OpenFlow tutorial

OpenFlow/Software-defined NetworkingNov, 2011

Srini SeetharamanTech Lead, SDN

Deutsche Telekom Innovation Center

1

Million of linesof source code

6000+ RFCs Barrier to entry

Billions of gates Bloated Power Hungry

Many complex functions baked into the infrastructureOSPF, BGP, multicast, differentiated services,Traffic Engineering, NAT, firewalls, MPLS, redundant layers, …

An industry with a “mainframe-mentality”, reluctant to change

The Ossified Network

Specialized Packet Forwarding Hardware

OperatingSystem

Feature Feature

Routing, management, mobility management, access control, VPNs, …

2

Open Systems

Performance Fidelity

Scale Real User Traffic?

Complexity Open

Simulation medium medium no medium yes

Emulation medium low no medium yes

Software Switches

poor low yes medium yes

NetFPGA high low yes high yes

Network Processors

high medium yes high yes

Vendor Switches

high high yes low no

gap in the tool spacenone have all the desired attributes!

3


App App App


App App App


App App App


App App App


OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

App App App

4

Current Internet Closed to Innovations in the Infrastructure

Closed


App App App


App App App


App App App


App App App


OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

App App App

Network Operating System

App App App

“Software Defined Networking” approachto open it

App

Simple Packet Forwarding Hardware



App App

Simple Packet Forwarding Hardware Simple Packet

Forwarding Hardware

Network Operating System

1. Open interface to hardware

3. Well-defined open API2. At least one good operating system

Extensible, possibly open-source

The “Software-defined Network”

How does OpenFlow work?

7

Ethernet SwitchEthernet Switch

8

Data Path (Hardware)Data Path (Hardware)

Control PathControl PathControl Path (Software)Control Path (Software)

9

Data Path (Hardware)Data Path (Hardware)

Control PathControl Path OpenFlowOpenFlow

OpenFlow ControllerOpenFlow Controller

OpenFlow Protocol (SSL/TCP)

10

Controller

PC

OpenFlow usage

OpenFlow Switch

OpenFlow Switch

OpenFlow Switch

Alice’s code

Alice’s code

Decision?OpenFlowProtocol

Alice’s Rule

Alice’s Rule

Alice’s Rule

Alice’s Rule

Alice’s Rule

Alice’s Rule

OpenFlow offloads control intelligence to a remote software

Controller

PC

HardwareLayer

SoftwareLayer

Flow Table

MACsrc

MACdst

IPSrc

IPDst

TCPsport

TCPdport Action

OpenFlow Client

**5.6.7.8*** port 1

port 4port 3port 2port 1

1.2.3.45.6.7.8

OpenFlow Example

12

OpenFlow Basics Flow Table Entries

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

L4sport

L4dport

Rule Action Stats

1. Forward packet to zero or more ports2. Encapsulate and forward to controller3. Send to normal processing pipeline4. Modify Fields5. Any extensions you add!

+ mask what fields to match

Packet + byte counters

13

VLANpcp

IPToS

OpenFlow: a pragmatic compromise

• + Speed, scale, fidelity of vendor hardware• + Flexibility and control of software and

simulation• Vendors don’t need to expose

implementation• Leverages hardware inside most switches

today (ACL tables)

14

ExamplesSwitching

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* 00:1f:.. * * * * * * * port6

Flow Switching

port3

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport

Action

00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6

Firewall

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* * * * * * * * 22 drop

15

ExamplesRouting

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* * * * * 5.6.7.8 * * * port6

VLAN Switching

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport

Action

* * vlan1 * * * * *

port6, port7,port9

00:1f..

