SDN Training Course Day1

Transcript

1. 《SDN交換機平台模擬與實務 Day 1》7/24, 7/31

2. SDN Tutorial TAs ✤ 現場有三位助教會協助各位操作 • 林哲緯 • 吳昇蓉 •

   李紀萱 • 李哲銓

3. Outline ✤ SDN/OpenFlow Essentials • Key Terms • SDN Architecture

   & SDN Components • Introducing OpenFlow Protocol • How they work together? ✤ SDN Applications • Introducing OpenFlow Controller - Ryu • Write your first Ryu application • Configure and connect to virtual switch ✤ SDN Implementations • LAB1 Developing a hub application

4. Key Terms ✤ Software Defined Networking (SDN): ⼀一種新的網路架 構範例，網路的⾏行為是透過軟體控制，其網路架構的 Control

   plane 與 Data plane 是彼此分離的 ✤ Control plane: 在網路中負責控制網路⾏行為的⼀一個功能 (e.g., 網路封包路徑, 轉發封包⾏行為) ✤ Data plane: 在網路中負責轉發(或不轉發)網路流量，Data plane 可以為在路由器，交換器，防⽕火牆或其他 middleboxes 的 forwarding tables

5. SDN Architecture Physical Switches Virtual Switches OpenFlow Protocol Controller Controller

   Other Protocol Other Protocol 1. Network Devices 2. Southbound 3. Controllers 4. Northbound 5. Services

6. SDN Components (1/3) ✤ Network Devices：抽象的資料轉接⾯面 (Data Plane) 不⼀一定是硬體交換機，也可 以是虛擬交換機

   
 (ex: Open vSwitch) ✤ Southbound：Control Plane 與 Data Plane 之間的介⾯面，⽽而在這有 OpenFlow 是 ⽬目前最有影響⼒力的標準化南向介⾯面，但並不是唯⼀一 Physical Switches Virtual Switches OpenFlow Protocol Other Protocol Other Protocol

7. SDN Components (2/3) ✤ Controllers：為主導 SDN 網路的控制器，⼀一個 SDN 網路可以有多個 Controller

   並擁有 Master/Slave 的關係，⼀一台 Controller 可以控制多台 Network devices 通常運⾏行在 x86 的 Linux Server上 ✤ Northbound：Controller 與應⽤用程式之間的介⾯面，⽬目前尚無標準化，但以 RESTful 最廣為⼈人使⽤用。︒ Controller Controller

8. SDN Components (3/3) ✤ Services：應⽤用層⾯面的服務，Servrice 可以為 Load balancing, security monitoring,

   performance management, LLDP 等等... 這些服務最終以 軟體的⽅方式表達出來。︒可以跟 Controller 位於同⼀一台 Server 上，也可 以運⾏行在別的Server上透過 Northbound 來跟Controller 做溝通 Controller Controller

9. How does OpenFlow Protocol work? Controller OpenFlow Switches Flow Tables

   Packet Packet OpenFlow Protocol Forwarding Drop Forward to Controller

10. How does OpenFlow Protocol work? OpenFlow Switches Port 1 Port

    2 Port N Port 1 Port 2 Port N Incoming packets Outgoing packets Controller 
 Channel Flow table 0 Flow table 1 Flow table N ….. …..

11. How does OpenFlow Protocol work? ✤ Flow table in switches

    OpenFlow Switches Rule Action Statistics Rule Action Statistics Rule Action Statistics Rule Action Statistics Flow 1 Flow N Flow 2 Flow 3 …..

12. How does OpenFlow Protocol work? ✤ Flow entry Rule Action

    Statistics Packets/Byte counters 1. Forward packet to port(s) 2. Encapsulate and forward to controller 3. Drop packet 4. Modify field and send to processing pipeline in_port VLAN
 ID MAC
 Src MAC
 Dst Eth
 type IP Src IP Dst IP ToS sport dport

13. How does OpenFlow Protocol work? ✤ Examples in_port VLAN
 ID

    MAC
 Src MAC
 Dst Eth
 type IP Src IP Dst IP ToS sport dport action in_port VLAN
 ID MAC
 Src MAC
 Dst Eth
 type IP Src IP Dst IP ToS sport dport action * * 70:56:x * * * * * * * port4 port5 2 70:56:x 20:66:x 0800 8.8.8.8 8.8.4.4 0 5566 80 port8 Switching Flow Switching

14. How does OpenFlow Protocol work? ✤ Examples in_port VLAN
 ID

    MAC
 Src MAC
 Dst Eth
 type IP Src IP Dst IP ToS sport dport action in_port VLAN
 ID MAC
 Src MAC
 Dst Eth
 type IP Src IP Dst IP ToS sport dport action * * * * * * * * * 23 drop * * * * * * 8.8.4.4 * * * port8 Firewall Routing

15. How does OpenFlow Protocol work? ✤ Examples in_port VLAN
 ID

    MAC
 Src MAC
 Dst Eth
 type IP Src IP Dst IP ToS sport dport action * 3 * * * * * * * * port4, port5 VLAN

16. OpenFlow Protocol ✤ TCP/6633 (older convention) ✤ TCP/6653 (standardised 2013-07-18)

    ✤ TLS recommended since OpenFlow 1.3 OpenFlow is a standardised protocol for communication between a SDN Controller and separate forwarding hardware. ✤ OpenFlow 1.0: Dec 2009: IPv4 only, limited features ✤ OpenFlow 1.1: Dec 2011: Multiple flow tables, Group table, Suport MPLS ✤ OpenFlow 1.3: Jun 2012: IPv4 and IPv6, Per flow meter support, Flexible table miss ✤ OpenFlow 1.4: Oct 2013

17. OpenFlow Protocol messages ✤ Controller to Switch Messages (Controller —>

    Switch) • Handshake: Switch Features • Switch Configuration • Flow Table Configuration • Modify State Messages: Modify • Multipart Messages: Statistics, Description • Queue Configuration Messages • Packet-Out Message • Barrier Message • Role Request Message • Set Asynchronous Configuration Message

18. OpenFlow Protocol messages ✤ Asynchronous Messages (Switch—>Controller) • Packet-In Message

    • Flow Removed Message • Port Status Message • Error Message ✤ Symmetric Messages (Switch<—>Controller) • Hello • Echo Request • Echo Reply • Experimenter

19. How they work together?

20. Outline ✤ SDN/OpenFlow Essentials • Key Terms • SDN Architecture

    & SDN Components • Introducing OpenFlow Protocol • How they work together? ✤ SDN Applications • Introducing OpenFlow Controller - Ryu • Development Environment • Write your first Ryu application • Configure and connect to virtual switch ✤ SDN Implementations • LAB1 Developing a hub application

21. Introducing Ryu Controller ✤ Ryu is a component-based software-defined networking

    framework ✤ Fully written in Python. Easy to use and prototyping ✤ Originally a project of NTT Communications (Japan) ✤ Ryu supports various protocols for managing network devices • OpenFlow 1.0, 1.2, 1.3, 1.4, Netconf, OF-config, SNMP etc. ✤ OpenSource Licence: Apache 2.0 ✤ http://osrg.github.io/ryu/

22. Ryu Architecture

23. Development Environment ✤ ryu-manager and your Ryu application ✤ An

    OpenFlow compatible switch • Physical openflow switches or Virtual switches ✤ Two or more hosts to generate traffic ✤ Way to see OpenFlow messages • Wireshark

24. Installation ✤ The Easiest way Created by: https://github.com/sdnds-tw/ryuInstallHelper

25. Ryu applications ✤ A Ryu application: • is a Python

    class (subclass of ryu.base.app_manager.RyuApp) • event driven (important!) • ryu-manager can run multiple applications at once • one light weight thread per app • apps can pass messages to each other, to cooperate

26. Application programming model

27. Write your first Ryu application

28. Minimal Ryu application from ryu.base import app_manager class MyApp(app_manager.RyuApp): def

    __init__(self, *args, **kwargs): super(MyApp, self).__init__(*args, **kwargs) ✤ Running application $ ./bin/ryu-manager ./myapp.py ✤ Essentials Code Snippet

29. 實驗環境 1. 設備如以下： • ⼀一台Router • 四台 OpenFlow 交換機 •

    四台測試筆電 2. 實驗分配 • 2~3 ⼈人為⼀一組 • 每組分別分配⼀一台交換機，台 筆電 3. SDN tutorial VM • Install VirtualBox • Import SDN tutorial VM to Virtualbox 4. Download Utils tool • Putty or Mobaxterm for SSH

30. 實驗拓墣 Internet . . . . . . . .

    . . . . SDN Switch host Control plane Data plane host host SDN Switch SDN Switch SDN Switch Legacy Switch

31. 實驗流程 ✤ Step 1 : 安裝Ryu Controller, 設定SDN Switch ✤

    Step 2 : 將Ryu Controller連接上SDN Switch ✤ 利⽤用ssh連進SDN Switch，確認其是否連線成功 ✤ Step 3 : 跑⼀一個基本的application，並將host接上SDN Switch

32. OpenFlow Review

33. https://github.com/John-Lin/SDN-hands-on Ryu application - Simple Hub Download package:
 $ git

    clone https://github.com/John-Lin/SDN-hands-on.git

34. Ryu application - Simple Hub ✤ 2 events • Switch

    Features event • Packet-In event ✤ 3 OpenFlow APIs • OFPMatch: For matching packet header info. • OFPActionOutput • OFPPacketOut

35. Configure and connect to OpenFlow switches https://github.com/John-Lin/SDN-hands-on/tree/master/Riava_switch_doc

36. Connect to OpenFlow switches ✤ Using SSH to access switch

    1. Set controller 2. Start lagopus 3. Enter into lagopus CLI

37. Outline ✤ SDN/OpenFlow Essentials • Key Terms • SDN Architecture

    & SDN Components • Introducing OpenFlow Protocol • How they work together? ✤ SDN Applications • Introducing OpenFlow Controller - Ryu • Write your first Ryu application • Configure and connect to virtual switch ✤ SDN Implementations • LAB1 Developing a hub application

38. 實驗環境 ✤ 設備如以下： ✤ 四台SDN交換機 ✤ ⼀一台Router ✤ 四台測試筆電 ✤

    實驗分配 ✤ 2~3⼈人為⼀一組 ✤ 每組分別分配⼀一台交換機, ⼀一台筆電 ✤ 學員需⾃自備以下設備 ✤ ⼀一台筆電 : linux&Mac為佳，如為windows，請麻煩預先安裝virtualbox，我們會提供vm環境，如可⾃自⾏行安 裝ubuntu也可以（12.04 or 14.04） ✤ 請事先安裝wireshark

39. 實驗拓墣 Internet . . . . . . . .

    . . . . SDN Switch host Control plane Data plane host host SDN Switch SDN Switch SDN Switch Legacy Switch

40. 實驗⽬目的 ✤ 希望每⼀一位學員透過這次的實驗透可了解 ✤ 在SDN的環境下，網路運作和過去傳統⽅方式的不同 ✤ 如何操作SDN交換機 ✤ 學習在controller上，based on

    Ryu ✤ 撰寫來控制SDN網路下的封包交換

41. 實驗簡介 ✤ 本次實驗分成三部分 ✤ 利⽤用撰寫Controller Application，將SDN交換機模擬成 以下功能 ✤ Hub ✤

    Learning Switch ✤ Learning Switch with ACLs

42. 實驗流程 ✤ Step 1 : 安裝Ryu Controller, 設定SDN Switch ✤

    Step 2 : 將Ryu Controller連接上SDN Switch ✤ 利⽤用ssh連進SDN Switch，確認其是否連線成功 ✤ Step 3 : 跑⼀一個基本的application，並將host接上SDN Switch ✤ 利⽤用ssh連進SDN Switch，確認其是否有⼀一條table miss的flow ✤ ping 8.8.8.8，發現無法通訊成功 ✤ Step 4 : ⾃自⾏行撰寫上⾴頁所述的application ✤ 再ping ⼀一次8.8.8.8，發現已可連線成功

43. Hub Application 實驗結果 ✤ LAB 1 : Hub ✤ 接上兩台host至switch

    ✤ ⼀一台ping 8.8.8.8 ✤ 利⽤用另⼀一台host，開啟wireshark，觀察到有收到其封包 ✤ How does it work ? h1 ping 8.8.8.8 1.packet 2. OF:packet-in 3. OF:packet-out 4.packet 4.packet Internet Legacy Switch

44. About SDNDS-TW ✤ 台灣 SDN 開發者社群: http://sdnds.tw/ ✤ Slack: https://sdnds-tw.slack.com/

    or 
 IRC #sdnds-tw on Freenode ✤ 索取Slack頻道邀請函: https://sdnds-tw.herokuapp.com/ ✤ Google group: http://group.sdnds.tw/ ✤ Hackpad: https://sdnds-tw.hackpad.com/

45. Q&A