SDN 刘 驰

Software Defined Networking (SDN) What is SDN? Background An OS for networks What is OpenFlow? How it helps SDN The current status & the future of SDN Conclusions 2 2

Limitations of Current Networks Switches 3

Specialized Packet Forwarding Hardware We have lost our way Routing, management, mobility management, access control, VPNs, … App App App Million of lines of source code 5400 RFCs Barrier to entry Operating System Specialized Packet Forwarding Hardware 500M gates 10Gbytes RAM Bloated Power Hungry Many complex functions baked into the infrastructure OSPF, BGP, multicast, differentiated services, Traffic Engineering, NAT, firewalls, MPLS, redundant layers, … An industry with a “mainframe-mentality” 4

Reality Lack of competition means glacial innovation App App App App App App Operating System Operating System Specialized Packet Forwarding Hardware Specialized Packet Forwarding Hardware 缺少竞争意味着缺乏创新动力 封闭的架构意味着模糊的，封闭的接口 不适用于科研和实验网络和想法 Lack of competition means glacial innovation Closed architecture means blurry, closed interfaces Vertically integrated, complex, closed, proprietary Not suitable for experimental ideas Not good for network owners & users Not good for researchers 5

Glacial process of innovation made worse by captive standards process Deployment Idea Standardize Wait 10 years captive standards process：圈养的标准流程 由生产厂商决定 客户被排斥在创新过程以为 厂商间无公共部分 Driven by vendors Consumers largely locked out Lowest common denominator features Glacial innovation

Old Ways to Configure a Network App Operating System App Specialized Packet Forwarding Hardware Operating System App Specialized Packet Forwarding Hardware Operating System App Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware App Operating System Specialized Packet Forwarding Hardware 7

No control plane abstraction for the whole network! It’s like old times – when there was no OS… Packages travel inside the network… Switches pass them along… But the decisions are made individually by the switches.. such as where to pass them Nobody is dynamically controlling the network flow 8 Wilkes with the EDSAC, 1949 8

Idea: An OS for Networks!!! Closed App Operating System App Specialized Packet Forwarding Hardware Operating System App Specialized Packet Forwarding Hardware Operating System App Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware App Operating System 9 Specialized Packet Forwarding Hardware

Idea: An OS for Networks Control Programs Network Operating System App Operating System App Specialized Packet Forwarding Hardware Operating System App Specialized Packet Forwarding Hardware How do we redefine the architecture to open up networking infrastructure and the industry! By bring to the networking industry what we did to the computing world Operating System App Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware App Operating System Specialized Packet Forwarding Hardware 10 10

Idea: An OS for Networks Control Programs Network Operating System Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware The key is to have a standardized control interface that speaks directly to hardware A whole network is like a big machine Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware 11 11

Idea: An OS for Networks “NOX: Towards an Operating System for Networks” Software-Defined Networking (SDN) Control Programs Global Network View Network Operating System A remote controller has control of a switch’s forwarding decisions Control via forwarding interface Protocols 12 12

Virtualization or “Slicing” Trend Controller 1 App Controller 2 Virtualization or “Slicing” OpenFlow NOX (Network OS) Network OS App App App Windows (OS) Linux Mac OS Windows (OS) Linux Mac OS Windows (OS) Linux Mac OS Virtualization layer x86 (Computer) Computer Industry Network Industry 13

Outline What is SDN? Limitations of current networks The idea of Network OS What is OpenFlow? How it helps SDN The current status & the future of SDN Conclusions 15 15

OpenFlow “OpenFlow: Enabling Innovation in Campus Networks” Like hardware drivers – interface between switches and Network OS 16

Control Path (Software) OpenFlow Control Path (Software) Data Path (Hardware) 17

OpenFlow Controller Control Path OpenFlow Data Path (Hardware) OpenFlow Protocol (SSL/TCP) Control Path OpenFlow Leverages hardware inside most switches today (ACL tables) Data Path (Hardware) 18 18

OpenFlow Basics Network OS OpenFlow Protocol SSL-TCP Control Program A Control Program B Network OS OpenFlow Protocol SSL-TCP IBM 10 gigabit ethernet OpenFlow switch G8264, which has 48×10 GbE SFP+ ports and 4 × 40 GbE QSFP+ ports 19

OpenFlow Switching OpenFlow Client Controller PC OpenFlow Table Software Layer Controller OpenFlow Table Hardware Layer MAC src dst IP Src Dst TCP sport dport Action PC * 5.6.7.8 port 1 port 1 port 2 port 3 port 4 20 5.6.7.8 1.2.3.4 20

Flow Table Network OS Control Program A Control Program B “If header = p, send to port 4” “If header = q, overwrite header with r, add header s, and send to ports 5,6” Packet Forwarding “If header = ?, send to me” Packet forwarding 包转发 Flow Table(s) Packet Forwarding Packet Forwarding

Flow Table Rule (exact & wildcard) Action Statistics Default Action Flow N. 规则，动作，数据 22 22

Flow Entry Match fields Match against packets Action Modify the action set or pipeline processing Stats Update the matching packets Match Fields Stats Action In Port Src MAC Dst MAC Eth Type Vlan Id IP Tos IP Proto IP Src IP Dst TCP Src Port TCP Dst Port Layer 2 Layer 3 Layer 4 Forward packet to port(s) Encapsulate and forward to controller Drop packet Send to normal processing pipeline 1. Packet 2. Byte counters

