Outline 1. Legacy Networks 2. Software defined networks
Motivation,Architecture, Principles, 3. OpenFlow Principles,
Architecture OpenFlow Basics- Flow table, controller, protocol How
it works Centralized vs Distributed, Aggregated vs Flow based,
Proactive vs Reactive Network Slicing - FlowVisor How to get
started to play with OpenFlow 4. Industry trends 5. Demo screen
shoots
Slide 3
Current Networking Scheme Fully distributed protocols - hard to
add a feature to a network Network is closed for research and
innovation Network administrators and Researchers can only
configure devices Software is embedded in Industry Data plan and
control plan in the same device Routers and switches are locked
Packet forwarding and decision controlled by underlined switched
and routers
Slide 4
Packet Forwarding Hardware Ap p Packet Forwarding Hardware Ap p
Hardwared Packet Forwarding Ap p Packet Forwarding Hardware
Operating System Operating System Operating System Operating System
Operating System Operating System Operating System Operating System
Ap p Closed System
Slide 5
Mitigation approach Open Development environment for Networking
Isolation: regular production Network untouched Virtualized and
Programmable networks Software Defined Networking (SDN)
Slide 6
Network Architecture to remotely control network hardware with
software To open the closed network Enables innovations by
researchers, operators, application/service providers Managed by
Open Network Foundation (ONF) 6
Slide 7
SDN Architecture Principles 1. Separation of data and control
planes well defined API/protocol between the two 2. Logically
centralized control plane with an open API for network applications
and services 3. Network slicing and virtualization to support
experimentation on a production network. Control Path Data Path
(Hardware) Protocol API Control Path(Software)
Slide 8
Packet Forwarding Hardware Ap p Packet Forwarding Hardware Ap p
Hardware Packet Forwarding Ap p Packet Forwarding Hardware
Operating System Operating System Operating System Operating System
Operating System Operating System Operating System Operating System
Ap p Network Operating System App Software Defined Networking
Principles 1. Open Interface to HW 3. Open API 2. Operating
System
Slide 9
OpenFlow
Slide 10
What is OpenFlow? OpenFlow is an open standard to deploy
innovative protocols in production networks openflow.org
Slide 11
OpenFlow Motivation Network changes are sluggish The need for
programmable networks Goal Use a centralized controller to
determine traffic forwarding Principle Separate control plane from
data plane
Slide 12
OpenFlow SDN protocol(API) that modifies forwarding tables in
network switches. Added as a feature to commercial Ethernet
switches, routers and wireless access points Developed by Stanford
University Sits between a switch and controller Allows the path of
network packets through the network of switches to be determined by
software running on a separate server
Slide 13
OpenFlow Vendor independent Protocol is open source Version
status OF 1.0 : most widely used version OF 1.1: multiple tables
and counters OF 1.2 : Wire protocol IPv6, basic configuration OF
1.3 : Topology discovery, test processes OF 1.4 : capability
discovery, test labs
Slide 14
Classic Switch Vs OpenFlow Switch Classic Switch/Router
OpenFlow Enabled Switch/Router Data path and control path occur on
the same device Data path- packet forwarding path Control path-
routing decisions Separates the data path and control path Data
path portion still resides on the switch High level routing
decisions reside in controller The OpenFlow switch and the
controller communicate via the OpenFlow protocol
Slide 15
OpenFlow Specification Basics Consists at least three parts
Flow Table define how the switch will process each flow Secure
Channel to connect to controller OpenFlow Protocol(API) OpenFlow
Switch Flow Table Flow Table Secure Channel Secure Channel hw sw
Controller PC OpenFlow Protocol(SSL) Flow table are set up on
switches Controller talk to the switch via the OpenFlow
protocol
Slide 16
Flow table Entry Flow table consists of set of entries to
compare incoming packets against Each flow entry consist of match
fields, counters, actions Matching starts at the first flow table
Flow entries match in priority order Match found Apply the
instructions Match not found forwarded to the controller over the
OpenFlow channel, dropped may continue to the next flow table
Slide 17
Table entry Switch Port MAC src MAC dst Eth type VLAN ID IP Src
IP Dst IP Prot TCP sport TCP dport RuleActionStats 1.Forward packet
to port(s) 2.Encapsulate and forward to controller 3.Drop packet
4.Send to normal processing pipeline Packet + byte counters Per
table Per flow Per table
Slide 18
Actions: 1.Switching and routing 2.Firewall 3.Using
non-OpenFlow logic 4.Send to controller
Slide 19
Secure channel OpenFlow Switch Flow Table Flow Table Secure
Channel Secure Channel hw sw Controller PC OpenFlow Protocol(SSL)
SSL Connection, site-specific key Controller discovery protocol
Encapsulate packets for controller Send link/port state to
controller
Slide 20
OpenFlow Protocol Message Types Controller-to-switch To
directly manage or inspect the state of the switch may or may not
require a response from the switch Operations/msg types: features,
configuration, Ready-State, Modify-State, barrier Asynchronous To
update the controller of network events and changes to the switch
state. sent without the controller soliciting them from a switch To
tell controller a packet arrival, switch state change, or error
Msg. types: Packet-in, Flow-Removed, Port-status, Error Symmetric
Msg. types: Hello, Echo, Experimenter
Slide 21
The OpenFlow controller Remotely control and manipulate flow
table in switches Available open-source controllers NOX Beacon SNAC
FlowVisor- a special type of controller Act as a proxy between
OpenFlow switches and multiple controllers Slices network resource
and delegate controller to each
Slide 22
How OpenFlow works ?
