SlideShare a Scribd company logo
1 of 22
OpenKilda
Stream Processing Meets OpenFlow
Jeff Young
Product Architecture, Global Platforms
Agenda
• What is the Telstra Programmable Network?
• Why Build on Openflow?
• Why Create (yet another) Openflow Controller?
• Our Solution
• Current State of the Project
• What’s Next?
• Get Involved!
3
TPN – Telstra Programmable Network
(7)
(3)
(1)
(5)
(4)
(2)
(3)
(1)
(1)
(1)
(1)
(1)
NFV Farm Internet Breakout VPN Interconnect
NFV Farm
Sydney, Hong Kong, Tokyo, Singapore, Los
Angeles, New Jersey, London
Internet
Sydney, Hong Kong, Tokyo, Singapore, Los
Angeles, Secaucus New Jersey, London
Telstra NextIP
Interconnect
Sydney, Melbourne
IPVPN/GWAN
Interconnect
Hong Kong, Singapore, New Jersey, London
External
exchanges
AWS (7), ECX (6), AxonVX (2), Epsilon (2), Westin
(1)
• Fortinet Fortigate NGFW
• Fortinet Fortiweb vAppliance
• Palo Alto VM-series
• Cisco vASA
• Cisco CSR1000v • Riverbed vSteelhead
• VeloCloud
• Juniper vSRX
• Cisco Primare vNAM
• FortiAnalyzer
35 Programmable Network
PoPs in 17 cities and 11
countries and territories
Directly connected to
Telstra’s network of more
than 2,000 points of
presence in 200 countries
Connect to leading public
cloud providers via various
DC Exchange providers
4
TPN Platform
Transform customer
experience
Programmable (GUI/
APIs)
Consumption based Data & Analytics Global
Marketplace Global Exchange
Data CentrePublic Cloud
Virtual Network Functions
vFirewall, vRouter, SD-WAN
uCPE
Cloud Connectivity, Data Centre Interconnect, Secure
Internet Access, Virtual Branch Networks
Multiple use cases
IPVPN/ Network
Release 1 (April 2017)
R1.0 enables our
IPVPN customers to
connect to TPN portal
and access the TPN
capabilities.
Release 2 (July 2017)
R2.0 enables our Next
IP customers to
connect to TPN portal
and access the TPN
capabilities.
Release 3 (October
2017)
R3.0 enables our
IPVPN and Next IP
customers to deploy
VNFs on uCPE housed
at their premises
TPN Build Blocks
5
Customer Driven (created)
• Multiple canvases
• Multi-tenant
• Create flows (L2) between building
blocks
“Lego” Building Blocks:
• IPVPN’s
• Exchanges
• VNF’s (in server farms)
• Internet
• Switch Ports
• Bandwidth (on demand)
Open Marketplace
• Bring your own ’service’
One-Click “Deploy”
• Guaranteed deploy time
• Changes as-needed (self-provision)
Why Build Yet Another OpenFlow Controller?

A few of the existing controllers available today:
Our Challenge Was A Bit Unique

At least we thought it was
7
• Global network with POPs in Europe, US,
Asia, Australia and Middle East
• Control Plane with >300ms of latency
• Controllers located in Hong Kong
• Combination of Dark Fiber and Lit Circuits
that don’t all support Link Loss Forwarding
• Guaranteed service, uncontended network
What We Found
8
• Constant topology changes
• Network changes increased
with network complexity
• Correlation of multiple
events
Convergence
• 100K’s messages into/out
of the controller
• Managing >1M Flows
Events
• LAN based controllers
• High latency in Control
Plane
WAN
Features We Wanted
9
Operations:
•Sub-Second Failover
•Auto-re-route based on real-time latency/packet loss/jitter measurements
•Self Healing/Optimizing Network
•Zero Touch Controller Deployment/Upgrade
Architecture:
•Horizontal scale
•Number of switches
•Number of flows
•Negative Affinity In Path Selection
•Path Selection Based on Latency
•Multiple data points for comprehensive end-to-end network state
•Product:
•Complex match/actions using experimenters
•Stats collections at 1 second intervals
•Active Latency Measurement on ISL
•End-to-End Latency Measurements on every flow
Our Solution

