Presentation is loading. Please wait.

Presentation is loading. Please wait.

Putting OpenFlow to Work in a Production Network Dan Schmiedt Executive Director, Network Services and Telecommunications Kuang-Ching “KC” Wang Associate.

Published byFranklin Turner Modified over 9 years ago

Similar presentations

Presentation on theme: "Putting OpenFlow to Work in a Production Network Dan Schmiedt Executive Director, Network Services and Telecommunications Kuang-Ching “KC” Wang Associate."— Presentation transcript:

1 Putting OpenFlow to Work in a Production Network Dan Schmiedt Executive Director, Network Services and Telecommunications Kuang-Ching “KC” Wang Associate Professor, Department of Electrical & Computer Engineering Fan Yang, Aaron Rosen Graduate Students, Department of Electrical & Computer Engineering

2 The big picture from a Technology point of view … OpenFlow is part of an answer to the “ossification” problem we see in networking: it provides a platform for innovation and rapid deployment of new protocols in real networks. OpenFlow can represent a major shift in the way we think of and operate networks: software defined, controller-based networking. – Network devices can be just interface-containing boxes. – Imagine, for example, how this could change the need for routing protocols; the controllers already know everything! Clemson University2

3 The big picture from a University point of view… OpenFlow provides a mechanism for the engagement of IT Staff with Academic faculty and students. On the IT side we’re very busy and have to deal with operational realities. Our eyes are close to the grindstone and it’s often hard to think “out of the box”. (We know that box very well, thank you!) On the Academic side, students and faculty are eager to solve real problems and are not jaded by the realities of running a production network. So, what could happen if we combined them? Clemson University3

4 A Positive Feedback Loop To facilitate sustained growth and leverage the power of a University to stay creative, we need a new model. – Students IT funded RAs from networking research groups University funded undergraduate “Creative Inquiry” team Proposed Internal Internship program, supported by the Provost – Network engineers Task assignment/incentive model Internal Faculty sabbaticals Clemson University4 IT Research Teaching

5 So, we just install the OpenFlow IOS image, give the students TACACS+ userids and let ‘em rip? Ummm…: – OF is not supported on Cisco hardware – I’m excited about all this, but not (completely) insane We support KC and his students in transporting GENI OpenFlow VLANs to GENI projects from I2/NLR and around campus… But, we wanted to do something with production network applications KC and students brainstormed with network engineers to find more use cases… Clemson University5

6 OpenFlow use cases in the production net Idea: think of ways we can leverage OpenFlow with minimal risk to the production network. The sky is the limit: simple python code and the NOX OpenFlow controller can tell the switch how to forward traffic in whatever ways we want… Some ideas: – Data Analysis Network, “DAN” – Tracking of stolen laptops Clemson University6

7 OpenFlow use cases in the production net Data Analysis Network, “DAN” – We are accumulating a plethora of devices that need to see aggregate network traffic at arbitrary points on the network. E.g., Coradiant, MARS, FireEye, sniffers, etc. “You know, just have your network people send the appropriate traffic to our magical device…” – An OpenFlow DAN would behave like a bunch of Gigamon boxes and forward traffic from SPANs or VACLs to monitoring devices. Clemson University7

8 Proposed DAN implementation Clemson University8 Some noodling on the whiteboard…

9 OpenFlow – A One Slide Overview Clemson University9 OpenFlow Controllers End Users Network of Various Scales Application Servers A software defined networking paradigm OpenFlow-enabled commercial switches allow open access to their flow tables by authorized software OpenFlow controllers Centralized, virtualized control and monitoring of network

10 OpenFlow use cases in the production net Case study 1: Data Analysis Network Case study 2: Tracking Stolen Laptops Both cases are implemented with simple OpenFlow controller (OFC) code, coexisting with a production OFC (POFC) – OFC coexistence made possible by FlowVisor software Clemson University10 Distribution Core... Access Clemson Campus Network IT server e.g., security/app monitor Host 2, e.g., app server Host 1, e.g., user desktop FlowVisor OFC2 POFCOFC1

