OpenDaylight VTN Policy
•Download as PPTX, PDF•
5 likes•2,131 views
OpenDaylight Virtual Tenant Network (VTN) Policy. This presentation includes a demo video which features service chaining with VTN policy.
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (16)
Similar to OpenDaylight VTN Policy
Similar to OpenDaylight VTN Policy (20)
Recently uploaded
Recently uploaded (20)
OpenDaylight VTN Policy
- 1. www.opendaylight.org OpenDaylight Virtual Tenant Network Policy January 25, 2015 Masashi Kudo
- 2. www.opendaylight.org Contribution from NEC based technology from our products Consists of VTN Manager and VTN Coordinator OpenDaylight Virtual Tenant Network(VTN) VTN Coordinator VTN Manager ・Offers VTN API (northbound) ・Build VTN model using OpenDaylight API ・Control VTN spanning multiple SDN controllers VTN Coordinator: ・Offers virtual node feature ・End-to-end dynamic path control per VTN VTN Manager:
- 3. www.opendaylight.org • Two policy models on VTN multi tenant virtual network • Flow Filter Model • Path Map Model • Multi tenancy ensures that policies of one VTN do not affect other VTNs • Inheritance • VTN-level policy is inherited to all elements belonging to the VTN • Element-level policy overrides VTN-level policy • Current implementation makes best use of OpenFlow protocol VTN Policy
- 4. www.opendaylight.org Flow Filter Model (only part of full VTN model) +type = {in|out} +location One of: vtn | vBridge | vNode_name+IF +statistics General per IF and FFEntry and per flow +flowfilterentries: Flow Filter Entry Flow Filter +vNode_name +interface_name +new dst MAC +new src MAC +direction redir_dst +name: String +flowlistentries: Flow List Entry Flow List +match Similar to OF match +sequence number Flow List Entry +flowlists: Flow List +sequence number +action_type = {pass, drop, redirect} +redirect_destination: redir_dst +set = {priority|dscp} Mark packets on the wire Flow Filter Entry 1 1 1 1 1 * * Match: This selects the traffic to apply markings Combine: Allows to create different sets of traffic Action: Action type and marking Policy Target: Where in topology to apply markings
- 5. www.opendaylight.org Policy Target Description VTN logical representation of tenant network Virtual node (vNode) vBridge logical representation of L2 switch function vRouter logical representation of L3 router function vTerminal Logical representation of virtual node that is connected to an interface mapped to a physical port vTunnel logical representation of Tunnel (consists of vTEPs and vBypass(es)) vTEP logical representation of Tunnel End Point (TEP) vBypass logical representation of connectivity between controlled networks Virtual Interface Interface representation of end point on the virtual node (VM, servers, appliance, vBridge, vRouter, etc) Flow Filter Model: Policy Target (VTN info model)
- 6. www.opendaylight.org VTN Example DC 1 DC 2 DC 3 Inter-DC network Controller 1 Controller 3 VTN vRouter vBridge vBridgevBridge vBridgevTunnel Controller 2 Logical Network interface vLink Physical Network VTN(Underlay) vTep vTepvBypass
- 7. www.opendaylight.org Fields for matching conditions Flow Filter Model: Matching Conditions Command Number Description mac-destination-address <mac-address> 1 Destination Mac Address mac-source-address <mac-address> 2 Source Mac Address mac-ether-type <ether-type-number> 3 Ether type mac-vlan-priority <vlan-priority-number> 4 VLAN Priority ip-destination-address <ip-address>/<prefix-length> 5 Destination IP Address ip-source-address <ip-address>/<prefix-length> 6 Source IP Address ip-protocol <protocol-number> 7 Protocol Type ip-dscp <dscp-number> 8 DSCP l4-destination-port <port-number> [ to <end-port> ] 9 Destination Port l4-source-port <port-number> [ to <end-port> ] 10 Source Port Data Src MAC VLAN Priority Src IP TCP/UDP Dst Port TCP/UDP Src Port Dst MAC Dst IP Ingress Port Ether Type VLAN id IP ToS IP Proto L1 L2 L3 L4 1 2 3 4 5 6 7 8 9 10
- 8. www.opendaylight.org Flow Filter Model: Actions Intent Description Behavior Pass Pass packets Drop Drop packets Redirect Redirect packets to a specified point Priority Set a priority of packets Bandwidth Set policing Statistics Collect statistics information Pass FlowFilter pass Drop FlowFilter drop Redirect FlowFilter redirect FlowFilter statistics Collect Statistics Priority FlowFilter priority FlowFilter pass
- 9. www.opendaylight.org Flow Filter Model: Action: Drop vtn Tenant1 { vbridge vBridge1 { flow-filter in { sequence-number 1 { match flow-list match-list-a action drop } (snip) } Prohibit traffic Server-BServer-A Tenant1vBridge1 Example Configuration Intent VTN Model Flow Filter Flow List: match-list-a flow-list match-list-a type ipv4 { sequence-number 10 { ip-destination-address 192.168.10.3/32 } } 192.168.10.3
- 10. www.opendaylight.org Flow Filter Model: Action: Priority vtn Tenant1 { vbridge vBridge1 { flow-filter in { sequence-number 1 { match flow-list match-list-a set ip-dscp 55 } (snip) } Traffic priority Server-BServer-A Tenant1vBridge1 Example Configuration Intent VTN Model 192.168.10.3