16

Centralized vs Distributed ControlBoth models are possible with OpenFlow

Centralized Control

OpenFlow Switch

OpenFlow Switch

OpenFlow Switch

Controller

Distributed Control

OpenFlow Switch

OpenFlow Switch

OpenFlow Switch

Controller

Controller

Controller

17

Flow Routing vs. AggregationBoth models are possible with OpenFlow

Flow-Based

• Every flow is individually set up by controller

• Exact-match flow entries• Flow table contains one

entry per flow• Good for fine grain

control, e.g. campus networks

Aggregated

•One flow entry covers large groups of flows•Wildcard flow entries•Flow table contains one entry per category of flows•Good for large number of flows, e.g. backbone

18

Reactive vs. Proactive (pre-populated)Both models are possible with OpenFlow

Reactive

• First packet of flow triggers controller to insert flow entries

• Efficient use of flow table• Every flow incurs small

additional flow setup time• If control connection lost,

switch has limited utility

Proactive

•Controller pre-populates flow table in switch•Zero additional flow setup time•Loss of control connection does not disrupt traffic•Essentially requires aggregated (wildcard) rules

19

Usage examples

• Alice’s code:– Simple learning switch – Per Flow switching– Network access

control/firewall– Static “VLANs”– Her own new routing protocol:

unicast, multicast, multipath– Home network manager– Packet processor (in

controller)– IPvAlice

Stanford demonstrated– VM migration– Server Load balancing– Mobility manager– Power management– Network monitoring

and visualization– Network debugging– Network slicing

… and much more you can create!

Quiz Time• How do I provide control connectivity? Is it really clean slate?

• Why aren’t users complaining about time to setup flows over OpenFlow? (Hint: What is the predominant traffic today?)

• Considering switch CPU is the major limit, how can one take down an OpenFlow network?

• How to perform topology discovery over OpenFlow-enabled switches?

• What happens when you have a non-OpenFlow switch inbetween?

• What if there are two islands connected to same controller?

• How scalable is OpenFlow? How does one scale deployments?

21

What can you not do with OpenFlow ver1.0

• Non-flow-based (per-packet) networking– e.g., Handling pkt 1 differently from pkt 2 of same flow– yes, this is a fundamental limitation– BUT OpenFlow provides the plumbing to connect devices

• New forwarding primitives– BUT provides a nice way to integrate them through extensions

• New packet formats/field definitions – BUT a generalized OpenFlow (2.0) is on the horizon

• Optical Circuits– BUT efforts underway to apply OpenFlow model to circuits

• Low-setup-time individual flows– BUT can push down flows proactively to avoid delays

Where it’s going

• OF v1.1: Extensions for WAN, spring 2011– multiple tables: leverage additional tables– tags and tunnels– multipath forwarding

• OF v2+– generalized matching and actions: an “instruction

set” for networking

23

OpenFlow Implementations(Switch and Controller)

24

OpenFlow building blocks

ControllerNOXNOX

SlicingSoftwareFlowVisorFlowVisor

FlowVisorConsole

25

ApplicationsLAVILAVIENVI (GUI)ENVI (GUI) ExpedientExpedientn-Castingn-Casting

NetFPGANetFPGASoftware Ref. SwitchSoftware

Ref. SwitchBroadcom Ref. SwitchBroadcom Ref. Switch

OpenWRTOpenWRT PCEngine WiFi AP

PCEngine WiFi AP

Commercial Switches Stanford Provided

OpenFlowSwitches

SNACSNAC

Stanford Provided

Monitoring/debugging toolsoflopsoflopsoftraceoftrace openseeropenseer

OpenVSwitchOpenVSwitch

HP, NEC, Pronto, Juniper.. and many more

HP, NEC, Pronto, Juniper.. and many more

BeaconBeacon HeliosHelios MaestroMaestro

Ciena Coredirector

NEC IP8800

Current SDN hardware

More coming soon...

