Introducing ONOS Blackbird

Slide 1

Slide 1 text

SDN Network OS for Service Provider Networks Charles M.C. Chan Mar. 28, 2015  SDN Developer Society, Taipei Introducing ONOS Blackbird

Slide 2

Slide 2 text

/56 ■ Charles Min-‐Cheng Chan / 詹珉誠 / @rascov ■ Ph.D. Candidate, NaAonal Chiao Tung University ■ Team Lead, D-‐Link NCTU Joint Research Center ■ Individual Contributor, ONOS Project • 14 commits / 4,861 ++ / 667 -‐-‐ • IPv6: iniAal planning and development • CVE-‐2015-‐1166: denial-‐of-‐service due to excepAon handling while deserializing malformed packets Who Am I ? 2

Slide 3

Slide 3 text

/56 ■ Introducing ONOS Blackbird • MoTvaTon • ObjecTve • Key Features • Use Cases ■ ONOS Architecture ■ Performance EvaluaAon ■ How to write an ONOS applicaAon ■ ONOS Toward IPv6 Outline 3

Slide 4

Slide 4 text

/56 ■ Why are service providers interested in SDN • Reduce CAPEX and OPEX • Cloud-‐style agility, ﬂexibility, scalability • Roll out services rapidly • Reduce operaAonal complexity, increase visibility MoTvaTon 4

Slide 5

Slide 5 text

/56 ■ Strict requirements on SDN control plane • Handle hundreds of millions of end points • Five nines availability, high performance, low latency • Easily create and deliver services • Seamless migraAon of exisAng networks ➡ ONOS is designed for these strict requirements ObjecTve 5

Slide 6

Slide 6 text

/56 ■ High-‐availability, scalability, performance • Distributed Core ■ Northbound abstracAons • ApplicaTon Intent Framework ■ Southbound abstracAons • Protocol adapters, OF 1.0/1.3 for now -‐ Based on Loxigen ■ GUI ■ Open source • Apache 2.0 License Key Features -‐ Avocet 6

Slide 7

Slide 7 text

/56 ■ IPv6 Support (experimental) ■ Distributed ApplicaAon Framework ■ Internet2 deployment / SDN-‐IP ■ A lot of tesTng ■ Performance evaluaTon / enhancement ■ Hazelcast -‐> RAFT • Eventually consistent map • Strongly consistent map ■ REST API ■ Modular and extensible GUI • Angular JS Key Features -‐ Blackbird 7

Slide 8

Slide 8 text

/56 ■ Security mode • ApplicaAon permissions ■ ConﬁguraAon Model ■ MulAcast • SinglePointToMulAPoint (S2M) intent ■ IPv6 ■ NETCONF ■ IP RAN (ONS Demo) • L3 VPN ■ Internet2 deployment (ONS Demo) Key Features -‐ Cardinal 8

Slide 9

Slide 9 text

/56 ■ Talk to external network using BGP ■ Challenge: Real-‐world development (500k+ routes) • Flow entry query between controller and switch paralyzes the control plane Use Case: SDN-‐IP 9

Slide 10

Slide 10 text

/56 ■ On-‐demand provisioning of bandwidth (calendar app) ■ Automated handling of failures and seamless restoraAon Use Case: Packet / OpTcal Network 10

Slide 11

Slide 11 text

/56 Use Case: NFaaS 11

Slide 12

Slide 12 text

/56 ■ Allows to enforce a ﬂow through any topological path and service chain • Per-‐ﬂow state is maintained only at the ingress node ■ Can be directly applied to • MPLS, using labels • IPv6, using rouAng extension headers Use Case: Segment RouTng 12

Slide 13

Slide 13 text

/56 Outline ■ Introducing ONOS Blackbird ■ ONOS Architecture • ApplicaTon Intent Framework • Distributed Core ■ Performance EvaluaAon ■ How to write an ONOS applicaAon ■ ONOS Toward IPv6 13

Slide 14

Slide 14 text

/56 System Architecture 14

Slide 15

Slide 15 text

/56 ■ Assign what to do (intent) instead of how to do (flow) ■ Intent consists of • Network Resource, e.g. link • Constraints, e.g. bandwidth • Criteria, header fields or paferns that describe a slice of traffic • InstrucTon, e.g. header mod, output to port ■ Intent can be compiled into other well-‐known intents by IntentCompiler • HostToHostIntent -‐> PathIntent ■ Intent can be converted into BatchOpera2on by IntentInstaller • PathIntent -‐> FlowRuleBatchOpera2ons ApplicaTon Intent Framework (1/3) 15

Slide 16

Slide 16 text

/56 ApplicaTon Intent Framework (2/3) 16

Slide 17

Slide 17 text

/56 ■ Intent framework in Blackbird • No priority, first request first allocate • No conflict resoluAon • Will be in Cardinal -‐ #2977: Add priority to remaining intent types ■ Bandwidth constraint • Currently works in packet-‐opAcal networks only • Will be enforced when OVSDB adapter is finished ApplicaTon Intent Framework (3/3) 17

