Tutorial on Softwaredefined Networking using Srini Seetharaman SDN
- Slides: 49
Tutorial on Software-defined Networking using Srini Seetharaman SDN Hub Anirudh Ramachandran Deutsche Telekom srini@sdnhub. org anirudh. ramachandran@telekom. com August 2014
Agenda ► Why SDN started? ► What is SDN? ► Open Initiatives ► Open. Daylight ► Hands-on exploration of SDN and dev tools ► Hands-on exploration of Open. Daylight 2
Welcome to the Ossified Network Routing, management, mobility management, access control, VPNs, … Feature Operating System Specialized Packet Forwarding Hardware Million of lines of source code 6000+ RFCs Billions of gates Bloated Barrier to entry Power Hungry Many complex functions baked into the infrastructure OSPF, BGP, multicast, differentiated services, Traffic Engineering, NAT, firewalls, MPLS, redundant layers, … 3
Critical needs for cloud DC networks Tenant virtualization 1. § § Traffic isolation, prioritization and rate limiting Overlapping IP addressing, along with IPv 6 support Speed up configuration to allow reduced time to revenue: 2. § § Automatically create required network configs for new tenants Transparently bridging a L 2 network will help reduce time Host 1 VM A 1 VM B 1 VM C 1 Hypervisor VLAN-101 -x Switch-1 VLAN-101 -x Switch-3 Switch-2 VLAN-101 -x Switch-2 Switch-3 VLAN-101 -x Adaptation to application needs 3. § § Adding computational capacity (in the form of new VMs) as needed Lossless live migration WAN 4
Basic problems underlying today’s data center infrastructure ► Lack of abstraction that decouples infrastructure from policy framework ► Lack of ways to define the application container with dependencies on resources 5
Intro to Software-defined Networking (SDN)
Current Mode of Operation: High complexity and cost, Coarse traffic management, not easy to innovate on top Current Internet ► Closed to Innovations in the infrastructure Closed Service Operating System Service Specialized Packet Forwarding Hardware Service Operating System Specialized Packet Forwarding Hardware Service Operating System Service Service Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware 7
“Software-defined Networking” Approach LB service IP routing service FW service Network Operating System Service Operating System Service Specialized Packet Forwarding Hardware Service Operating System Specialized Packet Forwarding Hardware Service Operating System Service Service Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware 8
“Software-defined Network” North-bound interface API Future Mode of Operation: Lower complexity and cost, Granular traffic management, Dynamic and Automated Unchanged mgmt API LB service FW service IP routing service Legacy Router Network Operating System Open. Flow or other API Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware 9
Design choice: Insertion 1. In-network: Existing/green-field network fabrics upgraded to support Open. Flow Hardware switch Control Path Open. Flow Data path (Hardware) 2. Overlay: WITHOUT changing fabric, the intelligence is added to edge-devices, § § as an additional appliance (e. g. , bump-in-wire managed by controller) as enhanced server kernel bridge (e. g. , Open. VSwitch in x 86 hypervisors) Figure courtesy of Martin Casada @ VMware 10
Design choice: Purist vs Hybrid Mgmt plane Orchestration Control plane Extnl. Control plane Data plane Purist SDN architecture, where flow-based abstraction programs all hardware Data plane Hybrid approaches 1. Exclusively through embedded control plane: e. g. , Yang modeled Net. Conf, Op. Flex 2. Embedded control plane exists, but FIB reprogrammable directly: e. g. , Hybrid switches with rule overridden by Open. Flow 3. Programming both embedded control plane and FIB: e. g. , Open v. Switch Intl. Control plane Hybrid control plane where the hardware contains a more open platform for adding logic
Design choice: Distributed operation Centralized Controller Distributed Controller Open. Flow Switch Open. Flow Switch 12
