The document discusses Openflow, which is a communications protocol that gives access to the forwarding plane of a network switch or router. Openflow allows a central controller to control multiple network elements. It consists of an Openflow controller, Openflow protocol, and Openflow devices/agents that run on switches and routers and receive instructions from the controller. The Openflow protocol is used for communication between controllers and agents. Openflow version 1.0 supports lookup into a single flow table and actions like forwarding packets out all ports except the input port, redirecting to the controller, and forwarding to the local CPU.
Deployment Best Practices on WebLogic Server (DOAG IMC Summit 2013)enpit GmbH & Co. KG
1) The document discusses best practices for deploying applications on WebLogic Server. It addresses challenges like managing multiple applications and versions.
2) It provides strategies and tools for deployment including using the Deployer, Ant, Maven, and WLST scripts. It also discusses deployment plans and shared libraries.
3) The document emphasizes starting with a cluster for easy scaling, handling different environment requirements, and best practices for production redeployments like managing versions and retiring applications. It concludes with some pain points in WebLogic deployments.
VXLAN is a protocol that allows large numbers of virtual LANs to be overlaid on a physical network by encapsulating Ethernet frames within UDP packets and transporting them over an IP network. It addresses the scalability limitations of VLANs in large multi-tenant cloud environments by using a 24-bit segment ID rather than a 12-bit VLAN ID. The document provides an overview of VXLAN, why it is used, key concepts like VTEPs and VNIs, and demonstrations of VXLAN configuration on Cisco and Arista switches.
OpenFlow is a standard protocol that allows separation of the control plane from the data plane in network devices like switches. It defines communications between controllers and switches. Controllers install flow entries in switches' flow tables which determine how traffic is forwarded. This allows centralized control over distributed switches using protocols like OpenFlow to program their forwarding behavior.
Dynamic ARP inspection (DAI) is a security feature that prevents man-in-the-middle attacks by validating ARP packets. It relies on DHCP snooping to build a database of valid IP-MAC address bindings. When enabled, DAI will drop ARP packets that do not match entries in the DHCP snooping database, preventing ARP poisoning attacks. The document then demonstrates configuring and testing DAI on a switch to block an ARP poisoning attempt by a rogue workstation.
VXLAN allows layer 2 segments to span layer 3 networks by encapsulating Ethernet frames within UDP packets. This allows virtual machines and servers to communicate securely across physical networks as if they were on the same local area network. VXLAN uses VXLAN Tunnel End Points and a VXLAN Network Identifier to encapsulate packets and identify virtual network segments. Up to 16 million virtual networks can be created, enabling data center tenants and workloads to be isolated from each other while residing on the same physical network.
Show Me Kafka Tools That Will Increase My Productivity! (Stephane Maarek, Dat...confluent
In the Apache Kafka world, there is such a great diversity of open source tools available (I counted over 50!) that it’s easy to get lost. Over the years I have dealt with Kafka, I have learned to particularly enjoy a few of them that save me a tremendous amount of time over performing manual tasks. I will be sharing my experience and doing live demos of my favorite Kafka tools, so that you too can hopefully increase your productivity and efficiency when managing and administering Kafka. Come learn about the latest and greatest tools for CLI, UI, Replication, Management, Security, Monitoring, and more!
The presentation covers the basics of packet forwarding and simplified architecture of the router. Additionally it explains what problem Cisco Express Forwarding (CEF) solves and how. At the end static routing is covered.
Delivered by Dmitry Figol, CCIE R&S #53592.
The document discusses software-defined networking (SDN) and OpenFlow, including:
1) OpenFlow allows the control logic to be separated from the forwarding hardware by defining an open interface between the two. This enables more flexible and programmable networks.
2) OpenFlow works by defining flows that match packets and actions that are applied to the matched packets. The flows are populated and managed by an external controller through the OpenFlow protocol.
3) OpenFlow is being deployed in over 100 organizations and is enabling network innovation through its programmable and customizable nature.
Deployment Best Practices on WebLogic Server (DOAG IMC Summit 2013)enpit GmbH & Co. KG
1) The document discusses best practices for deploying applications on WebLogic Server. It addresses challenges like managing multiple applications and versions.
2) It provides strategies and tools for deployment including using the Deployer, Ant, Maven, and WLST scripts. It also discusses deployment plans and shared libraries.
3) The document emphasizes starting with a cluster for easy scaling, handling different environment requirements, and best practices for production redeployments like managing versions and retiring applications. It concludes with some pain points in WebLogic deployments.
VXLAN is a protocol that allows large numbers of virtual LANs to be overlaid on a physical network by encapsulating Ethernet frames within UDP packets and transporting them over an IP network. It addresses the scalability limitations of VLANs in large multi-tenant cloud environments by using a 24-bit segment ID rather than a 12-bit VLAN ID. The document provides an overview of VXLAN, why it is used, key concepts like VTEPs and VNIs, and demonstrations of VXLAN configuration on Cisco and Arista switches.
OpenFlow is a standard protocol that allows separation of the control plane from the data plane in network devices like switches. It defines communications between controllers and switches. Controllers install flow entries in switches' flow tables which determine how traffic is forwarded. This allows centralized control over distributed switches using protocols like OpenFlow to program their forwarding behavior.
Dynamic ARP inspection (DAI) is a security feature that prevents man-in-the-middle attacks by validating ARP packets. It relies on DHCP snooping to build a database of valid IP-MAC address bindings. When enabled, DAI will drop ARP packets that do not match entries in the DHCP snooping database, preventing ARP poisoning attacks. The document then demonstrates configuring and testing DAI on a switch to block an ARP poisoning attempt by a rogue workstation.
VXLAN allows layer 2 segments to span layer 3 networks by encapsulating Ethernet frames within UDP packets. This allows virtual machines and servers to communicate securely across physical networks as if they were on the same local area network. VXLAN uses VXLAN Tunnel End Points and a VXLAN Network Identifier to encapsulate packets and identify virtual network segments. Up to 16 million virtual networks can be created, enabling data center tenants and workloads to be isolated from each other while residing on the same physical network.
Show Me Kafka Tools That Will Increase My Productivity! (Stephane Maarek, Dat...confluent
In the Apache Kafka world, there is such a great diversity of open source tools available (I counted over 50!) that it’s easy to get lost. Over the years I have dealt with Kafka, I have learned to particularly enjoy a few of them that save me a tremendous amount of time over performing manual tasks. I will be sharing my experience and doing live demos of my favorite Kafka tools, so that you too can hopefully increase your productivity and efficiency when managing and administering Kafka. Come learn about the latest and greatest tools for CLI, UI, Replication, Management, Security, Monitoring, and more!
The presentation covers the basics of packet forwarding and simplified architecture of the router. Additionally it explains what problem Cisco Express Forwarding (CEF) solves and how. At the end static routing is covered.
Delivered by Dmitry Figol, CCIE R&S #53592.
The document discusses software-defined networking (SDN) and OpenFlow, including:
1) OpenFlow allows the control logic to be separated from the forwarding hardware by defining an open interface between the two. This enables more flexible and programmable networks.
2) OpenFlow works by defining flows that match packets and actions that are applied to the matched packets. The flows are populated and managed by an external controller through the OpenFlow protocol.
3) OpenFlow is being deployed in over 100 organizations and is enabling network innovation through its programmable and customizable nature.
Private VLANs allow splitting a regular VLAN into multiple "subdomains" to provide isolation between hosts at layer 2. The domains are isolated broadcast domains that require layer 3 forwarding to communicate. Primary, isolated, and community ports are defined for the sub-VLANs. Primary VLANs deliver frames downstream, isolated VLANs carry frames upstream, and community VLANs allow communication within the same group and to promiscuous ports. The configuration binds VLANs into a private VLAN domain, maps host ports to secondary VLANs, and maps a promiscuous port to all secondary VLANs to allow inter-subnet communication.