Slide 18

Slide 18 text

/56 ■ Mastership • None, Standby (Slave), Master ■ SynchronizaAon • Hazelcast (In-‐memory solware data grid) -‐ Distributed java.uAl.{Queue, Set, List, Map} -‐ Distributed event and listener -‐ Scale, fail-‐over…etc. • By default -‐ MulAcast 224.2.2.3:54327 • Moving from Hazelcast to RAFT Distributed Core 18

Slide 19

Slide 19 text

/56 ■ Introducing ONOS Blackbird ■ ONOS Architecture ■ Performance EvaluaTon • Tested Hardware Switches • Flow Install Throughput • Intent Latency • Intent Throughput • Link Event Throughput • Port Event Throughput • Switch Event Throughput ■ How to write an ONOS applicaAon ■ ONOS Toward IPv6 Outline 19

Slide 20

Slide 20 text

/56 ■ Pica8 3290 • OpenFlow 1.0 • Small oﬃce network • ReacAve forwarding Tested Hardware Switch 20

Slide 21

Slide 21 text

/56 ■ Bare-‐metal controller • Xeon E5-‐2670 / 32G DDR3 RAM / SSD / 1Gbps NIC • JAVA_OPTS = -‐Xms8G -‐Xmx8G ■ NullProvider • Fake switches, not even a virtual one Test Environment 21

Slide 22

Slide 22 text

/56 Flow Install Throughput -‐ Test Plan 22

Slide 23

Slide 23 text

/56 ■ SW = 35 -‐ total # of switches (Null Devices) connected to ONOS cluster evenly distributed to acAve ONOS nodes Flow Install Throughput -‐ Test Result 23

Slide 24

Slide 24 text

/56 Intent Latency -‐ Test Plan 24

Slide 25

Slide 25 text

/56 Intent Latency -‐ Test Result 25 ■ 1 -‐> 3 node(s) • EW overhead ■ >3 nodes • Large # intents (>1000) -‐ Size ↑, latency ↓ • Small # intents -‐ Process overhead

Slide 26

Slide 26 text

/56 Intent Throughput -‐ Test Plan 26

Slide 27

Slide 27 text

/56 Intent Throughput -‐ Test Result 27

Slide 28

Slide 28 text

/56 Link Event Throughput -‐ Test Plan 28

Slide 29

Slide 29 text

/56 ■ 40 Null Devices (linear topology) on each ONOS node ■ 32 effecAve flicker threads ■ Flicker eventRate varies from 4000 to 500 Link Event Throughput -‐ Test Result 29 10k-Events/s, still sufficient for large scale network

Slide 30

Slide 30 text

/56 Port Event Latency -‐ Test Plan 30

Slide 31

Slide 31 text

/56 ■ Port-‐up Aming breakdowns for a 3-‐node cluster • OFP of_port status -‐> complete Packet-‐In/Out for link discovery: 11 ms • OFP of_port status -‐> device event: 5~11 ms • complete Packet-‐In/Out for link discovery -‐> link event: 5~6 ms • Link event -‐> graph event: 1~2 ms Port Event Latency -‐ Test Result 31 LLDP

Slide 32

Slide 32 text

/56 Switch Event Latency -‐ Test Plan 32

Slide 33

Slide 33 text

/56 ■ Syn/Ack -‐> OFP role reply Aming breakdowns for example of 58.1 ms • TCP syn -‐> OFP Hello (from ovs): 0.3 ms • OFP Hello (from ovs) -‐> OFP of_features_request: 2.6 ms • OFP of_features_request -‐> OFP of_features_reply: 47.0 ms • OFP of_feature_reply -‐> OFP role_request: 8.0 ms • OFP role_request -‐> OFP role_reply: 0.2 ms Switch Event Latency -‐ Test Result 33

Slide 34

Slide 34 text

/56 ■ Introducing ONOS Blackbird ■ ONOS Architecture ■ Performance EvaluaAon ■ How to write an ONOS applicaTon • Setup directory layout • Add pom.xml (app) • Edit pom.xml (parent) • Register applicaTon • Write applicaTon • Write unit test • Build applicaTon • Load applicaTon ■ ONOS Toward IPv6 Outline 34

Slide 35

Slide 35 text

/56 cd ${ONOS_ROOT} mkdir -p apps/sdnds mkdir -p apps/sdnds/src/main/java/org/onosproject/sdnds mkdir -p apps/sdnds/src/test/java/org/onosproject/sdnds Setup Directory Layout 35 application goes here unit test goes here package-wide documentation/annotation Project Object Model (app)

