An Introduction to Software Defined Networking and Open
- Slides: 32
An Introduction to Software Defined Networking and Open. Flow Vic Thomas vicraj. Thomas@gmail. com Sponsored by the National Science Foundation
Reserve Resources (Step 1 of Instructions) Slice 1: Controller Portal RSpec: XEN Open. Flow Controllers Slice 2: Network Portal RSpec: Open. Flow OVS all XEN Create both slices on the same Insta. GENI rack Instructions at: https: //tinyurl. com/geni-of-ryu Sponsored by the National Science Foundation www. geni. net 2
• Software Defined Networking Basics • Open. Flow • Wednesday: Build simple SDN and NFV apps Sponsored by the National Science Foundation www. geni. net 3
• Software Defined Networking Basics Sponsored by the National Science Foundation www. geni. net 4
“The current Internet is at an impasse because new architecture cannot be deployed or even adequately evaluated” [PST 04]: Overcoming the Internet Impasse through Virtualization, Larry Peterson, Scott Shenker, Jonothan Turner. Hotnets 2004 Sponsored by the National Science Foundation www. geni. net 5
Software Defined Networking… • Enables innovation in networking • Changes practice of networking A Purpose-Built Global Network: Google's Move to SDN CACM March 2016, pp 46– 54 Sponsored by the National Science Foundation www. geni. net 6
SDN Basics Smarts baked into switch Network Switch Sponsored by the National Science Foundation www. geni. net 7
SDN Basics Open API Controller Smarts moved out of switch Sponsored by the National Science Foundation Network Switch www. geni. net 8
SDN Basics SDN From: Forwarding table entries added by vendor provided logic internal to switch To: Table entries added by external controller written by anyone Sponsored by the National Science Foundation MATCH ACTION dst subnet X output port 48 dst subnet Y output port 47 dst MAC: 00: 00: 00: 01 output port 2 dst MAC: 00: 00: 00: 01 output port 5 src subnet Z drop TCP port 80 output port 10 Switch Forwarding Table www. geni. net 9
SDN Basics Controller One controller can manage many switches Sponsored by the National Science Foundation www. geni. net 10
SDN Enables Network Function Virtualization Controller DHCP access router point DNS proxy VPN gateway firewall switch NAT Network Device Many network functions can be implemented using a generic network device Sponsored by the National Science Foundation www. geni. net 11
NFV: Network Function Virtualization Slide from: http: //docbox. etsi. org/Workshop/201304_FNTWORKSHOP/S 07_NFV/BT_REID. pdf Sponsored by the National Science Foundation www. geni. net 12
Software Defined Infrastructures User defined virtual networks with compute, storage, networking Everything is virtualized Highly optimized networks Dynamic reconfigurations Orchestration Layer (e. g. ONOS) Network snapshotting Network engineering ~ ~ Software engineering Physical infrastructure Figure adapted from http: //www. slideshare. net/Larry. Cover/virtualizing-the-network-to-enable-a-software-defined-infrastructure-sdi? related=1 www. geni. net Sponsored by the National Science Foundation 13
SDN Benefits* • External control – – Enables network Apps Fosters innovation: Not limited to vendor provided switch logic Leverages general-purpose computers (Moore’s Law) Drives down costs: Network hardware becomes a commodity • Centralized control – Enterprise-wide optimization and planning – Dynamic network reconfiguration – One place for apps to interact (auth & auth, etc) * Open. Flow: A radical New idea in Networking, Thomas A. Limoncelli CACM 08/12 (Vol 55 No. 8) Sponsored by the National Science Foundation www. geni. net 14
SDN Drawbacks • Unexpected interactions between features • Controller reliability and stability • Controller security (runs on a general purpose computer and OS) There an now many more ways of messing up a nework Sponsored by the National Science Foundation www. geni. net 15
• Open. Flow Sponsored by the National Science Foundation www. geni. net 16
Open. Flow is an SDN API Open. Flow is the most widely implemented controller-switch API Sponsored by the National Science Foundation www. geni. net 17
Open. Flow Versions (Dec ’ 09) Open. Flow 1. 0. 0 Simple & widely supported (‘ 11) Open Networking (‘ 12/’ 13) Open. Flow 1. 3. x Complex & Foundation (ONF) support in progress formed to shepherd (Dec’ 14) Open. Flow 1. 5 standards (Feb ‘ 11) Open. Flow 1. 1. 0 Not implemented by HW vendors (Dec ‘ 11) Open. Flow 1. 2 First ONF standard (Oct ‘ 13) Open. Flow 1. 4 (Nov‘ 13) Open. Flow 1. 0. 2 https: //www. opennetworking. org/sdn-resources/technical-library Sponsored by the National Science Foundation www. geni. net 18
Open. Flow Any Host Open. Flow Controller Open. Flow Protocol (SSL/TCP) Switch Control Path • The controller is responsible for populating forwarding table of the switch Open. Flow Data Path (Hardware) • In a table miss the switch asks the controller Modified slide from : http: //www. deutsche-telekom-laboratories. de/~robert/GENI-Experimenters-Workshop. ppt Sponsored by the National Science Foundation www. geni. net 19
