Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... · Jon Matias, Borja Tornero, Alaitz...
19
Implementing Layer 2 Network Virtualization using OpenFlow: Challenges and Solutions Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country (UPV/EHU) European Workshop on Software Defined Networks (EWSDN 2012)
Transcript of Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... · Jon Matias, Borja Tornero, Alaitz...
Implementing Layer 2 Network Virtualization using OpenFlow: Challenges and Solutions
Jon Matias, Borja Tornero, Alaitz Mendiola,Nerea Toledo, Eduardo Jacob
University of the Basque Country (UPV/EHU)
European Workshop on Software Defined Networks (EWSDN 2012)
IntroductionResearch topics: Experimental facilities Neutral Access Networks (NaaS)
Network resources shared by researchers/operators
Network virtualization (Network slice) Characteristics
Scalability, flexibility, isolation and easy of management Requirements:
Support for VLAN at experiment, non‐IP approach, transparent
Solutions Traditional: VLAN (?), MAC address lists Proposal: L2PNV
1
L2PNVDefinition Layer 2 prefix based network virtualization Network slices identified by L2 prefix
Objectives Easy to manage Easy to configure Easy to enforce isolaton Easy to avoid collisions Easy to remember
Implementation OpenFlow
Software Defined Networking to support new proposals FlowVisor
Virtualize the network and delegate control plane Slice isolation enforcement
2
General conceptSlice identified by a L2 prefix
3
DESTINATION MAC ADDRESS SOURCE MAC ADDRESS
SLICE 1: 02:00:X:X:X:X/16
SLICE 2: 06:00:X:X:X:X/16
A:*
B:*
General view
4
VM1
SLICE MGMT Tool
02:00:X:X:X:X/16
06:00:X:X:X:X/16
02:00:00:00:00:01/16
02:00:00:00:00:02/16
06:00:00:00:00:01/16
VM2
06:00:00:00:00:02/16
SLICE 1 A:*
SLICE 2 B:*
A:1
A:2
B:1
B:2
MAC Address ConfigurationTypes of users End Host
Manual: change MAC address or new Tap device Automated: MAC Address Configuration Protocol (MACP)
VM at Virtualization Software Some isolation limitations due to virtual switch Tested systems
VMware (OUI): change at VM, promisc mode Xen: configuration file VirtualBox: VM configuration
5
What happens when…ARP DST MAC: broadcast (FF:FF:FF:FF:FF:FF)
DHCP DST MAC: broadcast (FF:FF:FF:FF:FF:FF)
EAPoL DST MAC: multicast (01:80:C2:00:00:03)
LLDP DST MAC: multicast (01:80:C2:00:00:0E)
…
6
PROBLEM: MAC Destination
Slice definition in detail
0 8 16 24 32 40 48
U/L = 0 GLOBALLY ADMINISTERED ADDRESSU/L = 1 LOCALLY ADMINISTERED ADDRESS
I/G = 0 INDIVIDUAL ADDRESSI/G = 1 GROUP ADDRESS
MAC PREFIX
7
Slice definition in detail
…01 …00
…11 …10
GLO
BALLY
LOCA
LLY
GROUP INDIVIDUALI/GU/L
01234567
MAC ADDRESS SPACE
0 8 16 24 32 40 48
8
Problem in detail
Slice 1 A:1 ‐> 01:80:C2:00:00:03 Slice 1 A:1 ‐> FF:FF:FF:FF:FF:FF
9
…01 …00
…11 …10
GLO
BALLY
LOCA
LLY
GROUP INDIVIDUAL
…01 …00
…11 …10
GLO
BALLY
LOCA
LLY
INDIVIDUAL
DESTINATION MAC ADDRESS SOURCE MAC ADDRESS
GROUP
SLICE 1: 02:00:X:X:X:X/16 A:*
SLICE 2: 06:00:X:X:X:X/16 B:*
…01
FF:FF:FF:FF:FF:FF
Implementation Architecture
10
SLICE MGMT Tool
OPENFLOW PROTOCOL
OPENFLOW CONTROLLER
OPENFLOW CONTROLLER
RESEARCHERRESEARCHER
ADMINISTRATOR
L2PNV‐FlowVisor
SLICE B ‐ CONTROL SLICE A ‐ CONTROL
11
VIRTUAL SWITCH
VM 1 VM 2
A:1 -> A:2
A:1
B:1
A:2 B:2
B:1 -> B:2
A:1 -> A:2
B:1 -> B:2
A:1 -> A:2
A:1 -> A:2
B:1 -> B:2
B:1 -> B:2
OPENFLOW CONTROLLER
OPENFLOW CONTROLLER
L2PNV‐FlowVisor
L2PNV‐FlowVisorModified FlowVisor Matching & configuration interface OFv1.0
MAC subnetting not supported (until v1.1) Limitation: MAC wildcard not supported Full control plane isolation support
Slice definition MAC Address / prefix
12
L2PN
V‐Flow
Visor DESTINATION MAC ADDRESS
BROADCASTFF:FF:FF:FF:FF:FFSRC/P == DST/P
L2PNV‐FlowVisor Matching
13
SOURCE MAC ADDRESS
OPENFLOW PROTOCOL
SLICE B ‐ CONTROL SLICE A ‐ CONTROL
A:* B:* X:* Z:*
MULTICAST 101:80:C2:00:00:03
MULTICAST 2…01:X:X:X:X:X
ADMINISTRATOR
RESEARCHER
EHU‐OpenFlow Enabled Facility
14
EHU‐OEF Slices
15
Conclusions (I)EHU – OpenFlow Enabled Facility Production traffic
Non technical users: no extra configuration Research traffic
Network Researchers: MAC address configuration
Network Virtualization at L2 based on MAC prefixes: L2PNV No encapsulation: data plane transparent from source to
destination Support for:
VLAN: complete VLAN space available at the experiments Non‐IP experiments
16
Conclusions (II)L2PNV‐FlowVisor Matching: MAC subnetting enabled Slice configuration interface: MAC/Prefix Admin configuration interface: Broadcast/Multicast
Developed modules AuthN/AuthZ, ARP, PFD, MACP, Modified Pyswitch
Easy to identify, manage and configure network slices
17
Implementing Layer 2 Network Virtualization using OpenFlow: Challenges and Solutions
Jon Matias, Borja Tornero, Alaitz Mendiola,Nerea Toledo, Eduardo Jacob
University of the Basque Country (UPV/EHU)
European Workshop on Software Defined Networks (EWSDN 2012)
