Workshop on Software Defined Networks
description
Transcript of Workshop on Software Defined Networks
![Page 1: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/1.jpg)
Workshop on Software Defined Networks
Spring 2014
![Page 2: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/2.jpg)
Groupsgroup id group members ex1 last sub. project name project sel. date
1 Liza Mash, Kostya Berestizhevsky, Idan Shaby 17.4.14 Firewall 30.4
2 , , מערוף אבו חוסאם כהן רועי לוי רועי 3.5.14 firewall 4.5
3 , , אהרון מוריה חמו בועז פינסקר שי 13.4.14
4 Or Keret, Ofir Shohet, Gal Bitensky 17.4.14
5 Nir Avnon, Chen Shoval, Roi Klien 18.4.14
6 Ori Lentzitzky, Guy Engel 1.5.14
7 , שרפי בן מרטון ירדן 4.5.14
8 Elad levi, Hanan Rofe Haim 4.5.14
9 Roy Moyal, Liraz Segal 5.5.14 Load Balancer 5.5
10 Michal Shagam, Dekel ? 8.5.14
![Page 3: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/3.jpg)
OpenFlow Switch Specification
• Flow-Table entry:
• Possible Actions:– Forward packet to a given port (or ports)– Encapsulate packet and forward to controller– Drop packet
Packet Header
Action
Statistics
![Page 4: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/4.jpg)
OpenFlow Switch Specification
• The header fields matched in OpenFlow switch (Type0):
• Support for normal traffic is achieved by:– A 4th action; forward packet through normal pipeline– Dedicated VLANs
![Page 5: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/5.jpg)
OpenFlow1.3 Specification
• A pipeline of forwarding tables:
– Aggregated Action Set– Internal metadata– optional group classification
![Page 6: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/6.jpg)
OpenFlow1.3 Specification
• Extended match header fields:
![Page 7: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/7.jpg)
OpenFlow1.3 Specification
• Counters:
![Page 8: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/8.jpg)
OpenFlow1.3 Specification• Each packet carries an Action set.
– Empty at the start– Updated while packet is processed– Executed at the end.
• Each Forwarding table entry is associated with an Instruction Set– Predefined (updated by controller)– Executed when entry is matched– Influences packet processing course and updates its action set.
• More actions:– Update TTL– Tag push– Tag pop– Set field– QoS
![Page 9: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/9.jpg)
OpenFlow1.3 Groups
• Groups can be applied on a packet while processed
• Groups are defined in the group table
Group ID Group IDGroup ID
Group IDBucket Group ID
Group IDGroup IDInstruction
Out port
![Page 10: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/10.jpg)
OpenFlow1.3 and RYU
• http://osrg.github.io/ryu-book/en/html/index.html
• http://sdnhub.org/tutorials/openflow-1-3/
![Page 11: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/11.jpg)
PROJECTS
![Page 12: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/12.jpg)
Router
• User input:– Routers addresses– Subnets assignments
MAC: A
10.0.0.* Port:1VLAN: 3
192.168.*.*Port:2
VLAN: *
MAC: B
10.0.0.*Port:1VLAN: 3
MAC: D
MAC: C
MAC: E
![Page 13: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/13.jpg)
Router
• Network input:– Links
MAC: A
10.0.0.* Port:1VLAN: 3
192.168.*.*Port:2
VLAN: *
MAC: B
10.0.0.*Port:1VLAN: 3
MAC: D
MAC: C
MAC: E
Port:3VLAN: 4
Port:2VLAN: 4
![Page 14: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/14.jpg)
Router
• Objective:– Shortest path routes
MAC: A
10.0.0.* Port:1VLAN: 3
192.168.*.*Port:2
VLAN: *
MAC: B
10.0.0.*Port:1VLAN: 3
MAC: D
MAC: C
MAC: E
Port:3VLAN: 4
Port:2VLAN: 4
![Page 15: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/15.jpg)
Load balancer
• Split clients to servers
Action End StartServer r3 61.26.188.55 0.0.0.0Server r1 61.37.255.0 61.26.188. 56
Server r2 93.2.100.50 61.37.255.1
Drop 127.0.64.40 93.2.100.51…… ……… …..
