OpenFlowSwitch.org
OpenFlow Basics (1)
Rule (exact & wildcard) Ac=on Sta=s=cs
Rule (exact & wildcard) Ac=on Sta=s=cs
Rule (exact & wildcard) Ac=on Sta=s=cs
Rule (exact & wildcard) Default Ac=on Sta=s=cs
Exploit the flow table in switches, routers, and chipsets
Flow 1.
Flow 2.
Flow 3.
Flow N.
![Page 9: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/9.jpg)
OpenFlow Basics (2)
Rule (exact & wildcard) Ac=on Sta=s=cs
Small number of fixed ac=ons e.g. unicast, mcast, map-‐to-‐queue, drop
Extended via virtual ports e.g. tunnels, encapsulate, encrypt
As general as possible e.g. Port, VLAN ID, L2, L3, L4, … As wide as possible
Count packets & bytes Expira=on =me/count
![Page 10: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/10.jpg)
Flow Table Entry OpenFlow 1.0 Switch
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
Rule Ac=on Stats
1. Forward packet to port(s) 2. Encapsulate and forward to controller 3. Drop packet 4. Send to normal processing pipeline
+ mask
Packet + byte counters
![Page 11: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/11.jpg)
OpenFlowSwitch.org
OpenFlow Switch specification
Controller
OpenFlow Switch
Flow Table
Secure Channel
PC
SSL
hw
sw
OpenFlow Basics (3)
Add/delete flow entries Encapsulated packets Controller discovery
![Page 12: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/12.jpg)
OpenFlowSwitch.org
Controller
OpenFlow Switch
PC
OpenFlow Usage Dedicated OpenFlow Network
OpenFlow Switch
OpenFlow Switch
OpenFlow Protocol
Chip’s code
Rule Ac=on Sta=s=cs
Rule Ac=on Sta=s=cs Rule Ac=on Sta=s=cs
Chip
![Page 13: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/13.jpg)
What will we do with OpenFlow ?
• 1k-‐3k TCAM Entries in Typical Edge Switch
• Difficult to take advantage of: – Manual Config, SNMP Writes, RADIUS – Limited Ac=ons (allow/deny) – Vendor Specific
• But what if you could program these through a standard API ?
![Page 14: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/14.jpg)
Possible Uses of Openflow (Quick Wins)
• Security Applica=ons – NAC – IDS/IPS – Remote Packet Capture & Injec=on
• VM Mobility – Redirect specific applica=on traffic to remote site – Flow-‐based forwarding – no need to extend en=re broadcast domain – no STP issues
![Page 15: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/15.jpg)
Other Applica=ons
• Load Balancing • n-‐cast
– mul=ple streams over lossy networks
• Load balancing • Policy (Firewall) • Flow based network provisioning
![Page 16: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/16.jpg)
Intercon=nental VM Migra=on Moved a VM from Stanford to Japan without changing its IP.
VM hosted a video game server with ac=ve network connec=ons.
!"#$%&'"("$"#)*+,-+-./%)('"+Moved a VM from Stanford to Japan without changing its IP.
VM hosted a video game server with active network connections.
![Page 17: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/17.jpg)
Possible Uses of Openflow (Quick Wins)
• Dynamic Circuit Provisioning – Don’t need to extend layer-‐2 end-‐to-‐end – Simply direct specific flows down a engineered path with guaranteed priority
– Don’t have to rely on scripted SSH sessions, SNMP or other sub-‐op=mal ways to programma=cally configure switches/routers.
![Page 18: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/18.jpg)
Possible Uses of Openflow (Grand Challenges)
• Distributed Control-‐Plane Architecture Requires a Lot of State to be Synchronized Across Many Devices
• Many Protocols Needed for Synchroniza=on Internally to Networks (OSPF, RSVP, STP, etc)
• Can these “internal” protocols eventually be removed en=rely with only BGP for inter-‐domain route adver=sements ?
![Page 19: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/19.jpg)
Deployments
![Page 20: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/20.jpg)
GENI
• GENI OpenFlow deployment on 8 campuses • Internet2 and NLR backbones • Integrated with Produc=on hardware on campuses
• Backbone, Regionals (funded in GENI Solicita=on 3) and Campuses interconnected
• Outreach to more campuses in future?
