Uploaded bynvirters
PPTX, PDF2,994 views

Virt july-2013-meetup

This document introduces programmable virtual networks and discusses their advantages over traditional network slicing. It describes FlowVisor, an early network slicing tool, and its limitations in providing full network virtualization. The document then introduces OpenVirteX, a new system that aims to provide complete programmable virtual networks through topology, address, and policy virtualization. OpenVirteX maps virtual and physical network elements and allows independent control of virtual networks. While still in development, OpenVirteX has the potential to enable more flexible and innovative virtualized networks than previous solutions.

Embed presentation

Downloaded 175 times
Programmable Virtual Networks From Network Slicing To Network Virtualization Ali Al-Shabibi Open Networking Laboratory
Outline • Define FlowVisor – It’s design goal – It’s success – It’s limitation • Describe and define Network Virtualization • Introduce the OpenVirteX (formerly known as NetVisor), which provides programmable virtual networks
Why FlowVisor? Good ideas rarely get deployed Also require access to real world traffic New services may require changes to switch software Experimenters want to control the behaviour of their network Evaluating new network services is hard
OK… Why is it hard?
Current Virtualization à la FlowVisor • Network Slice = Collection of sliced switches, links, and traffic or header space • Each slice associated to a controller • Transparent slicing, i.e., every slice believes it has full and sole control of datapath  FV enforces traffic and slice isolation Not a generalized virtualization
Great! What about real traffic? • FlowVisor allows users to opt-in to services in real-time – Individual flows can be delegated to a slice by a user – Admins can add policy to slice dynamically FlowVisor Web Slice VoIP Slice Video Slice All the rest
Sprinkle some resource limits • Slicing resources includes: – Specifying the link bandwidth – Maximum number of forwarding rules – Fraction of switch CPU FlowSpace: Which slice controls which packet?
Mapping Packets to Slices
FlowVisor Where does it live? • Sits between switches and controllers • Speaks OpenFlow up and down. • Acts like a proxy to switches and controllers • Datapaths and controllers run unmodified
What kind of magic is this? PacketIn from datapath Who controls this packet? It this action allowed?
Message Handling - PacketIn PacketIn Drop if controller is not connected. Is LLDP? Send to appropriate slice. Yes Extract match structure and match FlowSpace No Done Insert a drop rule. No Yes Drop if controller is not connected. Yes Send to slice. Are actions allowed? Log exception. Nomatch Has packet been send to a slice? No match
Message Handling - FlowMod FlowMod Slicing permitted? Slice Actions Send Error. Log exception No Extract match struct and intersect FlowSpace Yes For each intersection, rewrite original flowmod with flowspace info. Has slice permissions? Intersections No Intersections Zero rewrites? Log exception Done Yes No
FlowVisor Highlights • Demonstrations: – Open Networking Summit ’12 and ’13 – GENI GEC 9 – Best demo at SIGCOMM ’09 • Deployments : – GENI – OFELIA – Stanford Production Network – In use at NEC and Ericsson labs, as well as other vendors • 3 releases in the past year – 1.0 release downloaded over 70 times in one day
FlowVisor Downloaders Release 1.0 UniversityResearch Georgia Tech Rutgers KSU U of Wisconsin U of Utah Clemson R&ENetworks APNIC BBN NYSERNet CENIC CommercialNetworkOps AT&T Comcast EarthLink PSINet RCN Vendors Goldman Sachs Cisco Aruba NEC Ericsson
FlowVisor Summary • FlowVisor introduces the concept of a network slice • Not a complete virtualization solution. • Originally designed to test new network services on production taffic • But, it’s really only a Network Slicer! FlowVisor provides network slicing but not a complete network virtualization.
What should Network Virtualization be? • Conceptually introduces virtual network which is decoupled from physical network • Should not change the abstractions we know and love of physical networks • Should provide some new one: Instantiation, deletion, service deployment, migration, etc. At least what I think ;)
MPLS VRF Overlays TRILL VLAN VPN What is Network Virtualization? None of these give you a virtual network They merely virtualize one aspect of a network Topology Virtualization • Virtual links • Virtual nodes • Decoupled from physical network Address Virtualization • Virtual Addressing • Maintain current abstractions • Add some new ones Policy Virtualization • Who controls what? • What guarantees are enforced?
