Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenFlow: What’s it Good for? Apricot 2016 Pete Moyer Principal Solutions Architect.

Published bySharleen Sims Modified over 8 years ago

Similar presentations

Presentation on theme: "OpenFlow: What’s it Good for? Apricot 2016 Pete Moyer Principal Solutions Architect."— Presentation transcript:

1 OpenFlow: What’s it Good for? Apricot 2016 Pete Moyer pmoyer@brocade.com Principal Solutions Architect

2 Agenda SDN & OpenFlow Refresher ‒ How we got here SDN/OF Deployment Examples Other practical use cases for SDN/OF … Conclusion 2 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

3 OpenFlow & SDN Refresher

4 “Data center networks are in my way” --James Hamilton

5 Software Defined Networking Evolving Definition “A network in which the Control Plane is physically separated from the Data Plane” ‒ OpenFlow is the enabler SDN =? OpenFlow SDN > OpenFlow … 5 “Distribute what you must, centralize what you can …” SDN-OpenFlow Router Control Plane (software) Data Plane (hardware) Router Data Plane (hardware) Control Plane (software) Traditional Controller Control Plane (software) APIs © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION Hybrid

6 OpenFlow Version History 6 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION OpenFlow v1.0 (12/2009) ‒ L2 and L3 (IPv4) matching fields ‒ Many actions (including normal) OpenFlow v1.1 (02/2011) ‒ MPLS label/EXP matching fields ‒ Multiple flow tables, Group table ‒ Virtual ports OpenFlow v1.2 (12/2011) ‒ IPv6 matching fields ‒ Multiple controllers, role change OpenFlow v1.3 (4/2012) ‒ QOS Metering ‒ Capabilities & version negotiation OpenFlow v1.4 (8/2013) ‒ Improved capability discovery, extensibility OpenFlow v1.5 (12/2014) ‒ TCP Flag matching ‒ Egress Tables ‒ Improved metering OpenFlow v1.6 (2016?) ‒ Tunneling OF v2.0 or NG? (TBD) ‒ TTPs P4? ‒ http://www.sigcomm.org/sites/default/files/ccr/papers/2014/ July/0000000-0000004.pdf

7 OF/SDN Deployment Examples

8 Google B4 OF/SDN Network 8 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION 5/2013 Inter-DC Backbone 4/2014

9 9 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION Separate control plane from forwarding plane ‒ Choose HW based on necessary features ‒ Choose SW based on protocol requirements ‒ Decouple HW & SW innovation Logically centralize the network control plane ‒ Deterministic ‒ Efficient ‒ Global view Allow automation, flexibility and innovation Google B4 OF/SDN Network Summarized Benefits Achieved ~99% WAN link utilization

10 Internet2 10 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION SDN Backbone 7/2012

11 Internet2 Backbone Routers 11 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION http://routerproxy.grnoc.iu.edu/al2s/

12 Internet2 OpenFlow flows installed … 12 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION http://routerproxy.grnoc.iu.edu/al2s/

13 A few more 13 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION SDN Announcements 3/2014 10/2012 12/2015

14 Other Deployment Examples Where are they? 14 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION Another POV: “the demise of OpenFlow has been greatly exaggerated”

15 So … what (else) is OpenFlow good for? 15 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

16 SDN Use Cases 16 Volumetric Attack Mitigation Elephant Flow Management Firewall Bypass Policy Based Flow Forwarding Botnet Attack Mitigation SDN Based MPLS Traffic Engineering Bandwidth Scheduler Packet-Optical Integration WAN Network Virtualization Flow Metering SDN Based Wiretap VXLAN Monitoring CONTROL AUTOMATIONVISIBILITY © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

17 Open Daylight SDN App L2-L4 DDoS Mitigation Example Network Volumetric Attack Mitigation 17 Incoming Attack Flow Mitigation: Discard Flow Internet BGP Border Router (hybrid) Core Router Core Router © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

18 Flow Metering & Accounting Improve network utilization and reliability Flow OptimizerShipping GA in May 2015 Committed for v1.1 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION SDN App Router WAN or DC network Normal L2/L3 Forwarding OF rule to Rate Limit WAN / Internet sFlow Collector Flow parameters of interesting traffic OF based Metering Campus / DC Flow Control AnalyticAnalytic

19 Traditional REN “Science-DMZ” Campus Firewall is a Performance Bottleneck 19 Enterprise Border Router/Firewall Science DMZ Switch 10G/40G 100 GbE link 10/40 GbE link WAN High performance Data Transfer Nodes with high-speed storage Traditional Science-DMZ architecture connects science LAN outside FW Creates security exposure? © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION https://fasterdata.es.net/science-dmz/

20 SDN for Policy-Based Firewall Insertion / Bypass Enterprise Datacenter 1 One-armed Firewall Trusted Traffic Flow WAN Inline Firewall Enterprise Datacenter 2 Default Traffic Flow SDN Controller SDN App Internet Operator driven or sFlow threshold driven policy enforcement for large trusted flows © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

21 Elephant Flow Management Dynamic and Programmatic Action for Efficient Network Target for v1.2 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION SDN App App App Router Normal Forwarding WAN / Cloud sFlow Collector matched flow parameters, action OF Matching Campus / DC Flow Policy MonitorMonitor Regular Traffic Dedicated paths for Elephants Re-direct Programmable / Scheduled via Northbound API Re-mark Critical