Killer App #1: Network Virtualization SDN-based Virtualized Network Platform Computing Infrastructure Dynamic, Programmable, Automated 13
Business Potential of SDN Business potential How? Reduced time to revenue Speed up of service provisioning New revenue Through new business models centered around on-demand usage Improved policy compliance Ensure that cloud workload is compliant with enterprise policies (e. g. , access control) Op. Ex saving Automated operations and easier management of resources Reduced Op. Ex during upgrades Introduce new functions and service by replacing just software stack 14
Buzzwords: Open. Flow, Open v. Switch, OVSDB, Open. Day. Light, Open. Stack
A quick primer on Open. Flow Match L 1: Tunnel ID, Switchport L 2: MAC addr, VLAN ID, Ether type L 3: IPv 4/IPv 6 fields, ARP Controller Alice's Rule Open. Flow Switch Alice's code PC L 4: TCP, UDP Action • • Output to zero or more ports Encapsulate Header rewriting Send to controller Alice's. Switch Rule Open. Flow Decision? Open. Flow Protocol Alice's. Switch Rule Open. Flow offloads control intelligence to a remote software 16
Examples Firewall service Switch MAC Port src * * MAC Eth dst type * * VLAN IP ID Src IP Dst IP Prot TCP Action sport dport * * VLAN IP ID Src IP Dst IP Prot vlan 1 * * * TCP Action sport dport 6, port 7, * * port 9 VLAN IP ID Src IP Dst IP Prot * 22 drop VLAN multicast service Switch MAC Port src * * MAC Eth dst type 00: 1 f. . * Load-balancing service Switch MAC Port src * * * MAC Eth dst type 00: 1 f. . * 00: 2 d. . * 00: 67. . * * * * 5. 6. 7. 8 * TCP Action sport dport 2678 1234 7548 80 80 80 port 6 port 7 port 8 17
Open Networking Foundation ► Promotion of the Open. Flow ecosystem Arch & Framework Config & Management Board Executive Director (Dan Pitt) TAG Chipmakers’ Advisory Board Council of Chairs Extensibility Forwarding Abstractions Market Education Northbound Interface (Working Groups) New Transport Testing & Interop Wireless & Mobile
Sample Open. Flow Physical Switches Model Virtualize Notes HP Procurve 5400 zl 1 OF instance -LACP, VLAN and STP processing per VLAN before Open. Flow or 6600 -Header rewriting, wildcard rules or non-IP pkts processed in s/w -CPU protects mgmt during loop NEC IP 8800 1 OF instance per VLAN -Open. Flow takes precedence -Most actions processed in hardware -MAC header rewriting in h/w Brocade MLX routers Multiple OF instance per switch -Hybrid Open. Flow switch with legacy protocols and Open. Flow coexisting -Open. Flow commands can override state created by legacy protocos Pronto 3290 or 3780 with Pica 8 or Indigo firmware 1 OF instance per switch -No legacy protocols (like VLAN, STP) -Most actions processed in hardware -MAC header rewriting in h/w
Open v. Switch: Most popular S/w switch ► Embraced by industry (including Open. Stack, and Intel ) as de facto server networking software Controller OVSDB Physical switch Open v. Switch Op en v. Swit VMch. VM 20
Open v. Switch (OVS) ► Kernel module that replaces the standard linux bridge to provide significant packet matching and processing flexibility Figure courtesy Thomas Graf @Red Hat 21
OVSDB ► API that is an alternative to Open. Flow § Lightweight § Transactional § Not SQL § Persistent § No packet_in events ► Include Configuration and Control ► Also manages slow-moving state: § VM placement (via VMM integration) § Tunnel setup 22
Open-source Open. Flow Controllers Controller Notes Ryu (NTT) • Apache license • Python NOX/POX (ONRC) • GPL • C++ and Python Beacon (Stanford Univ. ) • BSD-like license • Java-based Maestro (Rice Univ. ) • GPL • Based on Java Trema (NEC) • GPL 2. 0 • Written in C and Ruby Floodlight (Big Switch) • Apache license • Java-based Open. Day. Light (Linux Foundation) • Eclipse Public License • Java-based 23
Open. Day. Light Controller ► Vendor-driven consortium (with Cisco, IBM, and others) for developing open-source SDN controller platform 24