Source IP Address
replicasInternet
…
![Page 16: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/16.jpg)
Load balancer
• Avoid rule expansion
Action End StartServer A 125.37.255.0 125.26.188. 56Server B 126.2.100.50 125.37.255.1
Action PatternServer A 125.26.188. [00111***]
Server A 125.26.188. [*1******]
Server A 125.26.188. [10******]
Server A 125. [00011011].*.*
Server A 125. [000111**].*.*
Server A 125. [001000**].*.*
Server A 125.[00100100].*.*
Server A 125.[00100101]. 255.0
Server B 125.[00100101]. 255.*
Server A 125.[00100101]. *.*
Server B 125.[001*****].*.*
Server B 126. 1.*.*
Server B 126. 2. [00******].*
Server B 126. 2. [010*****].*
Server B 126. 2. [011000**].*
Server B 126. 2. 100.[0010****]
Server B 126. 2. 100.[00110001]
Server B 126. 2. 100.[00110010]
![Page 17: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/17.jpg)
Load balancer• Add/remove servers when needed
Source IP Address
replicasInternet
…
![Page 18: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/18.jpg)
Firewall• Manage sessions
InternetIntranet
DMZAction ConstraintsAllow Port = 80,
Src_ip192.168.1.1 - 192.168.3.128]Allow + Log 3600<port<3650,
Src_ip192.168.2.1 - 192.168.4.255]Dst_ip
![Page 19: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/19.jpg)
Firewall
• Consider rule expansion
Action End StartServer A 125.37.255.0 125.26.188. 56Server B 126.2.100.50 125.37.255.1
Action PatternServer A 125.26.188. [00111***]
Server A 125.26.188. [*1******]
Server A 125.26.188. [10******]
Server A 125. [00011011].*.*
Server A 125. [000111**].*.*
Server A 125. [001000**].*.*
Server A 125.[00100100].*.*
Server A 125.[00100101]. 255.0
Server B 125.[00100101]. 255.*
Server A 125.[00100101]. *.*
Server B 125.[001*****].*.*
Server B 126. 1.*.*
Server B 126. 2. [00******].*
Server B 126. 2. [010*****].*
Server B 126. 2. [011000**].*
Server B 126. 2. 100.[0010****]
Server B 126. 2. 100.[00110001]
Server B 126. 2. 100.[00110010]
![Page 20: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/20.jpg)
Firewall• Manage sessions
• Features:– Actions are Allow, Allow+Log, Block, Block+Log– Statefull– Consistency models (per flow/packet)– FIN detection
InternetIntranet
DMZ
![Page 21: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/21.jpg)
Multicast Traffic
![Page 22: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/22.jpg)
Multicast Traffic
• Input– Routers– Links– User location and request– Link and server cost
• Objective– Route streams (optimally)– Assign servers (optimally)
![Page 23: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/23.jpg)
Distributed controller
![Page 24: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/24.jpg)
Distributed controller
• Controller state is saved in distributed storage.• Handling an event is a transaction.• Prevent dead-locks and live-locks.• Use a simple application as an example.• Based on paper “Towards an Elastic
Distributed SDN Controller” by Dixit et. al. appeared in HotSDN2013.
![Page 25: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/25.jpg)
Hierarchical controller
controller
Sub SDNSub SDN
Sub SDN
controllercontroller
![Page 26: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/26.jpg)
Hierarchical controller
controller
Sub SDNSub SDN
Sub SDN
controllercontroller
controller
![Page 27: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/27.jpg)
Fault tolerant SDN• Without the controller, an OpenFlow switch
forwards packets according to:– Static configuration – Links status– Packet header– Input port
• We want to ensure that if the network is physically connected then any packet will reach its destination (eventually).
• We prefer one instance of the packet at all time (without broadcast).
![Page 28: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/28.jpg)
Fault tolerant SDN• Non Fault tolerant solutions:
– Source and destination based rules– Port based rules
• Our approach:– Use packet header for storing state
• Algorithms:– Module (Naïve) – DFS– BFS (very complicated)
![Page 29: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/29.jpg)
Module Algorithm
![Page 30: Workshop on Software Defined Networks](https://reader036.fdocuments.in/reader036/viewer/2022062410/568164d6550346895dd713cf/html5/thumbnails/30.jpg)
DFS Algorithm