The document describes an OpenFlow controller called Floodlight that is open source and written in Java, discusses how it works and some of its main components, and provides an overview of using OpenFlow and the Floodlight controller to build software-defined networks through examples of real world use cases.

1. OpenFlow Controller
http://floodlight.openflowhub.org

2. About Us
Big Switch Networks
 Big Switch Networks builds and promotes Open
Software Defined Networking Solutions
 We use and help support Floodlight and a number of
other OpenFlow tools
 Yes, you can contact us about jobs and internships at
careers@bigswitch.com
©2012 – Big Switch Networks Inc. 2

3. Introduction
 SDN and OpenFlow
 Real world use cases
 Floodlight
 Demo! (if time allows)
©2012 – Big Switch Networks Inc. 3

4. Limitations in Modern Networking
An Slowly Evolving Environment
Operating System / Firmware
Hardware / ASICs
 Hardware focus  Fully distributed protocols
 Hard to innovate, update  Independent components
software
 Interoperability and design
 Vendor specific challenges
components
©2012 – Big Switch Networks Inc. 4

5. Introduction to SDN
Software-defined Networking
Application
Application
Application
Application
Application
Application tier
SDN Controller Controller tier
OF Switch
OF Switch
OF Switch Data plane tier
OF Switch
OF Switch
Software Defined Networking decouples data, control, and application
planes, creating a programmable network
©2012 – Big Switch Networks Inc. 5

6. OpenFlow and SDN
A southbound SDN protocol
Application
Application
Application
Application
Application
Northbound API
OpenFlow-based SDN Controller
Southbound API -
OpenFlow
OF Switch
OF Switch
OF Switch
OF Switch
OF Switch
©2012 – Big Switch Networks Inc. 6

7. Advantages of SDN
 Innovation and speed to market
 An “app store” for network programming
 Decoupled software and hardware development
 Support for multi-vendor environments
 Separate upgrade cycles, etc.
 Simplified network management / automation
©2012 – Big Switch Networks Inc. 7

8. Real World Examples
1 2
Scalable isolation Alice Bob Cathy Inserting and managing
domains and network network services such as
slicing. load
FlowVisor Isolation balancing, firewall, IDS/IPS
Policy , QoS, etc.
Example: Flowvisor
Example: FlowScale
Network Virtualization Platform for Network Services
3 4
Flexible mobility of Lower cost, high
virtual machines performance
networks
Example: Stanford
WAN VM Migration Example: non-
blocking CLOS
architectures
Virtual Machine Management CLOS Fabrics
5 6
Simplified data Networks spanning
vibility and traffic public / private DC’s
monitoring
Example: Amazon
Example: TBD VPC
8
Data analysis / monitoring Hybrid clouds

9. OpenFlow

10. Introduction to OpenFlow
Controller <-> Switch communication
 x86 style instruction
set OpenFlow-based SDN Controller
 Based on Ethernet
Switch with: TCP / SSL
 OF software client
 Hardware flow table
Non-OF
OpenFlow Client
Control Path
 Control channel
between switch and Flow table
controller MAC MAC IP IP TCP TCP Action
src dst Src Dst sport dport
* * * 5.6.7.8 * * port 1
©2012 – Big Switch Networks Inc. 10

11. OpenFlow in Action
Application
Application
Application
Application
Application
SDN Controller
Rule Action Stats Rule Action Stats Rule Action Stats
OF Switch OF Switch
01010
01010
OF Switch
©2012 – Big Switch Networks Inc. 11

12. Why OpenFlow?
Isn’t OpenFlow the same as XXX?
 ‘XXX’ = LISP, MPLS-TE, policy routing, etc.
 Broad answer:
 OpenFlow is a very-low level abstraction/API
 Could probably implement XXX using OpenFlow
 Could not implement OpenFlow using XXX
 If XXX meets my needs, why use OpenFlow?
 More holistic network view
 Reduced complexity from feature interaction
©2012 – Big Switch Networks Inc. 12

13. OpenFlow Standards
 OF v1.0 (most popular), Dec 2009
 Initial OpenFlow specification
 match on 12-tuple
 OF v1a.1: Extensions for WAN, late 2010
 multiple tables: dodge state space explosion
 fast failover, interface bonding
 OF v1.2 :
 IPv6 support, generalized match, vendor extensions
©2012 – Big Switch Networks Inc. 13

14. ©2012 – Big Switch Networks Inc. – Confidential and Proprietary
Floodlight 14