Open. Stack Cloud Management Orchestration Typical workflow 1. 2. 3. 4. 5. 6. Create a network Associate a subnet with the network Boot a VM and attach it to the network Delete the VM Delete any ports Delete the network Neutron API Plugin Network Virtualization App SDN Controller Open. Flow p. Switch v. Switch North-bound API Application Controller South-bound API OVSDB v. Switch Dataplane elements 25
26
Open. Daylight Consortium ► Heavy industry involvement and backing ► Focused on having an open framework for building upon SDN/NFV innovations § Not limited to Open. Flow innovations, but in fact decoupled from it allowing the two to evolve independently 27
Hydrogen Release VTN Coordinator Management GUI/CLI DDo. S Protection Network Applications Orchestration & Services Open. Stack Neutron Open. Daylight APIs (REST) Base Network Service Functions Topology Mgr Stats Mgr Switch Mgr Host Tracker Shortest Path Forwarding Affinity Service Network Config LISP Service Open. Stack Service VTN Manager Controller Platform DOVE Mgr Service Abstraction Layer (SAL) (plug-in mgr. , capability abstractions, flow programming, inventory, …) Open. Flow 1. 0 1. 3 Open. Flow Enabled Devices NETCONF OVSDB Open v. Switches Main difference from other Open. Flow-centric controller platforms SNMP BGP-LS PCEP LISP Additional Virtual & Physical Devices Southbound Interfaces & Protocol Plugins Data Plane Elements (Virtual Switches, Physical Device Interfaces) VTN: Virtual Tenant Network DOVE: Distributed Overlay Virtual Ethernet DDo. S: Distributed Denial Of Service LISP: Locator/Identifier Separation Protocol OVSDB: Open v. Switch Data. Base Protocol BGP: Border Gateway Protocol PCEP: Path Computation Element Communication 28 Protocol SNMP: Simple Network Management Protocol
Java, Maven, OSGi, Interface Java chosen as an enterprise-grade, cross-platform compatible language ► Maven – build system for Java ► OSGi: ► § Allows dynamically loading bundles § Allows registering dependencies and services exported § For exchanging information across bundles ► App 1 App 2 … SAL OSGi Framework (Equinox) Java Interfaces are used for event listening, specifications and forming patterns 29
Life of a Packet 1. 2. 3. 4. 5. 6. A packet arriving at Switch 1 will be sent to the appropriate plugin L 2 Learning s/w ARP Handler managing the switch IListen. Data. Packet (3) The plugin will parse the packet, (3) (4) IData. Packet. Service generate an event for SAL Service Abstraction Layer (SAL) SAL will dispatch the packet to IPlugin. Out. Data. Packet. Service (2) the modules listening for Data. Packet IPlugin. In. Data. Packet. Service (5) Module handles packet and Open. Flow. J sends packet_out through protocol plugin IData. Packet. Service (1) Open. Flow SAL dispatches the packet to the (6) modules listening for Data. Packet Open. Flow message sent to Switch 3 Switch 1 Switch 2 appropriate switch 30
Open. Day. Light web interface 31
Steps for Writing a new application Download SDN Hub’s VM and use the skeleton app in home directory Update set/unset bindings in the module’s class so as to access other bundle objects Implement the interface functions to handle the async events or use other bundle objects to edit state Update dependencies and services exported in the new bundle’s pom. xml List dependencies imported and interfaces implemented in the module’s Activator. java Add needed northbound REST API and associate with the web bundle Done 32
Top 3 features in most controllers A. Event-driven model § Each module registers listeners or call-back functions § Example async events include PACKET_IN, PORT_STATUS, FEATURE_REPLY, STATS_REPLY B. Packet parsing capabilities § When switch sends an Open. Flow message, module extracts relevant information using standard procedures C. switch. send(msg), where msg can be § PACKET_OUT with buffer_id or fabricated packet § FLOW_MOD with match rules and action taken § FEATURE_REQUEST, STATS_REQUEST, BARRIER_REQUEST 33
