OpenFlow: What’s it Good for? Apricot 2016 Pete Moyer Principal Solutions Architect.

Slides:



Advertisements
Similar presentations
Ethernet Switch Features Important to EtherNet/IP
Advertisements

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Why SDN and MPLS? Saurav Das, Ali Reza Sharafat, Guru Parulkar, Nick McKeown Clean Slate CTO Summit 9 th November, 2011.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
SDN and Openflow.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
1© Copyright 2015 EMC Corporation. All rights reserved. SDN INTELLIGENT NETWORKING IMPLICATIONS FOR END-TO-END INTERNETWORKING Simone Mangiante Senior.
Class 3: SDN Stack Theophilus Benson. Outline Background – Routing in ISP – Cloud Computing SDN application stack revisited Evolution of SDN – The end.
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION Mohammad Hanif June 2015 Optimal Flow Placement in SDN Networks.
Connecting LANs, Backbone Networks, and Virtual LANs
Data Center Network Redesign using SDN
Chapter 1: Hierarchical Network Design
TCOM 515 Lecture 6.
Software-Defined Networks Jennifer Rexford Princeton University.
Common Devices Used In Computer Networks
ACM 511 Chapter 2. Communication Communicating the Messages The best approach is to divide the data into smaller, more manageable pieces to send over.
VeriFlow: Verifying Network-Wide Invariants in Real Time
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
Open networking w/ Marist College Software Defined Networks.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 2 – 6 IP Access Lists 1.
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC THAT’S THE ANSWER WHAT’S THE QUESTION? Software Defined Networking Dan DeBacker Principal.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
A Snapshot on MPLS Reliability Features Ping Pan March, 2002.
TeraPaths TeraPaths: Establishing End-to-End QoS Paths through L2 and L3 WAN Connections Presented by Presented by Dimitrios Katramatos, BNL Dimitrios.
SDN AND OPENFLOW SPECIFICATION SPEAKER: HSUAN-LING WENG DATE: 2014/11/18.
A survey of SDN: Past, Present and Future of Programmable Networks Speaker :Yu-Fu Huang Advisor :Dr. Kai-Wei Ke Date:2014/Sep./30 1.
SDN and Openflow. Motivation Since the invention of the Internet, we find many innovative ways to use the Internet – Google, Facebook, Cloud computing,
Extending OVN Forwarding Pipeline Topology-based Service Injection
1 | © 2015 Infinera Open SDN in Metro P-OTS Networks Sten Nordell CTO Metro Business Group
SOFTWARE DEFINED NETWORKING/OPENFLOW: A PATH TO PROGRAMMABLE NETWORKS April 23, 2012 © Brocade Communications Systems, Inc.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
TeraPaths: A QoS Enabled Collaborative Data Sharing Infrastructure for Petascale Computing Research The TeraPaths Project Team Usatlas Tier 2 workshop.
Brocade Flow Optimizer
Introduction to Mininet, Open vSwitch, and POX
A Snapshot on MPLS Reliability Features Ping Pan March, 2002.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Hierarchical Network Design Connecting Networks.
PART1: NETWORK COMPONENTS AND TRANSMISSION MEDIUM Wired and Wireless network management 1.
Brocade Software Defined Networking Muhammad Durrani Principle Engineer July, 2013.
Fabric: A Retrospective on Evolving SDN Presented by: Tarek Elgamal.
Why Fabric? 1 Complicated technology/vendor/device specific provisioning for networks, especially heterogeneous network DC Network – STP, TRILL, SPB, VXLAN,
Software Defined Networking and OpenFlow Geddings Barrineau Ryan Izard.
ESnet’s Use of OpenFlow To Facilitate Science Data Mobility Chin Guok Inder Monga, and Eric Pouyoul OGF 36 OpenFlow Workshop Chicago, Il Oct 8, 2012.
Cisco Exam Questions IMPLEMENTING CISCO IOS NETWORK SECURITY (IINS V2.0) VERSION: Presents: 1.
MPLS Introduction How MPLS Works ?? MPLS - The Motivation MPLS Application MPLS Advantages Conclusion.
Atrium Router Project Proposal Subhas Mondal, Manoj Nair, Subhash Singh.
REN SDN Use Cases With OpenFlow and P4 status TNC2016
Brocade Software Networking Openness. Agility. Economics. © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION Curt Beckmann EMEA.
REN SDN Use Cases With OpenFlow and P4 status TNC2016 Curt Beckmann Chair of Open Datapath Working Group, ONF Chief Technology Architect.
Software Defined Networking BY RAVI NAMBOORI. Overview  Origins of SDN.  What is SDN ?  Original Definition of SDN.  What = Why We need SDN ?  Conclusion.
Instructor Materials Chapter 7: Network Evolution
SDN challenges Deployment challenges
Multi-layer software defined networking in GÉANT
Establishing End-to-End Guaranteed Bandwidth Network Paths Across Multiple Administrative Domains The DOE-funded TeraPaths project at Brookhaven National.
Presenter: Ciaran Roche
6.829 Lecture 13: Software Defined Networking
The NPD Group - Enterprise DC Agenda
IS3120 Network Communications Infrastructure
The Stanford Clean Slate Program
* Essential Network Security Book Slides.
Software Defined Networking (SDN)
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