Network Virtualization vs. Network Slicing Slicing • Sorry, you can’t. • You need to discriminate traffic of two networks with something other than the existing header bits • Thus no address or complex topology virtualization Network virtualization • Virtual nets are completely independent • Virtual nets are distinguished by the tenant id • Complete address and topology virtualization
Virtualization State of the Art • Functionality implemented at the edge • Use of tunneling techniques, such as STT, VXLAN, GRE • Network core is not available for innovation • Closed source controller controls the behaviour of the network • Provides address and topology virtualization, but limited policy virtualization. • Moreover, the topology looks like only one big switch
Big Switch Abstraction E6 E2 E5 E1 E3 E4 SWITCH 1E1 E3 E2 E5 SWITCH 2 E4 E6 • A single switch greatly limits the flexibility of the network controller • Cannot specify your own routing policy. • What if you want a tree topology?
Current Virtualization vs OpenVirteX Current Virtualization Solutions • Networks are not programmable • Functionality implemented at the edge • Network core is not available for innovation • Must provision tunnels to provide virtual topology • Address virtualization provided by encapsulation OpenVirteX • Each virtual network is handed to a controller for programming. • Edge & core available for innovation • Entire physical topology may/can be exposed to the downstream controller. • Address virtualization provided by remapping/rewriting header fields • Both dataplanes and controllers can be used unmodified.
OpenVirteX All problems in computer science can be solved by another level of indirection. - David Wheeler OpenVirtex
Ultimate Goal physical)network) NetVisor) Virtual)Network) Maps) Physical)Network) Map) VM) Topology,)Address)Space)and) Control)Func>on)Mapping) Network)OS) Network)OS) Network)OS) OpenVirteX
Address Space Virtualisation source'physical'IP' des1na1on'physical'IP' tenant'ID' LSB' transformed' virtual'source'IP' transformed' virtual'des1na1on'IP' 32'bits' 32'bits' tenant'ID' MSB' NetVisor) physical)network) VM) edge) switch) virtual)IP) physical)IP) physical)IP) virtual)IP) physical)IP) virtual)IP) Network)OS) Control traffic address translation physical)IP)space) virtual)IP)space) NetVisor) Address)Space)Mapping)) Data traffic address mapping Data traffic address translation
Topology Virtualization - Abstractions • Expose physical topology to tenants • Virtual link: collapse multi-hop path into one-hop link • Approach is also valid for proactive rules OpenVirtex
Abstractions (contd.) • Virtual switch: collapse ports dispersed over network into a switch • Big switch is virtual switch with all edge ports • Use separate controller for each virtual switch – Allow OpenVirteX admin to control routing within virtual switch virtual physical ... ... virtual switch edge ports core ports VM
OpenVirteX Interaction with the Real-World NetVisorOpenVirtex
OpenVirteX API Mapping to Quantum OpenStack Management System Nova Quantum Other Components virtual switch vSwitch VM1 VM2 VM3 Nova plugin Quantum plugin Quantum plugin OpenVirteX Quantum plugin OpenFlo w Physical Network
OpenVirteX API Mapping to Quantum Create Network API OpenVirteX Quantum ✔ Attach Port API ✔ Create vRouter API ✔ Configure Topology API Via the Router extension
High Level Features • Support for more generalized network virtualization as opposed to slicing – Address virtualization: use extra bits or clever use of tenant id in header – Topology virtualization: on demand topology • Integrate with cloud using OpenStack – Via the Quantum plugin • Support any OF 1.x version, simultaneously • Support for scale, HA and security-features. – Incorporate right building blocks from other OSS Just finised implementing a prototype
Current Status • Quick and dirty prototype implemented • Provides Address space virtualisation/isolation • Two topology abstractions: – Virtual Link – Virtual Switch • Current implementation not intended to scale or provide any significant performance – It’s a proof of concept
Future Challenges • Traffic engineering, e.g., load balancing • Reliability, e.g., disjoint paths • The above needs special attention when offering topology abstractions – They may even be severely impacted. • Physical topology changes • Tenant may ask for reconfiguration of virtual network • Extremely challenging to get right
Conclusion • FlowVisor 1.0 will remain to be supported • OpenVirteX is still in the design phase – But our clear goal is to deliver programmable virtual networks. • An initial proof of concept may be available in Q3 2013. • Contributions to FlowVisor and OpenVirteX are greatly appreciated and welcomed.
Thanks! Questions?

