Networking Technologies for Cloud Computing USTC-INY5316 Instructor: Chi Zhang Fall 2014 Welcome to

Today’s agenda Introduction OpenFlow SDN applications SDN ecosystem and SDN standardization SDN development tools and business ramifications Future research directions 2

OpenFlow Introduction of OpenFlow Flow abstraction OpenFlow separation OpenFlow match process Secure channel Messages between controller and switch OpenFlow additions –Multiple table and Group table –Extensional match support and multiple controllers –More Flexible Table-Miss Support, per-flow meters and auxiliary connections 3

OpenFlow Introduction of OpenFlow Flow abstraction OpenFlow separation OpenFlow match process Secure channel Messages between controller and switch OpenFlow additions –Multiple table and Group table –Extensional match support and multiple controllers –More Flexible Table-Miss Support, per-flow meters and auxiliary connections 4

Where does OpenFlow fit in? The X86 instruction set of SDN 5

OpenFlow Introduction of OpenFlow Flow abstraction OpenFlow separation OpenFlow match process Secure channel Messages between controller and switch OpenFlow additions –Multiple table and Group table –Extensional match support and multiple controllers –More Flexible Table-Miss Support, per-flow meters and auxiliary connections 6

Flow abstraction 7 End – to – End Flow L4: TCP src/dst port L3: IP src/dst addr, IP proto L2.5: L2: Flow Identifiers Common Dest Flow L4: L3: IP dst prefix for China L2.5: L2:

Flow abstraction 8 Classification of packets that have a logical association Action & Maintaining Flow State Flow based Accounting & Resource Management What is a Flow? L4: L3: IP src prefix L2.5: L2: Flow Identifiers Common Src Flow L4: TCP dst port 80 L3: IP proto L2.5: L2: MAC src Web traffic from a Handset L4: L3: L2.5: MPLS Label ID L2: All packets between 2 routers

OpenFlow Introduction of OpenFlow Flow abstraction OpenFlow separation OpenFlow match process Secure channel Messages between controller and switch OpenFlow additions –Multiple table and Group table –Extensional match support and multiple controllers –More Flexible Table-Miss Support, per-flow meters and auxiliary connections 9

Traditional router architecture 10 Control plane Forwarding plane Management plane

Traditional switch component 11

OpenFlow separation 12 Drop

OpenFlow Introduction of OpenFlow Flow abstraction OpenFlow separation OpenFlow match process Secure channel Messages between controller and switch OpenFlow additions –Multiple table and Group table –Extensional match support and multiple controllers –More Flexible Table-Miss Support, per-flow meters and auxiliary connections 13

Flow matching process 14

OpenFlow 1.0 flow table 15 Classifier Action Modify Field Enqueue Forward NORMAL FLOOD Virtual Port Physical Port Forward Mandatory Action Optional Action Counters Classifier Action Counters Classifier Action Counters Classifier Action Counters … Flow Table OF1.0 style Ingress Port Ingress Port Ethernet SA DA Type IP SA DA Proto TCP/UDP Src VLAN ID Priority TOS Dst Virtual Port ALL CONTROLLER LOCAL TABLE IN_PORT Drop Header Fields Actions

Layer 2 to layer 4 16 Modify Field Enqueue Forward NORMAL FLOOD Virtual Port Physical Port Forward Mandatory Action Optional Action Virtual Port ALL CONTROLLER LOCAL TABLE IN_PORT Drop

Examples Switching * Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action * 00:1f:.. *******port6 Flow Switching port3 Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action 00:20..00:1f..0800vlan port6 Firewall * Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action ********22drop 17

Examples Routing * Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action ***** ***port6 VLAN Switching * Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action ** vlan1 ***** port6, port7, port9 00:1f.. 18

Packet Forwarding 19

OpenFlow Introduction of OpenFlow Flow abstraction OpenFlow separation OpenFlow match process Secure channel Messages between controller and switch OpenFlow additions –Multiple table and Group table –Extensional match support and multiple controllers –More Flexible Table-Miss Support, per-flow meters and auxiliary connections 20

The Controller-Switch Secure Channel The path used for communications between the OpenFlow controller and the OpenFlow device In-band secure channel –Messages from the port of the data plane –Packets will be handled by the OpenFlow packet- matching logic Out-of-band secure channel –Messages from the port which is not switched by the data plane 21

OpenFlow Introduction of OpenFlow Flow abstraction OpenFlow separation OpenFlow match process Secure channel Messages between controller and switch OpenFlow additions –Multiple table and Group table –Extensional match support and multiple controllers –More Flexible Table-Miss Support, per-flow meters and auxiliary connections 22

Messaging Between Controller and Switch Message between controller and switch starts with the OpenFlow header(specifies the version number, the message type, the length of the message, and the transaction ID of the message). Message categories: –Symmetric: be sent by either controller or the switch –Async: be sent from the switch to the controller –Controller- switch: be sent from the controller to the switch 23

Message Types Symmetric messages –HELLO: be exchanged after the secure channel has been established to determine the highest OpenFlow version number supported by the peers. –ECHO: ascertain that the connection is still alive and to measure the current latency or bandwidth of the connection –VENDOR: available for vendor-specific experimentation or enhancements 24