This document provides an overview and agenda for a presentation on VXLAN BGP EVPN technology. It begins with an introduction to VXLAN and EVPN concepts. It then outlines the agenda which includes explaining VXLAN configuration, EVPN configuration, underlay configuration, overlay configuration, and EVPN VXLAN service configuration. It also provides a sample migration from a legacy device configuration to a VXLAN BGP EVPN configuration. Various networking acronyms related to VXLAN and EVPN are defined. Sample vendor supported data center technologies and a VXLAN test topology are shown.
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteBruno Decraene
This document discusses Topology Independent LFA (TI-LFA), a fast reroute technique that provides 100% node and link protection using Segment Routing. It begins by outlining requirements for fast reroute, then introduces TI-LFA which computes the post-convergence path and encodes it as a loop-free Segment Routing path. The document analyzes applicability on Orange network topologies and presents simulation results showing TI-LFA achieves low stack depth and path compression. It concludes that TI-LFA is a scalable solution that meets requirements by providing optimal fast reroute paths without side effects.
VSS and vPC are both used to create multi-chassis etherchannel port-channels connecting two physical switches, but they have key differences:
- VSS logically merges two switches into a single switch that is managed as one unit, while vPC keeps the switches separate with independent control planes.
- In VSS, the switches share a single IP address and configuration, whereas vPC switches each have their own IP and configuration.
- VSS supports Layer 3 port-channels across chassis and both PAgP and LACP, while vPC only supports Layer 2 and LACP.
This document summarizes port channels, virtual port channels (vPC), and multi-chassis etherchannel (MCEC) technologies. It discusses the basic design of vPC including components, initialization stages, best practices, and failure scenarios. Key points covered include vPC domains, roles, peer links, consistency checks, and configuration examples on Nexus 5000/7000/FEX platforms. Enhanced vPC (EvPC) and interactions with first hop redundancy protocols are also summarized.
The document discusses Linux networking architecture and covers several key topics in 3 paragraphs or less:
It first describes the basic structure and layers of the Linux networking stack including the network device interface, network layer protocols like IP, transport layer, and sockets. It then discusses how network packets are managed in Linux through the use of socket buffers and associated functions. The document also provides an overview of the data link layer and protocols like Ethernet, PPP, and how they are implemented in Linux.
Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.
- VPNaaS in Neutron aims to provide virtual private network services to OpenStack tenants through the Neutron API and plugins.
- Initial work focused on IPsec VPN support, including defining a resource model and APIs for VPN services, connections, policies and more.
- Future work will explore supporting BGP/MPLS VPNs, which provide inter-AS connectivity and require integration with external MPLS domains and protocols like BGP.
- Two potential architectures are proposed for BGP/MPLS VPN support: one relying on configuring provider edge routers from Neutron, and another using an L3 agent and separate controller/forwarder.
In this session, we’ll review how previous efforts, including Netfilter, Berkley Packet Filter (BPF), Open vSwitch (OVS), and TC, approached the problem of extensibility. We’ll show you an open source solution available within the Red Hat Enterprise Linux kernel, where extending and merging some of the existing concepts leads to an extensible framework that satisfies the networking needs of datacenter and cloud virtualization.
NSO: Network Service Orchestrator enabled by Tail-f Hands-on LabCisco Canada
This document provides an overview and agenda for a hands-on lab on the Network Service Orchestrator (NSO). It includes details on connecting to the lab environment, an introduction to NSO, installing NSO, using packages in NSO, and using the NETSIM network simulator. The lab will cover device and service management in NSO, YANG modeling, and service design. Attendees are provided credentials to access their assigned POD containing simulated network devices to complete the guided exercises over a 4 hour period.
This document provides an overview of Open vSwitch, including what it is, its main components, features, and how it can be used to build virtual network topologies. Open vSwitch is a software-defined networking switch that can be used to create virtual networks and handle network traffic between virtual machines and tunnels. It uses a distributed database, ovsdb-server, and a userspace daemon, ovs-vswitchd, to implement features like virtual switching, tunneling protocols, and OpenFlow support. Examples are provided for using Open vSwitch with KVM virtual machines and GRE tunnels to create virtual network topologies.
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
In this talk Jiří Pírko discusses the design and evolution of the VLAN implementation in Linux, the challenges and pitfalls as well as hardware acceleration and alternative implementations.
Jiří Pírko is a major contributor to kernel networking and the creator of libteam for link aggregation.
Kirill Tsym discusses Vector Packet Processing:
* Linux Kernel data path (in short), initial design, today's situation, optimization initiatives
* Brief overview of DPDK, Netmap, etc.
* Userspace Networking projects comparison: OpenFastPath, OpenSwitch, VPP.
* Introduction to VPP: architecture, capabilities and optimization techniques.
* Basic Data Flow and introduction to vectors.
* VPP Single and Multi-thread modes.
* Router and switch for namespaces example.
* VPP L4 protocol processing - Transport Layer Development Kit.
* VPP Plugins.
Kiril is a software developer at Check Point Software Technologies, part of Next Generation Gateway and Architecture team, developing proof of concept around DPDK and FD.IO VPP. He has years of experience in software, Linux kernel and networking development and has worked for Polycom, Broadcom and Qualcomm before joining Check Point.
This document discusses the limitations of existing networks and introduces the concept of software-defined networking (SDN) as a solution. It outlines that current networks have separate control and data planes, making them difficult to program and innovate on. SDN is proposed to separate the control and data planes, making the network programmable through open interfaces and allowing for centralized control. This enables experimentation, flexibility, and easier integration of new applications and services. The key aspects of SDN architecture include the infrastructure, control, and application layers that communicate through the OpenFlow protocol to enable remote programming of forwarding rules in switches.
Private VLANs allow splitting a regular VLAN into multiple "subdomains" to provide isolation between hosts at layer 2. The domains are isolated broadcast domains that require layer 3 forwarding to communicate. Primary, isolated, and community ports are defined for the sub-VLANs. Primary VLANs deliver frames downstream, isolated VLANs carry frames upstream, and community VLANs allow communication within the same group and to promiscuous ports. The configuration binds VLANs into a private VLAN domain, maps host ports to secondary VLANs, and maps a promiscuous port to all secondary VLANs to allow inter-subnet communication.
This document provides an overview and agenda for a presentation on VXLAN BGP EVPN technology. It begins with an introduction to VXLAN and EVPN concepts. It then outlines the agenda which includes explaining VXLAN configuration, EVPN configuration, underlay configuration, overlay configuration, and EVPN VXLAN service configuration. It also provides a sample migration from a legacy device configuration to a VXLAN BGP EVPN configuration. Various networking acronyms related to VXLAN and EVPN are defined. Sample vendor supported data center technologies and a VXLAN test topology are shown.
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteBruno Decraene
This document discusses Topology Independent LFA (TI-LFA), a fast reroute technique that provides 100% node and link protection using Segment Routing. It begins by outlining requirements for fast reroute, then introduces TI-LFA which computes the post-convergence path and encodes it as a loop-free Segment Routing path. The document analyzes applicability on Orange network topologies and presents simulation results showing TI-LFA achieves low stack depth and path compression. It concludes that TI-LFA is a scalable solution that meets requirements by providing optimal fast reroute paths without side effects.
VSS and vPC are both used to create multi-chassis etherchannel port-channels connecting two physical switches, but they have key differences:
- VSS logically merges two switches into a single switch that is managed as one unit, while vPC keeps the switches separate with independent control planes.