10
Floodlight
Regionalized OpenFlow Speakers
Our Solution

11
Floodlight Apache Kafka
Message Queue as ESP Bus
Our Solution

12
Floodlight Apache Kafka Apache Storm
Real-time Stream Processing via Apache Storm
Our Solution

13
Floodlight Apache Kafka Apache Storm
Neo4J
GraphDB - based on Neo4j
Our Solution

14
Floodlight Apache Kafka Apache Storm OpenTSDB
Neo4J
Reporting via OpenTSDB and HBase
Our Solution

15
HDFS
HBASEKAFKA
ZOOKEEPER
STORM OpenTSDB
TOPOLOGY ENGINE
NORTHBOUNDAPI
OPENFLOWSWITCH
NEO4J
Architecture
Sequence Diagram
16
Current State
17
Northbound Interface
• Restful
• Create/Modify/Delete Flow
• Push/Pop/Modify VLANs
• List Flows/Switches
Telemetry
• Flow stats
• Port stats
• Switch status
Operational
• Auto-discover network
• Active monitor of ISL with Latency
• Re-Flow when topology change occurs
API
How’d We Do?

Based On The Original Objectives
18
Sub-Second Failover – NOT YET
Negative Affinity In Path Selection
Active Latency Measurement on ISL
End-to-End Latency Measurement on Flow
Path Selection Based on Latency
Auto-re-route based on real-time latency/packet loss/jitter measurements
Multiple data points for comprehensive end-to-end network state – HALF DONE
Horizontal scale (achieved in testing)
Number of switches - 10K Switches
Number of flows – 16M Flows
Complex match/actions using experimenters – NOT YET
Stats collections at 1 second intervals
Self Healing/Optimizing Network
Zero Touch Controller Deployment/Upgrade
Whats Next for Kilda?
19
Features
• GUI
• Consolidated
Northbound API
• Lightweight
Speaker
• Documentation
Functionality
• Extend topology
event logic
• Complex Match/
Action
• BFD for ISL status
• Fast re-route
• Pre-emptive re-
route
Build
• Shorten build time
• Extend build
pipeline
• Test in sandbox
20
What’s next for TPN?
New Capability
uCPE hardware device
• Customer can deploy VNFs
from marketplace on a uCPE
in their branch 

(Juniper NFX 250)
New virtual network functions
• Juniper vSRX
• VeloCloud SD-WAN
• Riverbed vSteeklhead
Portal enhancements
• Online on-boarding for existing
Telstra customers
• Automated retrieval of
customer’s Telstra VPN and
Internet service for information
display
Exchange &
Marketplace
Programmable
Network
Internet
Secure connection
to the internet
Direct and scalable
connection to public
clouds
Equinix Cloud Exchange
Internet
Next IP/IPVPN
Universal CPE
Firewall
SD-WAN
Router
VNFs
WAN-Opt
Release 3 (October 2017)
R3.0 enables our IPVPN and Next IP
customers to deploy VNFs on uCPE
housed at their premises
Release 2 (July 2017)
R2.0 enables our Next IP customers to
connect to TPN portal and access the TPN
capabilities.
Release 1 (April 2017)
R1.0 enables our IPVPN customers to
connect to TPN portal and access the TPN
capabilities.
Via Cloud Exchange
Firewall
Router
VNF Farms
WAN-Opt
SD-WAN
~32 TPN PoP Data Centres
Globally
Get Involved!

21
Homepage - https://github.com/telstra/open-kilda
(git clone https://github.com/telstra/open-kilda.git)
Native Development
Environment
# clone your GitHub fork
> make build-latest
> docker-compose up
Linux Based Environment
> vagrant up
> vagrant ssh
> ssh-keygen -t rsa –C your_email@example.com
# update your GitHub fork with ssh key
# clone your GitHub fork
> make build-latest
> docker-compose up
Thank you
22

More Related Content

What's hot

Latency considerations in_lte
Latency considerations in_lteLatency considerations in_lte
Latency considerations in_lte
Mary McEvoy Carroll
 
Interrupt Affinityについて
Interrupt AffinityについてInterrupt Affinityについて
Interrupt Affinityについて
Takuya ASADA
 

What's hot (20)

Linux rt in financial markets
Linux rt in financial marketsLinux rt in financial markets
Linux rt in financial markets
 
Packet Walk(s) In Kubernetes
Packet Walk(s) In KubernetesPacket Walk(s) In Kubernetes
Packet Walk(s) In Kubernetes
 
5G NR parameters
5G NR parameters5G NR parameters
5G NR parameters
 
ONOS SDN-IP: Tutorial and Use Case for SDX
ONOS SDN-IP: Tutorial and Use Case for SDXONOS SDN-IP: Tutorial and Use Case for SDX
ONOS SDN-IP: Tutorial and Use Case for SDX
 
