Introduction To OpenFlow

Transcript

1. OPENFLOW & SOFTWARE DEFINED NETWORKING Martin Casado - Nicira.com Greg

   Ferro - PacketPushers.net 1 Saturday, 15 October 11

2. HUH ? OPENFLOW. What is OpenFlow ? From the bottom

   up. With big words. How OpenFlow does stuff. Then WHY we want OpenFlow to do that 2 Saturday, 15 October 11

3. OPENFLOW. WHAT IS IT ? Nerd Glasses on please 3

   Saturday, 15 October 11

4. PLANES OF OPERATION 4 FORWARDING PLANE MANAGEMENT PLANE CO NTRO

   L CLI/SSH/SNMP/XML OSPF/BGP/LDP Saturday, 15 October 11

5. 5 FORWARDING PLANE Saturday, 15 October 11

6. 5 FORWARDING PLANE ? ? ? Saturday, 15 October 11

7. 6 FORWARDING TABLES Forwarding Tables = Forwarding Information Base =

   FIB Saturday, 15 October 11

8. FORWARDING TABLES ➜ RIBS 7 RIB RIB RIB RIB Saturday,

   15 October 11

9. ROUTING PROTOCOLS ➜ FIBS 8 RIB RIB RIB RIB Routing

   Protocol Routing Protocol Routing Protocol Routing Protocol Saturday, 15 October 11

10. ROUTING PROTOCOLS GOOD ? 9 reliable proven deterministic ( knowable

    ) self healing autonomous scalable ? Saturday, 15 October 11

11. loosely coupled hop by hop homogenous system change resistant limited

    external configuration not load based destination only 10 ROUTING PROTOCOLS ..... OR BAD? Saturday, 15 October 11

12. WHAT IF, INSTEAD OF THIS: 11 RIB RIB RIB RIB

    Routing Protocol Routing Protocol Routing Protocol Routing Protocol Saturday, 15 October 11

13. Controller WE USED A CENTRAL CONTROLLER 12 Controller updates the

    forwarding tables (TCAM) of Switches and Routers Saturday, 15 October 11

14. CONTROLLER ? it’s software, it’s a program connects to all

    devices builds a network topology runs an algorithm then updates the Forwarding table by an API. 13 * ( & we don’t know much about it yet) * Saturday, 15 October 11

15. 14 Network Model OpenFlow 'OpenFlow' Controller UI Controller Network Saturday,

    15 October 11

16. !HOW IT DOES STUFF 15 Keep your Nerd Glasses on

    please Saturday, 15 October 11

17. FLOW TABLES 16 OpenFlow Draft Specification 1.1 Saturday, 15 October

    11

18. OPENFLOW 17 controller-to-switch asynchronous symmetric Saturday, 15 October 11

19. MATCH FIELDS 18 Ingress Port Metadata Ether src Ether dst

    Ether type VLAN id VLAN priority MPLS label , MPLS traffic class IPv4 SRC, IPv4 DST IPv4 proto ( ARP opcode, IPv4 ToS bits) TCP/ UDP / SCTP src port, ICMP Type TCP/ UDP / SCTP dst port ICMP Code Saturday, 15 October 11

20. MATCH FIELDS 18 Ingress Port Metadata Ether src Ether dst

    Ether type VLAN id VLAN priority MPLS label , MPLS traffic class IPv4 SRC, IPv4 DST IPv4 proto ( ARP opcode, IPv4 ToS bits) TCP/ UDP / SCTP src port, ICMP Type TCP/ UDP / SCTP dst port ICMP Code Saturday, 15 October 11

21. MATCH FIELDS 18 Ingress Port Metadata Ether src Ether dst

    Ether type VLAN id VLAN priority MPLS label , MPLS traffic class IPv4 SRC, IPv4 DST IPv4 proto ( ARP opcode, IPv4 ToS bits) TCP/ UDP / SCTP src port, ICMP Type TCP/ UDP / SCTP dst port ICMP Code Pretty Good Selection Saturday, 15 October 11