More Related Content

PPTX
SDN Architecture & Ecosystem
byKingston Smiler
 
PPTX
Introduction to SDN: Software Defined Networking
byAnkita Mahajan
 
PDF
Understanding network and service virtualization
bySDN Hub
 
PPTX
OpenFlow Overview
byJuniper Developer Resources Cooney
 
PPTX
Is SDN Necessary?
byBruce Davie
 
PPTX
Tutorial on SDN data plane evolution
byAntonio Capone
 
PDF
A Centrally Orchestrated SD-WAN Building a Green Ecosystem
byOpen Networking Summit
 
PDF
What a difference 5 years make
byOpen Networking Summit
 
SDN Architecture & Ecosystem
byKingston Smiler
 
Introduction to SDN: Software Defined Networking
byAnkita Mahajan
 
Understanding network and service virtualization
bySDN Hub
 
OpenFlow Overview
byJuniper Developer Resources Cooney
 
Is SDN Necessary?
byBruce Davie
 
Tutorial on SDN data plane evolution
byAntonio Capone
 
A Centrally Orchestrated SD-WAN Building a Green Ecosystem
byOpen Networking Summit
 
What a difference 5 years make
byOpen Networking Summit
 

What's hot

PPTX
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
bySAMeh Zaghloul
 
PDF
SDN & NFV Introduction - Open Source Data Center Networking
byThomas Graf
 
PPTX
Software defined networking(sdn) vahid sadri
byVahid Sadri
 
PPTX
Introduction to OpenFlow, SDN and NFV
byKingston Smiler
 
PPTX
Software Defined networking (SDN)
byMilson Munakami
 
PPTX
Tools and Platforms for OpenFlow/SDN
byUmesh Krishnaswamy
 
PDF
SDN Fundamentals - short presentation
byAzhar Khuwaja
 
PPTX
Software Defined Network - SDN
byVenkata Naga Ravi
 
PPT
OpenFlow tutorial
byopenflow
 
PDF
Software Defined Networking/Openflow: A path to Programmable Networks
byMyNOG
 
PPTX
API Management for Software Defined Network (SDN)
byApigee | Google Cloud
 
PDF
OpenFlow: What is it Good For?
byAPNIC
 
PDF
Disaggregated Networking - The Drivers, the Software & The High Availability
byOpen Networking Summit
 
PPTX
Software defined networks and openflow protocol
byMahesh Mohan
 
PDF
SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
byChef Software, Inc.
 
PDF
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
bynvirters
 
PDF
Network Virtualization: Delivering on the Promises of SDN
byOpen Networking Summits
 
PPTX
Iben from Spirent talks at the SDN World Congress about the importance of and...
byIben Rodriguez
 
PPTX
SDN: an introduction
byLuca Profico
 
PDF
REVOLUTION - Transforming the network with Open SDN
byOpen Networking Summits
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
bySAMeh Zaghloul
 
SDN & NFV Introduction - Open Source Data Center Networking
byThomas Graf
 
Software defined networking(sdn) vahid sadri
byVahid Sadri
 
Introduction to OpenFlow, SDN and NFV
byKingston Smiler
 
Software Defined networking (SDN)
byMilson Munakami
 
Tools and Platforms for OpenFlow/SDN
byUmesh Krishnaswamy
 
SDN Fundamentals - short presentation
byAzhar Khuwaja
 
Software Defined Network - SDN
byVenkata Naga Ravi
 
OpenFlow tutorial
byopenflow
 
Software Defined Networking/Openflow: A path to Programmable Networks
byMyNOG
 
API Management for Software Defined Network (SDN)
byApigee | Google Cloud
 
OpenFlow: What is it Good For?
byAPNIC
 
Disaggregated Networking - The Drivers, the Software & The High Availability
byOpen Networking Summit
 
Software defined networks and openflow protocol
byMahesh Mohan
 
SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
byChef Software, Inc.
 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
bynvirters
 
Network Virtualization: Delivering on the Promises of SDN
byOpen Networking Summits
 
Iben from Spirent talks at the SDN World Congress about the importance of and...
byIben Rodriguez
 
SDN: an introduction
byLuca Profico
 
REVOLUTION - Transforming the network with Open SDN
byOpen Networking Summits
 

Viewers also liked

PDF
Segment Routing: A Tutorial
byAPNIC
 
PPTX
OpenVirtex (OVX) Tutorial
by동호 손
 
PDF
SDN, ONOS, and Network Virtualization
bysangyun han
 
PDF
OVNC 2015-Enabling Software-Defined Transformation of Service Provider Networks
byNAIM Networks, Inc.
 
PDF
Implementing SDN Testbed(ONOS & OpenVirteX)
bysangyun han
 
PDF
ONOS-Based VIM Implementation
byOPNFV
 
PDF
Introduce to OpenVirteX
bysangyun han
 
PDF
Open stack with_openflowsdn-torii
byHui Cheng
 
PPTX
OpenStack Neutron Service Chaining and Insertion
bySumit Naiksatam
 
Segment Routing: A Tutorial
byAPNIC
 
OpenVirtex (OVX) Tutorial
by동호 손
 
SDN, ONOS, and Network Virtualization
bysangyun han
 
OVNC 2015-Enabling Software-Defined Transformation of Service Provider Networks
byNAIM Networks, Inc.
 
Implementing SDN Testbed(ONOS & OpenVirteX)
bysangyun han
 
ONOS-Based VIM Implementation
byOPNFV
 
Introduce to OpenVirteX
bysangyun han
 
Open stack with_openflowsdn-torii
byHui Cheng
 
OpenStack Neutron Service Chaining and Insertion
bySumit Naiksatam
 

Similar to Virt july-2013-meetup

PPTX
Network and Service Virtualization tutorial at ONUG Spring 2015
bySDN Hub
 
PDF
OpenStack Networking
byIlya Shakhat
 
PPTX
Software Defined Networking: Network Virtualization
byNetCraftsmen
 
PDF
What's the deal with Neutron?
byCynthia Thomas
 
PDF
10 sdn-vir-6up
bySachin Siddappa
 
PDF
Introduction to Open Mano
byvideos
 
PDF
ProgrammableFlow for Open Virtualized Data Center Network
byOpen Networking Summits
 
PDF
Network Virtualization & Software-defined Networking
byDigicomp Academy AG
 
PDF
OVS-LinuxCon 2013.pdf
byDanielHanganu2
 
PPTX
Midokura OpenStack Meetup Taipei
byDan Mihai Dumitriu
 
PDF
CloudKC: Evolution of Network Virtualization
byCynthia Thomas
 
PDF
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
byOpenStack Korea Community
 
PPT
FlowN vs FlowVisor: Scalable Network Virtualization in SDN
byHao Jiang
 
PDF
Midokura @ OpenStack Seattle
byCynthia Thomas
 
PPT
Naveen nimmu sdn future of networking
bysuniltomar04
 
PPT
Naveen nimmu sdn future of networking
byOpenSourceIndia
 
PDF
From Nova-Network to Neutron and Beyond: A Look at OpenStack Networking
byCynthia Thomas
 
PDF
SDN: A New Approach to Networking Technology
byIRJET Journal
 
PPTX
ON.LAB FlowVisor
byIsabelle Guis
 
ODP
WUG #009 - OpenVNet 0.7 presentation
byAxsh Co. LTD
 
Network and Service Virtualization tutorial at ONUG Spring 2015
bySDN Hub
 
OpenStack Networking
byIlya Shakhat
 
Software Defined Networking: Network Virtualization
byNetCraftsmen
 
What's the deal with Neutron?
byCynthia Thomas
 
10 sdn-vir-6up
bySachin Siddappa
 
Introduction to Open Mano
byvideos
 
ProgrammableFlow for Open Virtualized Data Center Network
byOpen Networking Summits
 
Network Virtualization & Software-defined Networking
byDigicomp Academy AG
 
OVS-LinuxCon 2013.pdf
byDanielHanganu2
 
Midokura OpenStack Meetup Taipei
byDan Mihai Dumitriu
 
CloudKC: Evolution of Network Virtualization
byCynthia Thomas
 
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
byOpenStack Korea Community
 
FlowN vs FlowVisor: Scalable Network Virtualization in SDN
byHao Jiang
 
Midokura @ OpenStack Seattle
byCynthia Thomas
 
Naveen nimmu sdn future of networking
bysuniltomar04
 
Naveen nimmu sdn future of networking
byOpenSourceIndia
 
From Nova-Network to Neutron and Beyond: A Look at OpenStack Networking
byCynthia Thomas
 