![Page 21: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/21.jpg)
OpenFlow and GENI
8 Universi=es, GPO/BBN, & 2 Na=onal Backbones
![Page 22: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/22.jpg)
Internet2 and NLR
• Internet2 – Backbone of 5 NEC IP8800 – Mul=ple 1G connec=ons (in each direc=on) – L2circuits between sites
• NLR – Backbone of 5 HP 6600-‐24XG – 10 G wave between sites
![Page 23: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/23.jpg)
NLR – I2 OpenFlow Core OpenFlow CoreConnectivity v.1.0
I2 ATLA
I2 HOUS I2 LOSA
I2 WASH I2 NEWY
NLR ATLA
NLR CHICNLR DENV
NLR SUNN
NLR SEAT
VLAN 3715VLAN 3716
IU
U of Wash
Stanford
BBN
Internet2NLR
Internet2 Flowvisor: flowvisor.net.internet2.eduNLR Flowvisor: flowvisor.nlr.net
![Page 24: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/24.jpg)
IU Campus Deployment
• Focused on Edge (Closet) Deployment • Goals:
– Stress-‐Test Current Implementa=ons – Verify “Sandboxing” of Openflow – Develop Monitoring Tools – Prepare for Produc=on Deployments
![Page 25: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/25.jpg)
IU Deployment
• HP switches in Testlab and Produc=on – 4 6600s in Bloomington testlab – 1 5406in Testlab/Wireless – 2 5406 used by Engineering – 3500 in Gigapop
• Pronto switches (w/ Purdue Calumet) • NetGear switches • NetFPGA 10G and 1G?
![Page 26: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/26.jpg)
![Page 27: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/27.jpg)
![Page 28: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/28.jpg)
3 New EU Projects: OFELIA, SPARC, CHANGE
![Page 29: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/29.jpg)
EU Project Par=cipants • Germany
– Deutsch Telekom Laboratories – Technishche Universitat Berlin – European Center for ICT – ADVA AG Op=cal Networking – NEC Europe Ltd. – Eurescom
• United Kingdom – University of Essex – Lancaster University – University College London
• Spain – i2CAT Founda=on – University of the Basque
Country, Bilbao • Romania
– Universitatea Politehnica Bucures=
• Sweden – ACREO AB (Sweden) – Ericsson AB Sweden (Sweden)
• Hungary – Ericsson Magyarorszag
Kommunikacios Rendszerek KFT
• Switzerland – Dreamlab Technologies – Eidgenossische Technische
Hochschule Zurich • Italy
– Nextworks – Universita` di Pisa
• Belgium – Interdisciplinary Ins=tute for
Broadband Technology – Universite catholique de
Louvain
![Page 30: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/30.jpg)
OpenFlow Deployment in Japan NEC and JGN2Plus (NICT)
30
• Network virtualiza=on and slicing • HD video distribu=on in different slices
– Baseball game – Snow fes=val
![Page 31: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/31.jpg)
Global Interest
![Page 32: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/32.jpg)
Current Trials and Deployments 68 Trials/Deployments -‐ 13 Countries
![Page 33: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/33.jpg)
USA-‐Academia Stanford University, CA University of Washington, WA Rutgers University, NJ Princeton University, NJ Clemson University, SC Georgia Tech, GA University of Wisconsin at Madison, WI Indiana University ICSI Berkeley, CA University of Massachusets at Lowell Clarkston University Columbia University (course offered) University of Kentucky UC San Diego UC Davis iCAIR/Northwestern Rice University Purdue University Northern Arizona University
Current Trials and Deployments USA-‐Industry Internet2 Cisco Juniper HP Ciena Deutsche Telekom R&D Lab Marvell Broadcom Google Unnamed Data Center Company Toroki Nicira Big switch networks Orange Labs USA-‐Government BBN Unnamed Federal Agency
![Page 34: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/34.jpg)
Brazil University of Campinas Federal University of Rio de Janeiro Federal University of Amazonas Founda=on Center of R&D in Telecomm. Canada University of Toronto Germany T-‐Labs Berlin Leibniz Universität Hannover France ENS Lyon/INRIA India VNIT Mahindra Satyam Italy Politecnico di Torino United Kingdom University College London Lancaster University University of Essex Taiwan Na=onal Center for High-‐Performance Compu=ng Chunghwa Telecom Co
Current Trials and Deployments Japan NEC JGN Plus NICT University of Tokyo Tokyo Ins=tute of Technology Kyushu Ins=tute of Technology NTT Network Innova=on Laboratories KDDI R&D Laboratories Unnamed University South Korea KOREN Seoul Na=onal University Gwangju Ins=tute of Science & Tech Pohang University of Science & Tech Korea Ins=tute of Science & Tech ETRI Chungnam Na=onal University Kyung Hee University Spain University of Granada Switzerland CERN
![Page 35: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/35.jpg)
SoBware and Hardware
![Page 36: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/36.jpg)
Controllers
• The Network “OS” • Open Source
– NOX • Nicira • C++/Python
– Beacon • BigSwitch • Java
– Maestro • Rice • Java
Controller 1
App App
Controller 2
Virtualiza=on or “Slicing”
App
OpenFlow
Controller 1 NOX (Network OS)
Controller 2 Network OS
![Page 37: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/37.jpg)
Flowvisor
• Sends traffic from the same switch(es) to mul=ple controllers
• Acts like a Hypervisor for network equipment • Rule set similar to OpenFlow rules that send traffic to mul=ple controllers
• Most GENI shared infrastructure will use Flowvisor to have mul=ple controllers control the same switches
![Page 38: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/38.jpg)
Fvctl • Fvctl used to control flowvisor (over XMLRPC) • Can create slice, direct traffic to “slices”, see • Flowspace is the set of mapping rules • Devices Iden=fied by DPID chsmall@flowvisor:~$ fvctl listDevices Device 0: 0e:83:00:23:47:c8:bc:00 Device 1: 0e:83:00:26:f1:40:a8:00
chsmall@flowvisor:~$ fvctl listFlowSpace rule 0: FlowEntry[dpid=[all_dpids],ruleMatch=[OFMatch[]],ac=onsList=[Slice:meas_manager=4],id=[236],priority=[10],]
![Page 39: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/39.jpg)
Expedient / Opt-‐In manager
• SoBware to =e campus OpenFlow deployments to GENI.