22. MATCH FLEXIBILITY 19 Field Bits When  applicable Notes Ingress  Port

    32 All  packets Numerical  representa=on  of  incoming  port,   star=ng  at  1.  (physical  or  virtual  port) Metadata 64 Table  1  and  above Ethernet  source  address 48 All  packets  on  enabled  ports Can  use  arbitrary  bitmask Ethernet  des=na=on  address 48 All  packets  on  enabled  ports Can  use  arbitrary  bitmask Ethernet  type 16 All  packets  on  enabled  ports Ethernet  type  of  the  OpenFlow  packet  payload,   aOer  VLAN  tags.  802.3  frames  have  special   handling. VLAN  id 12 All  packets  with  VLAN  tags VLAN  iden=fier  of  outermost  VLAN  tag. VLAN  priority 3 All  packets  with  VLAN  tags VLAN  PCP  field  of  outermost  VLAN  tag. MPLS  label 20 All  packets  with  MPLS  tags Match  on  outermost  MPLS  tag. MPLS  traffic  class 3 All  packets  with  MPLS  tags Match  on  outermost  MPLS  tag. IPv4  source  address 32 All  IPv4  and  ARP  packets Can  use  subnet  mask  or  arbitrary  bitmask IPv4  des=na=on  address 32 All  IPv4  and  ARP  packets Can  use  subnet  mask  or  arbitrary  bitmask IPv4  protocol  /  ARP  opcode 8 All  IPv4  and  IPv4  over  Ethernet,  ARP   packets Only  the  lower  8  bits  of  the  ARP  op-­‐  code  are   used IPv4  ToS  bits 6 All  IPv4  packets Specify  as  8-­‐bit  value  and  place  ToS  in  upper  6   bits. Transport  source  port  /  ICMP  Type 16 All  TCP,  UDP,  SCTP,  and  ICMP  packets Only  lower  8  bits  used  for  ICMP  Type Transport  des=na=on  port  /  ICMP   Code 16 All  TCP,  UDP,  SCTP,  and  ICMP  packets Only  lower  8  bits  used  for  ICMP  Code Saturday, 15 October 11

23. MATCH FLEXIBILITY 19 Field Bits When  applicable Notes Ingress  Port

    32 All  packets Numerical  representa=on  of  incoming  port,   star=ng  at  1.  (physical  or  virtual  port) Metadata 64 Table  1  and  above Ethernet  source  address 48 All  packets  on  enabled  ports Can  use  arbitrary  bitmask Ethernet  des=na=on  address 48 All  packets  on  enabled  ports Can  use  arbitrary  bitmask Ethernet  type 16 All  packets  on  enabled  ports Ethernet  type  of  the  OpenFlow  packet  payload,   aOer  VLAN  tags.  802.3  frames  have  special   handling. VLAN  id 12 All  packets  with  VLAN  tags VLAN  iden=fier  of  outermost  VLAN  tag. VLAN  priority 3 All  packets  with  VLAN  tags VLAN  PCP  field  of  outermost  VLAN  tag. MPLS  label 20 All  packets  with  MPLS  tags Match  on  outermost  MPLS  tag. MPLS  traffic  class 3 All  packets  with  MPLS  tags Match  on  outermost  MPLS  tag. IPv4  source  address 32 All  IPv4  and  ARP  packets Can  use  subnet  mask  or  arbitrary  bitmask IPv4  des=na=on  address 32 All  IPv4  and  ARP  packets Can  use  subnet  mask  or  arbitrary  bitmask IPv4  protocol  /  ARP  opcode 8 All  IPv4  and  IPv4  over  Ethernet,  ARP   packets Only  the  lower  8  bits  of  the  ARP  op-­‐  code  are   used IPv4  ToS  bits 6 All  IPv4  packets Specify  as  8-­‐bit  value  and  place  ToS  in  upper  6   bits. Transport  source  port  /  ICMP  Type 16 All  TCP,  UDP,  SCTP,  and  ICMP  packets Only  lower  8  bits  used  for  ICMP  Type Transport  des=na=on  port  /  ICMP   Code 16 All  TCP,  UDP,  SCTP,  and  ICMP  packets Only  lower  8  bits  used  for  ICMP  Code Saturday, 15 October 11