- In VSS, the switches share a single IP address and configuration, whereas vPC switches each have their own IP and configuration.
- VSS supports Layer 3 port-channels across chassis and both PAgP and LACP, while vPC only supports Layer 2 and LACP.
This document summarizes port channels, virtual port channels (vPC), and multi-chassis etherchannel (MCEC) technologies. It discusses the basic design of vPC including components, initialization stages, best practices, and failure scenarios. Key points covered include vPC domains, roles, peer links, consistency checks, and configuration examples on Nexus 5000/7000/FEX platforms. Enhanced vPC (EvPC) and interactions with first hop redundancy protocols are also summarized.
The document discusses Linux networking architecture and covers several key topics in 3 paragraphs or less:
It first describes the basic structure and layers of the Linux networking stack including the network device interface, network layer protocols like IP, transport layer, and sockets. It then discusses how network packets are managed in Linux through the use of socket buffers and associated functions. The document also provides an overview of the data link layer and protocols like Ethernet, PPP, and how they are implemented in Linux.
Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.
- VPNaaS in Neutron aims to provide virtual private network services to OpenStack tenants through the Neutron API and plugins.
- Initial work focused on IPsec VPN support, including defining a resource model and APIs for VPN services, connections, policies and more.
- Future work will explore supporting BGP/MPLS VPNs, which provide inter-AS connectivity and require integration with external MPLS domains and protocols like BGP.
- Two potential architectures are proposed for BGP/MPLS VPN support: one relying on configuring provider edge routers from Neutron, and another using an L3 agent and separate controller/forwarder.
In this session, we’ll review how previous efforts, including Netfilter, Berkley Packet Filter (BPF), Open vSwitch (OVS), and TC, approached the problem of extensibility. We’ll show you an open source solution available within the Red Hat Enterprise Linux kernel, where extending and merging some of the existing concepts leads to an extensible framework that satisfies the networking needs of datacenter and cloud virtualization.
NSO: Network Service Orchestrator enabled by Tail-f Hands-on LabCisco Canada
This document provides an overview and agenda for a hands-on lab on the Network Service Orchestrator (NSO). It includes details on connecting to the lab environment, an introduction to NSO, installing NSO, using packages in NSO, and using the NETSIM network simulator. The lab will cover device and service management in NSO, YANG modeling, and service design. Attendees are provided credentials to access their assigned POD containing simulated network devices to complete the guided exercises over a 4 hour period.
This document provides an overview of Open vSwitch, including what it is, its main components, features, and how it can be used to build virtual network topologies. Open vSwitch is a software-defined networking switch that can be used to create virtual networks and handle network traffic between virtual machines and tunnels. It uses a distributed database, ovsdb-server, and a userspace daemon, ovs-vswitchd, to implement features like virtual switching, tunneling protocols, and OpenFlow support. Examples are provided for using Open vSwitch with KVM virtual machines and GRE tunnels to create virtual network topologies.
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
In this talk Jiří Pírko discusses the design and evolution of the VLAN implementation in Linux, the challenges and pitfalls as well as hardware acceleration and alternative implementations.
Jiří Pírko is a major contributor to kernel networking and the creator of libteam for link aggregation.
Kirill Tsym discusses Vector Packet Processing:
* Linux Kernel data path (in short), initial design, today's situation, optimization initiatives
* Brief overview of DPDK, Netmap, etc.
* Userspace Networking projects comparison: OpenFastPath, OpenSwitch, VPP.
* Introduction to VPP: architecture, capabilities and optimization techniques.
* Basic Data Flow and introduction to vectors.
* VPP Single and Multi-thread modes.
* Router and switch for namespaces example.
* VPP L4 protocol processing - Transport Layer Development Kit.
* VPP Plugins.
Kiril is a software developer at Check Point Software Technologies, part of Next Generation Gateway and Architecture team, developing proof of concept around DPDK and FD.IO VPP. He has years of experience in software, Linux kernel and networking development and has worked for Polycom, Broadcom and Qualcomm before joining Check Point.
This document discusses the limitations of existing networks and introduces the concept of software-defined networking (SDN) as a solution. It outlines that current networks have separate control and data planes, making them difficult to program and innovate on. SDN is proposed to separate the control and data planes, making the network programmable through open interfaces and allowing for centralized control. This enables experimentation, flexibility, and easier integration of new applications and services. The key aspects of SDN architecture include the infrastructure, control, and application layers that communicate through the OpenFlow protocol to enable remote programming of forwarding rules in switches.
Slide deck to give some theoretical background before stepping into the hands-on tutorial at http://sdnhub.org/tutorials/opendaylight. Compared to earlier version of this slide deck, this tutorial slide deck has been updated to focus more on MD-SAL and YANG modeled app development.
Class lecture by Prof. Raj Jain on Introduction to OpenFlow. The talk covers Planes of Networking, Data vs. Control Logic, OpenFlow: Key Ideas, History of OpenFlow, Separation of Control and Data Plane, OpenFlow V1.0, Matching, Counters, Actions, Hardware OpenFlow Switches, Software OpenFlow Switches, Open vSwitch, Open vSwitch Features, OVSDB, OpenFlow V1.1, OpenFlow Hardware Implementation, OpenFlow V1.2, OpenFlow 1.3, OpenFlow V1.4, Implementation Issues, Current Limitations of OpenFlow, OpenFlow Current Activities, Introduction to OpenFlow, Planes of Networking, Data vs. Control Logic, OpenFlow: Key Ideas, History of OpenFlow, Separation of Control and Data Plane, OpenFlow V1.0, Matching, Counters, Actions, Hardware OpenFlow Switches, Software OpenFlow Switches, Open vSwitch, Open vSwitch Features, OVSDB, OpenFlow V1.1, OpenFlow Hardware Implementation, OpenFlow V1.2, OpenFlow 1.3, OpenFlow V1.4, Implementation Issues, Current Limitations of OpenFlow, OpenFlow Current Activities. Video recording available in YouTube.
Бизнес-кейс: защита Персональных Данных при помощи решений компании «Код Безо...Michael Kozloff
Простая модель для оценки ущерба от потери репутации при потери персональных данных клиентов. Представлена на семинаре для партнеров компании "Код Безопасности"
Whether you are replacing Telnet or Terminal, or need a more capable secure remote access tool, SecureCRT is an application you can live in all day long. With the solid security of SSH, extensive session management, and advanced scripting, SecureCRT will help raise your productivity to the nth degree.
Introduction to Software Defined Networking (SDN)rjain51
Class lecture by Prof. Raj Jain on Introduction to . The talk covers Origins of SDN, What is SDN?, Original Definition of SDN, What = Why We need SDN?, SDN Definition, XMPP, XMPP in Data Centers, Path Computation Element, PCE, Forwarding and Control Element, Sample ForCES Exchanges, Application Layer Traffic Optimization, ALTO, ALTO Extension, Current SDN Debate: What vs. How?, SDN Controller Functions, RESTful APIs, OSGi Framework, Open Daylight SDN Controller, OpenDaylight Tools, Affinity Metadata Service, SDN Related Organizations and Projects, SDN Web Sites, Hierarchy of Operations, Introduction to, Origins of SDN, What is SDN?, Original Definition of SDN, What = Why We need SDN?, SDN Definition, XMPP, XMPP in Data Centers, Path Computation Element, PCE, Forwarding and Control Element, Sample ForCES Exchanges, Application Layer Traffic Optimization, ALTO, ALTO Extension, Current SDN Debate: What vs. How?, SDN Controller Functions, RESTful APIs, OSGi Framework, Open Daylight SDN Controller, OpenDaylight Tools, Affinity Metadata Service, SDN Related Organizations and Projects, SDN Web Sites. Video recording available in YouTube.