Open. Flow in Action Host 1 sends a packet Any Host Open. Flow Controller Open. Flow Protocol (SSL/TCP) Switch Control Path Open. Flow Data Path (Hardware) host 1 host 2 If there are no rules for handling this packet Forward packet to the controller installs a rule on the forwarding table (flow table) Subsequent packets do not go through the controller Modified slide from : http: //www. deutsche-telekom-laboratories. de/~robert/GENI-Experimenters-Workshop. ppt Sponsored by the National Science Foundation www. geni. net 20
Open. Flow 1. 0 Basics Rule Action Stats Packet + byte counters 1. 2. 3. 4. 5. Switch Port VLAN ID VLAN PCP Forward packet to port(s) Encapsulate and forward to controller Drop packet Send to normal processing pipeline Modify Fields MAC src MAC dst Eth type IP Src IP Dst IP Prot IP To. S TCP sport TCP dport + mask what fields to match slide from : http: //www. deutsche-telekom-laboratories. de/~robert/GENI-Experimenters-Workshop. ppt Sponsored by the National Science Foundation www. geni. net 21
Use Flow Mods • Going through the controller on every packet is inefficient • Install flows proactively (preferred) or reactively • A Flow Mod consists of : – A match on any of the 12 supported fields – A rule about what to do matched packets – Timeouts about the rules: • Hard timeouts • Idle timeouts – The packet id in reactive controllers – Priority of the rule Sponsored by the National Science Foundation www. geni. net 22
Open. Flow datapaths Open. Flow enabled devices are usually referred to as datapaths with a unique dpid It is not necessary that 1 physical device corresponds to 1 dpid Different Open. Flow modes Any Host Open. Flow Controller Open. Flow Protocol Switch Control Path Open. Flow Data Path (Hardware) – switches in pure OF mode are acting as one datapath – Hybrid VLAN switches are one datapath per VLAN – Hybrid port switches are two datapaths (one OF and one non-OF) Each Datapath can point to only one controller at a time! Sponsored by the National Science Foundation www. geni. net 23
Open. Flow controllers • Open source controller frameworks – – – – No. X – C++ Po. X - Python Open. Daylight - Java Flood. Light - Java Trema – C / Ruby Maestro - Java Ryu - Python • Proprietary controllers – Mostly customized solutions based on Open Source frameworks – Programmable. Flow - NEC Sponsored by the National Science Foundation www. geni. net 24
Open. Flow Common Pit Falls • Reactive controllers – Cause additional latency on some packets – UDP – many packets queued for your controller before flow is set up • Hardware switch limitations – Not all actions are supported in hardware • No STP to prevent broadcast storms • Controller is responsible for all traffic, not just your application! – ARPs, DHCP, LLDP Sponsored by the National Science Foundation www. geni. net 25
Running Open. Flow Experiments Debugging Open. Flow experiments is hard: – Network configuration debugging requires coordination – Many networking elements in play – No console access to the switch Before deploying your Open. Flow experiment test your controller. http: //mininet. github. com/ Sponsored by the National Science Foundation http: //openvswitch. org/ www. geni. net 26
• Exercise: Use the Ryu controller to set up simple flows Sponsored by the National Science Foundation www. geni. net 27
Open. Flow 1. 0 Intro Exercise Write simple controllers to control the traffic between the three hosts. Sponsored by the National Science Foundation www. geni. net 28
Major Steps Step 2 of instructions 2. Configure your switch 2 a. Connect switch ports to Ethernet interfaces of VM running switch 2 b. Point switch to controller • Controller can by anywhere on the Internet. Yours runs on a GENI VM in a different slice. host 2 host 1 OVS switch name: br 0 controller host 3 Sponsored by the National Science Foundation www. geni. net 29
Run Experiments 1. Simple learning switch – OVS switch acts as a regular switch: Learns which MAC addresses are connected to which ports and forwards traffic accordingly 2. Port forwarding – Traffic from Host 1 to Host 2 on Port 5000 gets forwarded to Port 6000 on Host 2 3. Server proxy – Traffic from Host 1 to Host 2 gets forwarded to Host 3 Sponsored by the National Science Foundation www. geni. net 30
Tips • Cut and paste the curl commands – Keep online version of instructions open http: //tinyurl. com/geni-of-ryu • You will have multiple terminals open to each of Hosts 1, 2, 3, controller and switch. Make sure your are typing your commands in the right window. Sponsored by the National Science Foundation www. geni. net 31
Instructions: http: //tinyurl. com/geni-of-ryu Sponsored by the National Science Foundation www. geni. net 32