SlideShare a Scribd company logo
1 of 74
Download to read offline
SDN and OpenFlow
A Tutorial
1IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Presenters
Rajasri K (rajasrik@ipinfusion.com)
Srikanth K (srikanth.krishnamohan@ipinfusion.com)
Kingston S (kingstons@ipinfusion.com)
Bhaskar R (bhaskarr@ipinfusion.com)
Disclaimer:
This is not a committed development schedule.
All roadmap items presented are tentative
The roadmap reflects projected plans based on preliminary requirements
analysis of the market.
All roadmap data is subject to change as necessary
The development, release, and timing of features or functionality described for
IP Infusion Inc.' products remains at the sole discretion of IP Infusion Inc.
2IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
This roadmap is not a commitment to deliver any material, code, or functionality
This document is not to be construed as a promise by any participating
company to develop, deliver, or market a product.
IP Infusion, Inc. reserves the right to revise this document and to make
changes to its content, at any time.
IP Infusion, Inc. makes no representations or warranties with respect to the
contents of this document, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose.
Agenda
Part I - SDN
• Introduction and motivation
Part II - OpenFlow
• Introduction
• OpenFlow protocol
3IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
• OpenFlow protocol
Part III - Use cases of SDN/OpenFlow
•Network Virtualization - FlowVisor
•RouteFlow with Demo
Traditional network node
Typical Networking Software
• Control Plane -The brain/decision maker
• Data Plane - packet forwarder
• Management plane
4IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Ethernet SwitchEthernet Switch
Data Path (Hardware)Data Path (Hardware)
Control Path (Software)Control Path (Software)
SDN entity
App 1 App 2
5IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Data Path (Hardware)Data Path (Hardware)
SDN clientSDN client
SDN Controller (server)
Ethernet SwitchEthernet Switch
Controller (server)
SDN Protocol –Open Flow
Drawbacks of existing network
Difficult to perform real world experiments on
large scale production networks
Research stagnation - Huge costly equipment to be
procured and networks to be setup by each team for
research
Lots of deployed innovation in other areas
6IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Networks have remained the same for many years
Rate of innovation in networks is slower – lack of high level
abstraction
Closed Systems
Stuck with interfaces
Hard to collaborate meaningfully
Vendors starting to open-up but not meaningfully
Drawbacks of existing network – Contd.
Network Equipment in recent decades
Hardware centric – usage of custom ASICs
• Why?
• Growth in network capacity
• Faster packet switching capability
7IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
• Faster packet switching capability
• Impact
• Slower Innovation
• Reduced flexibility once chips are fabricated
•Firmware provides some programmability
Drawbacks of existing network – Contd.
Vendor specific software
• Why
•IPR generation, increased competition
•Custom built - Efficient
• Impact
8IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
• Impact
• Closed software
• Non-standard interfaces to H/W
Proprietary networking devices with proprietary
software and hardware
• Innovation is limited to vendor/ vendor partners
• Huge barriers for new ideas in networking
9IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Source: ONF Forum
10IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Source: ONF Forum
SDN
“Software Defined Networking”
SDN Principles
Separate Control plane and Data plane entities
Execute or run Control plane software on general purpose
hardware
Decouple from specific networking hardware
Use commodity servers
11IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Use commodity servers
Have programmable data planes
Maintain, control and program data plane state from a central
entity
An architecture to control not just a networking device but an
entire network.
SDN
12IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Source: ONF Forum
SDN
Standard Bodies
Open Networking Foundation
• http://www.openflow.org/
• https://www.opennetworking.org/
13IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
IETF
• http://tools.ietf.org/html/draft-nadeau-sdn-problem-statement-00
• http://tools.ietf.org/html/draft-nadeau-sdn-framework-01
Need for SDN
Facilitate Innovation in Network
Layered architecture with Standard Open Interfaces
Independent innovation at each layer
Experiment and research using non-bulky, non-expensive
equipment
More accessibility since software can be easily developed
by more vendors
14IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
by more vendors
Speed-to-market – no hardware fabrication cycles
More flexibility with programmability
Ease of customization and integration with other software
applications
Fast upgrades
Program a network vs Configure a network
Evolving Networking Trends
15IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Source: ONF Forum
SDN Architecture
Data Forwarding
Network Operating System
Routing
Traffic
Engineering
Other
Applications
Control Plane
16IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Data Forwarding
(OpenFlow Switch)
Data Forwarding
(OpenFlow Switch)
Data Forwarding
(OpenFlow Switch)
Data Forwarding
(OpenFlow Switch)
Data Plane
SDN – A new paradigm
Software-Centric-Network
• Network devices expose SDKs
• Third-party application development and
integration
• Software vendors develop network applications
17IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
• Software vendors develop network applications
• Standards for network applications
SDN – A new paradigm
SDN entities
A general purpose commodity-off-the-shelf hardware
A real time optimized operating system – mostly Linux
based
Perhaps, some high end power and multi-port NIC
18IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Perhaps, some high end power and multi-port NIC
cards
Integration with other new trends in servers viz
• Virtualization
• Parallelization
• Modularity
Key Attributes for SDN Success
Architecture for a Network Operating
System with a service/application
oriented namespace
Resource virtualization and aggregation
(pooling to achieve scaling)
19IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
(pooling to achieve scaling)
Appropriate abstractions to foster
simplification
Decouple topology, traffic and inter-layer
dependencies
Dynamic multi-layer networking
Agenda
Part I - SDN
• Introduction and motivation
Part II - OpenFlow
• Introduction
• OpenFlow protocol
20IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
• OpenFlow protocol
Part III - Use cases of SDN/OpenFlow
•Network Virtualization - FlowVisor
•RouteFlow with Demo
Part II - SDN and Open Flow
21IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Source: ONF Forum
Open Flow
General Myth
SDN is Open Flow
Reality
22IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Reality
OpenFlow is an open API that provides a
standard interface for programming the data
plane switches
What is Open Flow
OpenFlow is like an x86 instruction set for the network
Provides open interface to “black box” networking node
(ie. Routers, L2/L3 switch) to enable visibility and
openness in network
Separation of control plane and data plane.
The datapath of an OpenFlow Switch consists of a Flow Table,
23IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
The datapath of an OpenFlow Switch consists of a Flow Table,
and an action associated with each flow entry
The control path consists of a controller which programs the flow
entry in the flow table
OpenFlow is based on an Ethernet switch, with an
internal flow-table, and a standardized interface to add
and remove flow entries
Controller
OpenFlow Switch
Secure
Channel
Secure
Channel
PC
sw
OpenFlow Switch specification
Components of OpenFlow Network
24IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Flow
Table
Flow
Table
hw
* Figure From OpenFlow Switch Specification
Centralized Vs Distributed Control
25IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
One OpenFlow switch cannot be controlled by two controllers with out additional abstractions
Source: ONF Forum
Open Flow Protocol Messages
Controller-to-Switch - initiated by the controller and
used to directly manage or inspect the state of the
switch
• Features, Config, Modify State, Read-State,
Packet-Out, Barrier
Asynchronous messages are sent
26IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Asynchronous - Asynchronous messages are sent
without the controller soliciting them from a switch
• Packet-in, Flow Removed / Expiration, Port-
status, Error
Symmetric - Symmetric messages are sent without
solicitation, in either direction
• Hello, Echo, Experimenter / Vendor
Secure Channel (SC)
SC is the Interface that connects each OpenFlow switch to
controller
A controller configures and manages the switch, receives
events from the switch, and send packets out the switch via
this interface
27IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
SC establishes and terminates the connection between
OpenFlow Switch and the controller using Connection Setup
and Connection Interruption procedures
The SC connection is a TLS connection. Switch and controller
mutually authenticate by exchanging certificates signed by a
site-specific private key
Packet Matching
Packet In
Start at Flow table 0
Match in
Table 0?
Update Counters
Execute Instruction Set
• Update action set
• Update packet/match set fields
Go to
Table n?
yes
yes
28IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Table 0? • Update packet/match set fields
• Update metadata
Table n?
Based on table configuration, do
one
• Send to controller
• Drop
• Continue to next table
no
Execute Action Set
no
* Figure From OpenFlow Switch Specification
Pipeline Processing
29IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
* Figure From OpenFlow Switch Specification
Instructions & Action Set
Each flow entry contains a set of instructions that are
executed when a packet matches the entry
Instructions contain either a set of actions to add to the
action set, contains a list of actions to apply immediately