Juniper MX-series

HP Procurve 5400

Pronto 3240/3290

WiMax (NEC)

PC EnginesNetgear 7324

26

Commercial Switch VendorsModel Virtualize Notes

HP Procurve 5400zl or 6600

1 OF instance per VLAN

-LACP, VLAN and STP processing before OpenFlow-Wildcard rules or non-IP pkts processed in s/w-Header rewriting in s/w-CPU protects mgmt during loop

NEC IP8800 1 OF instance per VLAN

-OpenFlow takes precedence-Most actions processed in hardware-MAC header rewriting in h/w

Pronto 3240 or 3290 with Pica8 or Indigo firmware

1 OF instance per switch

-No legacy protocols (like VLAN and STP)-Most actions processed in hardware-MAC header rewriting in h/w 27

Controller VendorsVendor Notes

Nicira’s NOX

•Open-source GPL•C++ and Python•Researcher friendly

Nicira’s ONIX

•Closed-source•Datacenter networks

SNAC •Open-source GPL•Code based on NOX0.4•Enterprise network•C++, Python and Javascript•Currently used by campuses

Vendor Notes

Stanford’s Beacon

•Open-source•Researcher friendly•Java-based

BigSwitch controller

•Closed source•Based on Beacon•Enterprise network

Maestro (from Rice Univ)

•Open-source•Based on Java

NEC’s Helios •Open-source•Written in C

28

Growing CommunityVendors and start-ups Providers and business-unit

More... More...

29Note: Level of interest variesNote: Level of interest varies

Virtualizing OpenFlow

30

Windows(OS)

Windows(OS)

Linux MacOS

x86(Computer)

Windows(OS)

AppApp

LinuxLinuxMacOS

MacOS

Virtualization layer

App

Controller 1

AppApp

Controller2

Virtualization or “Slicing”

App

OpenFlow

Controller 1NOX(Network OS)

Controller2Network OS

Trend

Computer Industry Network Industry


Network Operating System 1

Open interface to hardware

Virtualization or “Slicing” Layer




App App App App App App App App

Many operating systems, orMany versions

Open interface to hardware

Isolated “slices”





32

Switch Based VirtualizationExists for NEC, HP switches but not flexible enough

Normal L2/L3 Processing

Flow Table

Production VLANs

Research VLAN 1

Controller

Research VLAN 2

Flow Table

Controller

33

FlowVisor-based Virtualization

OpenFlow Switch

OpenFlowProtocolOpenFlowProtocol

OpenFlow FlowVisor & Policy Control

Craig’sController

Heidi’sControllerAaron’s

Controller

OpenFlowProtocolOpenFlowProtocol

OpenFlow Switch

OpenFlow Switch

34

Topology discovery is

per slice

Topology discovery is

per slice

OpenFlowProtocol

OpenFlowFlowVisor & Policy Control

BroadcastMulticast

OpenFlowProtocol

httpLoad-balancer

FlowVisor-based Virtualization

OpenFlow Switch

OpenFlow Switch

OpenFlow Switch

35

Separation not onlyby VLANs, but any

L1-L4 pattern

Separation not onlyby VLANs, but any

L1-L4 pattern

dl_dst=FFFFFFFFFFFFdl_dst=FFFFFFFFFFFF tp_src=80, ortp_dst=80tp_src=80, ortp_dst=80

FlowSpace: Maps Packets to Slices

FlowVisor Message Handling

OpenFlowFirmware

Data Path

AliceController

BobController

CathyController

FlowVisor

OpenFlow

OpenFlow

Packet

Exception

Policy Check:Is this rule allowed?

Policy Check:Who controls this packet?

Full Line RateForwarding

Rule

Packet

Use Case: New CDN - Turbo Coral ++Basic Idea: Build a CDN where you control the entire network– All traffic to or from Coral IP space controlled by Experimenter– All other traffic controlled by default routing– Topology is entire network– End hosts are automatically added (no opt-in)

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport

* * * * * 84.65.* * * * *

* * * * * * 84.65.* * * *

* * * * * * * * * *

38

Summary

39

Summary• Software-defined networking is still evolving

• OpenFlow is being deployed in over 100 organizations world-wide– GEC9 in Nov, 2010 showcased nation-wide OF– Internet 2 and NLR starting to serve as the GENI

Backbone

Are you innovating in your networks??

Credits• Thanks to following for contributing content to the tutorial:

– Nick McKeown– Guru Parulkar– Brandon Heller– Yiannis Yiakoumis – Guido Appenzeller– Rob Sherwood– Masa Kobayashi

OpenFlow tutorial

Technology

Transcript of OpenFlow tutorial