Open networking w/ Marist College Software Defined Networks

Who’s Involved ?

This Talk…  What is SDN and why make the move towards SDN?  What can SDN provide?  How does OpenFlow fit into the SDN paradigm?  What can we do with the OpenFlow protocol?  Simple OpenFlow examples.  Where can I find more information about OpenFlow and SDN?

Why Software Defined Networks?  Buzzword “Virtualization of the Network”  Network Abstraction / Reduce Complexity (networks are inherently complex)  Traditional TCP/IP Layers  Centralized Network Intelligence (Control)  Distribution Model is programmers choice not the networks choice  State Control  Control Plane separated from Data Plane  Packet Forwarding

Software Defines Networks  SDN Device HW Abstraction Decoupled Control Logic Control Application

Software Defined Networks

Where does OpenFlow fit in?  OpenFlow “a piece of the SDN puzzle”  An Open Standard  Enables the ‘forwarding abstraction’ of the network (per device)  Cross-vendor communication solution  Enables Innovative software defined network solutions  Routing Protocols  Network Administration  Load Balancing  Security  & More

OpenFlow: “An Interface”  An Open Standard (as stated before)  Separates the Control and Data path of the switch  “OpenFlow Controller” takes care of Control Logic  Switch/Router communicate over OpenFlow Protocol  OpenFlow Protocol  Defines OF Message  Creates a Flow Table abstraction  Flows match on packet fields and have actions associated  Static, Dynamic and Aggregate flow matching Good place to start: OpenFlow Spec (1.1.0 also currently implemented)

OpenFlow: Part of SDN

What does OpenFlow do in SDN?

Marist, SDN and OpenFlow  Goal: Create an OpenFlow testing and compliance facility & network  Be part of the research around SDN  Develop and help the ONF/OpenFlow community grow  Contribute the the community

Marist OpenFlow SDN Environment

Research Plans  OpenFlow testing and compliance checklist  Research and Development publications  Open source OpenFlow controller code to community  Explore use cases for OpenFlow and test them i.e.  How can OpenFlow be used in the datacenter?  If any what type of benefits does OpenFlow have that traditional networks don't?  How scalable and robust is it/ the controllers? The List goes on

Demos  ACLs (Firewall Based)  VLANING the network  Routing L2 & L3  QoS Floodlight Modules  Jason Parraga : Floodlight “Administrative Control Panel” Demo’s In Hancock Center Hallway

import httplib import json class StaticFlowPusher(object): def __init__(self, server): self.server = server def get(self, data): ret = self.rest_call({}, 'GET') return json.loads(ret[2]) def set(self, data): ret = self.rest_call(data, 'POST') return ret[0] == 200 def remove(self, objtype, data): ret = self.rest_call(data, 'DELETE') return ret[0] == 200 def rest_call(self, data, action): path = '/wm/staticflowentrypusher/json' headers = { 'Content-type': 'application/json', 'Accept': 'application/json', } body = json.dumps(data) conn = httplib.HTTPConnection(self.server, 8080) conn.request(action, path, body, headers) response = conn.getresponse() ret = (response.status, response.reason, response.read()) print ret conn.close() return ret Create a StaticFlowPusher Object This will allow a static programmable interface to write scripts to support flow tables across your network using Floodlight’s REST API. Supports Flow_Mod Get Set Remove Sends HTTP Requests GET POST DELETE

import StaticFlowPusher #Switches used for tests #Switch 00:0a:34:40:b5:3c:18:00 #Switch 00:0a:34:40:b5:40:b8:00 #Switch manufacturer: Blade Network Technologies pusher = StaticFlowPusher.StaticFlowPusher(’xxx.xxx.xxx.xxx’) flow1 = { 'switch':"00:0a:34:40:b5:3c:18:00", "name":"allow-webaccess", "ingress-port":"19", "cookie":"0", "dst-ip":”x.x.x.223", #webserver "dst-port":"80", "ether-type":"2048", "protocol":"6", "priority":"32768", "active":"true", "actions":"output=all" } flow2 = { "switch":"00:0a:34:40:b5:3c:18:00", "name":"drop-web-access-all", "ingress-port":"19", "cookie":"0", "dst-port":"80", "ether-type":“2048", "protocol":"6", "active":"true", "priority":"32768", "actions":"" } pusher.set(flow1) pusher.set(flow2)

import StaticFlowPusher #Switches used for tests #Switch 00:0a:34:40:b5:3c:18:00 #Switch 00:0a:34:40:b5:40:b8:00 #Switch 00:0a:34:40:b5:3c:18:00 manufacturer: Blade Network Technologies #Switch 00:0a:34:40:b5:40:b8:00 manufacturer: Blade Network Technologies pusher = StaticFlowPusher.StaticFlowPusher(’xxx.xxx.xxx.xxx') flow1 ={ 'switch':"00:0a:34:40:b5:3c:18:00", "name":"flow-mod-2", "cookie":"0", "priority":"32768", "ingress-port":"19", "ether-type":"2048", "src-ip":”x.x.x.224", "active":"true", "actions":"output=17" } flow2 ={ 'switch':"00:0a:34:40:b5:3c:18:00", "name":"flow-mod-3", "cookie":"0", "priority":"32768", "ingress-port":"19", "ether-type":"2048", "src-ip":”x.x.x.225", "active":"true", "actions":"" } pusher.set(flow1) pusher.set(flow2)

The Value Proposition  What Value do we get from SDN/OpenFlow?  Innovation  Networks will innovate as software does  Freedom to program the behavior of your local network  Do not have to abide by traditional protocols  Customization

Floodlight Administrative Control Panel Marist/IBM Joint Study

FACP  Goal: Address network administration using Floodlight  Reduce Complexity  Eliminate Python Scripting  Allow network behavior to be applied  Provide an abstraction of the network that can be configurable  Build network configuration application against that abstraction

Administrative Concerns How can I program my network? What's involved in programming my network? I’m used to my bag-o-protocols, what now? How can FACP help? What are the plans for FACP?

Future Development  OpenFlow network and device compliance lab  Develop testing compliancy documentation  Tests “stamp of approval”  FACP  Firewall configuration mappings  Routing module (dynamic & static)  QoS module for certain traffic  VLAN administration  MPLS?

Questions?    pptx pptx    Marist OpenFlow/SDN DEMOS IN THE HALLWAY