to the packet, or modifies pipeline processing.
An Action set is associated with each packet. Its empty by
30IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
An Action set is associated with each packet. Its empty by
default
Action set is carried between flow tables
A flow entry modifies action set using Write-Action or
Clear-Action instruction
Processing stops when the instruction does not contain
Goto-Table and the actions in the set are executed.
Instructions & Action Set – Contd.
List of Instructions to modify action set
Apply Actions
Apply the specified actions immediately
Clear Actions
Clear all the actions in the set immediately
Write Actions
31IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Write Actions
Merge the specified actions to the current set
Write Metadata
Write the meta data field with the specified value
Goto-Table
Indicated the next table in the processing pipeline
Actions
List of Actions
Required Actions
Output – Forward a packet to the specified port
Drop
Group
32IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Group
Optional Actions
Set-Queue
Push/Pop Tag
Set-Field
Flow Table Entry
1. Forward packet to port(s)
Packet + byte counters
Matching Rules Statistics Instructions
33IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
1. Forward packet to port(s)
2. Encapsulate and forward to controller
3. Drop packet
4. Send to normal processing pipeline
Flow Switching/Routing
Layer 2 Switching
(MAC/VLAN)
Layer 3
Routing
Fields to match against flows
34IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Wild Card Matching:
Aggregated MAC-subnet: MAC-src: A.*,
MAC-dst: B.*
Aggregated IP-subnet: IP-src:
192.168.*/24, IP-dst: 200.12.*/24
Fields to match against flows
Wild Card Filters
IN Port
VLAN ID
VLAN Priority
Ether Frame Type
IP Type of Service
IP Protocol
TCP/UDP Src
Port
TCP/UDP Dst
Port
VLAN Priority
MPLS Label
IP Type of Service
IP Src Address
Load Balancing
Network Operating System
Current methods use uniform distribution of traffic
Not based on network congestion and server load
More adaptive algorithms can be implemented by using OpenFlow
Monitor the network traffic
Program flows based on demand and server capacity
35IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Collect
Statistics/O
bserve load
patterns
Network Operating System
Data Forwarding
(OpenFlow Switch)
Data Forwarding
(OpenFlow Switch)
Program
Flow
Entries
Dynamic load balancing using OpenFlow
Dynamic flow modification
A microflow rule matches on all fields
A wildcard rule can have “don’t care” bits in some fields
Rules can be installed with a timeout
Delete the rule after a fixed time interval (a hard timeout)
Specified period of inactivity (a soft timeout)
Switch counts the number of bytes and packets matching each rule,
and the controller can poll these counter values.
36IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Server 2
Server 1
Balancing
SwitchIncoming
Requests
R1
R2
R1
R2
192.168.*/24 200.12.*/24300.12.*/24 200.12.*/24
300.12.*/24
Agenda
Part I - SDN
Introduction and motivation
Part II - OpenFlow
Introduction
OpenFlow protocol
37IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
OpenFlow protocol
Part III - Use cases of SDN/OpenFlow
•Network Virtualization - FlowVisor
•RouteFlow with Demo
Virtualization – A Driving Factor for SDN
Virtualization
Abstraction between the physical resources and their
logical representation
Can be implemented in various layers of a computer
system or network
38IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
system or network
• Storage Virtualization
• Server Virtualization
• Network Virtualization
Server Virtualization
Server virtualization refers to the partitioning of the
resources of a single physical machine into
multiple execution environments each of which can
host a different server
39IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Network Virtualization
Allows heterogeneous virtual networks that are isolated, independently
managed to coexist over a shared physical network infrastructure
Network Virtualization is not a new concept. It is available in parts
currently
E.g MPLS L2VPN/L3VPN, VLAN, VRF etc
The above technologies can slice particular hardware resources (e.g., MPLS can
virtualize forwarding tables) and layers (VLANs slice the link layer)
40IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
virtualize forwarding tables) and layers (VLANs slice the link layer)
Currently no single technology or clear abstraction exists that will
virtualize the network as a whole
Models of Virtualization
• Network Slicing Model - Logically isolated network partitions are created over a
shared physical network infrastructure
• HyperVisor Model - This model combines logical computer network resources into
a single platform appearing as a single network. E.g. HyperVisor / Vswitch
• Combination of the above two models
Network Slice Model
41IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Source: ONF Forum
Virtual Switch Model
42IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Server virtualization vs Network virtualization
43IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Source: ONF Forum
FlowVisor
FlowVisor is a specialized controller using OpenFlow as a hardware abstraction layer
between the control and forwarding paths
Partitions the flow-table in each switch by keeping track of which flow-entries
belong to each guest controller
Definition of a slice
• Slice is a set of flows (called flowspace) running on a topology of switches.
Given a packet header, can decide which flowspace contains it, and hence which
slice (or slices) it belongs to
44IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
slice (or slices) it belongs to
5 Primary Slicing Dimensions
• Bandwidth
• Topology
• Traffic
• Device CPU
• Forwarding Tables
Designed with the following goals
• Transparency
• Isolation
• Slice Definition
Source: ONF Forum
Sample FlowVisor Example
Imagine a multi tenant datacenter which has
multiple customers each having their applications
deployed in the data center servers. Say the
customers wants to run their own proprietary
switching logic (Control Plane Protocols) for their
45IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
switching logic (Control Plane Protocols) for their
respective traffic.
• With the existing network architecture there is no way to address this
requirement.
• FlowVisor solves this problem by slicing the networks based on some of
the attributes either in the packet or based on the interface configs in the
OpenFlow switches.
FlowVisor Datacenter Application
46IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Source: ONF Forum
FlowVisor Operations
Slicing
nw_dst=224.x.x.x nw_dst=224.y.y.y
47IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Slicing
Policies
nw_dst=224.x.x.x and
dl_vlan = x
nw_dst=224.y.y.y and
dl_vlan = y
Agenda
Part I - SDN
Introduction and motivation
Part II - OpenFlow
Introduction
OpenFlow protocol
48IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
OpenFlow protocol
Part III - Use cases of SDN/OpenFlow
•Network Virtualization - FlowVisor
•RouteFlow with Demo
Possible use-cases
Migration path from legacy IP deployments to purely
software-defined networks (which support OpenFlow)
Open-Source framework to support the different flavours
of network virtualization (e.g., logical routers, router
aggregation / multiplexing).
IP Routing-as-a-Service models of networking
49IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
IP Routing-as-a-Service models of networking
Traditional Router
A Router Architecture
50IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Traditional Network (Both
control and data plane)
OpenFlow Network (Only data
plane)
* Figures from DROP and RouteFlow literature
RouteFlow
Provides virtualized IP routing
services over OpenFlow enabled
hardware
• OpenFlow hardware needs Flow
tables to make forwarding decisions
• Linux based routing engines
populate the FIB (Forwarding
Information Base) which is used for
the destination lookup.
51IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
the destination lookup.
• A mechanism to convert the FIB
entries to OpenFlow Flow table
entries.
IP routing table entry
Destination Gateway Genmask Iface
20.0.0.0 50.0.0.4 255.255.255.0 eth4
Flow table entry
ip,dl_dst=12:27:c6:21:d8:c3,nw_dst=20.0.0.0/24,actions=mod_dl_dst:92:aa:aa:c7:
92:03,mod_dl_src:12:27:c6:21:d8:c3,output:4
* Figure from RouteFlow literature
RouteFlow Components
Programmable switches
• OpenFlow enabled hardware
Virtual network environment
• Server virtualization technique used to create virtual
machines to reproduce the connectivity of a physical
infrastructure.
• Each VM (virtual machine) maps to one OpenFlow
52IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
• Each VM (virtual machine) maps to one OpenFlow
hardware.
• Each VM runs one instance of the IP routing engine (Any
linux based routing engine: e.g. Quagga).
• Includes the exact number of ports as well as the IP
addresses of each interface. All state information (say
routing tables) are exchanged in the virtual network by the
routing engines.
• LXC (Linux Containers) used as the virtualization
mechanism as it is a lightweight mechanism.
* Figure from RouteFlow literature
RouteFlow Components - Contd.
OVS (Open vSwitch)
• A software switch that supports OpenFlow
• Provides the required network connectivity across the VM’s.
• Depends on the RouteFlow controller to make the
decisions. Has a single Flow entry to send all the packets to
the controller.
RouteFlow protocol
• Defines message formats exchanged between the
RouteFlow Slave, RouteFlow Server and the RouteFlow
53IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
RouteFlow Slave, RouteFlow Server and the RouteFlow
Controller
RouteFlow Controller (RF-C)
• An application on top of the NOX controller (an open-source
OpenFlow controller).
• Sends packets and events its receives from OVS and
OpenFlow hardware to RouteFlow Server
• Send packets it receives from RouteFlow Server to OVS
(control packets) or OpenFlow hardware (to deal with flow
additions and deletions)
• Provides and interface to the rest of the framework to the
OpenFlow hardware.
* Figure from RouteFlow literature
