OpenFlow and Software Defined Networking - EuroNOG 2011

Transcript

1. OPENFLOW & SOFTWARE DEFINED NETWORKING Greg Ferro EtherealMind.com and PacketPushers.net

   1 Monday, 3 October 11

2. HUH ? OPENFLOW. What is OpenFlow ? From the bottom

   up. With big words. How OpenFlow does stuff. Then WHY we want OpenFlow to do that 2 Monday, 3 October 11

3. OPENFLOW. WHAT IS IT ? Nerd Glasses on please 3

   Monday, 3 October 11

4. PLANES OF OPERATION 4 FORWARDING PLANE MANAGEMENT PLANE CO NTRO

   L CLI/SSH/SNMP/XML OSPF/BGP/LDP Monday, 3 October 11

5. 5 FORWARDING PLANE ? ? ? Monday, 3 October 11

6. 6 FORWARDING TABLES Forwarding Tables = Forwarding Information Base =

   FIB Monday, 3 October 11

7. FORWARDING TABLES ➜ RIBS 7 RIB RIB RIB RIB Monday,

   3 October 11

8. ROUTING PROTOCOLS ➜ FIBS 8 RIB RIB RIB RIB Routing

   Protocol Routing Protocol Routing Protocol Routing Protocol Monday, 3 October 11

9. ROUTING PROTOCOLS GOOD ? 9 reliable proven deterministic ( knowable

   ) self healing autonomous scalable ? Monday, 3 October 11

10. loosely coupled hop by hop homogenous system change resistant limited

    external configuration not load based destination only 10 ROUTING PROTOCOLS ..... OR BAD? Monday, 3 October 11

11. WHAT IF, INSTEAD OF THIS: 11 RIB RIB RIB RIB

    Routing Protocol Routing Protocol Routing Protocol Routing Protocol Monday, 3 October 11

12. Controller WE USED A CENTRAL CONTROLLER 12 Controller updates the

    forwarding tables (TCAM) of Switches and Routers Monday, 3 October 11

13. CONTROLLER ? it’s software, it’s a program connects to all

    devices builds a network topology runs an algorithm then updates the Forwarding table by an API. 13 * ( & we don’t know much about it yet) * Monday, 3 October 11

14. 14 Network Model OpenFlow 'OpenFlow' Controller UI Controller Network Monday,

    3 October 11

15. !HOW IT DOES STUFF 15 Keep your Nerd Glasses on

    please Monday, 3 October 11

16. FLOW TABLES 16 OpenFlow Draft Specification 1.1 Monday, 3 October

    11

17. OPENFLOW 17 controller-to-switch asynchronous symmetric Monday, 3 October 11

18. MATCH FIELDS 18 Ingress Port Metadata Ether src Ether dst

    Ether type VLAN id VLAN priority MPLS label , MPLS traffic class IPv4 SRC, IPv4 DST IPv4 proto ( ARP opcode, IPv4 ToS bits) TCP/ UDP / SCTP src port, ICMP Type TCP/ UDP / SCTP dst port ICMP Code Pretty Good Selection Monday, 3 October 11

19. MATCH FLEXIBILITY 19 Field Bits When  applicable Notes Ingress  Port

    32 All  packets Numerical  representa=on  of  incoming  port,   star=ng  at  1.  (physical  or  virtual  port) Metadata 64 Table  1  and  above Ethernet  source  address 48 All  packets  on  enabled  ports Can  use  arbitrary  bitmask Ethernet  des=na=on  address 48 All  packets  on  enabled  ports Can  use  arbitrary  bitmask Ethernet  type 16 All  packets  on  enabled  ports Ethernet  type  of  the  OpenFlow  packet  payload,   aOer  VLAN  tags.  802.3  frames  have  special   handling. VLAN  id 12 All  packets  with  VLAN  tags VLAN  iden=fier  of  outermost  VLAN  tag. VLAN  priority 3 All  packets  with  VLAN  tags VLAN  PCP  field  of  outermost  VLAN  tag. MPLS  label 20 All  packets  with  MPLS  tags Match  on  outermost  MPLS  tag. MPLS  traffic  class 3 All  packets  with  MPLS  tags Match  on  outermost  MPLS  tag. IPv4  source  address 32 All  IPv4  and  ARP  packets Can  use  subnet  mask  or  arbitrary  bitmask IPv4  des=na=on  address 32 All  IPv4  and  ARP  packets Can  use  subnet  mask  or  arbitrary  bitmask IPv4  protocol  /  ARP  opcode 8 All  IPv4  and  IPv4  over  Ethernet,  ARP   packets Only  the  lower  8  bits  of  the  ARP  op-­‐  code  are   used IPv4  ToS  bits 6 All  IPv4  packets Specify  as  8-­‐bit  value  and  place  ToS  in  upper  6   bits. Transport  source  port  /  ICMP  Type 16 All  TCP,  UDP,  SCTP,  and  ICMP  packets Only  lower  8  bits  used  for  ICMP  Type Transport  des=na=on  port  /  ICMP   Code 16 All  TCP,  UDP,  SCTP,  and  ICMP  packets Only  lower  8  bits  used  for  ICMP  Code Shortcomings Exist Monday, 3 October 11