24. MATCH FLEXIBILITY 19 Field Bits When  applicable Notes Ingress  Port

    32 All  packets Numerical  representa=on  of  incoming  port,   star=ng  at  1.  (physical  or  virtual  port) Metadata 64 Table  1  and  above Ethernet  source  address 48 All  packets  on  enabled  ports Can  use  arbitrary  bitmask Ethernet  des=na=on  address 48 All  packets  on  enabled  ports Can  use  arbitrary  bitmask Ethernet  type 16 All  packets  on  enabled  ports Ethernet  type  of  the  OpenFlow  packet  payload,   aOer  VLAN  tags.  802.3  frames  have  special   handling. VLAN  id 12 All  packets  with  VLAN  tags VLAN  iden=fier  of  outermost  VLAN  tag. VLAN  priority 3 All  packets  with  VLAN  tags VLAN  PCP  field  of  outermost  VLAN  tag. MPLS  label 20 All  packets  with  MPLS  tags Match  on  outermost  MPLS  tag. MPLS  traffic  class 3 All  packets  with  MPLS  tags Match  on  outermost  MPLS  tag. IPv4  source  address 32 All  IPv4  and  ARP  packets Can  use  subnet  mask  or  arbitrary  bitmask IPv4  des=na=on  address 32 All  IPv4  and  ARP  packets Can  use  subnet  mask  or  arbitrary  bitmask IPv4  protocol  /  ARP  opcode 8 All  IPv4  and  IPv4  over  Ethernet,  ARP   packets Only  the  lower  8  bits  of  the  ARP  op-­‐  code  are   used IPv4  ToS  bits 6 All  IPv4  packets Specify  as  8-­‐bit  value  and  place  ToS  in  upper  6   bits. Transport  source  port  /  ICMP  Type 16 All  TCP,  UDP,  SCTP,  and  ICMP  packets Only  lower  8  bits  used  for  ICMP  Type Transport  des=na=on  port  /  ICMP   Code 16 All  TCP,  UDP,  SCTP,  and  ICMP  packets Only  lower  8  bits  used  for  ICMP  Code Shortcomings Exist Saturday, 15 October 11

25. PIPELINE PROCESSING 20 Saturday, 15 October 11

26. PIPELINE PROCESSING 20 OpenFlow Enabled Switch Action Set Table 0

    me In Action Set Table 1 Action Set Table n Frame Egress …….. Saturday, 15 October 11

27. PIPELINE PROCESSING 20 OpenFlow Enabled Switch Action Set Table 0

    me In Action Set Table 1 Action Set Table n Frame Egress …….. OpenFlow Enabled Switch Action Set Group Table Table 0 Frame In Action Set Table 1 Action Set Table n Frame Egress …….. Action Buckets Action Buckets Action Buckets Saturday, 15 October 11

28. INSTRUCTIONS 21 Apply-Actions actions :Applies the specific actions immediately. Clear-Actions:

    Clears all the actions in the action set immediately. Write-Actions actions: Merges the specified actions into the current action set Write-Metadata metadata / mask: Writes the masked metadata value into the metadata field. Saturday, 15 October 11

29. WILDCARDS 22 MAC SRC MAC DST SRC IP IP DST

    TCP Dport TCP SPort Action Count * 00:02:. * * * Port1 250 * * * 10.2.2.1 80 * Port 3 320 * * 192.* * * * drop 890 * * 192.* * * * local 100 * * * * * * Controll er 11 Saturday, 15 October 11

30. IT’S ALL ABOUT THE CONTROLLER 23 Network Model OpenFlow 'OpenFlow'

    Controller UI Controller Network So OpenFlow is an API ! What does the controller do ? EVERYTHING Saturday, 15 October 11

31. 24 “[OpenFlow] doesn’t let you do anything you couldn’t do

    on a network before” - Scott Shenker OpenFlow You don’t need OpenFlow to solve every age-old problem. - Ivan Pepelnjak REALITY CHECK Saturday, 15 October 11

32. SO WHY DO IT ALL ? 25 Saturday, 15 October

    11

33. ACTION POSSIBILITIES 26 set output port unequal path load balancing,

    multipath routing, modify IPv4 fields NAT, QoS munging, modify Ethernet fields set VLAN, set TOS, push/pop MPLS tags interoperate existing MPLS networks blah blah blah CLOUD Saturday, 15 October 11