RouteFlow Components - Contd.
RouteFlow Server (RF-Server)
• Keeps the core logic of the system.
• Receives the registered events from the RF-C and takes
decisions over those events (e.g. packet-in, datapath- join).
• Also receives information about route changes from the rf-
slave running in the quagga vms, which will trigger a flow
install/modification in the corresponding OpenFlow switch.
• Decides what to do with packets that arrive at the controller.
• Responsible for Virtual Machine registration and for
keeping the synchronization with the datapaths.
54IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
keeping the synchronization with the datapaths.
RouteFlow Slave (RF-Slave)
• Every VM executing an instance of the IP routing engine
has an assosciated RouteFlow Slave instance.
• Helps in the mapping between the VM interfaces and their
attachment to the Open vSwitch ports by sending probe
packets that act as a location/attachment discovery
technique.
• FIB gathering: IP and ARP tables are collected (using the
Linux Netlink API) and then translated into OpenFlow tuples
that are finally installed in the associated OpenFlow-
enabled devices in the forwarding plane.
• Agnostic of the Routing Engine.
* Figure from RouteFlow literature
Traditional Scenario
55IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
* Figure from RouteFlow literature
RouteFlow Scenario
56IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
* Figure from RouteFlow literature
57IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
* Figure from RouteFlow literature
58IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
* Figure from RouteFlow literature
rfvmA Linux FIB
Kernel IP routing table
Destination Gateway Genmask Iface
172.31.4.0 50.0.0.4 255.255.255.0 eth4
20.0.0.0 50.0.0.4 255.255.255.0 eth4
40.0.0.0 50.0.0.4 255.255.255.0 eth4
10.0.0.0 0.0.0.0 255.255.255.0 eth2
172.31.1.0 0.0.0.0 255.255.255.0 eth1
59IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
172.31.1.0 0.0.0.0 255.255.255.0 eth1
30.0.0.0 0.0.0.0 255.255.255.0 eth3
172.31.3.0 30.0.0.3 255.255.255.0 eth3
192.169.1.0 0.0.0.0 255.255.255.0 eth0
172.31.2.0 10.0.0.2 255.255.255.0 eth2
50.0.0.0 0.0.0.0 255.255.255.0 eth4
stats_reply (xid=0xb6139bb8): flags=none type=1(flow)
cookie=0, duration_sec=6s, duration_nsec=545000000s, table_id=0, priority=32792,
n_packets=0, n_bytes=0,
idle_timeout=0,hard_timeout=0,ip,dl_dst=12:27:c6:21:d8:c3,nw_dst=20.0.0.0/24,actio
ns=mod_dl_dst:92:aa:aa:c7:92:03,mod_dl_src:12:27:c6:21:d8:c3,output:4
Flow table of switch A
60IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
cookie=0, duration_sec=6s, duration_nsec=545000000s, table_id=0, priority=32792,
n_packets=0, n_bytes=0,
idle_timeout=0,hard_timeout=0,ip,dl_dst=12:27:c6:21:d8:c3,nw_dst=40.0.0.0/24,actio
ns=mod_dl_dst:92:aa:aa:c7:92:03,mod_dl_src:12:27:c6:21:d8:c3,output:4
SDN and Research
Controller Implementations - Currently three controllers are
available NOX, SNAC and Reference Controller (from OpenFlow)
OpenFlow 1.1 for Ubuntu, Centos, Debian, Fedora etc.
OpenFlowMPLS - OpenFlow MPLS is a project at Ericsson
Research on extending OpenFlow with MPLS capabilities.
pac.c: Packet and Circuit Network Convergence with OpenFlow
61IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
pac.c: Packet and Circuit Network Convergence with OpenFlow
Pantou : OpenFlow 1.0 for OpenWRT
GENI Experimental Test bed
GENI has deployed OpenFlow based network in 10
institutions and 2 National research backbones
The initial Spiral 3 GENI network core is a set of OpenFlow-
capable switches in NLR and Internet2
For e.g., Stanford operates three OpenFlow networks
SNAC is used as the controller for both the Production and
62IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
SNAC is used as the controller for both the Production and
Experimental network
The Demo network is sliced, by the FlowVisor, into several
individual slices, each of which use their own NOX-based
controller
OpenFlow had been deployed around 68 trails / deployment
networks spanning across 13 countries
http://groups.geni.net/geni/wiki/NetworkCore
Summary
SDN is an architecture of which OpenFlow is just a part
Clear Separation of control and data plane functionalities
Provides high level abstractions
Network topology
Application API
Standard vendor-agnostic interface to program the
63IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Standard vendor-agnostic interface to program the
hardware
Scalability concerns
SDN is not a magic wand to solve the current problems
Many vendors are evaluating the direction SDN will take
IP Infusion is part of the ONF forum
Open Flow Specifications
The Specification describes the protocol that is used
between an OpenFlow Switch and the OpenFlow
Controller.
There are four Specification as follows
• OpenFlow Switch Specification, Version 1.1.0 Implemented
changes
64IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
changes
• OpenFlow Switch Specification, Version 1.0.0 changes
• [Deprecated] OpenFlow Switch Specification, Version 0.9.0
• [Deprecated] OpenFlow Switch Specification, Version 0.8.9
Open Flow Working Group
openflow-discuss@lists.stanford.edu
openflow-announce@lists.stanford.edu
openflow-dev@lists.stanford.edu
openflow-spec@lists.stanford.edu.
openflow-meeting@lists.stanford.edu.
openflow-testing@lists.stanford.edu.
65IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
openflow-testing@lists.stanford.edu.
routeflow-discuss@googlegroups.com
References
"OpenFlow: Enabling Innovation in Campus Networks“ N. McKeown, T. Andershnan, G.
Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turneron, H. Balakris ACM Computer
Communication Review, Vol. 38, Issue 2, pp. 69-74 April 2008
OpenFlow Switch Specication V 1.1.0.
M. Ribeiro Nascimento, C. Esteve Rothenberg, M. R. Salvador, Carlos Corrêa, Sidney
Lucena and M. F. Magalhães. "Virtual Routers as a Service: The RouteFlow
Approach Leveraging Software-Defined Networks". In 6th International Conference on
Future Internet Technologies 2011 (CFI 11), Seoul, Korea.
Richard Wang, Dana Butnariu, and Jennifer Rexford OpenFlow-based server load balancing
gone wild, Workshop on Hot Topics in Management of Internet, Cloud, and Enterprise
66IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
gone wild, Workshop on Hot Topics in Management of Internet, Cloud, and Enterprise
Networks and Services (Hot-ICE), Boston, MA, March 2011.
Marcelo Ribeiro Nascimento, Christian Esteve Rothenberg, Marcos Rogério Salvador,
Mauricio Ferreira Magalhães. QuagFlow: Partnering Quagga with OpenFlow, To be
presented in ACM SIGCOMM 2010 Poster Session, New Delhi, India, Sep. 2010.
Saurav Das, Guru Parulkar, Preeti Singh, Daniel Getachew, Lyndon Ong, Nick McKeown,
Packet and Circuit Network Convergence with OpenFlow, Optical Fiber Conference
(OFC/NFOEC'10), San Diego, March 2010.
Nikhil Handigol, Srini Seetharaman, Mario Flajslik, Nick McKeown, Ramesh Johari, Plug-n-
Serve: Load-Balancing Web Traffic using OpenFlow, ACM SIGCOMM Demo, Aug 2009.
NOX: Towards an Operating System for Networks
https://sites.google.com/site/routeflow/home
http://www.openflow.org/
References
http://www.opennetsummit.org/
https://www.opennetworking.org/
http://conferences.sigcomm.org/sigcomm/2010/papers/sigcomm/p195.pdf
http://searchnetworking.techtarget.com/
67IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Thank You !
68IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Thank You !
Backup slides
69IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Topology Discovery
Controller maintains a network wide topology
Central controller based discovery (ex., using NOX)
Uses Link Layer Discovery Protocol (LLDP) to discover the
Layer-2 topology
Iterate over all ports of the network and send out LLDP
packets periodically
70IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
packets periodically
The LLDP packets contain the chassis ID, and the port
number of the outgoing switch/port
packet_in handler called on receipt of an LLDP packet.
Infer the link-level connectivity by querying the LLDP
packets.
Topology Discovery Contd.
Maintains an adjacency list of network links
periodically iterates over the discovered links of the network
and detects timeouts.
Timeouts update the global view and generate a node
changed event
71IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
changed event
Shortcomings:
The fundamental problem with a centralized approach to
topology discovery is that all ports must be scanned linearly
which greatly reduces response time.
Should really be implemented on the switch ?
Hybrid Model/Network Partition
SDN/OpenFlow will not be an "all or nothing" choice
It is more likely to be a hybrid model
With switches supporting both the traditional model and
OpenFlow model being deployed.
Controller 1
Hybrid OpenFlow Switch
Which allows partitioning the
72IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Experiment A/Flow Table 1
Experiment B/ Flow Table 2
Production Traffic (Normal Layer2/Layer3)
Controller 1
Controller 2
Controller 3
Which allows partitioning the
switch for different experiments
Packet Matching
OpenFlow pipeline contains multiple flow tables starting
with Table number 0
Each flow table contains one or more flow entries
Matching starts with the first flow table
If a Match is found
Instructions associated with flow entry are executed
73IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Instructions associated with flow entry are executed
Instruction may direct the packet to next flow table in
pipeline
When processing stops, the associated action set is
applied and packet forwarded
Instructions describe packet forwarding, packet
modification, group table processing and pipeline
processing
Components of OpenFlow Network
Controller
Provides a network wide abstraction for the
applications on one side and uses the OpenFlow
protocol to communicate with a OpenFlow aware
switch
74IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
Flow Table
Consists of a Flow entry and an action associated with
each flow entry to tell the switch how to process the
flow.
Secure Channel.
Connects the switch to the controller, allowing
commands and packets to be sent between a
controller and the switch through OpenFlow protocol .