SDN: A New Approach to Networking Technology
byIRJET Journal
 
ON.LAB FlowVisor
byIsabelle Guis
 
WUG #009 - OpenVNet 0.7 presentation
byAxsh Co. LTD
 

More from nvirters

PDF
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
bynvirters
 
PDF
RouteFlow & IXPs
bynvirters
 
PDF
Tech Talk by Gal Sagie: Kuryr - Connecting containers networking to OpenStack...
bynvirters
 
PPTX
Pyretic - A new programmer friendly language for SDN
bynvirters
 
PDF
Tech Talk by Peng Li: Open Mobile Networks with NFV
bynvirters
 
PDF
Tech Talk: ONOS- A Distributed SDN Network Operating System
bynvirters
 
PDF
Tech Talk by Louis Fourie: SFC: technology, trend and implementation
bynvirters
 
PDF
OpenFlow Data Center - A case Study by Pica8
bynvirters
 
PDF
Banv meetup-contrail
bynvirters
 
PDF
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
bynvirters
 
PDF
Tech Talk by Tim Van Herck: SDN & NFV for WAN
bynvirters
 
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
bynvirters
 
RouteFlow & IXPs
bynvirters
 
Tech Talk by Gal Sagie: Kuryr - Connecting containers networking to OpenStack...
bynvirters
 
Pyretic - A new programmer friendly language for SDN
bynvirters
 
Tech Talk by Peng Li: Open Mobile Networks with NFV
bynvirters
 
Tech Talk: ONOS- A Distributed SDN Network Operating System
bynvirters
 
Tech Talk by Louis Fourie: SFC: technology, trend and implementation
bynvirters
 
OpenFlow Data Center - A case Study by Pica8
bynvirters
 
Banv meetup-contrail
bynvirters
 
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
bynvirters
 
Tech Talk by Tim Van Herck: SDN & NFV for WAN
bynvirters
 

Recently uploaded

PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PPTX
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PDF
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
PDF
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
PPTX
Dell poweredge-customer-presentation.pptx
byhungungphu123
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
PPTX
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
PPTX
AI and Digital Transformation Solutions.
byBuildingblocks
 
PDF
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
PDF
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
PPTX
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
PDF
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
PDF
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
PDF
LUXHUB: a detailed look at 2025...and fast forward to 2026
byalexandrekeilmann1
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
PPTX
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
PPTX
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
Dell poweredge-customer-presentation.pptx
byhungungphu123
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
AI and Digital Transformation Solutions.
byBuildingblocks
 
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
LUXHUB: a detailed look at 2025...and fast forward to 2026
byalexandrekeilmann1
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 