Main App Development Constructs (See tutorial_L 2_forwarding app) A. Packet in event handling: § public class Tutorial. L 2 Forwarding implements IListen. Data. Packet ► Indicates that the class will handle any packet_in events § public Packet. Result receive. Data. Packet(Raw. Packet in. Pkt) {. . . } ► Call-back function to implement in the class for receiving packets B. Packet parsing § Packet formatted. Pak = this. data. Packet. Service. decode. Data. Packet(in. Pkt); § byte[] src. MAC = ((Ethernet)formatted. Pak). get. Source. MACAddress(); § long src. MAC_val = Bit. Buffer. Helper. to. Number(src. MAC); C. Send message (packet_out or flow_mod) to switch § Raw. Packet dest. Pkt = new Raw. Packet(in. Pkt); § dest. Pkt. set. Outgoing. Node. Connector(p); § this. data. Packet. Service. transmit. Data. Packet(dest. Pkt); 34
Essential code constructs Beacon Open. Daylight Packet_in handling public class XX implements IOFMessage. Listener { public Command receive(IOFSwitch sw, OFMessage msg) throws IOException { … } } public class XX implements IListen. Data. Packet { public Packet. Result receive. Data. Packet(Raw. Packet in. Pkt) {. . . } } Packet parsing Ethernet eth. Hdr = new Ethernet(pi. get. Packet. Data()); IPv 4 ipv 4 Hdr = (IPv 4) eth. Hdr. get. Payload(); Ethernet eth. Hdr = (Ethernet) this. data. Packet. Service. decode. Data. Packet(in. Pkt); IPv 4 ipv 4 Hdr = (IPv 4) eth. Hdr. get. Payload(); Send msg to switch OFPacket. Out pkt. Out = new OFPacket. Out(packet. Data, actions, OFPacket. Out. BUFFER_ID_NONE); actions. add(new OFAction. Output(port)); router. get. Output. Stream(). write(pkt. Out); Raw. Packet dest. Pkt = new Raw. Packet(in. Pkt); dest. Pkt. set. Outgoing. Node. Connector(p); this. data. Packet. Service. transmit. Data. Packet(dest. Pkt); ► Several similarities between Beacon and Open. Daylight § This goes beyond just these two controller platforms § The above three functions are basic to all controller platforms 35
Useful Interfaces and Bundles Bundle Exported interface arphandler IHost. Finder hosttracker If. Ipto. Host switchmanager ISwitch. Manager topologymanager ITopology. Manager usermanager IUser. Manager statisticsmanager IStatistics. Manager Description Component responsible for learning about host location by handling ARP. Track the location of the host relatively to the SDN network. Component holding the inventory information for all the known nodes (i. e. , switches) in the controller. Component holding the whole network graph. Component taking care of user management. Component in charge of using the SAL Read. Service to collect several statistics from the SDN network. 36
Useful Interfaces and Bundles Bundle sal sal web Exported interface Description Interface for retrieving the network IRead. Service node's flow/port/queue hardware view Topology methods provided by SAL ITopology. Service toward the applications Interface for IFlow. Programmer. Ser installing/modifying/removing flows vice on a network node Data Packet Services SAL provides to IData. Packet. Service the applications Component tracking the several IDaylight. Web pieces of the UI depending on bundles installed on the system. 37
Let’s get familiar with SDN dev environment 38
Inside the Virtual Machine ► openvswitch: Virtual switch programmable using Open. Flow ► ovs-ofctl: Command-line utility for checking switch status and manually inserting flow entries. § Check supported commands in manual: $ man ovs-ofctl ► mininet: Network emulation platform § $sudo mn --topo single, 3 --mac --switch ovsk --controller remote ► wireshark: Graphical tool for viewing packets with OF protocol plug-in § Start wireshark: $sudo wireshark § Start capture packets going through interface “lo” and Decode as OFP ► Multiple Open. Flow controllers with sample apps prepackaged § NOX, POX, Ryu, and Open. Day. Light 39
Setup: Mininet-based topology 1 -switch 3 -hosts $ sudo mn --topo single, 3 --mac --switch ovsk --controller remote c 0 Controller port 6633 loopback (127. 0. 0. 1: 6633) s 1 Open. Flow Switch s 1 -eth 0 s 1 -eth 1 loopback (127. 0. 0. 1: 6634) ovs-ofctl (user space process) s 1 -eth 2 veth pairs h 1 -eth 0 h 1 10. 0. 0. 1 h 2 -eth 0 h 2 10. 0. 0. 2 Linux network namespaces h 3 -eth 0 h 3 10. 0. 0. 3 virtual hosts 40