More Related Content

What's hot

Software-Defined Networking (SDN): Unleashing the Power of the Network
Software-Defined Networking (SDN): Unleashing the Power of the NetworkSoftware-Defined Networking (SDN): Unleashing the Power of the Network
Software-Defined Networking (SDN): Unleashing the Power of the Network
Robert Keahey
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFV
Kingston Smiler
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center Networking
Thomas Graf
 

What's hot (20)

Software-Defined Networking (SDN): Unleashing the Power of the Network
Software-Defined Networking (SDN): Unleashing the Power of the NetworkSoftware-Defined Networking (SDN): Unleashing the Power of the Network
Software-Defined Networking (SDN): Unleashing the Power of the Network
 
Nfv
NfvNfv
Nfv
 
SDN Fundamentals - short presentation
SDN Fundamentals -  short presentationSDN Fundamentals -  short presentation
SDN Fundamentals - short presentation
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
OSPF v3
OSPF v3OSPF v3
OSPF v3
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
 
OpenFlow
OpenFlowOpenFlow
OpenFlow
 
Software Defined Networks
Software Defined NetworksSoftware Defined Networks
Software Defined Networks
 
SDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual NetworkSDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual Network
 
Introduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application DevelopmentIntroduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application Development
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFV
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center Networking
 
SDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined Networking
 
Introduction to CloudHub 2.0
Introduction to CloudHub 2.0Introduction to CloudHub 2.0
Introduction to CloudHub 2.0
 
SDN Presentation
SDN PresentationSDN Presentation
SDN Presentation
 
Software Defined Network (SDN)
Software Defined Network (SDN)Software Defined Network (SDN)
Software Defined Network (SDN)
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorial
 
Sdn and open flow tutorial 4
Sdn and open flow tutorial 4Sdn and open flow tutorial 4
Sdn and open flow tutorial 4
 
VPN
VPNVPN
VPN
 

Similar to Tutorial on SDN and OpenFlow

Fi ware short overview - zaragoza
Fi ware short overview - zaragoza Fi ware short overview - zaragoza
Fi ware short overview - zaragoza
Jose Jimenez
 
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Cisco Canada
 

Similar to Tutorial on SDN and OpenFlow (20)

F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
 
The “Open” in Open Networking
The “Open” in Open NetworkingThe “Open” in Open Networking
The “Open” in Open Networking
 
Delivering Network Innovation with SDN - Tom Nadeau
Delivering Network Innovation with SDN - Tom Nadeau Delivering Network Innovation with SDN - Tom Nadeau
Delivering Network Innovation with SDN - Tom Nadeau
 
SDN / NFV opensource and standards in wireless networks 2015 for cnv
SDN  / NFV opensource and standards in wireless networks 2015 for cnvSDN  / NFV opensource and standards in wireless networks 2015 for cnv
SDN / NFV opensource and standards in wireless networks 2015 for cnv
 
Data Center: New Frontiers - Clive D'Souza
Data Center: New Frontiers - Clive D'SouzaData Center: New Frontiers - Clive D'Souza
Data Center: New Frontiers - Clive D'Souza
 