• Alows Aggregate Providers (Campus) to make a “sliver” of a switch available to researchers
• Integrates with Flowvisor XMLRPC interface and GENI AAA infrastructure – htp://www.openflowswitch.org/foswiki/bin/view/OpenFlow/Deployment/
HOWTO/Produc=onSetup/InstallingExpedientOIM
![Page 40: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/40.jpg)
SNAC
• Simple Network Policy Controller • Web-‐Based Policy manager • IU produc=on SNAC at snac-‐prod.grnoc.iu.edu • Can provide distributed firewall services • Some sta=s=cs collected
![Page 41: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/41.jpg)
![Page 42: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/42.jpg)
![Page 43: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/43.jpg)
OpenFlow Hardware
Cisco Catalyst 6k
NEC IP8800
HP Procurve 5400
Juniper MX-‐series WiMax (NEC)
PC Engines
Quanta LB4G Netgear
More Equipment Soon
![Page 44: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/44.jpg)
NetFPGA and Indigo
• NetFPGA – FPGA card to test protocols in hardware – 4 x 1G and 4 x 10G models – OpenFlow 1.0 implementa=on – Google used it for tes=ng OpenFlow-‐MPLS code
• htp://www.nanog.org/mee=ngs/nanog50/presenta=ons/Monday/NANOG50.Talk17.swhyte_Opensource_LSR_Presenta=on.pdf
• Indigo – Userspace Firmware Reference Release – Support for Broadcom chips used in Pronto/Quanta
![Page 45: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/45.jpg)
Switch Issues • Hw vs Sw rules • Op=onal items in OF Spec
– No one is really implemen=ng rewrite right now • Control Channel resource exhaus=on • CPU exhaus=on and isola=on
– Preven=ng OF traffic affec=ng produc=on vlans • Security • 48bit vs 64 bit DPIDs • General strangeness
– HPs built off live train, NEC uniqueness
![Page 46: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/46.jpg)
OpenVSwitch htp://openvswitch.org
VM-‐aware virtual switch, run distributed over hardware;
!"#$%&'()*+,%,-".//0"#$&1()*+,2034%
506%1()*+,%
78% 78% 78%
!"#$%&'()*+,%
Linux, Xen
OpenFlow
![Page 47: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/47.jpg)
OpenFlow Spec process htp://openflow.org
• V1.0: December 2009 • V1.1: November 2010
– Open but ad-‐hoc process among 10-‐15 companies • Future Planning a more “standard” process from 2011
![Page 48: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/48.jpg)
Measurement Manager
![Page 49: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/49.jpg)
Measurement Manager
• SoBware built by IU for monitoring OpenFlow networks
• Ties into Flowvisor to get list of devices and topology (using LLDP)
• Acts as OF Controller to gather sta=s=cs • Outputs Nagios, GMOC, SNAPP formats
![Page 50: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/50.jpg)
![Page 51: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/51.jpg)
Measurement Manager
Measurement Monitor
OpenFlow messages
Model Builder
XMLRPC Opt-In API
GENI ProjectsGENI Experimenters
AggregateOperators
Plugins
MeasurementManager
Plugins
![Page 52: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/52.jpg)
Demos
• VM Migra=on Demo – Moving a VM between subnets
• Measurement Manager showing Backbone Deployments – Topology and Sta=s=c collec=on in a controller based environment
• Hands-‐on Workshop – htp://www.openflowswitch.org/wk/index.php/HOTITutorial2010
![Page 53: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/53.jpg)
VM Migra=on Demo
VM
Indianapolis Bloomington
Subnet 192.168.99/24 Subnet 192.168.100/24
VM 192.168.99.1
OpenFlow switch OpenFlow switch
![Page 54: OpenFlow)BoF) - Internet22011/01/31 · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)](https://reader034.fdocuments.net/reader034/viewer/2022050123/5f8d122d6bd9f811286fc0b9/html5/thumbnails/54.jpg)
How to get involved
• Experiment with Controllers – NOX: htp://noxrepo.org – Beacon: htp://www.openflowhub.org/
• Switches – SoB switches / Mininet
• OpenFlow tutorial VM
– Hardware switches you already may have