11 OpenFlow Data Analysis Network The problem: Packet grabbing appliances (Cisco MARS, Coradiant, sniffers) need us to send traffic of interest to them. The need: a separate Data Analysis Network (DAN) to mirror traffic from arbitrary location. Like Gigamon, etc. The proposed solution: Use OF to duplicate traffic from anywhere to designated analysis servers Clemson University11 User traffic Monitored traffic

12 OK, so how do you DO this? Clemson University12 When a packet comes into the controller the controller floods the packet out all ports on the switch. Starting with a simple example, we would turn on an OF- capable switch, enable OF for a VLAN, point it at a NOX controller, and write some simple python code. This code makes a simple hub:

13 Kick it up one more notch and make a learning switch… Clemson University13 Learn which ports the source MAC address is attached to. Installs rule to switch to send packets to that port matching the Destination MAC address. Then, check if we know where the port the destination MAC address is.

14 …and add just a little more to that … Clemson University14 OF command #1: install rule to duplicate packets to mirror port from another port on the same switch OF command #2: controller sends a duplicate packet to mirror port, in addition to original forwarding action 7 added lines of python code to default switch controller

15 Use case #2: OpenFlow Computer Tracking The problem: Large number of student laptops reported stolen every year The need: In some past cases, stolen laptops remained on campus and were accessing campus network The proposed solution: Leverage OF controller to detect and track lost laptops’ location upon network access Clemson University15 Reported stolen laptop FlowVisor OFC2 Lost laptop DB Campus switch location DB

16 OpenFlow controller code for computer tracker Clemson University16 Database query #1: check MAC address with stolen laptop database Database query #2: upload switch/port ID to stolen laptop database Two database queries added to a standard controller template

17 Web Display Snapshot Clemson University17

18 Google Map Snapshot Clemson University18

19 Summary and outlook We believe that OpenFlow will drive a paradigm shift in networking. Universities can be most effective when they leverage the depth of their faculty, the creativity of their students, and the expertise of their staff. Relax! This stuff is fun, and you’ll get smarter. Build a partnership with an academic part of your University. Commercial support is a chicken-and-egg problem, let’s break that cycle. Clemson University19

20 FURTHER QUESTIONS CONTACT: DAN – WILLYS@CLEMSON.EDU KC – KWANG@CLEMSON.EDUWILLYS@CLEMSON.EDUKWANG@CLEMSON.EDU Clemson University20 Openflow: http://openflowswitch.orghttp://openflowswitch.org GENI: http://geni.nethttp://geni.net

Download ppt "Putting OpenFlow to Work in a Production Network Dan Schmiedt Executive Director, Network Services and Telecommunications Kuang-Ching “KC” Wang Associate."

Similar presentations

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Network Systems Sales LLC

Network Systems Sales LLC
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Implementing Inter-VLAN Routing

Implementing Inter-VLAN Routing
OpenFlow Costin Raiciu Using slides from Brandon Heller and Nick McKeown.

OpenFlow Costin Raiciu Using slides from Brandon Heller and Nick McKeown.
Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.

Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.

Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA 2011. 04. 11 Presented.

OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.
Dare to Change One Campus Email: Gmail Jonathan Schaeffer Vice Provost (IT)

Dare to Change One Campus Gmail Jonathan Schaeffer Vice Provost (IT)
SDN and Openflow.

SDN and Openflow.
Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.

Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.
Networking Components

Networking Components
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.
Scalable Server Load Balancing Inside Data Centers Dana Butnariu Princeton University Computer Science Department July – September 2010 Joint work with.

Scalable Server Load Balancing Inside Data Centers Dana Butnariu Princeton University Computer Science Department July – September 2010 Joint work with.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.

And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing And Switching.

Similar presentations

Ads by Google