ovs-ofctl and wireshark workflow ► Before controller is started, execute the following ► Start controller and check OF messages on wireshark (enabling OFP decode) All ports of switch shown, but no $ ovs-ofctl show s 1 # or tcp: 127. 0. 0. 1: 6634 as ovsdb listens on port 6634 flows installed. $ ovs-ofctl dump-flows s 1 Ping fails because mininet> h 1 ping h 2 ARP cannot go through $ ovs-ofctl add-flow s 1 in_port=1, actions=output: 2 $ ovs-ofctl add-flow s 1 in_port=2, actions=output: 1 $ ovs-ofctl dump-flows s 1 Ping works now! mininet> h 1 ping h 2 § Openflow messages exchanged between switch and controller: openflow/include/openflow. h /* Header on all Open. Flow packets. */ struct ofp_header { uint 8_t version; /* OFP_VERSION. */ uint 8_t type; /* one of the OFPT_ constants. */ uint 16_t length; /*Length including this ofp_header. */ uint 32_t xid; /*Transaction id associated with this packet. . */ }; 41
Sample App 1: Hub ► App logic: Hub (3) (4) Controller (2) (5) OF Switch (1) § On init, register the appropriate packet_in handlers or interfaces § On packet_in, ► Extract full packet or its buffer id ► Generate packet_out msg with data or buffer id of the received packet ► Set action = FLOOD ► Send packet_out msg to the switch that generated the packet_in
Sample App 2: MAC-learning switch ► App logic: § On init, create a dict to store MAC to switch port mapping ► self. mac_to_port = {} § On packet_in, ► Parse packet to reveal src and dst MAC addr ► Map src_mac to the incoming port § self. mac_to_port[dpid] = {} § self. mac_to_port[dpid][src_mac] = in_port ► Lookup dst_mac in mac_to_port dict to find next hop ► If found, create flow_mod and send ► Else, flood like hub.
Open. Daylight Hands-on Exploration http: //sdnhub. org/tutorials/opendaylight 44
Conclusion 45
Networking Redefined Going forward, all Networking is SDN, with varying architectures and networking logic is compiled down. All operational goodness from the computing world is brought into networking world to make it unified.
Broadened SDN definition 1. SDN-Dataplane § Traffic handling devices Management/ Orchestration ► Physical Core ► Virtual 2. SDN-Control Aggregation § Decoupled control plane ► Open. Flow++ ► Overlay Edge Rack 3. SDN-Fabric § Combined data and control plane Virtual switches 4. SDN-Mgmt § Extensible mgmt software and API Server manager Controller cluster 47
Killer App #2: Service Function Chaining Internet NFV 48
Innovate now! Follow these initiatives! ► Open Networking Foundation § 100+ member companies formed consortium to promote SDN and mainly Open. Flow ► Open Networking User Group § Fortune 500 enterprises formed consortium for users to get together and voice SDN requirements to vendors ► Open. Day. Light consortium § Vendor-driven consortium to build open-source SDN solutions http: //sdnhub. org/tutorials/opendaylight 49
Judith klein seetharaman
Srini devadas
Judith klein-seetharaman
Sdn and traditional networking
Mininet tutorial for beginners
Floodlight sdn controller tutorial
Tsl success trading sdn bhd
Tsl success trading sdn bhd
Open source sdn software
Perlis power plant
Sdn stanford
Sdn security challenges and solutions
Sdn use cases
Nfv&sdn
Sdn nfv overview
Sdn sawojajar 3 malang
Finger network sdn bhd
Sdn preparation
Penawar international sdn bhd
Pcep sdn
Wirtgen malaysia
Hub technologies (m) sdn bhd
Lau hee teah v hargill engineering sdn bhd
Clamshell dredging sdn bhd
Myori services sdn bhd
Bursa malaysia depository sdn bhd
Aibots sdn bhd
Sdn nfv certification
Introduction to sdn
Introduction to sdn
Routing in sdn
Generalized forwarding and sdn
Nfv
Sdn concepts
Frenetic sdn
Generalized forwarding and sdn
Ch biotech sdn bhd
Contract first
Sdn ovs
Sdn basics
Winzia international sdn bhd
Perbezaan antara entiti perniagaan
Odonata publishing sdn bhd
Cmw engineering corporation sdn bhd
Smc technology sdn bhd
Lets check
Sdn example
Sdn history
Uconn sdn
Introduction to sdn