Software Defined Networking/Openflow: A path to Programmable Networks
Software Defined Networking/Openflow: A path to Programmable NetworksSoftware Defined Networking/Openflow: A path to Programmable Networks
Software Defined Networking/Openflow: A path to Programmable Networks
 
Fi ware short overview - zaragoza
Fi ware short overview - zaragoza Fi ware short overview - zaragoza
Fi ware short overview - zaragoza
 
Hp helion meetup_networking_sdn
Hp helion meetup_networking_sdnHp helion meetup_networking_sdn
Hp helion meetup_networking_sdn
 
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
 
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELA Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
 
Smarter Cities on Open SDN Networks
Smarter Cities on Open SDN NetworksSmarter Cities on Open SDN Networks
Smarter Cities on Open SDN Networks
 
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
 
About Brain4Net, Inc. - July 2015
About Brain4Net, Inc. - July 2015About Brain4Net, Inc. - July 2015
About Brain4Net, Inc. - July 2015
 
Ch 01 --- introduction to sdn-nfv
Ch 01 --- introduction to sdn-nfvCh 01 --- introduction to sdn-nfv
Ch 01 --- introduction to sdn-nfv
 
SDN use cases_2014
SDN use cases_2014SDN use cases_2014
SDN use cases_2014
 
7th SDN Expert Group Seminar - Session4
7th SDN Expert Group Seminar - Session47th SDN Expert Group Seminar - Session4
7th SDN Expert Group Seminar - Session4
 
Unified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application FluencyUnified Access from Application Chaos to Application Fluency
Unified Access from Application Chaos to Application Fluency
 
Architecture of OpenFlow SDNs
Architecture of OpenFlow SDNsArchitecture of OpenFlow SDNs
Architecture of OpenFlow SDNs
 
2nd sdn interest group session1 (121218)
2nd sdn interest group   session1 (121218)2nd sdn interest group   session1 (121218)
2nd sdn interest group session1 (121218)
 
SDN Realized Application Directed Networking
SDN Realized Application Directed NetworkingSDN Realized Application Directed Networking
SDN Realized Application Directed Networking
 

Recently uploaded

一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
Fir
 
原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样
AS
 
一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书
A
 
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
AS
 
一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理
AS
 
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
musaddumba454
 
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
Fi
 
原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样
A
 
一比一定制美国罗格斯大学毕业证学位证书
一比一定制美国罗格斯大学毕业证学位证书一比一定制美国罗格斯大学毕业证学位证书
一比一定制美国罗格斯大学毕业证学位证书
A
 
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
hfkmxufye
 
一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理
A
 

Recently uploaded (20)

一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
 
原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样
 
一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书
 
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
 
一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理
 
Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303
 
VIP ℂall Girls Bangalore 8250077686 WhatsApp: Me All Time Serviℂe Available D...
VIP ℂall Girls Bangalore 8250077686 WhatsApp: Me All Time Serviℂe Available D...VIP ℂall Girls Bangalore 8250077686 WhatsApp: Me All Time Serviℂe Available D...
VIP ℂall Girls Bangalore 8250077686 WhatsApp: Me All Time Serviℂe Available D...
 
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
 
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
 
GOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdfGOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdf
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
 
原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
 
一比一定制美国罗格斯大学毕业证学位证书
一比一定制美国罗格斯大学毕业证学位证书一比一定制美国罗格斯大学毕业证学位证书
一比一定制美国罗格斯大学毕业证学位证书
 
Washington Football Commanders Redskins Feathers Shirt
Washington Football Commanders Redskins Feathers ShirtWashington Football Commanders Redskins Feathers Shirt
Washington Football Commanders Redskins Feathers Shirt
 
Free on Wednesdays T Shirts Free on Wednesdays Sweatshirts
Free on Wednesdays T Shirts Free on Wednesdays SweatshirtsFree on Wednesdays T Shirts Free on Wednesdays Sweatshirts
Free on Wednesdays T Shirts Free on Wednesdays Sweatshirts
 
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
 
一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理
 
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic ManagementBeyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Management
 

Tutorial on SDN and OpenFlow

  • 1. SDN and OpenFlow A Tutorial 1IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Presenters Rajasri K (rajasrik@ipinfusion.com) Srikanth K (srikanth.krishnamohan@ipinfusion.com) Kingston S (kingstons@ipinfusion.com) Bhaskar R (bhaskarr@ipinfusion.com)
  • 2. Disclaimer: This is not a committed development schedule. All roadmap items presented are tentative The roadmap reflects projected plans based on preliminary requirements analysis of the market. All roadmap data is subject to change as necessary The development, release, and timing of features or functionality described for IP Infusion Inc.' products remains at the sole discretion of IP Infusion Inc. 2IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. This roadmap is not a commitment to deliver any material, code, or functionality This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. IP Infusion, Inc. reserves the right to revise this document and to make changes to its content, at any time. IP Infusion, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
  • 3. Agenda Part I - SDN • Introduction and motivation Part II - OpenFlow • Introduction • OpenFlow protocol 3IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. • OpenFlow protocol Part III - Use cases of SDN/OpenFlow •Network Virtualization - FlowVisor •RouteFlow with Demo
  • 4. Traditional network node Typical Networking Software • Control Plane -The brain/decision maker • Data Plane - packet forwarder • Management plane 4IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Ethernet SwitchEthernet Switch Data Path (Hardware)Data Path (Hardware) Control Path (Software)Control Path (Software)
  • 5. SDN entity App 1 App 2 5IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Data Path (Hardware)Data Path (Hardware) SDN clientSDN client SDN Controller (server) Ethernet SwitchEthernet Switch Controller (server) SDN Protocol –Open Flow
  • 6. Drawbacks of existing network Difficult to perform real world experiments on large scale production networks Research stagnation - Huge costly equipment to be procured and networks to be setup by each team for research Lots of deployed innovation in other areas 6IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Networks have remained the same for many years Rate of innovation in networks is slower – lack of high level abstraction Closed Systems Stuck with interfaces Hard to collaborate meaningfully Vendors starting to open-up but not meaningfully
  • 7. Drawbacks of existing network – Contd. Network Equipment in recent decades Hardware centric – usage of custom ASICs • Why? • Growth in network capacity • Faster packet switching capability 7IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. • Faster packet switching capability • Impact • Slower Innovation • Reduced flexibility once chips are fabricated •Firmware provides some programmability
  • 8. Drawbacks of existing network – Contd. Vendor specific software • Why •IPR generation, increased competition •Custom built - Efficient • Impact 8IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. • Impact • Closed software • Non-standard interfaces to H/W Proprietary networking devices with proprietary software and hardware • Innovation is limited to vendor/ vendor partners • Huge barriers for new ideas in networking
  • 9. 9IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Source: ONF Forum
  • 10. 10IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Source: ONF Forum
  • 11. SDN “Software Defined Networking” SDN Principles Separate Control plane and Data plane entities Execute or run Control plane software on general purpose hardware Decouple from specific networking hardware Use commodity servers 11IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Use commodity servers Have programmable data planes Maintain, control and program data plane state from a central entity An architecture to control not just a networking device but an entire network.
  • 12. SDN 12IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Source: ONF Forum
  • 13. SDN Standard Bodies Open Networking Foundation • http://www.openflow.org/ • https://www.opennetworking.org/ 13IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. IETF • http://tools.ietf.org/html/draft-nadeau-sdn-problem-statement-00 • http://tools.ietf.org/html/draft-nadeau-sdn-framework-01
  • 14. Need for SDN Facilitate Innovation in Network Layered architecture with Standard Open Interfaces Independent innovation at each layer Experiment and research using non-bulky, non-expensive equipment More accessibility since software can be easily developed by more vendors 14IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. by more vendors Speed-to-market – no hardware fabrication cycles More flexibility with programmability Ease of customization and integration with other software applications Fast upgrades Program a network vs Configure a network
  • 15. Evolving Networking Trends 15IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Source: ONF Forum
  • 16. SDN Architecture Data Forwarding Network Operating System Routing Traffic Engineering Other Applications Control Plane 16IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Data Forwarding (OpenFlow Switch) Data Forwarding (OpenFlow Switch) Data Forwarding (OpenFlow Switch) Data Forwarding (OpenFlow Switch) Data Plane
  • 17. SDN – A new paradigm Software-Centric-Network • Network devices expose SDKs • Third-party application development and integration • Software vendors develop network applications 17IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. • Software vendors develop network applications • Standards for network applications
  • 18. SDN – A new paradigm SDN entities A general purpose commodity-off-the-shelf hardware A real time optimized operating system – mostly Linux based Perhaps, some high end power and multi-port NIC 18IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Perhaps, some high end power and multi-port NIC cards Integration with other new trends in servers viz • Virtualization • Parallelization • Modularity
  • 19. Key Attributes for SDN Success Architecture for a Network Operating System with a service/application oriented namespace Resource virtualization and aggregation (pooling to achieve scaling) 19IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. (pooling to achieve scaling) Appropriate abstractions to foster simplification Decouple topology, traffic and inter-layer dependencies Dynamic multi-layer networking
  • 20. Agenda Part I - SDN • Introduction and motivation Part II - OpenFlow • Introduction • OpenFlow protocol 20IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. • OpenFlow protocol Part III - Use cases of SDN/OpenFlow •Network Virtualization - FlowVisor •RouteFlow with Demo
  • 21. Part II - SDN and Open Flow 21IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Source: ONF Forum
  • 22. Open Flow General Myth SDN is Open Flow Reality 22IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Reality OpenFlow is an open API that provides a standard interface for programming the data plane switches
  • 23. What is Open Flow OpenFlow is like an x86 instruction set for the network Provides open interface to “black box” networking node (ie. Routers, L2/L3 switch) to enable visibility and openness in network Separation of control plane and data plane. The datapath of an OpenFlow Switch consists of a Flow Table, 23IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. The datapath of an OpenFlow Switch consists of a Flow Table, and an action associated with each flow entry The control path consists of a controller which programs the flow entry in the flow table OpenFlow is based on an Ethernet switch, with an internal flow-table, and a standardized interface to add and remove flow entries
  • 24. Controller OpenFlow Switch Secure Channel Secure Channel PC sw OpenFlow Switch specification Components of OpenFlow Network 24IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Flow Table Flow Table hw * Figure From OpenFlow Switch Specification
  • 25. Centralized Vs Distributed Control 25IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. One OpenFlow switch cannot be controlled by two controllers with out additional abstractions Source: ONF Forum
  • 26. Open Flow Protocol Messages Controller-to-Switch - initiated by the controller and used to directly manage or inspect the state of the switch • Features, Config, Modify State, Read-State, Packet-Out, Barrier Asynchronous messages are sent 26IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Asynchronous - Asynchronous messages are sent without the controller soliciting them from a switch • Packet-in, Flow Removed / Expiration, Port- status, Error Symmetric - Symmetric messages are sent without solicitation, in either direction • Hello, Echo, Experimenter / Vendor
  • 27. Secure Channel (SC) SC is the Interface that connects each OpenFlow switch to controller A controller configures and manages the switch, receives events from the switch, and send packets out the switch via this interface 27IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. SC establishes and terminates the connection between OpenFlow Switch and the controller using Connection Setup and Connection Interruption procedures The SC connection is a TLS connection. Switch and controller mutually authenticate by exchanging certificates signed by a site-specific private key
  • 28. Packet Matching Packet In Start at Flow table 0 Match in Table 0? Update Counters Execute Instruction Set • Update action set • Update packet/match set fields Go to Table n? yes yes 28IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Table 0? • Update packet/match set fields • Update metadata Table n? Based on table configuration, do one • Send to controller • Drop • Continue to next table no Execute Action Set no * Figure From OpenFlow Switch Specification
  • 29. Pipeline Processing 29IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. * Figure From OpenFlow Switch Specification