OpenFlow: What’s it Good for? Apricot 2016 Pete Moyer Principal Solutions Architect

Agenda SDN & OpenFlow Refresher ‒ How we got here SDN/OF Deployment Examples Other practical use cases for SDN/OF … Conclusion 2 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

OpenFlow & SDN Refresher

“Data center networks are in my way” --James Hamilton

Software Defined Networking Evolving Definition “A network in which the Control Plane is physically separated from the Data Plane” ‒ OpenFlow is the enabler SDN =? OpenFlow SDN > OpenFlow … 5 “Distribute what you must, centralize what you can …” SDN-OpenFlow Router Control Plane (software) Data Plane (hardware) Router Data Plane (hardware) Control Plane (software) Traditional Controller Control Plane (software) APIs © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION Hybrid

OpenFlow Version History 6 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION OpenFlow v1.0 (12/2009) ‒ L2 and L3 (IPv4) matching fields ‒ Many actions (including normal) OpenFlow v1.1 (02/2011) ‒ MPLS label/EXP matching fields ‒ Multiple flow tables, Group table ‒ Virtual ports OpenFlow v1.2 (12/2011) ‒ IPv6 matching fields ‒ Multiple controllers, role change OpenFlow v1.3 (4/2012) ‒ QOS Metering ‒ Capabilities & version negotiation OpenFlow v1.4 (8/2013) ‒ Improved capability discovery, extensibility OpenFlow v1.5 (12/2014) ‒ TCP Flag matching ‒ Egress Tables ‒ Improved metering OpenFlow v1.6 (2016?) ‒ Tunneling OF v2.0 or NG? (TBD) ‒ TTPs P4? ‒ July/ pdf

OF/SDN Deployment Examples

Google B4 OF/SDN Network 8 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION 5/2013 Inter-DC Backbone 4/2014

9 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION Separate control plane from forwarding plane ‒ Choose HW based on necessary features ‒ Choose SW based on protocol requirements ‒ Decouple HW & SW innovation Logically centralize the network control plane ‒ Deterministic ‒ Efficient ‒ Global view Allow automation, flexibility and innovation Google B4 OF/SDN Network Summarized Benefits Achieved ~99% WAN link utilization

Internet2 10 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION SDN Backbone 7/2012

Internet2 Backbone Routers 11 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

Internet2 OpenFlow flows installed … 12 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

A few more 13 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION SDN Announcements 3/ / /2015

Other Deployment Examples Where are they? 14 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION Another POV: “the demise of OpenFlow has been greatly exaggerated”

So … what (else) is OpenFlow good for? 15 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

SDN Use Cases 16 Volumetric Attack Mitigation Elephant Flow Management Firewall Bypass Policy Based Flow Forwarding Botnet Attack Mitigation SDN Based MPLS Traffic Engineering Bandwidth Scheduler Packet-Optical Integration WAN Network Virtualization Flow Metering SDN Based Wiretap VXLAN Monitoring CONTROL AUTOMATIONVISIBILITY © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

Open Daylight SDN App L2-L4 DDoS Mitigation Example Network Volumetric Attack Mitigation 17 Incoming Attack Flow Mitigation: Discard Flow Internet BGP Border Router (hybrid) Core Router Core Router © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

Flow Metering & Accounting Improve network utilization and reliability Flow OptimizerShipping GA in May 2015 Committed for v1.1 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION SDN App Router WAN or DC network Normal L2/L3 Forwarding OF rule to Rate Limit WAN / Internet sFlow Collector Flow parameters of interesting traffic OF based Metering Campus / DC Flow Control AnalyticAnalytic

Traditional REN “Science-DMZ” Campus Firewall is a Performance Bottleneck 19 Enterprise Border Router/Firewall Science DMZ Switch 10G/40G 100 GbE link 10/40 GbE link WAN High performance Data Transfer Nodes with high-speed storage Traditional Science-DMZ architecture connects science LAN outside FW Creates security exposure? © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

SDN for Policy-Based Firewall Insertion / Bypass Enterprise Datacenter 1 One-armed Firewall Trusted Traffic Flow WAN Inline Firewall Enterprise Datacenter 2 Default Traffic Flow SDN Controller SDN App Internet Operator driven or sFlow threshold driven policy enforcement for large trusted flows © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

Elephant Flow Management Dynamic and Programmatic Action for Efficient Network Target for v1.2 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION SDN App App App Router Normal Forwarding WAN / Cloud sFlow Collector matched flow parameters, action OF Matching Campus / DC Flow Policy MonitorMonitor Regular Traffic Dedicated paths for Elephants Re-direct Programmable / Scheduled via Northbound API Re-mark Critical

Or keep doing this? 22 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION route-map permit 50 match ip address 50 set ip next-hop route-map permit 51 match ip address 51 set ip next-hop route-map test permit 101 rule-name match ip address match ipv6 address set next-hop-flood-vlan 1013 set interface null0 route-map permit 102 rule-name match ip address match ipv6 address set next-hop-flood-vlan 1123 set interface null0 ip access-list extended permit ip any host permit ip any host permit ip any host permit ip any host deny udp any host eq 2152 deny udp any host eq 2152 deny udp any host eq 2152 deny udp any eq 2152 host deny udp any eq 2152 host deny udp any eq 2152 host permit ip any host permit ip any host access-list 10 permit any access-list 50 permit access-list 165 permit ip host access-list 165 permit ip host access-list 165 permit ip host host ip access-list extended permit vlan 1250 ip any any permit vlan 1251 ip any any

What about OpenFlow with MPLS? 23 MPLS WAN Different LSPs for application/traffic prioritization and traffic-engineering Classification at ingress into appropriate TE’d LSP (aka: flow-based forwarding) OF granularity for classification May also provide ingress policing/metering (eg. CAC function) Multiple RSVP-signaled LSPs (Gold, Silver, Bronze, etc) LER1 LER3 Data Center SDN App OpenFlow rules for per-Application classification (and metering) applied at ingress LER. Redirect action into MPLS LSP © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

But … there’s more! How do you get packet captures?

Current Network Visibility Mode of Operation Problem 1 ‒ Obtaining data plane traffic visibility in production networks is *very* challenging ‒ Network probes are commonly deployed; or a dedicated out-of-band visibility network is deployed Both approaches increase CAPEX Both approaches limit the visibility of traffic to specific aggregation points in the network. Either due to where the probes are deployed or where the network is tapped to send flows to the visibility fabric Problem 2 ‒ Provisioning and operating a dynamic visibility solution is not efficient, nor in real-time Hampers ability to troubleshoot real-time performance problems 25 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

Current Network Visibility Mode of Operation Problem 3 ‒ Networking devices have many limitations in terms of providing specific data traffic to be monitored ‒ Switch/Router SPAN/RSPAN mirrors *all* traffic from one port to another port ‒ ACL-based port mirroring can provide traffic granularity; however … At the expense of very complex CLI configurations Lacks an efficient & dynamic update capability Has scalability limitations No central repository of these distributed, network wide ACL-based port mirroring configurations 26 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

No network taps or probes Per-flow “in-line” visibility Surgical mirroring Centralized control No complex router configurations (ACL, PBR, SPAN, etc) SDN-based Inline Packet Capture Example 27 No separate Visibility network required Normal Forwarding Pipeline SDN FlowTap DC or Campus network Tool(s) Analytics Network Ingress Port SDN App Flow parameters Committed for v1.1 Router © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

Conclusions OF-based SDN is here. Deployed … ‒ A few examples provided ‒ OF-based forwarding of normal traffic; network transport ‒ Centralized control plane 28 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION OF-based SDN can solve many other problems ‒ As a tool for programmatic control of policy ‒ Centrally managed ACL & PBR replacement ‒ OF-based exception handling of interesting traffic; network services Normal traffic forwarded normally ‒ Solves various operational use cases

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.