Virt july-2013-meetup

  • 1.
    Programmable Virtual Networks From NetworkSlicing To Network Virtualization Ali Al-Shabibi Open Networking Laboratory
  • 2.
    Outline • Define FlowVisor –It’s design goal – It’s success – It’s limitation • Describe and define Network Virtualization • Introduce the OpenVirteX (formerly known as NetVisor), which provides programmable virtual networks
  • 3.
    Why FlowVisor? Good ideasrarely get deployed Also require access to real world traffic New services may require changes to switch software Experimenters want to control the behaviour of their network Evaluating new network services is hard
  • 4.
    OK… Why isit hard?
  • 5.
    Current Virtualization à laFlowVisor • Network Slice = Collection of sliced switches, links, and traffic or header space • Each slice associated to a controller • Transparent slicing, i.e., every slice believes it has full and sole control of datapath  FV enforces traffic and slice isolation Not a generalized virtualization
  • 6.
    Great! What aboutreal traffic? • FlowVisor allows users to opt-in to services in real-time – Individual flows can be delegated to a slice by a user – Admins can add policy to slice dynamically FlowVisor Web Slice VoIP Slice Video Slice All the rest
  • 7.
    Sprinkle some resourcelimits • Slicing resources includes: – Specifying the link bandwidth – Maximum number of forwarding rules – Fraction of switch CPU FlowSpace: Which slice controls which packet?
  • 8.
  • 9.
    FlowVisor Where does itlive? • Sits between switches and controllers • Speaks OpenFlow up and down. • Acts like a proxy to switches and controllers • Datapaths and controllers run unmodified
  • 10.
    What kind ofmagic is this? PacketIn from datapath Who controls this packet? It this action allowed?
  • 11.
    Message Handling -PacketIn PacketIn Drop if controller is not connected. Is LLDP? Send to appropriate slice. Yes Extract match structure and match FlowSpace No Done Insert a drop rule. No Yes Drop if controller is not connected. Yes Send to slice. Are actions allowed? Log exception. Nomatch Has packet been send to a slice? No match
  • 12.
    Message Handling -FlowMod FlowMod Slicing permitted? Slice Actions Send Error. Log exception No Extract match struct and intersect FlowSpace Yes For each intersection, rewrite original flowmod with flowspace info. Has slice permissions? Intersections No Intersections Zero rewrites? Log exception Done Yes No
  • 13.
    FlowVisor Highlights • Demonstrations: –Open Networking Summit ’12 and ’13 – GENI GEC 9 – Best demo at SIGCOMM ’09 • Deployments : – GENI – OFELIA – Stanford Production Network – In use at NEC and Ericsson labs, as well as other vendors • 3 releases in the past year – 1.0 release downloaded over 70 times in one day
  • 14.
    FlowVisor Downloaders Release 1.0 UniversityResearch GeorgiaTech Rutgers KSU U of Wisconsin U of Utah Clemson R&ENetworks APNIC BBN NYSERNet CENIC CommercialNetworkOps AT&T Comcast EarthLink PSINet RCN Vendors Goldman Sachs Cisco Aruba NEC Ericsson
  • 15.
    FlowVisor Summary • FlowVisorintroduces the concept of a network slice • Not a complete virtualization solution. • Originally designed to test new network services on production taffic • But, it’s really only a Network Slicer! FlowVisor provides network slicing but not a complete network virtualization.
  • 16.
    What should NetworkVirtualization be? • Conceptually introduces virtual network which is decoupled from physical network • Should not change the abstractions we know and love of physical networks • Should provide some new one: Instantiation, deletion, service deployment, migration, etc. At least what I think ;)
  • 17.
    MPLS VRF Overlays TRILL VLAN VPN What is NetworkVirtualization? None of these give you a virtual network They merely virtualize one aspect of a network Topology Virtualization • Virtual links • Virtual nodes • Decoupled from physical network Address Virtualization • Virtual Addressing • Maintain current abstractions • Add some new ones Policy Virtualization • Who controls what? • What guarantees are enforced?
  • 18.
    Network Virtualization vs. Network Slicing Slicing •Sorry, you can’t. • You need to discriminate traffic of two networks with something other than the existing header bits • Thus no address or complex topology virtualization Network virtualization • Virtual nets are completely independent • Virtual nets are distinguished by the tenant id • Complete address and topology virtualization
