Software Defined Networks and OpenFlow. Courtesy of: AT&T Tech Talks.

Transcription

1 MOBILE COMMUNICATION AND INTERNET TECHNOLOGIES Software Defined Networks and Courtesy of: AT&T Tech Talks

2 MODULE OVERVIEW Motivation behind Software Defined Networking (SDN) What is Deployments Conclusion 2

3 We have lost our way Routing management, mobility management, access control, VPNs, Million of lines of source code 5400 RFCs Barrier to entry 500M gates 10Gbytes RAM Bloated Power Hungry

4 ibgp, ebgp Sec V6 OSPF-TE Multi layer multi region RSVP-TE HELLO anycast Mobile MPLS Firewall Router NAT Software Control HELLO L2 VPN Hardware Datapath Authentication, Security, Access Control L3 VPN multicast VLAN HELLO Many complex functions packed into the infrastructure OSPF, BGP, multicast, differentiated services, Traffic Engineering, NAT, firewalls, MPLS, redundant layers, An industry with a mainframe-mentality

5 Process of innovation made worse by captive standards process Idea Standardize Deployment Wait 10 years Driven by vendors Consumers largely locked out Layer by layer innovation

6 New Generation Providers already Buying into It In a nutshell Driven by cost and control Started in data centers. What New Generation Providers have been Doing Within the Datacenters Buy bare metal switches/routers Write their own control/management applications on a common platform 6

7 Change is happening in non-traditional markets

8 The Software-defined Network 3. Well-defined open API 2. At least one good operating system Extensible, possibly open-source 1. Open interface to hardware

9 Trend App App App App App App Window Window Windows ss (OS) (OS) Linu Linu Linux x x Mac Mac Mac OS OS OS Controller Controller NOX 1 (Network OS) Controller Network Controller 2 OS Virtualization layer x86 (Computer) Virtualization or Slicing Computer Industry Network Industry Simple common stable hardware substrate below+ programmability + strong isolation model + competition above = Result : faster innovation

10 What is?

11 Short Story: is an API Control how packets are forwarded Implementable on COTS hardware Make deployed networks programmable not just configurable Makes innovation easier Result: Increased control: custom forwarding Reduced cost: API ~ increased competition

12 Ethernet Switch/Router

13

14 Protocol (SSL/TCP)

15 Flow Table Abstraction Controller Software Layer Firmware PC Hardware Layer MAC src MAC dst Flow Table Src Dst TCP sport TCP dport Action * * * * * port 1 port 1 port 2 port 3 port

16 Basics Flow Table Entries Rule Action Stats Packet + byte counters 1. Forward packet to port(s) 2. Encapsulate and forward to controller 3. Drop packet 4. Send to normal processing pipeline 5. Modify Fields Switch Port VLAN ID MAC src MAC dst Eth type Src Dst Prot TCP sport TCP dport + mask what fields to match

17 Examples Switching Switch Port MAC src MAC dst Eth type VLAN ID Src Dst Prot TCP sport TCP dport Action * * 00:1f:..* * * * * * * port6 Flow Switching Switch Port MAC src MAC dst Eth type VLAN ID Src Dst Prot TCP sport TCP dport Action port3 00: :1f vlan port6 Firewall Switch Port MAC src MAC dst Eth type VLAN ID Src Dst Prot TCP sport TCP dport Forward * * * * * * * * * 22 drop

18 Examples Routing Switch Port MAC src MAC dst Eth type VLAN ID Src Dst Prot TCP sport TCP dport Action * * * * * * * * * port6 VLAN Switching Switch Port * MAC src MAC dst Eth type VLAN ID Src Dst Prot TCP sport TCP dport Action port6, * 00:1f.. * vlan1 * * * * * port7, port9

19 Usage Dedicated Network Switch Rule Action Statistics Developer's code Controller PC Protocol Switch Switch Rule Action Statistics Rule Action Statistics Switch.org

20 Network Design Decisions Forwarding logic Centralized vs. distributed control Fine vs. coarse grained rules Reactive vs. Proactive rule creation Many Open research areas

