Programmable Flow-based Networking with...
Transcript of Programmable Flow-based Networking with...
-
Programmable Flow-based Networking with OpenFlow
Page 1 NEC Confidential
Dr. Marcus Brunner
NEC Labs Europe - Network [email protected]
ETSI Workshop on Future Internet, March 10-11, 2010, Nice, France
Networking with OpenFlow
-
OpenFlow - Overview
Switch Controller
Switch Controller
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #2
Dumb but fastAs dumb or intelligent as you want it to be
Protocol
Switch Controller
-
What’s OpenFlow technology ?
• Separation of control plane and data plane• Enable flow-based network programmability from controllers
OpenFlowControllerOpenFlow
Switch
Securesw
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #3
FlowTable
SecureChannel
hw
sw
-
OpenFlow’s Flow Switching Definition
Legacy L2/L3 switching and routingLegacy L2/L3 switching and routingLegacy L2/L3 switching and routingLegacy L2/L3 switching and routingLayer 2 (MAC) SwitchingLayer 2 (MAC) SwitchingLayer 2 (MAC) SwitchingLayer 2 (MAC) Switching
Layer 3 (IP) RoutingLayer 3 (IP) RoutingLayer 3 (IP) RoutingLayer 3 (IP) Routing
Ingress Port
Ether src
Ether dst
Ether type
VLAN id IP src IP dst IP proto
TCP/UDP src
port
TCP/UDP dst
port
VLAN PCP (*6)
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #4
port port(*6)
Flow Switching with any combinations of tuples as a keyFlow Switching with any combinations of tuples as a keyFlow Switching with any combinations of tuples as a keyFlow Switching with any combinations of tuples as a key- Exact Matching : - Wild Card Matching:
-Aggregated MAC-subnet: MAC-src: A.*, MAC-dst: B.*-Aggregated IP-subnet: IP-src: 205.16.*/24, IP-dst: 206.12.*/24
-
Definition of Flow and programmabilityRule
(exact & wildcard) Action Statistics
Rule(exact & wildcard) Default Action Statistics
Flow 1.
Flow N.
Actions for flow(ie)Switch: Unicast, Multcast,
Definition of flow filtering(ie)
Flow statistics(ie) Switch: Number of
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #5
(ie)Switch: Unicast, Multcast, bandwidth control, Flitering, load
balancing, alarm recovery, tunneling, encryption
(ie)Switch: Port, VLAN ID, L2,
L3, L4, …
(ie) Switch: Number of packet, byte, connection
time
1.
Unicast
2.Multicast
4.
Waypoints� Middleware� Intrusion detection� …
3.Multipath� Load-balancing� Redundancy
Example ofActions
-
OpenFlow - Operation
Switch
ControllerController
ControllerController
Secure channel
Flow table
change
Rules/Headers Actions Counters
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #6
Switch Controller
• Ethernet switch + OpenFlow• Dedicated OpenFlow switch
• Specialized piece of HW/SW• PC and a process
-
OpenFlow - Operation
Switch ControllerSecure channel
Flow tableIngress Port
Eth src
Eth dst
Eth type
VLAN ID
IP src IP dst IP proto
src port
dst port
Any Any Any Any Any 1.1.1.1 Any 6 Any 80
OpenFlow 10-tuple
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #7
Switch Controller
Actions:• Forward
• physical port• all• controller (= encapsulate)• switch’s “normal” processing pipeline•…
• Drop
-
OpenFlow - Operation
Switch ControllerSecure channel
Flow tableIngress Port
Eth src
Eth dst
Eth type
VLAN ID
IP src IP dst IP proto
src port
dst port
action
Any Any Any Any Any 1.1.1.1 Any 6 Any 80 To(4)
Any Any Any Any Any Any Any Any Any Any cntrl
Any Any Any Any Any 2.2.2.2 Any Any Any Any drop
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #8
Switch Controller
Switch
port(4)
-
What can we do with it?
• Allows to easily change the control (algorithms, policies, etc.)– Innovative OpenFlow Controller functions are key
• Flexibility– Control can be simple to complex
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #9
– Control can be simple to complex– Granularity of control can be different
• Applicable to various scenarios– Not only the test network use case
-
Flow-based Network
Controller Flow 1Flow 2
AP 1
AP 2 AP 2
AP 1FabricSwitch
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #10
Server Server
AP 2 AP 2
Firewall or Load Balancer
Can be switched to powersaving modeCan be shutdown for
servicing
� Mesh and Per-flow QoS
� Service Insertion
� Load Concentration
-
Wide-area / mobile network
Internet2 ISPs
CarriersOpenFlow
switch
Controlserver
Campus network
innovative students develop their innovative students develop their Fixed and mobile seamless control, Fixed and mobile seamless control, integrated optical network control, integrated optical network control,
Use case of OpenFlow switching network
Wireless
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #11
Data center network Enterprise network
innovative students develop their innovative students develop their own services and algorithmsown services and algorithms
integrated optical network control, integrated optical network control, flexible VPN management, etcflexible VPN management, etc……
Network and computing resources are Network and computing resources are tightly coupled and efficiently managedtightly coupled and efficiently managed Network control and security are tightly managedNetwork control and security are tightly managed
Controlserver
Controlserver
-
IT/NW Integration
• Unified platform for data center, transport and mobile networks.– Integrated controller for infrastructure virtualization/customization
• Real integration of IT and NW.– Optimized information flow through IT and NW
• OpenFlow is a key technology.– Open interface for future network control standard
Unified Controller
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #12
MobileNW
Data CenterNW
VM
TransportNW
Simplified Switch
Unified Controller
Open standards (e.g. OpenFlow)
Data CenterOperator
NetworkOperator
-
Virtualization with OpenFlow
• Virtual switching function (VSF)– Create multiple OpenFlow slices with multiple controllers– Separate OpenFlow slices/networks by VLAN
• Enable to coexist standard switch/router functions– Simultaneous executions of traditional switching/routing
functions and OpenFlow, separated via VLAN
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #13
Norm al L2/L3 Processing
Experim ent A
C ontroller A
C ontroller B
C ontroller C
Flow Table
Flow Table
Flow Table
Production traffic
Experim ent B
Experim ent C
-
Interest in Programmable Switching• GENI trials received $30M NSF Grant (Oct-19)
– “The funding will enable three sets of collaborating academic/industrial research teams to replicate those GENI prototype systems that have gained significant traction, based on GENI-enabled commercial hardware, across 14 U.S. campuses and two national research backbones.”
• European OpenFlow Testnetwork under discussion (FIRE, call5)• EU projects related to OpenFlow under discussion (call5)
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #14
-
Standardization issues
• The Controller to Switch/Router Interface requires standardization– OpenFlow is one example, there are a set of other protocols as well
(Forces, GSMP, ….)• Interface to OpenFlow Controller
– might eventually require some standards as well, e.g., management interfacae
• Open specification by OpenFlow Consortium
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #15
• Open specification by OpenFlow Consortium – a larger consortium of university researchers and network
administrators (no vendors allowed)– free even for commercial use– Ver. 1.0 released in Dec. 2009
� http://www.openflowswitch.org/documents/openflow-spec-v1.0.0.pdf
• Supported by Stanford Clean Slate Programme
-
OpenFlow in a Nutshell
• OpenFlow is…– A way for programmable flow-based networking– Enables a large set of applications due to its flexibility– A way for IT/NW integration
• Paradigm shift by OpenFlow– OpenFlow provides open interface to “black box” networking
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #16
– OpenFlow provides open interface to “black box” networking node (ie. Routers, L2/L3 switch) to enable visibility and openness in network
http://www.openflowswitch.org