私たちはRESTCONFでネットワーク自動化的に何が嬉しくなるのか考えてみた
私たちはRESTCONFでネットワーク自動化的に何が嬉しくなるのか考えてみた私たちはRESTCONFでネットワーク自動化的に何が嬉しくなるのか考えてみた
私たちはRESTCONFでネットワーク自動化的に何が嬉しくなるのか考えてみた
 
Cell management (e ran3.0 05)
Cell management (e ran3.0 05)Cell management (e ran3.0 05)
Cell management (e ran3.0 05)
 
3GPP TS 38.300-100まとめ
3GPP TS 38.300-100まとめ3GPP TS 38.300-100まとめ
3GPP TS 38.300-100まとめ
 
Zte umts load-monitoring and expansion guide
Zte umts load-monitoring and expansion guideZte umts load-monitoring and expansion guide
Zte umts load-monitoring and expansion guide
 
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. GrayOVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
 
End-to-End QoS in LTE
End-to-End QoS in LTEEnd-to-End QoS in LTE
End-to-End QoS in LTE
 
Control Potencia
Control PotenciaControl Potencia
Control Potencia
 
Handover 3g
Handover 3gHandover 3g
Handover 3g
 
Latency considerations in_lte
Latency considerations in_lteLatency considerations in_lte
Latency considerations in_lte
 
Dpdk pmd
Dpdk pmdDpdk pmd
Dpdk pmd
 
Ericsson Lean Carrier
Ericsson Lean CarrierEricsson Lean Carrier
Ericsson Lean Carrier
 
Embedded Virtualization applied in Mobile Devices
Embedded Virtualization applied in Mobile DevicesEmbedded Virtualization applied in Mobile Devices
Embedded Virtualization applied in Mobile Devices
 
OpenWrt From Top to Bottom
OpenWrt From Top to BottomOpenWrt From Top to Bottom
OpenWrt From Top to Bottom
 
Interrupt Affinityについて
Interrupt AffinityについてInterrupt Affinityについて
Interrupt Affinityについて
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking Mechanisms
 
Lte ho parameters trial_01262011
Lte ho parameters trial_01262011Lte ho parameters trial_01262011
Lte ho parameters trial_01262011
 

Similar to OpenKilda: Stream Processing Meets Openflow

Data Center Network Trends - Lin Nease
Data Center Network Trends - Lin NeaseData Center Network Trends - Lin Nease
Data Center Network Trends - Lin Nease
HPDutchWorld
 
Virt july-2013-meetup
Virt july-2013-meetupVirt july-2013-meetup
Virt july-2013-meetup
nvirters
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center Networking
Thomas Graf
 
NFV Infrastructure Manager with High Performance Software Switch Lagopus
NFV Infrastructure Manager with High Performance Software Switch Lagopus NFV Infrastructure Manager with High Performance Software Switch Lagopus
NFV Infrastructure Manager with High Performance Software Switch Lagopus
Hirofumi Ichihara
 
Using OpenStack In a Traditional Hosting Environment
Using OpenStack In a Traditional Hosting EnvironmentUsing OpenStack In a Traditional Hosting Environment
Using OpenStack In a Traditional Hosting Environment
OpenStack Foundation
 

Similar to OpenKilda: Stream Processing Meets Openflow (20)

SDN/NFV: Service Chaining
SDN/NFV: Service Chaining SDN/NFV: Service Chaining
SDN/NFV: Service Chaining
 
Introductionto SDN
Introductionto SDN Introductionto SDN
Introductionto SDN
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
 
Introduction to SDN
Introduction to SDNIntroduction to SDN
Introduction to SDN
 
OpenFlow Tutorial
OpenFlow TutorialOpenFlow Tutorial
OpenFlow Tutorial
 
Platforms for Accelerating the Software Defined and Virtual Infrastructure
Platforms for Accelerating the Software Defined and Virtual InfrastructurePlatforms for Accelerating the Software Defined and Virtual Infrastructure
Platforms for Accelerating the Software Defined and Virtual Infrastructure
 
Data Center Network Trends - Lin Nease
Data Center Network Trends - Lin NeaseData Center Network Trends - Lin Nease
Data Center Network Trends - Lin Nease
 
Virt july-2013-meetup
Virt july-2013-meetupVirt july-2013-meetup
Virt july-2013-meetup
 
Introduction to NBL
Introduction to NBLIntroduction to NBL
Introduction to NBL
 
Automation in Network Lifecycle Management - Bay Area Juniper Meetup
Automation in Network Lifecycle Management - Bay Area Juniper MeetupAutomation in Network Lifecycle Management - Bay Area Juniper Meetup
Automation in Network Lifecycle Management - Bay Area Juniper Meetup
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center Networking
 