21 Centralized vs Distributed Control Centralized Control Controller Distributed Control Controller Switch Switch Controller Switch Switch Controller Switch Switch

22 Flow Routing vs. Aggregation Both models are possible with Flow-Based Every flow is individually set up by controller Exact-match flow entries Flow table contains one entry per flow Good for fine grain control, e.g. campus networks Aggregated One flow entry covers large groups of flows Wildcard flow entries Flow table contains one entry per category of flows Good for large number of flows, e.g. backbone

23 Reactive vs. Proactive Both models are possible with Reactive First packet of flow triggers controller to insert flow entries Efficient use of flow table Every flow incurs small additional flow setup time If control connection lost, switch has limited utility Proactive Controller pre-populates flow table in switch Zero additional flow setup time Loss of control connection does not disrupt traffic Essentially requires aggregated (wildcard) rules

24 Application: Network Slicing Divide the production network into logical slices o each slice/service controls its own packet forwarding o users pick which slice controls their traffic: opt-in o existing production services run in their own slice e.g., Spanning tree, OSPF/BGP Enforce strong isolation between slices o actions in one slice do not affect another Allows the (logical) testbed to mirror the production network o real hardware, performance, topologies, scale, users o Prototype implementation: FlowVisor

25 Add a Slicing Layer Between Planes Slice 2 Controller Slice 1 Controller Slice 3 Controller Slice Policies Rules Control/Data Protocol Excepts Data Plane

26 Network Slicing Architecture A network slice is a collection of sliced switches/routers Data plane is unmodified Packets forwarded with no performance penalty Slicing with existing ASIC Transparent slicing layer each slice believes it owns the data path enforces isolation between slices i.e., rewrites, drops rules to adhere to slice policy forwards exceptions to correct slice(s)

27 Slicing Policies The policy specifies resource limits for each slice: Link bandwidth Maximum number of forwarding rules Topology Fraction of switch/router CPU FlowSpace: which packets does the slice control?

28 FlowSpace: Maps Packets to Slices

29 Real User Traffic: Opt-In Allow users to Opt-In to services in real-time o Users can delegate control of individual flows to Slices o Add new FlowSpace to each slice's policy Example: o "Slice 1 will handle my HTTP traffic" o "Slice 2 will handle my Vo traffic" o "Slice 3 will handle everything else" Creates incentives for building high-quality services

30 FlowVisor Implemented on Server Servers Custom Control Plane Controller Controller Controller Controller Network Stub Control Plane Data Plane Firmware Protocol Data Path FlowVisor Firmware Data Path Switch/ Router Switch/ Router

31 FlowVisor Message Handling Alice's Controller Bob's Controller Cathy's Controller Rule Policy Check: Is this rule allowed? Full Line Rate Forwarding FlowVisor Firmware Exception Policy Check: Who controls this packet? Packet Packet Data Path

32 Deployments

33 has been prototyped on. Ethernet switches HP, Cisco, NEC, Quanta, + more underway routers Cisco, Juniper, NEC Switching chips Broadcom, Marvell Transport switches Ciena, Fujitsu Most (all?) hardware switches now based on Open vswitch WiFi APs and WiMAX Basestations & OpenvSwitch for OpenWRT

34 Deployment: Stanford Real, production network o 15 switches, 35 APs o 25+ users o 1+ year of use Same physical network hosts 7 different Stanford demos

35 Deployments: GENI

36 (Public) Industry Interest Google has been a main proponent of new 1.1 WAN features ECMP, MPLS-label matching MPLS LDP- speaking router: NANOG50 NEC has announced commercial products Initially for datacenters, talking to providers Ericsson MPLS Openflow and the Split Router Architecture: A Research Approach at MPLS2010

37 Conclusions Current networks are complicated is an API Interesting apps include network slicing has potential for Service Providers Custom control for Traffic Engineering Combined Packet/Circuit switched networks

38 Q A &

39 Assignment #6 Write Notes on the terms highlighted in Red in slides 35 and 36 Write a summary of the paper MPLS Openflow and the Split Router Architecture: A Research Approach at MPLS2010 Check out Videos and Projects page: