MOBILE COMMUNICATION AND

INTERNET TECHNOLOGIES

Software Defined Networks and OpenFlow

http://web.uettaxila.edu.pk/CMS/AUT2014/teMCITms/

Courtesy of:

AT&T Tech Talks

2

MODULE OVERVIEW

Motivation

What is OpenFlow

Deployments

Conclusion

Million of linesof source code

5400 RFCs Barrier to entry

500M gates10Gbytes RAM

Bloated Power Hungry

We have lost our way

Specialized Packet Forwarding Hardware

OperatingSystem

App App App

Routing, management, mobility management, access control, VPNs, …

SoftwareControl

Router

HardwareDatapath

Auth

entica

tion, S

e-

curity

, Acce

ss Con-

trol

HELLO

MPLS

NATIPV6

anycastmulti-castMobile IP

L3 VPN

L2 VPN VLANOSPF-TE

RSVP-TEHELLOHELLO

Firewall

Multi layer m

ulti re-

gion

iBGP,

eBGP

IPSec

Many complex functions packed into the infrastructureOSPF, BGP, multicast, differentiated services,Traffic Engineering, NAT, firewalls, MPLS, redundant layers, …

An industry with a “mainframe-mentality”

DeploymentIdea Standardize

Wait 10 years

Process of innovation made worse by captive standards process

• Driven by vendors• Consumers largely locked out• Layer by layer innovation

New Generation Providers already Buying into It

In a nutshellDriven by cost and controlStarted in data centers….

What New Generation Providers have been Doing Within the Datacenters

Buy bare metal switches/routers Write their own control/management applications on a

common platform

6

Specialized Packet Forwarding Hardware

App

App

App

Specialized Packet Forwarding Hardware

App

App

App

Specialized Packet Forwarding Hardware

App

App

App

Specialized Packet Forwarding Hardware

App

App

App

Specialized Packet Forwarding Hardware

OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

App

App

App

Network Operating System

App App App

Change is happening in non-traditional markets

App

Simple Packet Forwarding Hardware

Simple Packet Forwarding Hardware

Simple Packet Forwarding Hardware

App App

Simple Packet Forwarding Hardware Simple Packet

Forwarding Hardware

Network Operating System

1. Open interface to hardware

3. Well-defined open API2. At least one good operating system

Extensible, possibly open-source

The “Software-defined Network”

Windows(OS)

Windows(OS)

Linux MacOS

x86(Computer)

Windows(OS)

AppApp

LinuxLinuxMacOS

MacOS

Virtualization layer

App

Controller 1

AppApp

Controller2

Virtualization or “Slicing”

App

OpenFlow

Controller 1NOX(Network OS)

Controller2Network OS

Trend

Computer Industry Network Industry

Simple common stable hardware substrate below+ programmability + strong isolation model + competition above = Result : faster innovation

What is OpenFlow?

Short Story: OpenFlow is an API

• Control how packets are forwarded• Implementable on COTS hardware• Make deployed networks programmable

– not just configurable• Makes innovation easier• Result:

– Increased control: custom forwarding– Reduced cost: API increased competition

Ethernet Switch/RouterEthernet Switch/Router

Data Path (Hardware)

Control PathControl Path (Software)

Data Path (Hardware)

Control Path OpenFlow

OpenFlow Controller

OpenFlow Protocol (SSL/TCP)

Controller

PC

HardwareLayer

SoftwareLayer

Flow Table

MACsrc

MACdst

IPSrc

IPDst

TCPsport

TCPdport Action

OpenFlow Firmware

**5.6.7.8*** port 1

port 4port 3port 2port 1

1.2.3.45.6.7.8

OpenFlow Flow Table Abstraction

OpenFlow BasicsFlow Table Entries

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport

Rule Action Stats

1. Forward packet to port(s)2. Encapsulate and forward to controller3. Drop packet4. Send to normal processing pipeline5. Modify Fields

+ mask what fields to match

Packet + byte counters

ExamplesSwitching

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* 00:1f:.. * * * * * * * port6

Flow Switching

port3

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6

Firewall

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Forward

* * * * * * * * 22 drop

ExamplesRouting

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* * * * * 5.6.7.8 * * * port6

VLAN Switching

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* * vlan1 * * * * *

port6, port7,port9

00:1f..

