Baraki H. Abay Nov 04,2011

Outline 1. Legacy Networks 2. Software defined networks  Motivation,Architecture, Principles, 3. OpenFlow  Principles, Architecture  OpenFlow Basics- Flow table, controller, protocol  How it works  Centralized vs Distributed, Aggregated vs Flow based, Proactive vs Reactive  Network Slicing - FlowVisor  How to get started to play with OpenFlow 4. Industry trends 5. Demo screen shoots

Current Networking Scheme Fully distributed protocols - hard to add a feature to a network Network is closed for research and innovation Network administrators and Researchers can only configure devices  Software is embedded in Industry  Data plan and control plan in the same device  Routers and switches are locked  Packet forwarding and decision controlled by underlined switched and routers

Packet Forwarding Hardware Ap p Packet Forwarding Hardware Ap p Hardwared Packet Forwarding Ap p Packet Forwarding Hardware Operating System Operating System Operating System Operating System Operating System Operating System Operating System Operating System Ap p Closed System

Mitigation approach Open Development environment for Networking Isolation: regular production Network untouched Virtualized and Programmable networks Software Defined Networking (SDN)

Network Architecture to remotely control network hardware with software To open the closed network Enables innovations by researchers, operators, application/service providers Managed by Open Network Foundation (ONF) 6

SDN Architecture Principles 1. Separation of data and control planes well defined API/protocol between the two 2. Logically centralized control plane with an open API for network applications and services 3. Network slicing and virtualization to support experimentation on a production network. Control Path Data Path (Hardware) Protocol API Control Path(Software)

Packet Forwarding Hardware Ap p Packet Forwarding Hardware Ap p Hardware Packet Forwarding Ap p Packet Forwarding Hardware Operating System Operating System Operating System Operating System Operating System Operating System Operating System Operating System Ap p Network Operating System App Software Defined Networking Principles 1. Open Interface to HW 3. Open API 2. Operating System

OpenFlow

What is OpenFlow? “OpenFlow is an open standard to deploy innovative protocols in production networks” openflow.org

OpenFlow Motivation Network changes are sluggish The need for programmable networks Goal Use a centralized controller to determine traffic forwarding Principle Separate control plane from data plane

OpenFlow SDN protocol(API) that modifies forwarding tables in network switches. Added as a feature to commercial Ethernet switches, routers and wireless access points Developed by Stanford University Sits between a switch and controller Allows the path of network packets through the network of switches to be determined by software running on a separate server

OpenFlow Vendor independent Protocol is open source Version status OF 1.0 : most widely used version OF 1.1: multiple tables and counters OF 1.2 : Wire protocol IPv6, basic configuration OF 1.3 : Topology discovery, test processes OF 1.4 : capability discovery, test labs

Classic Switch Vs OpenFlow Switch Classic Switch/Router OpenFlow Enabled Switch/Router Data path and control path occur on the same device Data path- packet forwarding path Control path- routing decisions Separates the data path and control path Data path portion still resides on the switch High level routing decisions reside in controller The OpenFlow switch and the controller communicate via the OpenFlow protocol

OpenFlow Specification Basics Consists at least three parts Flow Table – define how the switch will process each flow Secure Channel –to connect to controller OpenFlow Protocol(API) OpenFlow Switch Flow Table Flow Table Secure Channel Secure Channel hw sw Controller PC OpenFlow Protocol(SSL) Flow table are set up on switches Controller talk to the switch via the OpenFlow protocol

Flow table Entry Flow table consists of set of entries to compare incoming packets against Each flow entry consist of match fields, counters, actions Matching starts at the first flow table Flow entries match in priority order Match found Apply the instructions Match not found forwarded to the controller over the OpenFlow channel, dropped may continue to the next flow table

Table entry Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport RuleActionStats 1.Forward packet to port(s) 2.Encapsulate and forward to controller 3.Drop packet 4.Send to normal processing pipeline Packet + byte counters Per table Per flow Per table

Actions: 1.Switching and routing 2.Firewall 3.Using non-OpenFlow logic 4.Send to controller

Secure channel OpenFlow Switch Flow Table Flow Table Secure Channel Secure Channel hw sw Controller PC OpenFlow Protocol(SSL)  SSL Connection, site-specific key  Controller discovery protocol  Encapsulate packets for controller  Send link/port state to controller

OpenFlow Protocol Message Types Controller-to-switch To directly manage or inspect the state of the switch may or may not require a response from the switch Operations/msg types: features, configuration, Ready-State, Modify-State, barrier Asynchronous To update the controller of network events and changes to the switch state. sent without the controller soliciting them from a switch To tell controller a packet arrival, switch state change, or error Msg. types: Packet-in, Flow-Removed, Port-status, Error  Symmetric – Msg. types: Hello, Echo, Experimenter

The OpenFlow controller Remotely control and manipulate flow table in switches Available open-source controllers NOX Beacon SNAC FlowVisor- a special type of controller Act as a proxy between OpenFlow switches and multiple controllers Slices network resource and delegate controller to each

How OpenFlow works ?