Network Virtualization & Software-defined Networking
Network Virtualization & Software-defined NetworkingNetwork Virtualization & Software-defined Networking
Network Virtualization & Software-defined Networking
 
NFV Infrastructure Manager with High Performance Software Switch Lagopus
NFV Infrastructure Manager with High Performance Software Switch Lagopus NFV Infrastructure Manager with High Performance Software Switch Lagopus
NFV Infrastructure Manager with High Performance Software Switch Lagopus
 
Software Defined Networking: Primer
Software Defined Networking: Primer Software Defined Networking: Primer
Software Defined Networking: Primer
 
Scale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 servicesScale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 services
 
Operators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 NetworksOperators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 Networks
 
Three years of OFELIA - taking stock
Three years of OFELIA - taking stockThree years of OFELIA - taking stock
Three years of OFELIA - taking stock
 
Using OpenStack In a Traditional Hosting Environment
Using OpenStack In a Traditional Hosting EnvironmentUsing OpenStack In a Traditional Hosting Environment
Using OpenStack In a Traditional Hosting Environment
 
Nginx performance 2015 09 23
Nginx performance 2015 09 23Nginx performance 2015 09 23
Nginx performance 2015 09 23
 

More from APNIC

More from APNIC (20)

Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
 
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at  CaribNOG 27APNIC Updates presented by Paul Wilson at  CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 

Recently uploaded

audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
lolsDocherty
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
ChloeMeadows1
 

Recently uploaded (16)

Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of apps
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's Guide
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdf
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdf
 
GOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdfGOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdf
 
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirts
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
 
I’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 ShirtI’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 Shirt
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirts
 