This document provides an overview of OpenFlow including:
- The need for OpenFlow to facilitate network innovation and programmability.
- How OpenFlow separates the control and data planes through an open interface.
- The basic components of an OpenFlow switch including flow tables, action sets, and packet processing.
- How OpenFlow controllers communicate with switches through secure channels to program flow entries.
- A demonstration of the packet flow through an OpenFlow network from switch to controller.
- Details on OpenDayLight and Mininet which are commonly used for OpenFlow demonstrations.
Ch 02 --- sdn and openflow architectureYoram Orzach
This document provides an overview of SDN and OpenFlow. It describes the traditional network structure with separate control, forwarding, and management planes. With SDN, the control plane is centralized into a controller that programs "dumb" switches via the OpenFlow protocol. The controller manages flow tables on switches to determine how traffic is forwarded. Key OpenFlow components include the controller, OpenFlow channel, flow tables, group tables, and meter tables. The document provides examples of how OpenFlow can implement switching, routing, firewalls, and other network functions through flow table entries.
The document provides an overview of software-defined networking (SDN) fundamentals, including:
- In traditional networks, the control plane and data plane are logically coupled within each network device, whereas SDN separates these planes and centralizes the control plane in an SDN controller.
- The SDN controller holds the entire network description as a graph and can perform optimization calculations. It programs flow entries into forwarding devices using the OpenFlow protocol.
- OpenFlow defines a standard interface that gives access to the forwarding plane of network switches or routers. It separates the data and control planes and allows the control logic to be implemented separately in the SDN controller.
Nick McKeown
Professor
Stanford University
ONS2015: http://bit.ly/ons2015sd
ONS Inspire! Webinars: http://bit.ly/oiw-sd
Watch the talk (video) on ONS Content Archives: http://bit.ly/ons-archives-sd
This document provides a technical overview of OpenFlow Switch Specification version 1.0.0 published in 2009. It discusses how OpenFlow addresses the requirements for software-defined networking by defining a common logical architecture for network devices and a standard communication protocol. The key components of OpenFlow are flow tables within each device to manage packet flows through actions on matched rules, and a secure channel protocol for an SDN controller to communicate with OpenFlow devices and modify flow entries.
This document discusses OpenFlow protocols, including OpenFlow switch and controller communication. It describes the different OpenFlow message types - controller-to-switch messages which manage switch state, asynchronous messages from switch to controller about network events, and symmetric messages that can be sent in either direction. It provides packet structure examples and discusses how OpenFlow channels are used to exchange messages over TLS or TCP. The document explains that switches can communicate with a single or multiple controllers for reliability.
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Thomas Graf
Open vSwitch (OVS) has long been a critical component of the Neutron's reference implementation, offering reliable and flexible virtual switching for cloud environments.
Being an early adopter of the OVS technology, Neutron's reference implementation made some compromises to stay within the early, stable featureset OVS exposed. In particular, Security Groups (SG) have been so far implemented by leveraging hybrid Linux Bridging and IPTables, which come at a significant performance overhead. However, thanks to recent developments and ongoing improvements within the OVS community, we are now able to implement feature-complete security groups directly within OVS.
In this talk we will summarize the existing Security Groups implementation in Neutron and compare its performance with the Open vSwitch-only approach. We hope this analysis will form the foundation of future improvements to the Neutron Open vSwitch reference design.
The idea of programmable networks has recently re-gained momentum due to the emergence of Software-Defined Networking (SDN) and its promises to dramatically simplify network management and enable innovation.
SDN decouples the forwarding hardware from control decisions so to make the latter programmable. The controller, implementing the control plane, communicates with the switching device through, what is commonly referred as, the southbound-API. While network applications communicate with the controller via the northbound-API.
While OpenFlow has emerged as one of the most widely adopted API for the southbound API, the situation is far more fragmented for the northbound API. This presentation will take a fresh look at northbound and southbound SDN interface requirements and will investigate the advantages that the OMG’s Data Distribution Service standard can bring in terms of performance, scalability, and interoperability.
NPV and NPIV feature in MDS switches on SAN networkTanay Chakraborty
This presentation talks about the feature of NPV/NPIV feature in MDS switch.
A little introduction about the SAN network and detail information about NPV/NPIV feature.
In this session we will look at the options for replicating content between Alfresco repositories. Starting with a re-cap of the existing functionality of version 3.3, we will then introduce the new replication features of Alfresco 3.4 including some more advanced scenarios. If you have been paying attention to recent SVN commits then you can't have failed to notice that Alfresco folders can be invaded by aliens. Find out what that means in this session!
This document describes an OpenFlow demo and provides definitions of key OpenFlow concepts. It explains that an OpenFlow controller manages one or more OpenFlow switches by installing flow entries in their flow tables. It then gives examples of how the controller can discover network topology proactively by sending LLDP requests and reactively establish paths between nodes by handling ARP requests and replies to add flow entries.
This document discusses Open vSwitch and its support for stateful services like connection tracking (conntrack) and network address translation (NAT). Open vSwitch is designed to manage overlay networks and provides programmable flow tables and remote management. It aims to integrate conntrack to enable stateful firewalling and NAT functions. This will allow matching on connection states and leveraging existing Linux conntrack and NAT modules. Examples are given of how conntrack and NAT rules could be implemented using these new Open vSwitch capabilities.
This document provides an overview of the OpenFlow protocol based on the ONF specification 1.3.1. It describes the key components of OpenFlow including OpenFlow switches, ports, tables, and the OpenFlow channel. OpenFlow switches use flow tables to process and forward packets. The tables can match on packet headers and apply actions like forwarding to a port or modifying the packet. OpenFlow controllers communicate with switches using the OpenFlow channel to manage flow entries and monitor switch behavior.
This presentation covers the basics about OpenvSwitch and its components. OpenvSwitch is a Open Source implementation of OpenFlow by the Nicira team.
It also also talks about OpenvSwitch and its role in OpenStack Networking
This ppt Explains the CEF-Based Multilayer Switching, deploying
Implementing Inter-VLAN Routing
Layer 3 Switch Processing
CEF-Based MLS Lookups
How to Troubleshoot CEF
Common CEF Problems
Nate Foster
Assistant Professor
Cornell
ONS2015: http://bit.ly/ons2015sd
ONS Inspire! Webinars: http://bit.ly/oiw-sd
Watch the talk (video) on ONS Content Archives: http://bit.ly/ons-archives-sd
Software-defined networking (SDN) uses an approach that allows network administrators to programmatically control network behavior dynamically. OpenFlow is an open standard that defines the communication between the control and forwarding layers of the SDN architecture, allowing the network control to be programmed and managed through open source software rather than proprietary hardware switches. OpenFlow switches use flow tables and groups tables that can be populated and manipulated by an OpenFlow controller using the OpenFlow protocol to determine how packets are forwarded through the network.
1) Data transfer instructions move data without changing it between memory and registers, between registers, and between registers and input/output devices. Common instructions include load, store, move, input, and output.
2) Data manipulation instructions perform operations on data to provide computational capabilities. These include arithmetic instructions like add and subtract, logical and bitwise instructions like AND and OR, and shift instructions.
3) Program control instructions alter program flow, like branches, jumps, calls, and returns. They use status bits set by operations to determine conditional branches. Subroutines use call and return instructions to branch to and from the main program.
OpenFlow enables network innovation by allowing researchers to run experimental protocols on campus networks. It takes OpenFlow switches and separates the data and control planes, with an external controller managing flow tables. This allows experimental traffic to be isolated yet realistic. OpenFlow provides high performance, supports research, isolates production and experimental traffic, and is compatible with vendor switches through upgrades. It offers a cost-effective way to deploy new ideas compared to large-scale SDNs.