Examples Switching Flow Switching Firewall Switch Port MAC src dst Eth type VLAN ID IP Src Dst Prot TCP sport dport Action * * 00:1f:.. * * * * * * * port6 Flow Switching Switch Port MAC src dst Eth type VLAN ID IP Src Dst Prot TCP sport dport Action port3 00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6 Firewall Switch Port MAC src dst Eth type VLAN ID IP Src Dst Prot TCP sport dport Action * * * * * * * * * 22 drop 24

Examples Routing VLAN Switching Switch Port MAC src dst Eth type VLAN ID IP Src Dst Prot TCP sport dport Action * * * * * * 5.6.7.8 * * * port6 VLAN Switching Switch Port MAC src dst Eth type VLAN ID IP Src Dst Prot TCP sport dport Action port6, port7, port9 * * 00:1f.. * vlan1 * * * * * 25

OpenFlow Usage Controller Alice’s Rule Alice’s code PC OpenFlow Switch Decision? OpenFlow Protocol Table entries can be updated OpenFlow Switch OpenFlow Switch 26 26

OpenFlow Usage Alice’s code: Simple learning switch Per Flow switching Controller Alice’s code: Simple learning switch Per Flow switching Network access control/firewall Static “VLANs” Her own new routing protocol: unicast, multicast, multipath Home network manager Packet processor (in controller) IPvAlice PC Alice’s code Table entries can be updated 27 27

OpenFlow Standard way to control flow-tables in commercial switches and routers Just need to update firmware Essential to the implementation of SDN 28

Centralized/Distributed Control “Onix: A Distributed Control Platform for Large-scale Production Networks”, UNIX OSDI 2010. Centralized Control Distributed Control Controller Controller OpenFlow Switch OpenFlow Switch Controller Partition, aggregation, consistency, durability Asynchronous but eventually consistent OpenFlow Switch OpenFlow Switch OpenFlow Switch OpenFlow Switch 29

Virtualizing OpenFlow Network operators “Delegate” control of subsets of network hardware and/or traffic to other network operators or users Multiple controllers can talk to the same set of switches Imagine a hypervisor for network equipments Allow experiments to be run on the network in isolation of each other and production traffic

Switch Based Virtualization Controller Research VLAN 2 Flow Table Controller Research VLAN 1 Flow Table Production VLANs Normal L2/L3 Processing Experiments running on PRODUCTION infrastructure Key to get scale, key to get traffic on the network (e.g. can’t just do a reset...) 31

FlowVisor A network hypervisor developed by Stanford A software proxy between the forwarding and control planes of network devices

FlowVisor-based Virtualization Heidi’s Controller Craig’s Controller Aaron’s Controller Topology discovery is per slice OpenFlow Protocol OpenFlow FlowVisor & Policy Control OpenFlow Switch OpenFlow Protocol OpenFlow Switch OpenFlow Switch 33

Outline What is SDN? Limitations of current networks The idea of Network OS What is OpenFlow? How it helps SDN The current status & the future of SDN Conclusions 34 34

OpenFlow Building Blocks Monitoring/ debugging tools oftrace oflops openseer Stanford Provided ENVI (GUI) LAVI n-Casting Expedient Applications NOX Beacon Trema Maestro ONIX Controller Slicing Software FlowVisor Console FlowVisor There are components at different levels that work together in making it work The commercial switch details will follow in next slide There are a plethora of applications possible. I only list those available at Stanford Commercial Switches Stanford Provided Software Ref. Switch NetFPGA Broadcom Ref. Switch HP, NEC, Pronto, Juniper.. and many more OpenFlow Switches OpenWRT PCEngine WiFi AP Open vSwitch 35

Current status of SDN Hardware support More coming soon... Juniper MX-series NEC IP8800 WiMax (NEC) HP Procurve 5400 Netgear 7324 PC Engines Not only switches but other network components Pronto 3240/3290 Ciena Coredirector More coming soon... 36 36

Current status of SDN Industry support Google built hardware and software based on the OpenFlow protocol VMware purchased Nicira for $1.26 billion in 2012 IBM, HP, NEC, Cisco and Juniper also are offering SDNs that may incorporate OpenFlow, but also have other elements that are specific to that vendor and their gear.  Nicira offers a way to build scale out virtualized networks and uses OpenFlow, but only as a small aspect of its controller product. 100+ institutions around the world are using openflow 37

Future Focuses of SDN New policies for security Programmable WLANs The placement of controllers (amount; location; centralized/distributed) Debugger for SDN Transparently changing host IP to avoid attack – SDN provides a namespace interface (a strong mapping mechanism) 2. access point (AP) association decisions are not made by the infrastructure, but by clients. Have no control to that part… state changes.. Virtual AP for management 4. Breakpoints and packet backtraces 38 38

Conclusions What is SDN? A system-layered abstraction Programmable, flexible, and extensible What is OpenFlow? Interface between switches and controllers Enabling SDN Future SDN Enabling innovation SDN not about new mechanisms; can use current Forwarding primitives (e.g., MPLS) State distribution primitives (e.g., flooding as in OSPF) Operator control programs (e.g., BGP on scale-out router) 39 39

Wireless Data Center Networking 60 GHz spectrum 7 GHz (57–64 GHz) waveband data rate over 1 Gb/s 10 meters Line-of-Sight (LoS)