Slide 36

Slide 36 text

/56 Add pom.xml (/apps/sdnds/pom.xml) 36 for unit test

Slide 37

Slide 37 text

/56 Edit pom.xml (/apps/pom.xml) 37

Slide 38

Slide 38 text

/56 Add app.xml (/apps/sdnds/app.xml) 38

Slide 39

Slide 39 text

/56 Register ApplicaTon (/features/features.xml) 39

Slide 40

Slide 40 text

/56 ■ package and imports Write ApplicaTon (1/5) 40

Slide 41

Slide 41 text

/56 ■ @Reference and @AcAvate Write ApplicaTon (2/5) 41 (prior) Advisor Director Observer (subsequent) ask for packet in default: drop

Slide 42

Slide 42 text

/56 ■ @DeacAvate Write ApplicaTon (3/5) 42

Slide 43

Slide 43 text

/56 ■ Packet processor Write ApplicaTon (4/5) 43

Slide 44

Slide 44 text

/56 ■ Helper class (opAonal) Write ApplicaTon (5/5) 44

Slide 45

Slide 45 text

/56 Write Unit Test 45

Slide 46

Slide 46 text

/56 alias ob='onos-build' alias obd='onos-build-docs' alias obi='onos-build -Dmaven.test.failure.ignore=true' alias obs='onos-build-selective' alias op='onos-package' onos-install onos-install -nf (OS X) Build ApplicaTon 46

Slide 47

Slide 47 text

/56 Load ApplicaTon 47 /opt/onos/apache-karaf-3.0.2/bin/karaf clean onos> feature:install onos-app-sdnds alias ol='onos-log'

Slide 48

Slide 48 text

/56 Outline ■ Introducing ONOS Blackbird ■ ONOS Architecture ■ Performance EvaluaAon ■ How to write an ONOS applicaAon ■ ONOS Toward IPv6 48

Slide 49

Slide 49 text

/56 ■ First community-‐driven feature • Community did the planning, development and tesAng ■ No meeAng • All coordinaAon are done by email / jira / gerrit IPv6 Support in ONOS 49

Slide 50

Slide 50 text

/56 ■ Use cases • SDN-‐IP -‐ Exchanging IPv6 rouTng informaAon with BGP routers • ReacAve forwarding -‐ Forward IPv6 packets in SDN ■ Experimental feature • Without Q/A approval IPv6 Status -‐ Blackbird 50

Slide 51

Slide 51 text

/56 ■ Charles M.C. Chan • Ph.D. student, NaAonal Chiao Tung University, Taiwan • IniAal planning and development ■ Kunihiro Ishiguro • Co-‐founder, IPInfusion • Development and IPv6 tutorial script ■ Dusan Pajin • Network engineer, Academic Network of Serbia • TesAng and development ■ Pavlin Radoslavov • (Former) Member of Technical Staﬀ, ON.Lab • Coordinator and lelover tasks processor ONOS IPv6 Task Force 51

Slide 52

Slide 52 text

/56 ■ Packet serializer / deserializer ■ Why • Need the class to parse IPv6 packet header -‐ E.g. source IP, desAnaAon IP ■ Challenge • Extension headers -‐ Treated as upper layer header • Upper layer checksum -‐ Pseudo header (TODO) What Have Been Done (1/4) 52 IPv6 IPv6-Ext IPv6-Ext ICMPv6 nextHeader parent …

Slide 53

Slide 53 text

/56 ■ Criteria, Selector, Treatment ■ Why • To support IPv6-‐related matching and acAons ■ Criteria • Matching ﬁelds -‐ E.g. src_ipv6, dst_ipv6 ■ Selector • Matches -‐ E.g. src_ipv6=fe80::1, src_mac=00:00:00:00:00:01 ■ Treatment • AcAons -‐ E.g. set_dst_ipv6=fe80::2, output=3 What Have Been Done (2/4) 53

Slide 54

Slide 54 text

/56 ■ Neighbor Discovery Protocol (NDP) ■ Why • Similar to ARP in IPv4 • Need to parse NDP contents -‐ E.g. Link-‐layer address What Have Been Done (3/4) 54

Slide 55

Slide 55 text

/56 ■ Host service ■ Why • Need to track / monitor the locaTon of IPv6 hosts ■ IPv4 / IPv6 • Update locaAon ■ ARP / NDP • Update locaAon and IP/mac mapping What Have Been Done (4/4) 55

Slide 56

Slide 56 text

/56 ■ Expose IPv6 intents in CLI / REST ■ SDN-‐IP: verify receiving of IPv6 routes over IPv6 peering ■ More tesAng and bug ﬁxes ■ Obtain Q/A approval Future Work -‐ Cardinal 56

Slide 57

Slide 57 text

Demo It’s show Ame!

Slide 58

Slide 58 text

Thank you! Q&A  hmp://wiki.onosproject.org You can ﬁnd almost everything here