The document evaluates OpenFlow implementation in RouterOS 6.6 on an RB750GL router. Testing showed that while the control plane functions, forwarding does not work properly. Packet-in messages are not generated and flows installed by the controller are not matched. This is due to buffers being set to zero, preventing packet-in messages. The router also cannot replace or rewrite packet headers as required. The current implementation is experimental and not production ready.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
artificial intelligence and data science contents.pptxGauravCar
What is artificial intelligence? Artificial intelligence is the ability of a computer or computer-controlled robot to perform tasks that are commonly associated with the intellectual processes characteristic of humans, such as the ability to reason.
› ...
Artificial intelligence (AI) | Definitio
Applications of artificial Intelligence in Mechanical Engineering.pdfAtif Razi
Historically, mechanical engineering has relied heavily on human expertise and empirical methods to solve complex problems. With the introduction of computer-aided design (CAD) and finite element analysis (FEA), the field took its first steps towards digitization. These tools allowed engineers to simulate and analyze mechanical systems with greater accuracy and efficiency. However, the sheer volume of data generated by modern engineering systems and the increasing complexity of these systems have necessitated more advanced analytical tools, paving the way for AI.
AI offers the capability to process vast amounts of data, identify patterns, and make predictions with a level of speed and accuracy unattainable by traditional methods. This has profound implications for mechanical engineering, enabling more efficient design processes, predictive maintenance strategies, and optimized manufacturing operations. AI-driven tools can learn from historical data, adapt to new information, and continuously improve their performance, making them invaluable in tackling the multifaceted challenges of modern mechanical engineering.
Design and optimization of ion propulsion dronebjmsejournal
Electric propulsion technology is widely used in many kinds of vehicles in recent years, and aircrafts are no exception. Technically, UAVs are electrically propelled but tend to produce a significant amount of noise and vibrations. Ion propulsion technology for drones is a potential solution to this problem. Ion propulsion technology is proven to be feasible in the earth’s atmosphere. The study presented in this article shows the design of EHD thrusters and power supply for ion propulsion drones along with performance optimization of high-voltage power supply for endurance in earth’s atmosphere.
Comparative analysis between traditional aquaponics and reconstructed aquapon...bijceesjournal
The aquaponic system of planting is a method that does not require soil usage. It is a method that only needs water, fish, lava rocks (a substitute for soil), and plants. Aquaponic systems are sustainable and environmentally friendly. Its use not only helps to plant in small spaces but also helps reduce artificial chemical use and minimizes excess water use, as aquaponics consumes 90% less water than soil-based gardening. The study applied a descriptive and experimental design to assess and compare conventional and reconstructed aquaponic methods for reproducing tomatoes. The researchers created an observation checklist to determine the significant factors of the study. The study aims to determine the significant difference between traditional aquaponics and reconstructed aquaponics systems propagating tomatoes in terms of height, weight, girth, and number of fruits. The reconstructed aquaponics system’s higher growth yield results in a much more nourished crop than the traditional aquaponics system. It is superior in its number of fruits, height, weight, and girth measurement. Moreover, the reconstructed aquaponics system is proven to eliminate all the hindrances present in the traditional aquaponics system, which are overcrowding of fish, algae growth, pest problems, contaminated water, and dead fish.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...shadow0702a
This document serves as a comprehensive step-by-step guide on how to effectively use PyCharm for remote debugging of the Windows Subsystem for Linux (WSL) on a local Windows machine. It meticulously outlines several critical steps in the process, starting with the crucial task of enabling permissions, followed by the installation and configuration of WSL.
The guide then proceeds to explain how to set up the SSH service within the WSL environment, an integral part of the process. Alongside this, it also provides detailed instructions on how to modify the inbound rules of the Windows firewall to facilitate the process, ensuring that there are no connectivity issues that could potentially hinder the debugging process.
The document further emphasizes on the importance of checking the connection between the Windows and WSL environments, providing instructions on how to ensure that the connection is optimal and ready for remote debugging.
It also offers an in-depth guide on how to configure the WSL interpreter and files within the PyCharm environment. This is essential for ensuring that the debugging process is set up correctly and that the program can be run effectively within the WSL terminal.
Additionally, the document provides guidance on how to set up breakpoints for debugging, a fundamental aspect of the debugging process which allows the developer to stop the execution of their code at certain points and inspect their program at those stages.
Finally, the document concludes by providing a link to a reference blog. This blog offers additional information and guidance on configuring the remote Python interpreter in PyCharm, providing the reader with a well-rounded understanding of the process.
3. OpenFlow
is
a
communicaCons
protocol
that
gives
access
to
the
forwarding
plane
of
a
network
switch
or
router
over
the
network
What
is
Openflow?
(per
Wikipedia
definiCon)
6. Openflow
Controller
|
Northbound
API
Northbound
API
Integral
part
of
Controller
“Network
enabled”
applica.on
can
make
use
of
Northbound
API
to
request
services
from
the
network…
7. Openflow
Device
Agent
Agent
runs
on
the
network
device
Agent
receives
instruc.ons
from
Controller
Agent
programs
device
tables
8. Openflow
Protocol
Openflow
Protocol
is…
“A
mechanism
for
the
Openflow
Controller
to
communicate
with
Openflow
Agents…”
9. Examples
of
Openflow
Open
Source
Controllers
Openflow
Agents
• Open
Source
–
eg.
Indigo
hDp://www.openflowhub.org/display/Indigo/Indigo+-‐+Open+Source+OpenFlow+Switches
• Vendor
Specific
–
eg.