Packet In from network Send to controller over secure channel Apply Actions Check matchin g No match Switch Packet In from switch Extract the destination address of the packet Define a table entry to create a path for the packet Send message to each switch in the path the packet will traverse Controller Match

OFS PC Controller Entry Available? Inst. rule RuleActionStatisticsRuleActionStatistics RuleActionStatistics RuleActionStatistics Inst. rule

Flow match Examples Flow Rule(match)Action

Controller Usage Models

Centralized vs Distributed control Centralized Control Distributed Conrol OFS Controller PC Controller PC Controller PC Controller PC

Flow Routing vs Aggregation Flow-based Aggregated Every flow is individually set up by controller Exact match flow entries Flow table contains one entry per flow Good for fine grain control One flow entry covers large groups of flows Wildcard flow entries Flow table contains one entry per category of flows Good for large # of flows

Reactive vs Proactive Reactive Proactive First packet of flow triggers controller to insert flow entries Efficient use of flow table Every flow incurs small additional set up time Switch has limited utility of connection control is lost Controller pre-populates flow table in switch Zero additional flow set up time Loss of control connection doesn’t disrupt connection Requires aggregated rules

Open Controllers Controller nameLanguagePlatform NOXC++, PythonLinux BeaconJavaWin, Mac, Linux, Android MaestroJavaWin, Mac, Linux TremaRuby, CLinux

Network Slicing concept  Divide the production network into logical slices  each slice/service controls its own packet forwarding Slicing Layer Switch data plane Multiple controllers (NOS)

FlowVisor A tool for slicing OpenFlow Networks creating multiple isolated and programmable logical networks on the same physical topology Puts Slicing Policies The policy specifies resource limits for each slice: – Link bandwidth – Maximum number of forwarding rules – Topology – Fraction of switch/router CPU

OFS Flow Visor PC OpenFlow protocol Virtual networks through FlowVisor Research 1 controllerProd. nkt controller Research 2 controller FlowSpace: Maps Packets to Slices Topology discovery is per slice

OpenFlow gains Increased network control Increased Network in flexibility Shared Infrastructure – make innovation easier Current network infrastructure, LAN and WAN, does not allow for much experimenting. In many cases, it is a production network, there are firmware limitations, or both

Some OpenFlow applications Wireless mobility/migration Redirect specific application traffic to remote site Network Virtualization Power management Load balancing Traffic engineering Security Applications Load balancing Firewall

Current version OpenFlow limitations Non-flow-based(per-packet) networking Use all tables on switch chips New forwarding primitives New packet formats/field definitions Low-setup time individual flows But can push flows proactively

Industry support Many vendors implemented OpenFlow in their devices

How to get started with OpenFlow Switch Software switches Linux User-space Switch Reference Linux Kernel-space Switch Open vSwitch Hardware switches OpenFlow enabled commercial switches – ex. pronto Controller Reference Learning Switch Controller NOX, Beacon, SNAC

What can we do with OpenFlow Write- configure – deploy Experimenting our networks Develop network applications on top of existing controllers (ex. NOX, Beacon) Customize controllers Extend existing controllers Developing our own controller

Example Developing on NOX Basics – components and events Develop components that handle events Components can be developed using C++ Python or Combination of them NOX built-in component Core apps Network apps Web apps Third-part y extensions

Example – a component

Events Drives execution in NOX Core events Data_path_join event, Packet_in_event Application events Host_in event, flow_in event etc post events for other applications to handle Register for packet_in event

OpenFlow Practice Using virtual machines Required softwares Virtualization software (Virtual box) X server - (windows Xming, max X11, linux X server installed) Development tools Mininet Wireshark Benchmark Controller w/iperf

What can we do in the tutorial Create learning switch NOX controller (Python, C++) Beacon (java) Control a Slice of a real Network Creating router Creating Firewall

Some Demos

Dynamic Flow Aggregation on an OpenFlow Network  Dynamically define flow granularity by wildcarding arbitrary Header fields  Granularity is on the switch flow entries, no packet rewrite or encapsulation

Elastic Tree: reducing energy in data centers  Shuts off links and switches to reduce data center power  OpenFlow provides network routes and port statistics

Some OpenFlow Demos Aster*x: Load-Balancing Web Traffic over Wide-Area Networks  load balancing system for services hosted in different services  considers network congestion and server load  handles the dynamical adding and removing of resources By Stanford

 test facility for network experiments based on OpenFlow  allows the dynamic creation of virtual machines to be used as sources, sinks, and controllers for OpenFlow switches OFELIA - Pan-European Test Facility for OpenFlow Experimentation

 flexible definitions of virtual networks,  dynamic scaling of the virtual networks, and  isolation of the virtual networks from physical network changes. Network Virtualization using EXOS OpenFlow

Industry trend Increased interest In Data centers Service providers For example to slice their networks based on bandwidth Enterprise networks

Questions?

References Openflow white paper Slides from Brandon Heller (stanford) SriniSeetharaman Martin Casado Internet2 Joint Techs – Clemson Open Network Summit 2011 talks and slides