22 Or keep doing this? 22 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION route-map permit 50 match ip address 50 set ip next-hop 172.16.10.10 route-map permit 51 match ip address 51 set ip next-hop 172.16.11.11 route-map test permit 101 rule-name match ip address match ipv6 address set next-hop-flood-vlan 1013 set interface null0 route-map permit 102 rule-name match ip address match ipv6 address set next-hop-flood-vlan 1123 set interface null0 ip access-list extended permit ip any host 10.250.64.2 permit ip any host 10.250.120.0 permit ip any host 10.110.65.6 permit ip any host 10.2333.120.4 deny udp any host 10.223.98.8 eq 2152 deny udp any host 10.223.98.5 eq 2152 deny udp any host 10.223.98.3 eq 2152 deny udp any eq 2152 host 10.223.98.8 deny udp any eq 2152 host 10.223.98.5 deny udp any eq 2152 host 10.223.98.3 permit ip any host 10.119.65.7 permit ip any host 10.119.65.11access-list 10 permit any access-list 50 permit 10.100.64.0 0.0.0.255 access-list 165 permit ip host 10.142.64.31 10.196.48.0 0.0.0.255 access-list 165 permit ip 10.62.64.0 0.0.0.255 host 10.79.213.25 access-list 165 permit ip host 10.72.64.2 host 10.79.213.11 ip access-list extended permit vlan 1250 ip any any permit vlan 1251 ip any any

23 What about OpenFlow with MPLS? 23 MPLS WAN Different LSPs for application/traffic prioritization and traffic-engineering Classification at ingress into appropriate TE’d LSP (aka: flow-based forwarding) OF granularity for classification May also provide ingress policing/metering (eg. CAC function) Multiple RSVP-signaled LSPs (Gold, Silver, Bronze, etc) LER1 LER3 Data Center SDN App OpenFlow rules for per-Application classification (and metering) applied at ingress LER. Redirect action into MPLS LSP © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

24 But … there’s more! How do you get packet captures?

25 Current Network Visibility Mode of Operation Problem 1 ‒ Obtaining data plane traffic visibility in production networks is *very* challenging ‒ Network probes are commonly deployed; or a dedicated out-of-band visibility network is deployed Both approaches increase CAPEX Both approaches limit the visibility of traffic to specific aggregation points in the network. Either due to where the probes are deployed or where the network is tapped to send flows to the visibility fabric Problem 2 ‒ Provisioning and operating a dynamic visibility solution is not efficient, nor in real-time Hampers ability to troubleshoot real-time performance problems 25 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

26 Current Network Visibility Mode of Operation Problem 3 ‒ Networking devices have many limitations in terms of providing specific data traffic to be monitored ‒ Switch/Router SPAN/RSPAN mirrors *all* traffic from one port to another port ‒ ACL-based port mirroring can provide traffic granularity; however … At the expense of very complex CLI configurations Lacks an efficient & dynamic update capability Has scalability limitations No central repository of these distributed, network wide ACL-based port mirroring configurations 26 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

27 No network taps or probes Per-flow “in-line” visibility Surgical mirroring Centralized control No complex router configurations (ACL, PBR, SPAN, etc) SDN-based Inline Packet Capture Example 27 No separate Visibility network required Normal Forwarding Pipeline SDN FlowTap DC or Campus network Tool(s) Analytics Network Ingress Port SDN App Flow parameters Committed for v1.1 Router © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION

28 Conclusions OF-based SDN is here. Deployed … ‒ A few examples provided ‒ OF-based forwarding of normal traffic; network transport ‒ Centralized control plane 28 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY: USE WITH PERMISISION OF-based SDN can solve many other problems ‒ As a tool for programmatic control of policy ‒ Centrally managed ACL & PBR replacement ‒ OF-based exception handling of interesting traffic; network services Normal traffic forwarded normally ‒ Solves various operational use cases

Download ppt "OpenFlow: What’s it Good for? Apricot 2016 Pete Moyer Principal Solutions Architect."

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Why SDN and MPLS? Saurav Das, Ali Reza Sharafat, Guru Parulkar, Nick McKeown Clean Slate CTO Summit 9 th November, 2011.

Why SDN and MPLS? Saurav Das, Ali Reza Sharafat, Guru Parulkar, Nick McKeown Clean Slate CTO Summit 9 th November, 2011.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.

Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
SDN and Openflow.

SDN and Openflow.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : 97077200 7 August 1999 The Chinese University.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
1© Copyright 2015 EMC Corporation. All rights reserved. SDN INTELLIGENT NETWORKING IMPLICATIONS FOR END-TO-END INTERNETWORKING Simone Mangiante Senior.

1© Copyright 2015 EMC Corporation. All rights reserved. SDN INTELLIGENT NETWORKING IMPLICATIONS FOR END-TO-END INTERNETWORKING Simone Mangiante Senior.
Class 3: SDN Stack Theophilus Benson. Outline Background – Routing in ISP – Cloud Computing SDN application stack revisited Evolution of SDN – The end.

Class 3: SDN Stack Theophilus Benson. Outline Background – Routing in ISP – Cloud Computing SDN application stack revisited Evolution of SDN – The end.
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION Mohammad Hanif June 2015 Optimal Flow Placement in SDN Networks.

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION Mohammad Hanif June 2015 Optimal Flow Placement in SDN Networks.
Connecting LANs, Backbone Networks, and Virtual LANs

Connecting LANs, Backbone Networks, and Virtual LANs
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
Chapter 1: Hierarchical Network Design

Chapter 1: Hierarchical Network Design
TCOM 515 Lecture 6.

TCOM 515 Lecture 6.
Software-Defined Networks Jennifer Rexford Princeton University.

Software-Defined Networks Jennifer Rexford Princeton University.
Common Devices Used In Computer Networks

Common Devices Used In Computer Networks

Similar presentations

Ads by Google