34. EG, LOAD BALANCING if every switch is a load balancer

    then distributed processing means it costs nothing load balance by setting forwarding tables to balance different src/dst IP to different paths. 27 Core Core Edge Edge Edge Edge Edge Edge LB LB Saturday, 15 October 11

35. EG, LOAD BALANCING if every switch is a load balancer

    then distributed processing means it costs nothing load balance by setting forwarding tables to balance different src/dst IP to different paths. 27 Core Core Edge Edge Edge Edge Edge Edge LB LB Saturday, 15 October 11

36. EG, LOAD BALANCING if every switch is a load balancer

    then distributed processing means it costs nothing load balance by setting forwarding tables to balance different src/dst IP to different paths. 27 1 Core Core Edge Edge Edge Edge Edge Edge LB LB Saturday, 15 October 11

37. EG, LOAD BALANCING if every switch is a load balancer

    then distributed processing means it costs nothing load balance by setting forwarding tables to balance different src/dst IP to different paths. 27 1 Core Core Edge Edge Edge Edge Edge Edge LB LB 2 Saturday, 15 October 11

38. EG, LOAD BALANCING if every switch is a load balancer

    then distributed processing means it costs nothing load balance by setting forwarding tables to balance different src/dst IP to different paths. 27 1 3 Core Core Edge Edge Edge Edge Edge Edge LB LB 2 Saturday, 15 October 11

39. EG, LOAD BALANCING if every switch is a load balancer

    then distributed processing means it costs nothing load balance by setting forwarding tables to balance different src/dst IP to different paths. 27 1 3 Core Core Edge Edge Edge Edge Edge Edge LB LB 2 Saturday, 15 October 11

40. EG, LOAD BALANCING if every switch is a load balancer

    then distributed processing means it costs nothing load balance by setting forwarding tables to balance different src/dst IP to different paths. 27 1 3 Core Core Edge Edge Edge Edge Edge Edge LB LB 2 Saturday, 15 October 11

41. EG, LOAD BALANCING if every switch is a load balancer

    then distributed processing means it costs nothing load balance by setting forwarding tables to balance different src/dst IP to different paths. 27 1 3 Core Core Edge Edge Edge Edge Edge Edge LB LB 2 X Saturday, 15 October 11

42. EG, LOAD BALANCING if every switch is a load balancer

    then distributed processing means it costs nothing load balance by setting forwarding tables to balance different src/dst IP to different paths. 27 1 3 Core Core Edge Edge Edge Edge Edge Edge LB LB 2 X X Saturday, 15 October 11

43. WHY WE WANT OPENFLOW Nerd Glasses off please 28 Saturday,

    15 October 11

44. GOOD PARENTS Martin Casado, Nick McKeown Big Vendors: Juniper, Brocade,

    NEC, Small Vendors: OpenGear, et al Flotilla of startups - Big Switch, Nicira etc Big name comanies Google, Yahoo, Facebook Indiana University setup “official” interoperability lab 29 Saturday, 15 October 11

45. 30 “Virtual tenant network plane in the controller” Keep your

    existing Control plane OSPF, BGP, ISIS, MPLS TE. ADD OpenFlow, don’t replace anything ADD OPENFLOW REPLACE NOTHING Saturday, 15 October 11

46. TOPOLOGY LITE 31 Topology independent virtual networks Forwarding tables don’t

    dictate topology. Cabling paths do. Routing protocols do. Business partnerships do. Saturday, 15 October 11

47. DYNAMIC 32 Controller can repeatedly update forwarding tables •Power saving

    (shutdown unneeded nodes) •change per flow topology on a “time” basis (complex MPLS TE ) •Move flows away for maintenance Saturday, 15 October 11

48. SECURITY 33 Divert flow to service eg. IPS, Proxy, NAC,

    perform security tasks - authenticate, authorize, account. change forwarding table to forward Single policy source (compared with routing protocol attacks) Saturday, 15 October 11

