Putting OpenFlow to Work in a Production Network Dan Schmiedt Executive Director, Network Services and Telecommunications Kuang-Ching “KC” Wang Associate.

Slides:



Advertisements
Similar presentations
Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Advertisements

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Network Systems Sales LLC
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Implementing Inter-VLAN Routing
OpenFlow Costin Raiciu Using slides from Brandon Heller and Nick McKeown.
Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.
Dare to Change One Campus Gmail Jonathan Schaeffer Vice Provost (IT)
SDN and Openflow.
Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.
Networking Components
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.
Scalable Server Load Balancing Inside Data Centers Dana Butnariu Princeton University Computer Science Department July – September 2010 Joint work with.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing And Switching.
InterVLAN Routing Design and Implementation. What Routers Do Intelligent, dynamic routing protocols for packet transport Packet filtering capabilities.
Semester 3, v Chapter 3: Virtual LANs
OpenFlow: Enabling Technology Transfer to Networking Industry Nikhil Handigol Nikhil Handigol Cisco Nerd.
Software-Defined Networks Jennifer Rexford Princeton University.
© 2006 Cisco Systems, Inc. All rights reserved.1 Microsoft Network Load Balancing Support Vivek V
Software Defined-Networking. Network Policies Access control: reachability – Alice can not send packets to Bob Application classification – Place video.
 Network Segments  NICs  Repeaters  Hubs  Bridges  Switches  Routers and Brouters  Gateways 2.
Othman Othman M.M., Koji Okamura Kyushu University 1.
Chapter 8: Virtual LAN (VLAN)
OpenFlow:Enabling Innovation in Campus Network
4BP1 Electronic & Computer Engineering Paul Gildea th Year Interim Project Presentation.
Campus Networking Best Practices Hervey Allen NSRC & University of Oregon Dale Smith University of Oregon & NSRC
Based on work by DoIT Network Services, UW-Madison The Network and the Role of Tools January 6, 2006 Ron Kraemer, Deputy CIO.
Click to edit Master subtitle style
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Cisco S3C3 Virtual LANS. Why VLANs? You can define groupings of workstations even if separated by switches and on different LAN segments –They are one.
SDN and Openflow. Motivation Since the invention of the Internet, we find many innovative ways to use the Internet – Google, Facebook, Cloud computing,
Switching Topic 2 VLANs.
Mininet and Openflow Labs. Install Mininet (do not do this in class) Download VirtualBox Download Xming for windows (X11) Download Mininet VM for linux-ubuntu.
Networking Components WILLIAM NELSON LTEC HUB  Device that operated on Layer 1 of the OSI stack.  All I/O flows out all other ports besides the.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Data-Plane Verification COS 597E: Software Defined Networking.
NetEgg: Scenario-based Programming for SDN Policies Yifei Yuan, Dong Lin, Rajeev Alur, Boon Thau Loo University of Pennsylvania 1.
© 2002, Cisco Systems, Inc. All rights reserved..
LAN Switching Virtual LANs. Virtual LAN Concepts A LAN includes all devices in the same broadcast domain. A broadcast domain includes the set of all LAN-connected.
What is Cloud Computing 1. Cloud computing is a service that helps you to perform the tasks over the Internet. The users can access resources as they.
Atrium Router Project Proposal Subhas Mondal, Manoj Nair, Subhash Singh.
Preliminaries: EE807 Software-defined Networked Computing KyoungSoo Park Department of Electrical Engineering KAIST.
Cisco Study Guide
Basic Edge Core switch Training for Summit Communication.
Network Virtualization Ben Pfaff Nicira Networks, Inc.
Instructor Materials Chapter 2: Scaling VLANs
InterVLAN Routing 1. InterVLAN Routing 2. Multilayer Switching.
Mininet and Openflow Labs
Intrusion Detection Systems
HybNET: Network Manager for a Hybrid Network Infrastructure
University of Maryland College Park
The DPIaaS Controller Prototype
Large-scale (Campus) Lan design (Part II)
Chapter 5: Inter-VLAN Routing
Configuring EtherChannels and Switch Troubleshooting
Virtual LANs.
Chapter 2: Scaling VLANs
Based on work by DoIT Network Services, UW-Madison
The Stanford Clean Slate Program
Software Defined Networking (SDN)
2 - IP Routing.
Intrusion Detection Systems
An Introduction to Software Defined Networking and OpenFlow
Presentation transcript:

Putting OpenFlow to Work in a Production Network Dan Schmiedt Executive Director, Network Services and Telecommunications Kuang-Ching “KC” Wang Associate Professor, Department of Electrical & Computer Engineering Fan Yang, Aaron Rosen Graduate Students, Department of Electrical & Computer Engineering

The big picture from a Technology point of view … OpenFlow is part of an answer to the “ossification” problem we see in networking: it provides a platform for innovation and rapid deployment of new protocols in real networks. OpenFlow can represent a major shift in the way we think of and operate networks: software defined, controller-based networking. – Network devices can be just interface-containing boxes. – Imagine, for example, how this could change the need for routing protocols; the controllers already know everything! Clemson University2