15. Floodlight Overview
Floodlight is a completely open,
free, Apache-licensed Java-based
OpenFlow controller.
©2012 – Big Switch Networks Inc. 15

16. Floodlight Controller
A great platform for OpenFlow
Research and Easy to build, run, and
commercial friendly  develop
Toolchain
Rich set of build and Community of OpenFlow
debugging tools experts, access to commercial
upgrades, and frequent testing
©2012 – Big Switch Networks Inc. 16

17. Building Floodlight
Fast…an easy…
Download from Github
$ git clone git://github.com/floodlight/floodlight.git
$ sudo apt-get install build-essential default-jdk ant python-
dev
$ cd floodlight; ant
$ java –jar target/floodlight.jar
Get the VM (including
mininet)
$ wget http://floodlight.openflowhub.org/files/floodlight-
vm.zip
(login as “floodlight” user, no password)
©2012 – Big Switch Networks Inc. 17

18. Internals

19. Floodlight Architecture
TopologyManager
 Modules exporting “services”
LinkDiscovery  All modules in Java, support for
Jython as well
Forwarding
FloodlightProvider
 Main module is
DeviceManager
FloodlightProvider
 Manages I/O to switches
StorageSource
 Translates OF messages to
Floodlight events
 Multi-threaded via Netty library (all
RestServer
modules must be thread-safe)
StaticFlowPusher
 Rich, extensible REST API
©2012 – Big Switch Networks Inc. 19

20. Module Descriptions
 Computes shortest path using Dijsktra
TopologyManager
 Keeps switch to cluster mappings
 Maintains state of links in network
LinkDiscovery
 Sends out LLDPs
Forwarding  Installs flow mods for end-to-end routing
FloodlightProvider
 Handles island routing
 Tracks hosts on the network
DeviceManager
 MAC -> switch,port, MAC->IP, IP->MAC
 DB style storage (queries, etc)
StorageSource
 Modules can access all data and subscribe to changes
 Implements via Restlets (restlet.org)
RestServer
 Modules must implement RestletRoutable
 Supports the insertion and removal of static flows
StaticFlowPusher
 REST-based API
©2012 – Big Switch Networks Inc. 20

21. Other Tools

22. OpenFlow Controllers
Options Beyond Floodlight
 Beacon: beaconcontroller.net (Java)
 NOX: noxrepo.org (C++ and Python)
 Trema: trema.github.com/trema/ (Ruby and C)
 Reference controller (C)
©2012 – Big Switch Networks Inc. 22

23. Mininet
OpenFlow network simulator
 Emulate OpenFlow network in a box
 Uses Linux Containers and IP namespace
 Runs your choice of software switch
 Stanford’s reference OpenFlow switch
 OpenVSwitch
 CLI allows interactive management of emulated virtual
hosts
 Packaged in the Floodlight VM at:
 http://floodlight.openflowhub.org/download
©2012 – Big Switch Networks Inc. 23

24. Switch Options

25. Switch Ecosystem
Major vendors have upcoming products
Controller Platform
Southbound APIs
Virtual Switches Physical Switches
Available Announced
Stanford Reference
Switch
©2012 – Big Switch Networks Inc.
* Supported platforms: Pronto w/ indigo – 3240/3290, HP: 3500, 5400, 8200 (procurves), IBM 8264, NEC PF 5820 / 5240, Extreme – Summit series

26. Demo

27. Getting Involved - OpenFlowHub
A community of open source OpenFlow developers
What it is: Get involved:
1. A community of open source  Submit a project
OpenFlow developers
 Write a blog post
2. An OpenFlow Blog (available for
guest authors)  http://www.openflowhub.org
3. Free hosting, tools, and marketing  Contact:
for open source projects
mike.cohen@openflowhub.org
 Wiki, forums, bug tracking tools,
logos, etc.
Projects:
©2012 – Big Switch Networks Inc.

28. Interested in Learning More?
 Check out the website
 http://floodlight.openflowhub.org
 Join the mailing list:
 http://groups.google.com/a/openflowhub.org/group/floodli
ght-dev/topics
 Or just email floodlight-dev@openflowhub.org
 Get the code:
 http://floodlight.openflowhub.org/download
©2012 – Big Switch Networks Inc.

29. Presenters
Mike Cohen
Product Manager
mike.cohen@bigswitch.com
Alex Reimers
Member of Technical Staff
alex@bigswitch.com
©2012 – Big Switch Networks Inc. 29

30. End

31. Operational
Considerations

32. Network considerations
 Why OpenFlow?
 Lots of reasons we talked about already...
 Simplest is network monitoring from a single location – packetin, flow modes, cpu
usage, throughput, devices connected, etc.
 Control / Data networks
 Offer critical services on non-OF network (ie. Voip)
 Control / data path separation – vlans in most cases
 Deploy OF from edge to core. Gain increased visibility over time.
 Measure traffic patterns and make sure your switch hardware can support it. Some
have limited control traffic throughput (flow set up rate, etc.).
 Security considerations
 Do you need to protect against controller DoS attacks?
 Do you want encrypted control traffic?
 Gotchas
 Physical loops into the OpenFlow network
 Wifi mesh networks
©2012 – Big Switch Networks Inc. 32

33. Backup

34. Network Virtualization: Flowvisor
Virtualized Control Plane
Customer Alice Customer Bob Customer Cathy
Each use case/demo
presented here runs in an
isolated slice of Stanford’s
OpenFlow
production network. Protocol
OpenFlow
OpenFlow Protocol
Datapath FlowVisor Isolation
Policy
FlowVisor slices OpenFlow
OpenFlow OpenFlow networks, creating multiple
Datapath Datapath isolated and programmable
logical networks on the
same physical topology.
©2012 – Big Switch Networks Inc. 34

35. Load balancing
FlowScale: Load balancing using Layer 2 OF switches
 Traffic load
balancer
using
OpenFlow
 Implemented
in OF ToR
switches
 Deployed in
IU IDS
©2012 – Big Switch Networks Inc. 35

36. VM Management: WAN Migration
Moved a VM from Stanford to Japan without changing its IP.
VM hosted a video game server with active network connections.
©2012 – Big Switch Networks Inc. 36

37. OpenFlow Protocol (1)
Match Fields Action(s) Stats
Packet + byte counters
1. Forward packet to zero or more ports
2. Encapsulate and forward to controller
3. Modify Fields
4. Vendor specific extensions
Switch VLAN VLAN MAC MAC Eth IP IP IP IP L4 L4
Port ID pcp src dst type Src Dst ToS Prot sport dport
+ mask what fields to match
©2012 – Big Switch Networks Inc. 37

38. OpenFlow Protocol (2)
Switch MAC MAC Eth VLAN IP Src IP Prot TCP TCP Action
port src dst type ID sport dport
Switching * * 00:1f * * * * * * Port6
:..
Flow Port3 00:20 00:1f 0800 Vlan1 1.2.3.4 5.6.7.8 4 17264 Port6
switching .. ..
Firewall * * * * * * * * 22 Drop
Routing * * * * * * 5.6.7.8 * * Port6
VLAN * * 00:1f * Vlan1 * * * * Port6,p
switching .. ort7,
port8
©2012 – Big Switch Networks Inc. 38

39. Other Floodlight Highlights
REST- Static 2
1 based Flow
App Pusher  Java event APIs
Jython App
 Active work in
Java App
defining  REST-based APIs
standard
“Northbound”
APIs  Ability to push flows
Floodlight Controller
3
Switch  Support for
OF Switch integrating with
non-OpenFlow
OF Switch networks
OF Switch
OF Switch
©2012 – Big Switch Networks Inc. 39

40. IFloodlightModule Interface
1. getModuleDependencies()
Function Description
 What services does this moduleWhat services does this
getModuleDependencies()
require?
module require?
2. getModuleServices(), getServiceImpls()
 Services does this module provide and how?
getModuleServices() Services does this module
provide and how?
3. init(FloodlightModuleContext context)
 Internal, before dependencies have init()’d
init(FloodlightModuleContext context) Internal, before dependencies
have init()’ed
4. startup(FloodlightModuleContext context)
 External, with dependencies initialization
startup(FloodlightModuleContext context) External, with dependencies
initialization

41. OpenFlow Topologies
vswitch
Top of rack Need OpenFlow at last hop
Agg / Core
in the network
 For vms:vswitch
 For physical hosts: Tor
VM VM VM VM
VM VM VM VM
Floodlight can manage
multiple “islands” of
VM VM Physical host OpenFlow switches
Physical host VM VM
… …
Rack 1 Rack 2
©2012 – Big Switch Networks Inc. 41

42. Demo
Problem:
Track the last N Packet-Ins seen by the controller and
expose it via a REST API
What you will see:
1. Adding a new module
2. Creating a REST API
3. Running Floodlight
©2012 – Big Switch Networks Inc. 42