20. PIPELINE PROCESSING 20 OpenFlow Enabled Switch Action Set Table 0

    Frame In Action Set Table 1 Action Set Table n Frame Egress …….. OpenFlow Enabled Switch Action Set Group Table Table 0 Frame In Action Set Table 1 Action Set Table n Frame Egress …….. Action Buckets Action Buckets Action Buckets Monday, 3 October 11

21. INSTRUCTIONS 21 Apply-Actions actions :Applies the specific actions immediately. Clear-Actions:

    Clears all the actions in the action set immediately. Write-Actions actions: Merges the specified actions into the current action set Write-Metadata metadata / mask: Writes the masked metadata value into the metadata field. Monday, 3 October 11

22. WILDCARDS 22 MAC SRC MAC DST SRC IP IP DST

    TCP Dport TCP SPort Action Count * 00:02:. * * * Port1 250 * * * 10.2.2.1 80 * Port 3 320 * * 192.* * * * drop 890 * * 192.* * * * local 100 * * * * * * Controll er 11 Monday, 3 October 11

23. IT’S ALL ABOUT THE CONTROLLER 23 Network Model OpenFlow 'OpenFlow'

    Controller UI Controller Network So OpenFlow is an API ! What does the controller do ? EVERYTHING Monday, 3 October 11

24. 24 “[OpenFlow] doesn’t let you do anything you couldn’t do

    on a network before” - Scott Shenker OpenFlow You don’t need OpenFlow to solve every age-old problem. - Ivan Pepelnjak REALITY CHECK Monday, 3 October 11

25. SO WHY DO IT ALL ? 25 Monday, 3 October

    11

26. ACTION POSSIBILITIES 26 set output port unequal path load balancing,

    multipath routing, modify IPv4 fields NAT, QoS munging, modify Ethernet fields set VLAN, set TOS, push/pop MPLS tags interoperate existing MPLS networks blah blah blah CLOUD Monday, 3 October 11

27. EG, LOAD BALANCING if every switch is a load balancer

    then distributed processing means it costs nothing load balance by setting forwarding tables to balance different src/dst IP to different paths. 27 1 3 Core Core Edge Edge Edge Edge Edge Edge LB LB 2 X X Monday, 3 October 11

28. WHY WE WANT OPENFLOW Nerd Glasses off please 28 Monday,

    3 October 11

29. GOOD PARENTS Martin Casado, Nick McKeown Big Vendors: Juniper, Brocade,

    NEC, Small Vendors: OpenGear, et al Flotilla of startups - Big Switch, Nicira etc Big name comanies Google, Yahoo, Facebook Indiana University setup “official” interoperability lab 29 Monday, 3 October 11

30. 30 “Virtual tenant network plane in the controller” Keep your

    existing Control plane OSPF, BGP, ISIS, MPLS TE. ADD OpenFlow, don’t replace anything ADD OPENFLOW REPLACE NOTHING Monday, 3 October 11

31. TOPOLOGY LITE 31 Topology independent virtual networks Forwarding tables don’t

    dictate topology. Cabling paths do. Routing protocols do. Business partnerships do. Monday, 3 October 11

32. DYNAMIC 32 Controller can repeatedly update forwarding tables •Power saving

    (shutdown unneeded nodes) •change per flow topology on a “time” basis • Monday, 3 October 11

33. SECURITY 33 Divert flow to service eg. IPS, Proxy, NAC,

    perform security tasks or check change forwarding table to forward Monday, 3 October 11

34. DATA CENTRE 34 Hypervisor Hypervisor Hypervisor Core Core Edge Edge

    Edge vHost vHost vHost vHost vHost vHost 1 2 3 vHost vHost 4 5 VM Migration - no arp - no routing - no ip mobility - works today Monday, 3 October 11

35. CAMPUS 35 Indiana University 3000 Access Points Students, Teachers, Researchers,

    Admin Dormitory, Classrooms, Offices, Mobile forwarding privileges according to user type, user location, application Student in dormitory / classroom Researchers in Lans Monday, 3 October 11

36. INTEGRATED MPLS/OPENFLOW 36 Monday, 3 October 11

37. 3G NETWORKS 37 User control DPI redirection Counters Monday, 3

    October 11

38. WRAP 38 OpenFlow still early It’s all about the controller

    giving us a better control plane the controller is a another way of defining the flow forwarding in the network software defined networking you can do both, at once Many Open Source projects Many more commercial projects Monday, 3 October 11

39. LIVE VIDEO STREAM! 26TH OCTOBER, 2011 h"p://bit.ly/AppliedOpenFlow     39

    Monday, 3 October 11

40. LINKS http://www.openflow.org http://www.opennetworkingfoundation.org/ http://www.openvswitch.org http://noxrepo.org/wp/ http://www.openflowhub.org/display/Beacon 40 Monday, 3 October

    11

41. 41 http://packetpushers.net http://etherealmind.com Thankyou Monday, 3 October 11