Message Types Async messages –PACKET_IN: The switch passes data packets back to the controller for exception handling. –FLOW_REMOVED: The switch can inform the controller that a flow entry is removed from the flow table. –PORT_STATUS: Be used to communicate changes in port status. –ERROR: Notify the controller of problems 25

Message Types Controller-switch (five subcategories) –Switch configuration: SET_CONFIG: set configuration parameters in the switch FEATURES: ask the switch about which features it supports GET_CONFIG: retrieve a switch’s configuration settings 26

Message Types –Command from controller PACKET_OUT: send data packets to the switch for forwarding out through the data plane FLOW_MOD: modify existing flow entries in the switch PORT_MOD: modify the status of an OpenFlow port –Statics STATS: be used to obtain the statistics from the switch –Barrier: BARRIER: be used by the controller to ensure that a particular OpenFlow command from the controller has finished executing on the switch 27

Message Types –Queue configuration QUEUE_GET_CONFIG: the controller learns from the switch how a given queue is configured. Note: –In the event that the HELLO protocol detects a loss of the connection between controller and switch, the switch should enter emergency mode and reset the TCP connection. At this time all flows are to be deleted except special flows that are marked as being part of the emergency flow cache. 28

Ports and Port Queues(v1.0) 29 OpenFlow support for multiple queues per port. These queues are generally served by scheduling algorithms that allow the provisioning of different quality of service (QoS) levels for different types of packets.

OpenFlow Introduction of OpenFlow Flow abstraction OpenFlow separation OpenFlow match process Secure channel Messages between controller and switch OpenFlow additions –1.1 Multiple table and Group table –1.2 Extensional match support and multiple controllers –1.3 More Flexible Table-Miss Support 、 per-flow meters and auxiliary connections 30

OpenFlow versions status 31

OpenFlow configuration protocol evolution 32

OpenFlow Introduction of OpenFlow Flow abstraction OpenFlow separation OpenFlow match process Secure channel Messages between controller and switch OpenFlow additions –Multiple table and Group table –Extensional match support and multiple controllers –More Flexible Table-Miss Support, per-flow meters and auxiliary connections 33

Multiple flow tables 34

Multiple flow tables 35

Group Table 36 A richer extension to the FLOOD option Consists of group entries, each entry consisting of one or more action buckets. Provide a more efficient way of handling the routing change Kind of action buckets: ALL 、 Select 、 Indirect 、 fast failover

Group table 37

Packet processing procedure 38

Controller Connection Failure Fail secure mode –The switch continues to operate as a normal V.1.1 switch except that all messages destined for the controller are dropped. Fail standalone mode –The switch additionally ceases its OpenFlow pipeline processing and continues to operate in its native, underlying switch or router mode. The controller may choose to delete existing flow entries and begin to configure the switch anew. 39

EX1: Forwarding with Multiple Flow Tables 40

EX2:Multicast Using V.1.1 Groups 41

OpenFlow Introduction of OpenFlow Flow abstraction OpenFlow separation OpenFlow match process Secure channel Messages between controller and switch OpenFlow additions –Multiple table and Group table –Extensional match support and multiple controllers –More Flexible Table-Miss Support 、 per-flow meters and auxiliary connections 42

OpenFlow 1.2 Additions 43

Extensible Match Support Sufficient richness in the packet-matching descriptors that the controller can encode the desired logic in the rules themselves. Expands the possibilities for match fields by allowing for multiple match classes. OpenFlow Extensible Match(OXM) descriptors Type-length-value(TLV)pairs can describe or define any of the header fields an OF switch would need to use for matching. 44

Multiple Controllers Switch may be configured to maintain simultaneous connections to multiple controllers. A controller may be one of three different roles relative to a switch: –Equal (allow the controller the full ability to program the switch) –Slave (only request data from the switch but make no modifications) –Master(only one switch could be in a master mode and all others be in slave mode) 45

OpenFlow Introduction of OpenFlow Flow abstraction OpenFlow separation OpenFlow match process Secure channel Messages between controller and switch OpenFlow additions –Multiple table and Group table –Extensional match support and multiple controllers –More flexible Table-Miss support, per-flow meters and auxiliary connections 46

OpenFlow 1.3 Additions(milestone) 47

More Flexible Table-Miss Support Program a table-miss flow entry into a switch Table-miss flow is the lowest priority The last flow entry that can be matched in the table 48

Per-Flow Meters( 计量表） 49 v.1.3 instructions may direct packets to a meter identified by its meter ID. Rate-limited meters The type determines the action to take when that meter band is processed. When a packet is processed by a meter, at most one band is used. This band is selected based on the highest bandwidth rate band that is lower than the current measured bandwidth. Duel level of counters

Auxiliary Connections V.1.3 allows multiple connections per communications channel. Lies in achieving greater overall throughput between the switch and the controller. The first connection in the channel is specified to be a TCP connection.UDP may be used for the secondary connections. Auxiliary connections can transmit packets in some special situations. 50

EX ： Enforcing QoS via Meter Bands 51

THANK YOU ! Presenter: 王正琦 If you have any suggestions or questions about OpenFlow, welcome to contact with me. 52