OpenKilda: Stream Processing Meets Openflow

  • 1. OpenKilda Stream Processing Meets OpenFlow Jeff Young Product Architecture, Global Platforms
  • 2. Agenda • What is the Telstra Programmable Network? • Why Build on Openflow? • Why Create (yet another) Openflow Controller? • Our Solution • Current State of the Project • What’s Next? • Get Involved!
  • 3. 3 TPN – Telstra Programmable Network (7) (3) (1) (5) (4) (2) (3) (1) (1) (1) (1) (1) NFV Farm Internet Breakout VPN Interconnect NFV Farm Sydney, Hong Kong, Tokyo, Singapore, Los Angeles, New Jersey, London Internet Sydney, Hong Kong, Tokyo, Singapore, Los Angeles, Secaucus New Jersey, London Telstra NextIP Interconnect Sydney, Melbourne IPVPN/GWAN Interconnect Hong Kong, Singapore, New Jersey, London External exchanges AWS (7), ECX (6), AxonVX (2), Epsilon (2), Westin (1) • Fortinet Fortigate NGFW • Fortinet Fortiweb vAppliance • Palo Alto VM-series • Cisco vASA • Cisco CSR1000v • Riverbed vSteelhead • VeloCloud • Juniper vSRX • Cisco Primare vNAM • FortiAnalyzer 35 Programmable Network PoPs in 17 cities and 11 countries and territories Directly connected to Telstra’s network of more than 2,000 points of presence in 200 countries Connect to leading public cloud providers via various DC Exchange providers
  • 4. 4 TPN Platform Transform customer experience Programmable (GUI/ APIs) Consumption based Data & Analytics Global Marketplace Global Exchange Data CentrePublic Cloud Virtual Network Functions vFirewall, vRouter, SD-WAN uCPE Cloud Connectivity, Data Centre Interconnect, Secure Internet Access, Virtual Branch Networks Multiple use cases IPVPN/ Network Release 1 (April 2017) R1.0 enables our IPVPN customers to connect to TPN portal and access the TPN capabilities. Release 2 (July 2017) R2.0 enables our Next IP customers to connect to TPN portal and access the TPN capabilities. Release 3 (October 2017) R3.0 enables our IPVPN and Next IP customers to deploy VNFs on uCPE housed at their premises
  • 5. TPN Build Blocks 5 Customer Driven (created) • Multiple canvases • Multi-tenant • Create flows (L2) between building blocks “Lego” Building Blocks: • IPVPN’s • Exchanges • VNF’s (in server farms) • Internet • Switch Ports • Bandwidth (on demand) Open Marketplace • Bring your own ’service’ One-Click “Deploy” • Guaranteed deploy time • Changes as-needed (self-provision)
  • 6. Why Build Yet Another OpenFlow Controller?
 A few of the existing controllers available today:
  • 7. Our Challenge Was A Bit Unique
 At least we thought it was 7 • Global network with POPs in Europe, US, Asia, Australia and Middle East • Control Plane with >300ms of latency • Controllers located in Hong Kong • Combination of Dark Fiber and Lit Circuits that don’t all support Link Loss Forwarding • Guaranteed service, uncontended network
  • 8. What We Found 8 • Constant topology changes • Network changes increased with network complexity • Correlation of multiple events Convergence • 100K’s messages into/out of the controller • Managing >1M Flows Events • LAN based controllers • High latency in Control Plane WAN
  • 9. Features We Wanted 9 Operations: •Sub-Second Failover •Auto-re-route based on real-time latency/packet loss/jitter measurements •Self Healing/Optimizing Network •Zero Touch Controller Deployment/Upgrade Architecture: •Horizontal scale •Number of switches •Number of flows •Negative Affinity In Path Selection •Path Selection Based on Latency •Multiple data points for comprehensive end-to-end network state •Product: •Complex match/actions using experimenters •Stats collections at 1 second intervals •Active Latency Measurement on ISL •End-to-End Latency Measurements on every flow
  • 11. Our Solution
 11 Floodlight Apache Kafka Message Queue as ESP Bus
  • 12. Our Solution
 12 Floodlight Apache Kafka Apache Storm Real-time Stream Processing via Apache Storm
  • 13. Our Solution
 13 Floodlight Apache Kafka Apache Storm Neo4J GraphDB - based on Neo4j
  • 14. Our Solution
 14 Floodlight Apache Kafka Apache Storm OpenTSDB Neo4J Reporting via OpenTSDB and HBase
  • 15. Our Solution
 15 HDFS HBASEKAFKA ZOOKEEPER STORM OpenTSDB TOPOLOGY ENGINE NORTHBOUNDAPI OPENFLOWSWITCH NEO4J Architecture
  • 17. Current State 17 Northbound Interface • Restful • Create/Modify/Delete Flow • Push/Pop/Modify VLANs • List Flows/Switches Telemetry • Flow stats • Port stats • Switch status Operational • Auto-discover network • Active monitor of ISL with Latency • Re-Flow when topology change occurs API
  • 18. How’d We Do?
 Based On The Original Objectives 18 Sub-Second Failover – NOT YET Negative Affinity In Path Selection Active Latency Measurement on ISL End-to-End Latency Measurement on Flow Path Selection Based on Latency Auto-re-route based on real-time latency/packet loss/jitter measurements Multiple data points for comprehensive end-to-end network state – HALF DONE Horizontal scale (achieved in testing) Number of switches - 10K Switches Number of flows – 16M Flows Complex match/actions using experimenters – NOT YET Stats collections at 1 second intervals Self Healing/Optimizing Network Zero Touch Controller Deployment/Upgrade
  • 19. Whats Next for Kilda? 19 Features • GUI • Consolidated Northbound API • Lightweight Speaker • Documentation Functionality • Extend topology event logic • Complex Match/ Action • BFD for ISL status • Fast re-route • Pre-emptive re- route Build • Shorten build time • Extend build pipeline • Test in sandbox
  • 20. 20 What’s next for TPN? New Capability uCPE hardware device • Customer can deploy VNFs from marketplace on a uCPE in their branch 
 (Juniper NFX 250) New virtual network functions • Juniper vSRX • VeloCloud SD-WAN • Riverbed vSteeklhead Portal enhancements • Online on-boarding for existing Telstra customers • Automated retrieval of customer’s Telstra VPN and Internet service for information display Exchange & Marketplace Programmable Network Internet Secure connection to the internet Direct and scalable connection to public clouds Equinix Cloud Exchange Internet Next IP/IPVPN Universal CPE Firewall SD-WAN Router VNFs WAN-Opt Release 3 (October 2017) R3.0 enables our IPVPN and Next IP customers to deploy VNFs on uCPE housed at their premises Release 2 (July 2017) R2.0 enables our Next IP customers to connect to TPN portal and access the TPN capabilities. Release 1 (April 2017) R1.0 enables our IPVPN customers to connect to TPN portal and access the TPN capabilities. Via Cloud Exchange Firewall Router VNF Farms WAN-Opt SD-WAN ~32 TPN PoP Data Centres Globally
  • 21. Get Involved!
 21 Homepage - https://github.com/telstra/open-kilda (git clone https://github.com/telstra/open-kilda.git) Native Development Environment # clone your GitHub fork > make build-latest > docker-compose up Linux Based Environment > vagrant up > vagrant ssh > ssh-keygen -t rsa –C your_email@example.com # update your GitHub fork with ssh key # clone your GitHub fork > make build-latest > docker-compose up