Cisco
OnePK
OF
1.3
agent
(IOS,
IOS-‐XE,
IOS-‐XR,
NX-‐OS)
15. Openflow
v1.0
Data
Data
Data
Switch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
Incoming
packet
arrive
at
Switch
**
CPU
**Openflow
1.0
supports
a
lookup
into
a
single
flow
table
Symmetric
Sync
Messages
(Hello,
Echo,
Vendor…)
16. Openflow
v1.0
Data
Data
Data
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
Fields
from
packet
header
used
for
lookup
key
**
CPU
**Openflow
1.0
supports
a
lookup
into
a
single
flow
table
Lookup
Key
Header
fields
used
to
build
lookup
key
Switch
17. Openflow
v1.0
Switch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
If
no
match,
Controller
programs
switch
flow
table
CPU
Data
Data
Data
18. Openflow
v1.0
Data
Data
Switch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
Forwarding
Engine
forwards
packets
**
CPU
**Openflow
1.0
supports
a
lookup
into
a
single
flow
table
19. Openflow
v1.0
Flow
Table
in
more
detail…
FLOW
TABLE
HEADER
FIELDS
COUNTERS
ACTIONS
…
…
…
…
…
…
FLOW
ENTRY
Flow
“Entry”
consists
of
one
row
in
the
Flow
Table
20. Openflow
v1.0
Flow
Table
in
more
detail…
FLOW
TABLE
HEADER
FIELDS
COUNTERS
ACTIONS
…
…
…
…
…
…
Ingress
Port
Source
MAC
Dest
MAC
Ether
Type
VLAN
ID
VLAN
Priority
IP
SRC
IP
DEST
IP
Protocol
IP
TOS
TCP/UDP
SRC
(ICMP
Type)
TCP/UDP
DEST
(ICMP
Code)
HEADER
FIELDS
This
is
the
“Famous”
Openflow
12
Tuple
1
2
3
4
5
6
7
8
9
10
11
12
21. Openflow
v1.0
Flow
Table
in
more
detail…
FLOW
TABLE
HEADER
FIELDS
COUNTERS
ACTIONS
…
…
…
…
…
…
Per
Table
AcCve
Entries
32
Bits
Packet
Lookups
64
Bits
Packet
Matches
64
Bits
Per
Flow
Received
Packets
64
Bits
Received
Bytes
64
Bits
DuraCon
(seconds)
32
Bits
DuraCon
(nanoseconds)
32
Bits
Per
Queue
Transmit
Packets
64
Bits
Transmit
Bytes
64
Bits
TX
Overrun
Errors
64
Bits
Per
Port
Received
Packets
32
Bits
Transmit
Packets
64
Bits
Received
Bytes
64
Bits
Transmit
Bytes
Received
Drops
Transmit
Drops
Received
Errors
Transmit
Errors
Received
Frame
Alignment
Errors
RX
Overrun
Errors
RX
CRC
Errors
Collisions
64
Bits
64
Bits
64
Bits
64
Bits
64
Bits
64
Bits
64
Bits
64
Bits
64
Bits
22. Openflow
v1.0
Flow
Table
in
more
detail…
FLOW
TABLE
HEADER
FIELDS
COUNTERS
ACTIONS
…
…
…
…
…
…
MulCple
AcCons
available
to
be
programmed
Let
us
explore
those
in
more
detail…
23. Openflow
v1.0
Switch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
Required
AcCons
Supported
by
“Openflow
1.0”
Switch
CPU
1
Packet
Required
AcCon
#1
Forward
out
all
ports
except
input
port
24. Openflow
v1.0
Switch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
Required
AcCons
Supported
by
“Openflow
1.0”
Switch
CPU
Packet
Required
AcCon
#2
Redirect
to
Openflow
Controller
2
In
addiCon,
there
are
other
asynchronous
Switch-‐to-‐Controller
messages
like
this:
• Port-‐Status
(up/down,
STP
state,…)
• Flow-‐Removed
(idle,
Cmeout)
• Error
25. Openflow
v1.0
Switch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
Required
AcCons
Supported
by
“Openflow
1.0”
Switch
CPU
Packet
Required
AcCon
#3
Forward
to
local
CPU
3
32. Openflow
v1.1
Data
Data
Data
Switch
FLOW
TABLE
1
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
CPU
GROUP
TABLE
FLOW
TABLE
2
FLOW
TABLE
n
Openflow
1.1
Switch
consists
of
one
of
more
flow
tables
and
a
group
table
Provides
addiConal
methods
for
forwarding
i.e.
broadcast/
mulCcast
33. Openflow
v1.1
Table
0
…
…
…
Matching
starts
at
Table
1
and
“may”
conCnue
to
next
table
Table
1
…
…
…
Table
n
…
…
…
Execute
AcCon
Set
Ingress
packet
AcCon
Set
=
{}
AcCon
Set
AcCon
Set
packet
packet
+
input
port
+
metadata
Flow
Table
AcCon
Set
AcCon
Set
Match
Fields
ingress
port
+
metadata
+
pkt
headers
Match
Fields
ingress
port
+
metadata
+
pkt
headers
34. Openflow
v1.1
Table
0
Flow
entries
match
in
packet
order
First
matching
entry
in
table
used
Table
1
…
…
…
Table
n
…
…
…
Flow
Entry
1
Flow
Entry
2
Flow
Entry
3
Flow
Entry
4
…
…
…
Flow
Entry
5
Flow
Entry
6
Flow
Entry
7
Flow
Entry
8
Flow
Entry
9
36. Openflow
v1.1
Table
0
Flow
Entry
1
Flow
Entry
2
Flow
Entry
3
Flow
Entry
4
…
…
…
MATCH
FIELD
COUNTERS
ACTIONS
Ingress
Port
Source
MAC
Dest
MAC
Ether
Type
VLAN
ID
VLAN
Priority
IP
SRC
IP
DEST
IP
Protocol
IP
TOS
TCP/UDP
SRC
ICMP
Type
TCP/UDP
DEST
ICMP
Code
MPLS
Label
MPLS
Traffic
Class
MPLS
and
VLAN
Q-‐in-‐Q
now
supported
in
version
1.1
37. Openflow
v1.1
Openflow
v1.1
defines
two
processing
pipeline
opCons
OPENFLOW
ONLY
and
OPENFLOW
HYBRID
OPENFLOW
ONLY
SWITCH
OPENFLOW
HYBRID
SWITCH
Openflow
Processing
Pipeline
Data
Data
Data
Data
Openflow
Processing
Pipeline
STD
Ethernet
Processing
Pipeline
OF
or
STD
O
U
T
P
U
T
39. Openflow
v1.2
IPv6
now
supported
for
lookup
in
flow
table…
FLOW
TABLE
HEADER
FIELDS
COUNTERS
ACTIONS
…
…
…
…
…
…
Ingress
Port
Source
MAC
Dest
MAC
Ether
Type
VLAN
ID
VLAN
Priority
IP
SRC
IP
DEST
IP
Protocol
IP
TOS
TCP/UDP
SRC
ICMP
Type
TCP/UDP
DEST
ICMP
Code
MPLS
Label
MPLS
Traffic
Class
Both
IPv4
and
IPv6
flows
supported
in
header
field
lookup
41. Openflow
v1.3
IPv6
Standard
Header
IPv6
Extended
Headers
Data
IPv6
Extended
Headers
supported
in
OF
1.3…
Allows
match
on
following
condiCons
Hop
by
Hop
IPv6
extension
header
Router
IPv6
extension
header
FragmentaCon
IPv6
extension
header
DesCnaCon
OpCons
IPv6
extension
header
AuthenCcaCon
IPv6
extension
header
Encrypted
Security
IPv6
extension
header
No
Next
Header
IPv6
extension
header
IPv6
extension
headers
out
of
preferred
order
Unexpected
IPv6
extension
header
42. Openflow
v1.3
Data
Data
Data
Switch
FLOW
TABLE
1
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
CPU
GROUP
TABLE
FLOW
TABLE
2
FLOW
TABLE
n
Openflow
1.3
Switch
now
adds
a
“flow
meter”
table
FLOW
METER
TABLE
Flow
meter
provides
rate
limi.ng
(policing)
43. Openflow
v1.3
Per
Flow
Meters
supported
in
OF
1.3…
METER
TABLE
METER
IDENTIFIER
METER
BAND
COUNTERS
…
…
…
…
…
…
TYPE
RATE
COUNTERS
TYPE/ARGUMENTS
Controls
the
rate/flow
of
packets
in
a
flow
44. Openflow
v1.3
Auxiliary
Connec.ons
supported
in
OF
1.3…
O/F
CONTROLLER
O/F
SWITCH
O/F
CONTROLLER
O/F
SWITCH
Single
TCP
ConnecCon
Auxiliary
ConnecCons
Auxiliary
connecCons
over
UDP
and
DTLS
to
carry
packet
in/out
messages
between
controller
and
switch
BEFORE
AFTER
45. Openflow
v1.3
Other
Openflow
v1.3
Highlights…
Match
on
MPLS
Bovom
of
Stack
(BoS)
Bit
–
label
stacking
Provider
Backbone
Bridging
(PBB)
support
–
Mac-‐in-‐Mac
DuraCon
field
added
for
StaCsCcs
Support
for
Tunnel
encapsulaCons
(i.e.