OpenFlowSwitch.org

Controller

OpenFlow Switch

PC

OpenFlow UsageDedicated OpenFlow Network

OpenFlow Switch

OpenFlow Switch

OpenFlowProtocol

Aaron’s code

Rule Action Statistics

Rule Action Statistics Rule Action Statistics

Network Design Decisions

Forwarding logic (of course)

Centralized vs. distributed control

Fine vs. coarse grained rules

Reactive vs. Proactive rule creation

Likely more: open research area

Centralized vs Distributed Control

Centralized Control

OpenFlow Switch

OpenFlow Switch

OpenFlow Switch

Controller

Distributed Control

OpenFlow Switch

OpenFlow Switch

OpenFlow Switch

Controller

Controller

Controller

Flow Routing vs. AggregationBoth models are possible with OpenFlow

Flow-Based

Every flow is individually set up by controller

Exact-match flow entriesFlow table contains one entry

per flowGood for fine grain control, e.g.

campus networks

Aggregated

One flow entry covers large groups of flowsWildcard flow entriesFlow table contains one entry per category of flowsGood for large number of flows, e.g. backbone

Reactive vs. Proactive Both models are possible with OpenFlow

Reactive

First packet of flow triggers controller to insert flow entries

Efficient use of flow tableEvery flow incurs small

additional flow setup timeIf control connection lost, switch

has limited utility

Proactive

Controller pre-populates flow table in switchZero additional flow setup timeLoss of control connection does not disrupt trafficEssentially requires aggregated (wildcard) rules

OpenFlow Application: Network Slicing

• Divide the production network into logical sliceso each slice/service controls its own packet forwardingo users pick which slice controls their traffic: opt-ino existing production services run in their own slice

e.g., Spanning tree, OSPF/BGP

• Enforce strong isolation between sliceso actions in one slice do not affect another

        • Allows the (logical) testbed to mirror the production network

o real hardware, performance, topologies, scale, users

o Prototype implementation: FlowVisor

Add a Slicing Layer Between Planes

DataPlane

Rules Excepts

Slice 1Controller

Slice 2Controller

Control/DataProtocol

SlicePolicies

Slice 3Controller

Network Slicing Architecture

• A network slice is a collection of sliced switches/routers

• Data plane is unmodified– Packets forwarded with no performance penalty– Slicing with existing ASIC

• Transparent slicing layer

– each slice believes it owns the data path– enforces isolation between slices

• i.e., rewrites, drops rules to adhere to slice police– forwards exceptions to correct slice(s)

Slicing Policies

• The policy specifies resource limits for each slice:

– Link bandwidth– Maximum number of forwarding rules

– Topology

– Fraction of switch/router CPU

– FlowSpace: which packets does the slice control?

FlowSpace: Maps Packets to Slices

Real User Traffic: Opt-In

• Allow users to Opt-In to services in real-timeo Users can delegate control of individual flows to Sliceso Add new FlowSpace to each slice's policy

• Example:o "Slice 1 will handle my HTTP traffic"o "Slice 2 will handle my VoIP traffic"o "Slice 3 will handle everything else"

• Creates incentives for building high-quality services

FlowVisor Implemented on OpenFlow

CustomControlPlane

StubControlPlane

DataPlane

OpenFlowProtocol

Switch/Router

Server

Network

Switch/Router

Servers

OpenFlowFirmware

Data Path

OpenFlowController

Switch/RouterSwitch/Router

OpenFlowFirmware

Data Path

OpenFlowController

OpenFlowController

OpenFlowController

FlowVisorOpenFlow

OpenFlow

FlowVisor Message Handling

OpenFlowFirmware

Data Path

AliceController

BobController

CathyController

FlowVisorOpenFlow

OpenFlow

Packet

Exception

Policy Check:Is this rule allowed?

Policy Check:Who controls this packet?

Full Line RateForwarding

Rule

Packet

OpenFlow Deployments

OpenFlow has been prototyped on….

• Ethernet switches– HP, Cisco, NEC, Quanta, + more underway

• IP routers– Cisco, Juniper, NEC

• Switching chips– Broadcom, Marvell

• Transport switches– Ciena, Fujitsu

• WiFi APs and WiMAX Basestations

Most (all?) hardware switches now based on Open vSwitch…

Most (all?) hardware switches now based on Open vSwitch…

Deployment: Stanford

• Our real, production networko 15 switches, 35 APso 25+ userso 1+ year of use

• Same physical network hosts 7 different Stanford demos

Deployments: GENI

(Public) Industry Interest

• Google has been a main proponent of new OpenFlow 1.1 WAN features– ECMP, MPLS-label matching– MPLS LDP-OpenFlow speaking router: NANOG50

• NEC has announced commercial products– Initially for datacenters, talking to providers

• Ericsson– “MPLS Openflow and the Split Router Architecture: A Research Approach“ at

MPLS2010

Conclusions

• Current networks are complicated• OpenFlow is an API

– Interesting apps include network slicing• OpenFlow has potential for Service Providers

– Custom control for Traffic Engineering– Combined Packet/Circuit switched networks

Q A&

Assignment #6

– Write Notes on the terms highlighted in Red in slides 36 and 37

– Write a summary of the paper “MPLS Openflow and the Split Router Architecture: A Research Approach“ at MPLS2010