  • 30. Instructions & Action Set Each flow entry contains a set of instructions that are executed when a packet matches the entry Instructions contain either a set of actions to add to the action set, contains a list of actions to apply immediately to the packet, or modifies pipeline processing. An Action set is associated with each packet. Its empty by 30IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. An Action set is associated with each packet. Its empty by default Action set is carried between flow tables A flow entry modifies action set using Write-Action or Clear-Action instruction Processing stops when the instruction does not contain Goto-Table and the actions in the set are executed.
  • 31. Instructions & Action Set – Contd. List of Instructions to modify action set Apply Actions Apply the specified actions immediately Clear Actions Clear all the actions in the set immediately Write Actions 31IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Write Actions Merge the specified actions to the current set Write Metadata Write the meta data field with the specified value Goto-Table Indicated the next table in the processing pipeline
  • 32. Actions List of Actions Required Actions Output – Forward a packet to the specified port Drop Group 32IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Group Optional Actions Set-Queue Push/Pop Tag Set-Field
  • 33. Flow Table Entry 1. Forward packet to port(s) Packet + byte counters Matching Rules Statistics Instructions 33IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. 1. Forward packet to port(s) 2. Encapsulate and forward to controller 3. Drop packet 4. Send to normal processing pipeline
  • 34. Flow Switching/Routing Layer 2 Switching (MAC/VLAN) Layer 3 Routing Fields to match against flows 34IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Wild Card Matching: Aggregated MAC-subnet: MAC-src: A.*, MAC-dst: B.* Aggregated IP-subnet: IP-src: 192.168.*/24, IP-dst: 200.12.*/24 Fields to match against flows Wild Card Filters IN Port VLAN ID VLAN Priority Ether Frame Type IP Type of Service IP Protocol TCP/UDP Src Port TCP/UDP Dst Port VLAN Priority MPLS Label IP Type of Service IP Src Address
  • 35. Load Balancing Network Operating System Current methods use uniform distribution of traffic Not based on network congestion and server load More adaptive algorithms can be implemented by using OpenFlow Monitor the network traffic Program flows based on demand and server capacity 35IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Collect Statistics/O bserve load patterns Network Operating System Data Forwarding (OpenFlow Switch) Data Forwarding (OpenFlow Switch) Program Flow Entries Dynamic load balancing using OpenFlow
  • 36. Dynamic flow modification A microflow rule matches on all fields A wildcard rule can have “don’t care” bits in some fields Rules can be installed with a timeout Delete the rule after a fixed time interval (a hard timeout) Specified period of inactivity (a soft timeout) Switch counts the number of bytes and packets matching each rule, and the controller can poll these counter values. 36IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Server 2 Server 1 Balancing SwitchIncoming Requests R1 R2 R1 R2 192.168.*/24 200.12.*/24300.12.*/24 200.12.*/24 300.12.*/24
  • 37. Agenda Part I - SDN Introduction and motivation Part II - OpenFlow Introduction OpenFlow protocol 37IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. OpenFlow protocol Part III - Use cases of SDN/OpenFlow •Network Virtualization - FlowVisor •RouteFlow with Demo
  • 38. Virtualization – A Driving Factor for SDN Virtualization Abstraction between the physical resources and their logical representation Can be implemented in various layers of a computer system or network 38IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. system or network • Storage Virtualization • Server Virtualization • Network Virtualization
  • 39. Server Virtualization Server virtualization refers to the partitioning of the resources of a single physical machine into multiple execution environments each of which can host a different server 39IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
  • 40. Network Virtualization Allows heterogeneous virtual networks that are isolated, independently managed to coexist over a shared physical network infrastructure Network Virtualization is not a new concept. It is available in parts currently E.g MPLS L2VPN/L3VPN, VLAN, VRF etc The above technologies can slice particular hardware resources (e.g., MPLS can virtualize forwarding tables) and layers (VLANs slice the link layer) 40IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. virtualize forwarding tables) and layers (VLANs slice the link layer) Currently no single technology or clear abstraction exists that will virtualize the network as a whole Models of Virtualization • Network Slicing Model - Logically isolated network partitions are created over a shared physical network infrastructure • HyperVisor Model - This model combines logical computer network resources into a single platform appearing as a single network. E.g. HyperVisor / Vswitch • Combination of the above two models
  • 41. Network Slice Model 41IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Source: ONF Forum
  • 42. Virtual Switch Model 42IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
  • 43. Server virtualization vs Network virtualization 43IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Source: ONF Forum
  • 44. FlowVisor FlowVisor is a specialized controller using OpenFlow as a hardware abstraction layer between the control and forwarding paths Partitions the flow-table in each switch by keeping track of which flow-entries belong to each guest controller Definition of a slice • Slice is a set of flows (called flowspace) running on a topology of switches. Given a packet header, can decide which flowspace contains it, and hence which slice (or slices) it belongs to 44IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. slice (or slices) it belongs to 5 Primary Slicing Dimensions • Bandwidth • Topology • Traffic • Device CPU • Forwarding Tables Designed with the following goals • Transparency • Isolation • Slice Definition Source: ONF Forum
  • 45. Sample FlowVisor Example Imagine a multi tenant datacenter which has multiple customers each having their applications deployed in the data center servers. Say the customers wants to run their own proprietary switching logic (Control Plane Protocols) for their 45IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. switching logic (Control Plane Protocols) for their respective traffic. • With the existing network architecture there is no way to address this requirement. • FlowVisor solves this problem by slicing the networks based on some of the attributes either in the packet or based on the interface configs in the OpenFlow switches.
  • 46. FlowVisor Datacenter Application 46IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Source: ONF Forum
  • 47. FlowVisor Operations Slicing nw_dst=224.x.x.x nw_dst=224.y.y.y 47IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Slicing Policies nw_dst=224.x.x.x and dl_vlan = x nw_dst=224.y.y.y and dl_vlan = y
  • 48. Agenda Part I - SDN Introduction and motivation Part II - OpenFlow Introduction OpenFlow protocol 48IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. OpenFlow protocol Part III - Use cases of SDN/OpenFlow •Network Virtualization - FlowVisor •RouteFlow with Demo
  • 49. Possible use-cases Migration path from legacy IP deployments to purely software-defined networks (which support OpenFlow) Open-Source framework to support the different flavours of network virtualization (e.g., logical routers, router aggregation / multiplexing). IP Routing-as-a-Service models of networking 49IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. IP Routing-as-a-Service models of networking
  • 50. Traditional Router A Router Architecture 50IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Traditional Network (Both control and data plane) OpenFlow Network (Only data plane) * Figures from DROP and RouteFlow literature
  • 51. RouteFlow Provides virtualized IP routing services over OpenFlow enabled hardware • OpenFlow hardware needs Flow tables to make forwarding decisions • Linux based routing engines populate the FIB (Forwarding Information Base) which is used for the destination lookup. 51IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. the destination lookup. • A mechanism to convert the FIB entries to OpenFlow Flow table entries. IP routing table entry Destination Gateway Genmask Iface 20.0.0.0 50.0.0.4 255.255.255.0 eth4 Flow table entry ip,dl_dst=12:27:c6:21:d8:c3,nw_dst=20.0.0.0/24,actions=mod_dl_dst:92:aa:aa:c7: 92:03,mod_dl_src:12:27:c6:21:d8:c3,output:4 * Figure from RouteFlow literature
  • 52. RouteFlow Components Programmable switches • OpenFlow enabled hardware Virtual network environment • Server virtualization technique used to create virtual machines to reproduce the connectivity of a physical infrastructure. • Each VM (virtual machine) maps to one OpenFlow 52IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. • Each VM (virtual machine) maps to one OpenFlow hardware. • Each VM runs one instance of the IP routing engine (Any linux based routing engine: e.g. Quagga). • Includes the exact number of ports as well as the IP addresses of each interface. All state information (say routing tables) are exchanged in the virtual network by the routing engines. • LXC (Linux Containers) used as the virtualization mechanism as it is a lightweight mechanism. * Figure from RouteFlow literature
  • 53. RouteFlow Components - Contd. OVS (Open vSwitch) • A software switch that supports OpenFlow • Provides the required network connectivity across the VM’s. • Depends on the RouteFlow controller to make the decisions. Has a single Flow entry to send all the packets to the controller. RouteFlow protocol • Defines message formats exchanged between the RouteFlow Slave, RouteFlow Server and the RouteFlow 53IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. RouteFlow Slave, RouteFlow Server and the RouteFlow Controller RouteFlow Controller (RF-C) • An application on top of the NOX controller (an open-source OpenFlow controller). • Sends packets and events its receives from OVS and OpenFlow hardware to RouteFlow Server • Send packets it receives from RouteFlow Server to OVS (control packets) or OpenFlow hardware (to deal with flow additions and deletions) • Provides and interface to the rest of the framework to the OpenFlow hardware. * Figure from RouteFlow literature