The big picture from a University point of view… OpenFlow provides a mechanism for the engagement of IT Staff with Academic faculty and students. On the IT side we’re very busy and have to deal with operational realities. Our eyes are close to the grindstone and it’s often hard to think “out of the box”. (We know that box very well, thank you!) On the Academic side, students and faculty are eager to solve real problems and are not jaded by the realities of running a production network. So, what could happen if we combined them? Clemson University3

A Positive Feedback Loop To facilitate sustained growth and leverage the power of a University to stay creative, we need a new model. – Students IT funded RAs from networking research groups University funded undergraduate “Creative Inquiry” team Proposed Internal Internship program, supported by the Provost – Network engineers Task assignment/incentive model Internal Faculty sabbaticals Clemson University4 IT Research Teaching

So, we just install the OpenFlow IOS image, give the students TACACS+ userids and let ‘em rip? Ummm…: – OF is not supported on Cisco hardware – I’m excited about all this, but not (completely) insane We support KC and his students in transporting GENI OpenFlow VLANs to GENI projects from I2/NLR and around campus… But, we wanted to do something with production network applications KC and students brainstormed with network engineers to find more use cases… Clemson University5

OpenFlow use cases in the production net Idea: think of ways we can leverage OpenFlow with minimal risk to the production network. The sky is the limit: simple python code and the NOX OpenFlow controller can tell the switch how to forward traffic in whatever ways we want… Some ideas: – Data Analysis Network, “DAN” – Tracking of stolen laptops Clemson University6

OpenFlow use cases in the production net Data Analysis Network, “DAN” – We are accumulating a plethora of devices that need to see aggregate network traffic at arbitrary points on the network. E.g., Coradiant, MARS, FireEye, sniffers, etc. “You know, just have your network people send the appropriate traffic to our magical device…” – An OpenFlow DAN would behave like a bunch of Gigamon boxes and forward traffic from SPANs or VACLs to monitoring devices. Clemson University7

Proposed DAN implementation Clemson University8 Some noodling on the whiteboard…

OpenFlow – A One Slide Overview Clemson University9 OpenFlow Controllers End Users Network of Various Scales Application Servers A software defined networking paradigm OpenFlow-enabled commercial switches allow open access to their flow tables by authorized software OpenFlow controllers Centralized, virtualized control and monitoring of network

OpenFlow use cases in the production net Case study 1: Data Analysis Network Case study 2: Tracking Stolen Laptops Both cases are implemented with simple OpenFlow controller (OFC) code, coexisting with a production OFC (POFC) – OFC coexistence made possible by FlowVisor software Clemson University10 Distribution Core... Access Clemson Campus Network IT server e.g., security/app monitor Host 2, e.g., app server Host 1, e.g., user desktop FlowVisor OFC2 POFCOFC1

OpenFlow Data Analysis Network The problem: Packet grabbing appliances (Cisco MARS, Coradiant, sniffers) need us to send traffic of interest to them. The need: a separate Data Analysis Network (DAN) to mirror traffic from arbitrary location. Like Gigamon, etc. The proposed solution: Use OF to duplicate traffic from anywhere to designated analysis servers Clemson University11 User traffic Monitored traffic

OK, so how do you DO this? Clemson University12 When a packet comes into the controller the controller floods the packet out all ports on the switch. Starting with a simple example, we would turn on an OF- capable switch, enable OF for a VLAN, point it at a NOX controller, and write some simple python code. This code makes a simple hub:

Kick it up one more notch and make a learning switch… Clemson University13 Learn which ports the source MAC address is attached to. Installs rule to switch to send packets to that port matching the Destination MAC address. Then, check if we know where the port the destination MAC address is.

…and add just a little more to that … Clemson University14 OF command #1: install rule to duplicate packets to mirror port from another port on the same switch OF command #2: controller sends a duplicate packet to mirror port, in addition to original forwarding action 7 added lines of python code to default switch controller

Use case #2: OpenFlow Computer Tracking The problem: Large number of student laptops reported stolen every year The need: In some past cases, stolen laptops remained on campus and were accessing campus network The proposed solution: Leverage OF controller to detect and track lost laptops’ location upon network access Clemson University15 Reported stolen laptop FlowVisor OFC2 Lost laptop DB Campus switch location DB

OpenFlow controller code for computer tracker Clemson University16 Database query #1: check MAC address with stolen laptop database Database query #2: upload switch/port ID to stolen laptop database Two database queries added to a standard controller template

Web Display Snapshot Clemson University17

Google Map Snapshot Clemson University18

Summary and outlook We believe that OpenFlow will drive a paradigm shift in networking. Universities can be most effective when they leverage the depth of their faculty, the creativity of their students, and the expertise of their staff. Relax! This stuff is fun, and you’ll get smarter. Build a partnership with an academic part of your University. Commercial support is a chicken-and-egg problem, let’s break that cycle. Clemson University19

FURTHER QUESTIONS CONTACT: DAN – KC – Clemson University20 Openflow: GENI:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.