- 11. www.opendaylight.org Flow Filter Model: Action: Bandwidth policing profile POLICING1 { sequence-number 10{ match flow-list match-list-a two-rate three-color { meter rate-unit kbps cir 6000 cbs 48128 pir 8000 pbs 64000 green-action pass yellow-action penalty priority 5 ip-dscp 12 drop-precedence 2 red-action drop (snip) } vtn Tenant1 { vbridge vBridge1 { policing map profile POLICING1 (snip) } Throughput thresholds and limits Server-BServer-A Tenant1vBridge1 Example Configuration Intent VTN Model 192.168.10.3
- 12. www.opendaylight.org Flow Filter Model: Action: Redirect Intent VTN Model Redirect traffic Server-BServer-A Tenant1vBridge1 vtn Tenant1 { vbridge vBridge1 { flow-filter in { sequence-number 1 { match flow-list match-list-a action redirect redirect-destination vnode vTerminal1 interface if1 } (snip) } Example Configuration Server-C vTerminal1 192.168.10.3
- 13. www.opendaylight.org Policy target Path: Set cost on physical link and select a shortest (smallest-cost) path Matching condition Specify flows with OpenFlow matching condition Action Correlate selected paths with specified flows on physical n/w and/or VTN Path Map Model Intent Description Behavior path map Select a path for flows which match the matching condition. (destination is same) (mentioned earlier) redirect Redirect packets to a specified point (destination is changed) Path Map Redirect FlowFilter redirect
- 14. www.opendaylight.org Path map consists of: Flow condition --- equivalent to flow list in flow filter model Path policy --- defines associated cost for network path Path map --- correlates flow condition to path policy Path Map Model 1000 10001000 1000000 10001000 Path policy SW SW SW SW SW SW SWEP1 Match1 = Path1 Match2 = Path2 Match3 = Path3 Path Map SW EP2 Path1 Path2 Path3
Editor's Notes
- VTN is an abbreviation of virtual tenant network, which provides multi tenancy of virtual network. We contributed VTN to OpenDaylight based on our product technology. It consists of VTN Manager and VTN coordinator. VTN manager provides end-to-end dynamic path control per VTN. VTN coordinator is implemented as an application of OpenDaylight controller, and it controls VTN spanning multiple controllers.
- Two policy models are supported in VTN. One is flow filter model, and another is path map model. Both the models are applied on VTNs. Policies applied on one VTN don't affect policies applied on other VTNs. VTN policy also provides inheritance. VTN-level policy is effective to all elements in it. Element-level policy overrides VTN-level policy. Although these models are more like intent basis, we made best use of OpenFlow protocol to implement these models.
- I will start with Flow Filter Model. This is a set of class diagram to show some flow filter case. Flow list corresponds to a classifier. It defines matching conditions. Flow Filter defines policy target and action. Now I am going to talk about them each by each.
- Now lets look in to the Target’s where the flow filter can be applied. Flow Filter can be applied to VTN, virtual node, and virtual interface. Virtual nodes are abstractions of physical network resources. vBridge/vRouter represents L2/L3 functions. vTerminal represents a special virtual node which is specifically used for flow filter redirect. vTunnel is Tunnel, vTep is tunnel end point, and vBypass is controlled network connectivity. Interface represents end point on virtual node.
- This is the example of VTN by using those VTN elements. In this case, VTN encompasses 3 data centers. VTN policy can be applied to VTN itself and those VTN elements as well.
- For Flow filter’s matching, OpenFlow matching conditions are used. As you know, any combinations of those tuples are used.
- There are several intent actions supported. Pass allows packets to go through. Drop prohibits packets to pass. Redirect changes a destination of packets and sends them to the destination. Priority is a marking capability. Bandwidth sets policing, and statistics collects statistics information. I will show you some of them in detail in the following slides.
- This example shows that action drop is set to vBridge for packets specified in this match condition list.
- This example is for priority. It shows that TOS is remarked as 55 to Tenant1 vBridge for packets specified in this match condition list.
- Intent bandwidth uses policing capability. In this case, two rate three color feature is used.
- This example is for redirect. Traffic matched with this condition at vBridge1 would be forwarded to this vTerminal1.
- Then, I will explain Path Map model. Policy target is path. When there are multi paths between a source and a destination, the smallest cost path is selected after setting cost on physical links on those multi paths. Then, flows are selected with openflow matching conditions. Finally action is for those selected flows to take the selected path. This action is taken on physical n/w and or VTN.
- Path map consists of Flow condition, Path policy and path map. On the left hand side the cost setting example is shown. As a result of setting 1million instead of 1000, the lower path would be selected. On the right hand side the high level picture of path map is shown. Flows matched with flow condition take the path designated with Path map definition.