  • 54. RouteFlow Components - Contd. RouteFlow Server (RF-Server) • Keeps the core logic of the system. • Receives the registered events from the RF-C and takes decisions over those events (e.g. packet-in, datapath- join). • Also receives information about route changes from the rf- slave running in the quagga vms, which will trigger a flow install/modification in the corresponding OpenFlow switch. • Decides what to do with packets that arrive at the controller. • Responsible for Virtual Machine registration and for keeping the synchronization with the datapaths. 54IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. keeping the synchronization with the datapaths. RouteFlow Slave (RF-Slave) • Every VM executing an instance of the IP routing engine has an assosciated RouteFlow Slave instance. • Helps in the mapping between the VM interfaces and their attachment to the Open vSwitch ports by sending probe packets that act as a location/attachment discovery technique. • FIB gathering: IP and ARP tables are collected (using the Linux Netlink API) and then translated into OpenFlow tuples that are finally installed in the associated OpenFlow- enabled devices in the forwarding plane. • Agnostic of the Routing Engine. * Figure from RouteFlow literature
  • 55. Traditional Scenario 55IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. * Figure from RouteFlow literature
  • 56. RouteFlow Scenario 56IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. * Figure from RouteFlow literature
  • 57. 57IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. * Figure from RouteFlow literature
  • 58. 58IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. * Figure from RouteFlow literature
  • 59. rfvmA Linux FIB Kernel IP routing table Destination Gateway Genmask Iface 172.31.4.0 50.0.0.4 255.255.255.0 eth4 20.0.0.0 50.0.0.4 255.255.255.0 eth4 40.0.0.0 50.0.0.4 255.255.255.0 eth4 10.0.0.0 0.0.0.0 255.255.255.0 eth2 172.31.1.0 0.0.0.0 255.255.255.0 eth1 59IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. 172.31.1.0 0.0.0.0 255.255.255.0 eth1 30.0.0.0 0.0.0.0 255.255.255.0 eth3 172.31.3.0 30.0.0.3 255.255.255.0 eth3 192.169.1.0 0.0.0.0 255.255.255.0 eth0 172.31.2.0 10.0.0.2 255.255.255.0 eth2 50.0.0.0 0.0.0.0 255.255.255.0 eth4
  • 60. stats_reply (xid=0xb6139bb8): flags=none type=1(flow) cookie=0, duration_sec=6s, duration_nsec=545000000s, table_id=0, priority=32792, n_packets=0, n_bytes=0, idle_timeout=0,hard_timeout=0,ip,dl_dst=12:27:c6:21:d8:c3,nw_dst=20.0.0.0/24,actio ns=mod_dl_dst:92:aa:aa:c7:92:03,mod_dl_src:12:27:c6:21:d8:c3,output:4 Flow table of switch A 60IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. cookie=0, duration_sec=6s, duration_nsec=545000000s, table_id=0, priority=32792, n_packets=0, n_bytes=0, idle_timeout=0,hard_timeout=0,ip,dl_dst=12:27:c6:21:d8:c3,nw_dst=40.0.0.0/24,actio ns=mod_dl_dst:92:aa:aa:c7:92:03,mod_dl_src:12:27:c6:21:d8:c3,output:4
  • 61. SDN and Research Controller Implementations - Currently three controllers are available NOX, SNAC and Reference Controller (from OpenFlow) OpenFlow 1.1 for Ubuntu, Centos, Debian, Fedora etc. OpenFlowMPLS - OpenFlow MPLS is a project at Ericsson Research on extending OpenFlow with MPLS capabilities. pac.c: Packet and Circuit Network Convergence with OpenFlow 61IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. pac.c: Packet and Circuit Network Convergence with OpenFlow Pantou : OpenFlow 1.0 for OpenWRT
  • 62. GENI Experimental Test bed GENI has deployed OpenFlow based network in 10 institutions and 2 National research backbones The initial Spiral 3 GENI network core is a set of OpenFlow- capable switches in NLR and Internet2 For e.g., Stanford operates three OpenFlow networks SNAC is used as the controller for both the Production and 62IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. SNAC is used as the controller for both the Production and Experimental network The Demo network is sliced, by the FlowVisor, into several individual slices, each of which use their own NOX-based controller OpenFlow had been deployed around 68 trails / deployment networks spanning across 13 countries http://groups.geni.net/geni/wiki/NetworkCore
  • 63. Summary SDN is an architecture of which OpenFlow is just a part Clear Separation of control and data plane functionalities Provides high level abstractions Network topology Application API Standard vendor-agnostic interface to program the 63IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Standard vendor-agnostic interface to program the hardware Scalability concerns SDN is not a magic wand to solve the current problems Many vendors are evaluating the direction SDN will take IP Infusion is part of the ONF forum
  • 64. Open Flow Specifications The Specification describes the protocol that is used between an OpenFlow Switch and the OpenFlow Controller. There are four Specification as follows • OpenFlow Switch Specification, Version 1.1.0 Implemented changes 64IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. changes • OpenFlow Switch Specification, Version 1.0.0 changes • [Deprecated] OpenFlow Switch Specification, Version 0.9.0 • [Deprecated] OpenFlow Switch Specification, Version 0.8.9
  • 65. Open Flow Working Group openflow-discuss@lists.stanford.edu openflow-announce@lists.stanford.edu openflow-dev@lists.stanford.edu openflow-spec@lists.stanford.edu. openflow-meeting@lists.stanford.edu. openflow-testing@lists.stanford.edu. 65IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. openflow-testing@lists.stanford.edu. routeflow-discuss@googlegroups.com
  • 66. References "OpenFlow: Enabling Innovation in Campus Networks“ N. McKeown, T. Andershnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turneron, H. Balakris ACM Computer Communication Review, Vol. 38, Issue 2, pp. 69-74 April 2008 OpenFlow Switch Specication V 1.1.0. M. Ribeiro Nascimento, C. Esteve Rothenberg, M. R. Salvador, Carlos Corrêa, Sidney Lucena and M. F. Magalhães. "Virtual Routers as a Service: The RouteFlow Approach Leveraging Software-Defined Networks". In 6th International Conference on Future Internet Technologies 2011 (CFI 11), Seoul, Korea. Richard Wang, Dana Butnariu, and Jennifer Rexford OpenFlow-based server load balancing gone wild, Workshop on Hot Topics in Management of Internet, Cloud, and Enterprise 66IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. gone wild, Workshop on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services (Hot-ICE), Boston, MA, March 2011. Marcelo Ribeiro Nascimento, Christian Esteve Rothenberg, Marcos Rogério Salvador, Mauricio Ferreira Magalhães. QuagFlow: Partnering Quagga with OpenFlow, To be presented in ACM SIGCOMM 2010 Poster Session, New Delhi, India, Sep. 2010. Saurav Das, Guru Parulkar, Preeti Singh, Daniel Getachew, Lyndon Ong, Nick McKeown, Packet and Circuit Network Convergence with OpenFlow, Optical Fiber Conference (OFC/NFOEC'10), San Diego, March 2010. Nikhil Handigol, Srini Seetharaman, Mario Flajslik, Nick McKeown, Ramesh Johari, Plug-n- Serve: Load-Balancing Web Traffic using OpenFlow, ACM SIGCOMM Demo, Aug 2009. NOX: Towards an Operating System for Networks https://sites.google.com/site/routeflow/home http://www.openflow.org/
  • 68. Thank You ! 68IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Thank You !
  • 69. Backup slides 69IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc.
  • 70. Topology Discovery Controller maintains a network wide topology Central controller based discovery (ex., using NOX) Uses Link Layer Discovery Protocol (LLDP) to discover the Layer-2 topology Iterate over all ports of the network and send out LLDP packets periodically 70IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. packets periodically The LLDP packets contain the chassis ID, and the port number of the outgoing switch/port packet_in handler called on receipt of an LLDP packet. Infer the link-level connectivity by querying the LLDP packets.
  • 71. Topology Discovery Contd. Maintains an adjacency list of network links periodically iterates over the discovered links of the network and detects timeouts. Timeouts update the global view and generate a node changed event 71IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. changed event Shortcomings: The fundamental problem with a centralized approach to topology discovery is that all ports must be scanned linearly which greatly reduces response time. Should really be implemented on the switch ?
  • 72. Hybrid Model/Network Partition SDN/OpenFlow will not be an "all or nothing" choice It is more likely to be a hybrid model With switches supporting both the traditional model and OpenFlow model being deployed. Controller 1 Hybrid OpenFlow Switch Which allows partitioning the 72IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Experiment A/Flow Table 1 Experiment B/ Flow Table 2 Production Traffic (Normal Layer2/Layer3) Controller 1 Controller 2 Controller 3 Which allows partitioning the switch for different experiments
  • 73. Packet Matching OpenFlow pipeline contains multiple flow tables starting with Table number 0 Each flow table contains one or more flow entries Matching starts with the first flow table If a Match is found Instructions associated with flow entry are executed 73IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Instructions associated with flow entry are executed Instruction may direct the packet to next flow table in pipeline When processing stops, the associated action set is applied and packet forwarded Instructions describe packet forwarding, packet modification, group table processing and pipeline processing
  • 74. Components of OpenFlow Network Controller Provides a network wide abstraction for the applications on one side and uses the OpenFlow protocol to communicate with a OpenFlow aware switch 74IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. Flow Table Consists of a Flow entry and an action associated with each flow entry to tell the switch how to process the flow. Secure Channel. Connects the switch to the controller, allowing commands and packets to be sent between a controller and the switch through OpenFlow protocol .