GRE
)
Ability
to
disable
packet/byte
counters
on
a
per
flow
basis
Generic
Route
EncapsulaCon
**
**
47. Version
NegoCaCon
TLV
supported
in
OF
1.3…
OPENFLOW
CONTROLLER
OPENFLOW
SWITCH
Version
NegoCaCon**
built
into
flexible
TLV
format
Version
NegoCaCon
now
incorporated
into
TLV
used
during
switch/controller
negoCaCon
Openflow
v1.3.1
**
Previously
negoCaCon
might
fail
due
to
lack
of
all
versions
being
known
by
both
sides
*
Type
Label
Value
*
48. Openflow
Protocol
Summary
Openflow
v1.0
Openflow
v1.1
Openflow
v1.2
Openflow
v1.3
Openflow
v1.3.1-‐1.3.4
IniCal
Standard
–
Most
prevalent
in
the
market
today
Added
support
for
mulCple
flow
tables
Added
support
for
MPLS
Defines
two
operaCng
modes
–
Hybrid
|
Pure
Openflow
Adds
support
for
IPv6
Adds
support
for
Rate
LimiCng
|
IPv6
extension
headers
GRE
–
The
version
deemed
produc.on
ready
Adds
NegoCaCon
TLV’s,
bug
fixes
Openflow
v1.4
Extensibility,
bundles,
tcp/6633!6653,
improvements…
49. Application Frameworks, Management Systems, Controllers, ...
Device
Forwarding
Control
Network
Services
OrchestraCon
Management
…
…
OpenFlow
OpenFlow
OperaCng
Systems
–
IOS
/
NX-‐OS
/
IOS-‐XR
API
(OnePK)
and
Data
Models
(YANG)
OpenStack
Puppet
OnePK C/Java
Puppet
Neutron
Protocols
“Protocols”
BGP,
PCEP,...
Python
NETCONF
REST
ACI
Fabric
OpFlex
onePK
Plug-‐Ins
RESTful
YANG
JSON/XML
50. Example:
OpenFlow
vs.
Hardware
CapabiliCes
Open
Flow
1.3
Match
Fields
Support
L2
L3
L2
only
L2+L3
V4
only
IPv4
+
IPv6
Dual
Stack
Match
Fields
Supported
by
ASIC
X
version
Y
OXM_OF_IN_PORT
OXM_OF_IN_PHY_PORT
Yes
Yes
Yes
Yes
OXM_OF_METADATA
OXM_OF_ETH_DST
Yes
Yes
OXM_OF_ETH_SRC
Yes
Yes
Yes
OXM_OF_ETH_ETYPE
Yes
Yes
Yes
OXM_OF_VLAN_VID
Yes
Yes
Yes
OXM_OF_VLAN_PCP
Yes
Yes
Yes
OXM_OF_IP_DSCP
Yes
Yes
Yes
OXM_OF_IP_ECN
Yes
Yes
Yes
OXM_OF_IP_PROTO
OXM_OF_IPV4_SRC
Yes
Yes
Yes
OXM_OF_IPV4_DST
Yes
Yes
Yes
OXM_OF_TCP_SRC
Yes
Yes
Yes
OXM_OF_TCP_DST
Yes
Yes
Yes
OXM_OF_UDP_SRC
Yes
Yes
Yes
OXM_OF_UDP_DST
Yes
Yes
Yes
OXM_OF_SCTP_SRC
Yes
Yes
Yes
OXM_OF_SCTP_DST
OXM_OF_ICMPV4_TYPE
OXM_OF_ICMPV4_CODE
Open
Flow
1.3
Match
Fields
Support
L2
L3
L2
only
L2+L3
V4
only
IPv4
+
IPv6
Dual
Stack
Match
Fields
Supported
by
ASIC
X
version
Y
OXM_OF_ARP_OP
Yes
Yes
Yes
Yes
OXM_OF_ARP_SPA
OXM_OF_ARP_TPA
Yes
Yes
OXM_OF_ARP_SHA
Yes
Yes
Yes
OXM_OF_ARP_THA
Yes
Yes
Yes
OXM_OF_IPV6_SRC
Yes
Yes
Yes
OXM_OF_IPV6_DST
Yes
Yes
Yes
OXM_OF_IPV6_FLABEL
Yes
Yes
Yes
OXM_OF_ICMPV6_TYPE
Yes
Yes
Yes
OXM_OF_ICMPV6_CODE
OXM_OF_IPV6_ND_TARGET
Yes
Yes
Yes
OXM_OF_IPV6_ND_SLL
Yes
Yes
Yes
OXM_OF_IPV6_ND_TLL
Yes
Yes
Yes
OXM_OF_MPLS_LABEL
Yes
Yes
Yes
OXM_OF_MPLS_TC
Yes
Yes
Yes
OXM_OF_MPLS_BOS
Yes
Yes
Yes
OXM_OF_MPLS_PBB_ISID
Yes
Yes
Yes
OXM_OF_TUNNEL_ID
OXM_OF_IPV6_EXTHDR
Open
Flow
1.3
Set
AcRons
Support
AcRons
Output
Port
OFPP_IN_PORT
OFPP_NORMAL
OFPP_FLOOD
OFPP_ALL
OFPP_CONTROLLER
OFPP_LOCAL
Set-‐Queue
Drop
Group
Push-‐Tag/Pop-‐Tag
Push
VLAN
header
Pop
VLAN
header
Push
MPLS
header
Pop
MPLS
header
Push
PBB
header
Pop
PBB
header
Change-‐TTL
Set
MPLS
TTL
Decrement
MPLS
TTL
Set
IP
TTL
Decrement
IP
TTL
Copy
TTL
outwards
Copy
TTL
inwards
52. • Parallel
TCAM
lookups
– Star
lookup
(eg.
EARL)
– Pipeline
lookup
(eg.
K10)
– TCAM4:
250M
lookups/sec.
• Livle
or
no
flexibility
– Not
possible
to
reprogram
the
ASIC
to
support
OF
logic
(12-‐tuple,
table
chains,
etc.)
– Can
emulate
some
OF
funcCons,
but
can’t
be
fully
compliant
• Missing
features
can’t
be
added
– Older/cheaper
ASIC’s
may
have
no
MPLS,
no
IPv6,
sparse
counters,
simplisCc
QoS
Can
SDN
help
to
reuse
old/cheap
ASIC’s?
DRAM
FE ASIC
(Forwarding
Engine)
TCAMs
headers only
SRAMs
Netflow
TCAM
map
L2 fwd
classify
police
L3 fwd
statistics
queue
map
police
classify
TM ASIC
(Traffic Manager)
- 16K queues
- SRR (1L shaping)
Example: Pipelining L3 switch ASIC
53. • Flexible
lookup
stages
(table
chaining)
• MulCple
flow
tables
with
full
12-‐tuple
matching
–
L2,
L3,
ACL,
IPv4/IPv6…
– 12-‐tuple
match
requires
lot
bigger
(expensive,
complex)
TCAM
–
ACL-‐like
match
(MAC
or
FIB
is
1-‐tuple)
– Example:
Catalyst
3850
(UADP
ASIC)
has
17K
entry
TCAM
table
capacity
for
OF
(the
MAC
or
FIB
is
80K)
• Group
table
with
full
acCon
list
support
–
MulRcast,
MulRpath
forwarding,
SPAN,
…
• Apply
acCons
support
using
high
speed
recirculaCon
–
Tunneling,
…
• Metadata
support
–
Labels,
…
• Full
per-‐flow
staCsCcs
–
flexible
staCsCcs
counters
assignment
• Full
meter
table
support
• Cisco
extensions
using
programmable
packet
parsing,
programmable
rewrite,
regular
expression
matching,
staCc
metadata
for
L1,L2,L3
configuraCon,
advanced
QoS
55. • Cisco
Network
Processors
are
naRvely
OF
1.3
capable
– Complete
Programmability
(C-‐language)
– OpCmized
fast
lookup
memories,
sTCAM
– But
higher
power
and
cost
than
fixed
ASIC’s
(full
12-‐tuple
match
would
be
prevy
expensive)
• Examples
– QFP
–
60Gbps
(ASR1000)
– Typhoon
–
120Gbps
(ASR9000)
– nPower
X1
–
400Gbps
(CRS,
NCS)
QFP
(Quantum
Flow
Processor)
Distribute & Gather Logic
Resources & Memory Interconnect
complete packets
complete packets
Processing Pool
256 Engines
(64 PPEs x 4 threads)
TM ASIC
- 128K queues
- 5L shaping Pkt DRAM
on-chip
resources TCAM4
RLDRAM2 7
RLDRAM2 0
Fast Memory Access
ClusteringXC
56. • Packet
NPU’s
– Broadcom,
Marvel,…
–
newer
versions
are
OF
1.0
or
1.3
compliant
– Various
NPU
limits
(no
L2
and
L3
match
at
the
same
Cme,
limited
IPv6
match
etc.)
