NEC  Corpora)on  of  America  

ProgrammableFlow:  OpenFlow  Network  Fabric    

Page 1

Samrat Ganguly, PhD

ProgrammableFlow Controller

ProgrammableFlow Switch Family

Introducing ProgrammableFlow

Software Defined Network Suite ▐  First OpenFlow-enabled network fabric ▐  Design, deploy, monitor and manage secure, multitenant networks ▐  Programmatic control of traffic flows for agility and productivity

Page 2

V2.0

PF5820 (10G/40G) PF5240 (1G/10G)

API API

Infrastructure Layer

Network Control Layer

Application Layer

Network Device Network Device Network Device

Network Services

Network Device Network Device

Control Data Plane Interface (e.g., OpenFlow)

Network Architecture

Network  Aware  Applica7ons  Network  Aware  Applica7ons  Network  Aware  Applica7ons  

Network Information

Network Control

NEC ProgrammableFlow Controller

API API

Infrastructure Layer

Network Control Layer

Flow-level Traffic Information Topology Information Network Link Usage Station mapping Switch Port status Congestion Alerts

Network Device Network Device Network Device

Network Device Network Device

Control Data Plane Interface (e.g., OpenFlow)

Functionality

Network Information

Network Control

NEC ProgrammableFlow Controller

Create Network (L2/L3) End-point mapping ACLs Rerouting policies QoS Control

Network Virtualization Multipath Routing Multiclass Routing Flow Table Optimization End-to-end Reliability Network-assisted Monitoring

Virtual  Network  Programming  Framework  servers  

Switche

s\  Links  

Virtua

lized

 Network  

Page 5

Virtual Router

Virtual Bridge

Virtualized Physical Network

•  Hides physical switches, ports, network topology, protocols •  Zero switch/port level configuration on deployment

•  Automatically optimizes underlying network resources

Automated Deployment on Physical Network

Page 6

Network Virtualization Plane One aggregated network view and control

Switche

s\  Links  

Virtual Network

Virtual Network

Virtual Network 1 2 3

Create  Mul7ple  Virtual  Networks  

Page 7

Layer-2 and Layer-3 Packet Forwarding

VTN-1 VTN-2

VM1 VM2 VM3 VM4

vlan-10 vlan-10 vlan-20 vlan-30

L2 Connectivity L3 Connectivity

Full Separation

L2 Network L3 Network

Network Virtualization Plane One aggregated network view and control

Network Fabric

Page 8

Multipath Supporting East-West Fabric Traffic

•  Automatically discovers multiple paths (8-way ECMP) •  Automatically avoids loops • No route flapping

Physical Network

Multipath without HW vendor lock-in Support any interconnect topology No complex distributed protocols

Page 9

Multiclass Path Policy

Creating Non-interfering traffic lanes for different traffic class

Page 10

End-to-End Fast Recovery

MCLAG MCLAG

Pre-computed backup paths Migrating flows to end-to-end back up paths Supports scheduled switch maintenance

Page 11

Robust Service/Appliance Failover

x  LB LB

Firewalls

Load balancers

IDS

x  x  

In traffic to appliance

Out traffic from appliance

Out traffic from appliance

Page 12

Centralized Management and Visualization

vRT vEX vBR vBR vEX VTN

QoS Policy Application on Virtualized Network

Unit of Policing l  vExternal, vBridge, vRouter, VTN l  If you set policing to VTN, all of vExternal belong to that VTN is set policing together.

QoS features: Traffic Shaping, TOS Marking, COS Marking Application: (Matching rule, QoS Policy, Virtual Endpoints)

Policy

Page 14

Dynamic ACLs and Conditional Routing

VTN

Define matching criteria (v-Filter) Define Action Map to direction (v-Redirect)

Pass

Drop Redirect

Traffic

(Eg. To selected Appliance Port)

(Eg. To destination Port)

Page 15

Dynamic Service Insertion using Conditional Routing

? ? ?

? ?

WAN To Internet

Page 16

Example Case of Service Insertion: Radware DoS/DDoS Attack Mitigation

OpenFlow Network

PFLOW Controller DoS Detector

DefensePro

WAN Internet

Enterprise Network

Servers

MO

NIT

OR

CO

NTR

OL

Traffic Statistics

Network Path Control

1

2

3

Service Driven Ecosystem @ Interop 2012

Page 17

Appliance Data Layer

Appliance B

Fabric Core Fabric Edge Fabric Edge Fabric Core

Control Layer

Infrastructure Layer

Multi-Vendor OpenFlow Network

VMs Hosts

VMs Hosts

Replication, Migration, Big Data …

Application Layer

Appliance B

Page 18

Interworking of OpenStack and OpenFlow

▐  OpenStack Quantum l OpenStack sub-project l Managing virtual network

▐  OpenFlow Plugin l The plugin to use OpenFlow from

Quantum l Download from https://github.com/nec-openstack/quantum-openflow-plugin

▐  Supported NEC OpenFlow Controllers l Trema　http://trema.github.com/trema/ l ProgrammableFlow PF6800

OpenFlow Plugin

Quantum

Switches

Controller

Nova

Flow setting

VTN4 VTN3 VTN2 VTN1

Page 19

Lab Trial and Production Deployments

Private/Public Cloud

Data Center

Campus Networks

Nationwide Research Networks

Page 20

Summary

Create your own Network Aware Applications leveraging

•  Rich set of Northbound APIs (Information and control) •  High performance network fabric •  End-to-end reliability •  Network-assisted failover •  Conditional routing •  Dynamic QoS policies •  Multi-vendor interoperability •  Field proven system And more …