  • 19.
    Virtualization State of theArt • Functionality implemented at the edge • Use of tunneling techniques, such as STT, VXLAN, GRE • Network core is not available for innovation • Closed source controller controls the behaviour of the network • Provides address and topology virtualization, but limited policy virtualization. • Moreover, the topology looks like only one big switch
  • 20.
    Big Switch Abstraction E6 E2 E5 E1 E3E4 SWITCH 1E1 E3 E2 E5 SWITCH 2 E4 E6 • A single switch greatly limits the flexibility of the network controller • Cannot specify your own routing policy. • What if you want a tree topology?
  • 21.
    Current Virtualization vs OpenVirteX Current VirtualizationSolutions • Networks are not programmable • Functionality implemented at the edge • Network core is not available for innovation • Must provision tunnels to provide virtual topology • Address virtualization provided by encapsulation OpenVirteX • Each virtual network is handed to a controller for programming. • Edge & core available for innovation • Entire physical topology may/can be exposed to the downstream controller. • Address virtualization provided by remapping/rewriting header fields • Both dataplanes and controllers can be used unmodified.
  • 22.
    OpenVirteX All problems incomputer science can be solved by another level of indirection. - David Wheeler OpenVirtex
  • 23.
  • 24.
    Address Space Virtualisation source'physical'IP'des1na1on'physical'IP' tenant'ID' LSB' transformed' virtual'source'IP' transformed' virtual'des1na1on'IP' 32'bits' 32'bits' tenant'ID' MSB' NetVisor) physical)network) VM) edge) switch) virtual)IP) physical)IP) physical)IP) virtual)IP) physical)IP) virtual)IP) Network)OS) Control traffic address translation physical)IP)space) virtual)IP)space) NetVisor) Address)Space)Mapping)) Data traffic address mapping Data traffic address translation
  • 25.
    Topology Virtualization -Abstractions • Expose physical topology to tenants • Virtual link: collapse multi-hop path into one-hop link • Approach is also valid for proactive rules OpenVirtex
  • 26.
    Abstractions (contd.) • Virtualswitch: collapse ports dispersed over network into a switch • Big switch is virtual switch with all edge ports • Use separate controller for each virtual switch – Allow OpenVirteX admin to control routing within virtual switch virtual physical ... ... virtual switch edge ports core ports VM
  • 27.
    OpenVirteX Interaction with theReal-World NetVisorOpenVirtex
  • 28.
    OpenVirteX API Mapping toQuantum OpenStack Management System Nova Quantum Other Components virtual switch vSwitch VM1 VM2 VM3 Nova plugin Quantum plugin Quantum plugin OpenVirteX Quantum plugin OpenFlo w Physical Network
  • 29.
    OpenVirteX API Mapping toQuantum Create Network API OpenVirteX Quantum ✔ Attach Port API ✔ Create vRouter API ✔ Configure Topology API Via the Router extension
  • 30.
    High Level Features •Support for more generalized network virtualization as opposed to slicing – Address virtualization: use extra bits or clever use of tenant id in header – Topology virtualization: on demand topology • Integrate with cloud using OpenStack – Via the Quantum plugin • Support any OF 1.x version, simultaneously • Support for scale, HA and security-features. – Incorporate right building blocks from other OSS Just finised implementing a prototype
  • 31.
    Current Status • Quickand dirty prototype implemented • Provides Address space virtualisation/isolation • Two topology abstractions: – Virtual Link – Virtual Switch • Current implementation not intended to scale or provide any significant performance – It’s a proof of concept
  • 32.
    Future Challenges • Trafficengineering, e.g., load balancing • Reliability, e.g., disjoint paths • The above needs special attention when offering topology abstractions – They may even be severely impacted. • Physical topology changes • Tenant may ask for reconfiguration of virtual network • Extremely challenging to get right
  • 33.
    Conclusion • FlowVisor 1.0will remain to be supported • OpenVirteX is still in the design phase – But our clear goal is to deliver programmable virtual networks. • An initial proof of concept may be available in Q3 2013. • Contributions to FlowVisor and OpenVirteX are greatly appreciated and welcomed.
  • 34.