49. DATA CENTRE 34 VM Migration - no arp - no

    routing - no ip mobility - works today Saturday, 15 October 11

50. DATA CENTRE 34 Hypervisor Hypervisor Hypervisor Core Core Edge Edge

    Edge vHost vHost vHost vHost vHost vHost VM Migration - no arp - no routing - no ip mobility - works today Saturday, 15 October 11

51. DATA CENTRE 34 Hypervisor Hypervisor Hypervisor Core Core Edge Edge

    Edge vHost vHost vHost vHost vHost vHost vHost VM Migration - no arp - no routing - no ip mobility - works today Saturday, 15 October 11

52. DATA CENTRE 34 Hypervisor Hypervisor Hypervisor Core Core Edge Edge

    Edge vHost vHost vHost vHost vHost vHost 1 vHost VM Migration - no arp - no routing - no ip mobility - works today Saturday, 15 October 11

53. DATA CENTRE 34 Hypervisor Hypervisor Hypervisor Core Core Edge Edge

    Edge vHost vHost vHost vHost vHost vHost 1 2 vHost VM Migration - no arp - no routing - no ip mobility - works today Saturday, 15 October 11

54. DATA CENTRE 34 Hypervisor Hypervisor Hypervisor Core Core Edge Edge

    Edge vHost vHost vHost vHost vHost vHost 1 2 3 vHost VM Migration - no arp - no routing - no ip mobility - works today Saturday, 15 October 11

55. DATA CENTRE 34 Hypervisor Hypervisor Hypervisor Core Core Edge Edge

    Edge vHost vHost vHost vHost vHost vHost 1 2 3 vHost 4 VM Migration - no arp - no routing - no ip mobility - works today Saturday, 15 October 11

56. DATA CENTRE 34 Hypervisor Hypervisor Hypervisor Core Core Edge Edge

    Edge vHost vHost vHost vHost vHost vHost 1 2 3 vHost 4 5 VM Migration - no arp - no routing - no ip mobility - works today Saturday, 15 October 11

57. DATA CENTRE 34 Hypervisor Hypervisor Hypervisor Core Core Edge Edge

    Edge vHost vHost vHost vHost vHost vHost 1 2 3 vHost vHost 4 5 VM Migration - no arp - no routing - no ip mobility - works today Saturday, 15 October 11

58. CAMPUS 35 Indiana University 3000 Access Points Students, Teachers, Researchers,

    Admin Dormitory, Classrooms, Offices, Mobile forwarding privileges according to user type, user location, application Student in dormitory / classroom Researchers in Lans Saturday, 15 October 11

59. INTEGRATED MPLS/OPENFLOW 36 Saturday, 15 October 11

60. 3G NETWORKS 37 User control DPI redirection Counters Saturday, 15

    October 11

61. BGP HARDWARE ROUTER Open Source Routing Stack Hardware forwarding (multi-vendor)

    Scale-out datapath (maybe) 38 Quagga% BGP RIB Controller% Saturday, 15 October 11

62. GLOBAL TE ENGINE 39 42 Controller( Controller( Controller( Controller( Global&Policy&

    and&fine/grained&TE&control& Similar&to&PNNI& Saturday, 15 October 11

63. LANGUAGE DRIVEN 40 Nancy Payroll controller Policy Nancy can access

    payroll High-level language drives all connectivity (forwarding, filtering, QoS, service interposition, etc) Language is topologically independent All changes to network are logged with authenticated end points means any packet can be tracked back to any user Allows for network-wide rollback of policy Saturday, 15 October 11

64. WRAP 41 OpenFlow still early It’s all about the controller

    giving us a better control plane the controller is a another way of defining the flow forwarding in the network software defined networking you can do both, at once Many Open Source projects Many more commercial projects Saturday, 15 October 11

65. LIVE VIDEO STREAM! 26TH OCTOBER, 2011 h"p://bit.ly/AppliedOpenFlow     42

    Saturday, 15 October 11

66. LINKS http://www.openflow.org http://www.opennetworkingfoundation.org/ http://www.openvswitch.org http://noxrepo.org/wp/ http://www.openflowhub.org/display/Beacon 43 Saturday, 15 October

    11

67. 44 http://packetpushers.net http://etherealmind.com Thankyou Saturday, 15 October 11