Slide 23
Packet In from network Send to controller over secure channel
Apply Actions Check matchin g No match Switch Packet In from switch
Extract the destination address of the packet Define a table entry
to create a path for the packet Send message to each switch in the
path the packet will traverse Controller Match
Centralized vs Distributed control Centralized Control
Distributed Conrol OFS Controller PC Controller PC Controller PC
Controller PC
Slide 28
Flow Routing vs Aggregation Flow-based Aggregated Every flow is
individually set up by controller Exact match flow entries Flow
table contains one entry per flow Good for fine grain control One
flow entry covers large groups of flows Wildcard flow entries Flow
table contains one entry per category of flows Good for large # of
flows
Slide 29
Reactive vs Proactive Reactive Proactive First packet of flow
triggers controller to insert flow entries Efficient use of flow
table Every flow incurs small additional set up time Switch has
limited utility of connection control is lost Controller
pre-populates flow table in switch Zero additional flow set up time
Loss of control connection doesnt disrupt connection Requires
aggregated rules
Slide 30
Open Controllers Controller nameLanguagePlatform NOXC++,
PythonLinux BeaconJavaWin, Mac, Linux, Android MaestroJavaWin, Mac,
Linux TremaRuby, CLinux
Slide 31
Network Slicing concept Divide the production network into
logical slices each slice/service controls its own packet
forwarding Slicing Layer Switch data plane Multiple controllers
(NOS)
Slide 32
FlowVisor A tool for slicing OpenFlow Networks creating
multiple isolated and programmable logical networks on the same
physical topology Puts Slicing Policies The policy specifies
resource limits for each slice: Link bandwidth Maximum number of
forwarding rules Topology Fraction of switch/router CPU
Slide 33
OFS Flow Visor PC OpenFlow protocol Virtual networks through
FlowVisor Research 1 controllerProd. nkt controller Research 2
controller FlowSpace: Maps Packets to Slices Topology discovery is
per slice
Slide 34
OpenFlow gains Increased network control Increased Network in
flexibility Shared Infrastructure make innovation easier Current
network infrastructure, LAN and WAN, does not allow for much
experimenting. In many cases, it is a production network, there are
firmware limitations, or both
Slide 35
Some OpenFlow applications Wireless mobility/migration Redirect
specific application traffic to remote site Network Virtualization
Power management Load balancing Traffic engineering Security
Applications Load balancing Firewall
Slide 36
Current version OpenFlow limitations Non-flow-based(per-packet)
networking Use all tables on switch chips New forwarding primitives
New packet formats/field definitions Low-setup time individual
flows But can push flows proactively
Slide 37
Industry support Many vendors implemented OpenFlow in their
devices
Slide 38
How to get started with OpenFlow Switch Software switches Linux
User-space Switch Reference Linux Kernel-space Switch Open vSwitch
Hardware switches OpenFlow enabled commercial switches ex. pronto
Controller Reference Learning Switch Controller NOX, Beacon,
SNAC
Slide 39
What can we do with OpenFlow Write- configure deploy
Experimenting our networks Develop network applications on top of
existing controllers (ex. NOX, Beacon) Customize controllers Extend
existing controllers Developing our own controller
Slide 40
Example Developing on NOX Basics components and events Develop
components that handle events Components can be developed using C++
Python or Combination of them NOX built-in component Core apps
Network apps Web apps Third-part y extensions
Slide 41
Example a component
Slide 42
Events Drives execution in NOX Core events Data_path_join
event, Packet_in_event Application events Host_in event, flow_in
event etc post events for other applications to handle Register for
packet_in event
Slide 43
OpenFlow Practice Using virtual machines Required softwares
Virtualization software (Virtual box) X server - (windows Xming,
max X11, linux X server installed) Development tools Mininet
Wireshark Benchmark Controller w/iperf
Slide 44
What can we do in the tutorial Create learning switch NOX
controller (Python, C++) Beacon (java) Control a Slice of a real
Network Creating router Creating Firewall
Slide 45
Slide 46
Slide 47
Some Demos
Slide 48
Dynamic Flow Aggregation on an OpenFlow Network Dynamically
define flow granularity by wildcarding arbitrary Header fields
Granularity is on the switch flow entries, no packet rewrite or
encapsulation
Slide 49
Elastic Tree: reducing energy in data centers Shuts off links
and switches to reduce data center power OpenFlow provides network
routes and port statistics
Slide 50
Some OpenFlow Demos Aster*x: Load-Balancing Web Traffic over
Wide-Area Networks load balancing system for services hosted in
different services considers network congestion and server load
handles the dynamical adding and removing of resources By
Stanford
Slide 51
test facility for network experiments based on OpenFlow allows
the dynamic creation of virtual machines to be used as sources,
sinks, and controllers for OpenFlow switches OFELIA - Pan-European
Test Facility for OpenFlow Experimentation
Slide 52
flexible definitions of virtual networks, dynamic scaling of
the virtual networks, and isolation of the virtual networks from
physical network changes. Network Virtualization using EXOS
OpenFlow
Slide 53
Industry trend Increased interest In Data centers Service
providers For example to slice their networks based on bandwidth
Enterprise networks
Slide 54
Questions?
Slide 55
References http://www.openflow.org/ http://opennetsummit.org/
Openflow white paper http://noxrepo.org/wp/ Slides from Brandon
Heller (stanford) SriniSeetharaman Martin Casado Internet2 Joint
Techs Clemson Open Network Summit 2011 talks and slides