– Smaller
TCAM
=
cheaper,
but
limited
OF
1.3
12-‐tuple
table
size
(2K
entries,
etc.),
v6
troubles
• Service
NPU’s
– Cavium,
Freescale/NetLogic,…
– Complete
programmability,
definitely
OF
ready
– Typically
no
TCAM
–
soware
tree
lookup
(M-‐trie),
low
performance
stability
• Intel
x86
CPU’s
– Complete
programmability,
definitely
OF
ready
– 40G
capable
today,
but
they
are
general
purpose
–
high
power
and
high
cost
57. Networking
ASIC
vs.
x86
CPU
CRS:
2004:
130nm
NPU,
40Gbps
2010:
65nm
NPU,
140Gbps
2013:
40nm
NPU,
400Gbps
2015:
20nm…
10G
5G
1G
1
Feature
IP
Forwarding
2
Features
IP
Forwarding,
MPLS
Label
3
Features
IP
Forwarding,
MPLS
Label,
NeVlow
‘N’
Features
…
Legend:
No
Traffic
Mgmt
Basic
QoS
Hierarchical
QoS
CPU
Core
(x86)
Feature
Processing
Performance
ASR9000:
2009:
90nm
NPU,
120Gbps
per
slot
2011:
55nm
NPU,
360Gbps
per
slot
2014:
28nm
NPU,
800Gbps
per
slot
…
Can
I
use
Intel
x86
as
the
forwarding
engine?
• nPower
X1
=
400Gbps,
230Mpps,
75W
(with
IP,
ACL,
RPF,
H-‐QoS)
• Xeon
E5-‐2600v2
=
40Gbps,
6-‐22Mpps,
80W
(same
features,
no
QoS)
• x86
high
power
consumpCon
(half
of
the
chip
is
graphics
ops,
floaCng
point
ops,
etc.)
58. Today,
a
decent
Forwarding
NPU/ASIC
is
~10-‐20x
faster,
smaller,
and
more
power
efficient,
than
equivalent
CPU
soluCon.
Conclusion:
Low-‐bandwidth
=
CPU
(low-‐volume,
well-‐paid
traffic
!
NfV)
High-‐bandwidth
=
NPU/ASIC
(high-‐volume
broadband-‐like
traffic
!
switching&rouCng+SDN)
59.
Not
True.
Cisco
uses
all
hardware
sources:
• Internal
Development
• Whenever
it
makes
sense
(clear
criteria)
• Example:
CRS/NCS
forwarding
NPU,
ASR9K
fabric,
ASR900
ASIC...
• Specific
form:
acquisiCon/spin-‐in
(eg.
N7K/N9K)
• Merchant+
• Cisco-‐only
version
with
certain
improvements
(X
years
of
exclusivity)
• Example:
ASR9K
Trident/Typhoon/Tomahawk
NPU
• Another
form
of
Merchant+:
Merchant
+
Cisco
ASIC
together
(eg.
ACI/N9K)
• Merchant
• Broadcom,
Marvell,
Vitesse,…
• Used
if
they
fit
our
requirements
(features,
performance,
strategy)
• Example:
ASR901,
ASR9000v,
ME1200...
Myth #1:
Cisco
uses
only
internal
silicon,
that‘s
why
it‘s
so
expensive.
Value Proposition: Cisco
delivers
the
best-‐class
hardware.
It
has
been
like
this
for
decades,
and
it
is
going
to
conCnue.
60. Yet
another
lesson:
Even
in
SDN
world,
there
will
be
(a)
good,
(b)
good-‐enough,
or
(c)
poor
hardware.
62. Non
Profit
ConsorCum
Dedicated
to
“the
transforma.on
of
networks
through
SDN”
Mission
to
“commercialize
and
promote
SDN…as
a
disrup.ve
approach
to
networking…”
OPEN
NETWORK
FOUNDATION
63. ONF
Board
Members
Deutsche
Telekom
:
Facebook
:
Goldman
Sachs
:
Yahoo
Google
:
Microso
:
NTT
CommunicaCons
:
Verizon
64. ONF
Members
6WIND
A10
Networks
ADVA
OpCcal
Networking
Alcatel-‐Lucent
Aricent
Group
Big
Switch
Networks
Broadcom
Brocade
Centec
Networks
China
Mobile
Ciena
Cisco
Citrix
CohesiveFT
Colt
CompTIA
Cyan
Dell/Force10
Elbrys
Ericsson
ETRI
Extreme
Networks
EZchip
F5
France
Telecom
Orange
Freescale
Fujitsu
Gigamon
Hitachi
HP
Huawei
IBM
Infinera
Infoblox
Intel
IP
Infusion
Ixia
Juniper
Networks
KDDI
Korea
Telecom
Level
3
CommunicaCons
LineRate
Systems
LSI
Luxo
Marvell
Mellanox
Metaswitch
Networks
Midokura
NCL
CommunicaCons
NEC
Netgear
Netronome
NetScout
Systems
Nokia
Siemens
Networks
NoviFlow
Oracle
Overture
Networks
PICA8
Plexxi
Inc.
Qosmos
Radware
Riverbed
Technology
Samsung
SK
Telecom
Spirent
Sunbay
Swisscom
Tail-‐f
Systems
Telecom
Italia
Telefónica
Tencent
Texas
Instruments
Thales
Transmode
Turk
Telekom
/
Argela
Vello
Systems
Verisign
VMware/Nicira
Xpliant
ZTE
CorporaCon
65. Is
that
LAN-‐like
Centralized
SDN
OF
deployment?
Not
really.
• B4
is
World-‐wide
WAN
• The
Network
runs
ISIS
and
BGP
• OF
agent
is
used
to
set
up
TE
tunnels
from
a
central
controller.
(beDer
tools
are
evolving
for
this
–
see
IETF
Spring
www.segment-‐rou.ng.net
)
Urs
Holzle,
Senior
Vice
President
of
Technology
Infrastructure
at
Google,
at
the
2nd
annual
Open
Networking
Summit
(April
2012)
hDp://www.ee.mes.com/electronics-‐news/4371179/Google-‐describes-‐its-‐OpenFlow-‐network
SDN
WAN
since
2011
!
66. Original
SDN
idea:
Clean
Slate
Project
(Stanford
University)
Openflow
Sweetspot
Distributed
Control
Plane
(disconnected
Net
and
Apps)
Evolved
Control
Plane
Architecture
(Examples)
…
Control/Network/Services-‐plane
component(s)
ASIC’s,
Data-‐plane
component(s)
ApplicaCons
Centralized
SDN
Hybrid
SDN
TradiConal
Control
Plane
Architecture
Underlay
(Physical)
Overlay
(tunnels)
• NREN,
EducaCon
Secvor
(Internet2)
• DC
Overlay
(OVS
–
Open
vSwitch)
• OpenDaylight/XNC
add-‐on
(eg.
SPAN)