Editor's Notes

  • #2 Hi! Ia am Ali Al-Shabibi and I work at the ON.Lab. I am going to tell you about FlowVisor. Who here know FlowVisor? Who has used FlowVisor? Well you should be!!!
  • #4 Evaluating network sevices is diffcult and that for a variety of reasons. For one, users need control over the semantics of their network which could mean that they need to change the switches firmware. To top it off and to be credible you need access to real user traffic. So needless to say new ideas rarely get deployed.
  • #5 Alright, why is this hard? Well let’s contrast a real networks and test beds. Real Networks have the port density you want backed by relatively power networking devices. Then, they have the scale that you would can only hope to have. Finally, they have real users. Test beds on the other hand, usually have a low port density because they are usually composed of linux boxes. Then, their scale is limited by the amount of money you have and worse , they only have fake users, which really isn’t credible.
  • #6 So let’s look at the FlowVisor’s current virtualization. FlowVisor defines a slice as a collection of sliced switches, links and traffic. By traffic, we mean the header space that distinguishes this traffic, this is also know as flowspace. Then, each slice is associated to a controller. This controller now has control over the slice while thinking that it is the sole user of the datapath. FlowVisor is therefore responsible for enforcing isolation amongst the collection of slices that exist. Notice here that controllers and switches do not need to be modified to work with flowvisor.
  • #7 So now you know how flowvisor defines a slice, but what about adding real user traffic? The idea is to run network services as part of a slice and allow users to opt-in to the services. Users opt-in by delegating flows to slices which are themselves controlled by a specific controller. Moreover, an admin can add a service to the network by dynamically adding policy at the FlowVisor.
  • #8 Furthermore,FlowVisor allows you to define resource limits which are made available to every slice. You can specify dataplane link bandwidth as well as the number of available tcam entries available to a slice. You can also slice the CPU of the switch on a per slice basis, based on the amount of control traffic a particular slice controller can generate.OK but how are packet classified onto a slice, by this I mean which controller contols which packet. This is achieved by the notion of flowspace.
  • #9 FlowSpace is basically the set of all possible header values defined by the OpenFlow tuple. For example, Slice 3 is defined as the traffic that ranges all IP and MAC addresses that are on a particular TCP port minus the set of Ips and macs that are in slice 1. Slice 1 ranges all TCP ports. Slice 2, overlaps with Slice 3 which is a problem because in the overlapping regions we cannot distinguish that control traffic and therefore FlowVisor does not know which controller to forward the control packets to. FlowVisor avoids this problem by assigning a priority to each flowspace definition, and therefore this means that only one controller can ever control a particular flowspace.
  • #10 So now you know quite a bit about how flowvisor functions but sadly you do not know where it lives. Let’s fix that. FlowVisor lives between the switches and controllers and speaks openflow up to the controller and down to the switches. It basically acts like a glorified OpenFlow NAT for control traffic. Again, the controllers and datapaths can run unmodified.
  • #11 So how does this work….
  • #17 I’d like to define what network virtualization is… at least from my point of view. Network Virtualization should introduce the concept of a virtual network which is completely decoupled from the physical network.It should not change the abstraction that we know and love. But should provide some new ones, like instantiation, migration, snapshotting, etc.
  • #18 There are a bunch of virtualization techniques such as VRFs, VLANs, Overlays, etc. but unfortunately none of these deliver a decoupling of your virtual net from your physical infrastructure. They basically virtualize a certain aspect of your network. In my mind, there are three main flavors of network virtualization. Topology Virtualization, Address Virtualization, and policy virtualization. Topology Virtualization is the ability to have virtual nodes and/or links. These must be logically decoupled from your physical network.Address Virtualization – Essentially this is the ability to give the illusion to the user that he has the entire addressable space. But while we do this, we should take care of maintaining the current assumption, no one will like me if I destroy TCP/IP to give you a virtual net. Policy Virtualization – This is essentially what flowvisor currently does. We want to know who can control what and what guarantees do we give.
  • #19 Ok sowhats really the difference between slicing and virtualization. Say you want to have two networks with exactly the same properties? …
  • #20 So there already exist solution which will provide you with virtual networks. Most of these solutions use some sort of tunneling technique such as VXLAN or GRE tunnels. They basically treat the core network as a fabric of pipes that just shovel packet for one end of the network to the other. All the intelligence is implemented at the edge of the network which means that you cannot define the semantics of your network simply because that is not available to you but rather a closed source controller defines the nominal behaviour of your network. These solutions have been mostly catered to DCs and they do provide nice address and topology virtualization but unfortunately they provide limited policy virtualizaion. On top of this your topology looks like one big switch which I argue is rather limiting.
  • #21 The current state of the art in network virtualization revolves around mainly the big switch abstraction and and some tunneling technology (whether it’s VXLAN, STT, or something else is largely irrelevant). Currently we instantiate virtual networks by assigning endpoints to our virtual network and interconnecting them via this big switch abstraction. The issue is that this abstraction hides away an aspect of the network that we would like to control. Actually in current solution you have very limited choice type of network you would like to instantiate. We would like to change that.
  • #22 So just to summarize the differences between what exists and what we are building.
  • #23 By including a quantum plugin either directly in FlowVisor or possibly in FOAM we are able to spawn virtual networks which are then paired up with a controller. Each virtual network is given strict performance guarantees which therefore allow each tenant to operate his network unhindered by other tenants. Moreover, flowvisor will support any version of openflow and you will be able to use them simultaneously.As I told you earlier we achieve address and topology virtualization by rewriting control packets, basically all problems in computer science can be solved by another level of indiection.
  • #31 Ok so let’s see how this can work. For simplicity we are going to stick to a reactive modelFirst a end host sends a packet and in openflow style a control packet is shipped by the switch to the controller which happens to be FlowVisor in this case. FlowVisor `sees the packet and forwards it to the appropriate controller, the controller does something to the control packet and sends it back to the datapath which is also FlowVisorFlowVisor rewrites this packet and appends some actions to it to case it to tag the dataplane packet. At this point the dataplane packet continues to the next hop. Which triggers another control packet. This packet arrives at FV and is rewritten by FV to match what the controller would expect (ie. It removes the tag) and ships it off to the controller. The controller does its thing and sends it back, FV rewrites the packet to maintain the tag on the dataplane.The data packet continues on its way until it reaches its last hop, at this point yet another control plane packet is shot off to FV which again rewrites it to allow the controller to understand it, sends it to the controller and the controller sends it back. But this time FV appends actions to the control packet that cause the tag to be stripped from the data packet and forwarded to the destination.