SDN and OpenFlow. Naresh Thukkani (ONF T&I Contributor) Technical Leader, Criterion Networks

SDN and OpenFlow Naresh Thukkani (ONF T&I Contributor) Technical Leader, Criterion Networks Open 2014 Open SDN Networking India Foundation Technology Symposium, January 18-19, 2015, Bangalore

Agenda SDN Overview SDN Architecture OpenFlow Based SDN OpenFlow Versions, TTPs OpenFlow Conformance Programs 2

SDN Overview Centralized Controller (Software) External Input OpenFlow Protocol C.P Content Provider B C.P C.P Packet Packet Client A D Content Server C.P C

Example: OSPF Traditional Networks Link Failure Event A B C C.P C.P C.P F E D C.P C.P Each Node Maintains the OSPF Topology Data Base Each Node Routing Decision based on the topology (Dijkstra's algorithm). When any link going down, network is flooded with link state updates so that the routers can update their databases and routes. C.P

Example: OSPF SDN Link Failure Event APP SDN Controller SDN Controller uses Topology Discovery Module and determines Topology OSPF Application on the Controller can run Dijkstra's algorithm! The nodes that detect the link down will notify the controller Can I write my own new Routing Algorithm Application to influence decisions? YES, YOU CAN!

SDN Architecture APPs ANDROID OS Mobile Phone Hardware

OpenFlow Based SDN SDN is a framework and Openflow implementation is fostering the Adoption First standard communications interface defined between the control and forwarding layers of an SDN architecture. Layered on top of TCP. Controllers listen on 6633 (default) A Simple Migration path from Legacy to SDN Based Networks OpenFlow is just one flavour of SDN. It does not equal SDN.

OpenFlow Components Open Flow Controller OpenFlow Protocol (Secure Channel) OF Agent CPU Flow Table Open Flow Switch

OF Switch Controller Connection Upon Switch start up initiates connection request to Controller at port 6633 Mutually Authentication by exchanging certificates OF-Config is used for bootstrapping the switch with required IP addresses, GW, Controller IP, Certificates

OF Switch Flow Table Population Proactive Flows Rules are Static Controller programs flows in the switch after switch connects Example: Firewall Design to block few tcp/udp ports, Topology Discovery with LLDP Packets to send to Controller Reactive Flows Rules are Dynamic Controller programs flows after receiving the Packet-In messages from switch Example: Mac address Learning

Working of OpenFlow Switch (Reactive Flows) Open Flow Controller Packet- In Encap(Data1) Packet- Out Encap (Data1) Program Flow (Match: xyz, Ac@on: Out:2) OF Agent CPU Data- 1 Data- 1 Flow Table 1. No Flow Flow rule Table matching Table 1. Match :xyz, Ac@on: 2 2. Ac@on: Send to CTRL Data- 1 Open Flow Switch

Flow Table Entries(Match Rules) HEADER FIELDS COUNTERS ACTIONS......................... 12 Tuple key Ingress port Sourc e MAC Dest MAC Ether Type VLAN ID VLAN priorit y IP SRC IP DEST IP Protocol IP TO S TCP/ UDP SRC TCP/ UDP DEST 1 2 3 4 5 6 7 8 9 10 11 12

Flow Table Entries (Actions) Action #1 Forward to ALL Ports except Input Port Open Flow Controller OF Agent CPU Packet Flow Table (Action: ALL) Open Flow Switch

Flow Table Entries (Actions) Action #2 Redirect to OF Controller Open Flow Controller OF Agent CPU Packet Flow Table (Action: CONTROLLER) Open Flow Switch

Flow Table Entries (Actions) Action #3 Forward to Local CPU Open Flow Controller Use: In-Band Controller Implementation OF Agent CPU Packet Flow Table (Action: LOCAL) Open Flow Switch

Flow Table Entries (Actions) Action #4 Perform Action in Flow Table Open Flow Controller OF Agent CPU Packe t Flow Table (Action: Set Vlan 20, Output: 2) Open Flow Switch SET VLAN, OUTPUT : 2

Flow Table Entries (Actions) Action #5 Forward to Input Port Open Flow Controller Use: Wireless Controller, Single Port Forwarding devices OF Agent CPU Packet Flow Table (Action: INPUT) Open Flow Switch

Flow Table Entries (Actions) Action #6 Drop Packet Open Flow Controller OF Agent CPU Packet Flow Table (Action: Drop) Open Flow Switch

OpenFlow 1.1 & Beyond OF 1.0: Packet Matches Flow Entry => Perform Action OF 1.1 and Later (Multiple Flow tables) Packet Matches Flow Entry => Perform Instructions Instructions may be Immediate Actions Instructions may be Action(s) in action set Instructions can also change pipeline Goto Table entry X Goto Table entry Y Instructions jump to other tables only in positive direction

Open Flow Controller OpenFlow 1.1 and Later OF Agent CPU Provision for Broadcast/ Multicast Packet Flow Table - 1 Flow Table - 2 Flow Table - N Group Table Open Flow Switch

OF 1.0 & OF 1.3 Main Differences Feature OF 1.0 OF 1.3 Multiple Flow Table No Yes Group Table No Yes Multiple Controllers No Yes IPv6/MPLS/PBB Match Number of Match Fields No Yes 13 39 Logical Ports No Yes Instructions No Yes Flexible Table-Miss No Yes Meters No Yes

OpenFlow Switch Specification Versions OF version Released Date 1.0.0 December 31, 2009 1.1.0 February 28, 2011 1.2 December 2011 1.3.0 June 25, 2012 1.3.1 September 6, 2012 1.3.2 April 25, 2013 1.3.3 Dec 18, 2013 1.4.0 Oct 15, 2013 1.3.4 Mar 27, 2014

Table Type Patterns (TTP) OpenFlow 1.0 OpenFlow 1.3 T0 Single Flow Table TTP Developer Customer T0 T 0 T1 T1 T 2 T3 T2 Developer Multiple Flow Table How should I know Apps will work on MFT? Customer

ONF OpenFlow Conformance Program A strong Conformance Testing Program is required to meet the ONF s goal for promoting standards-based SDN. OpenFlow switch conformance certification assures product compliance with the OpenFlow specification. Successfully certified products can use Open Flow Conformant logo on products and collaterals. Certified products will also be listed on the ONF website The primary elements of a conformance testing program consist of: Test Specification developed by the ONF Reference Test Code developed by the ONF Commercial testing tools certified by the ONF Pilot testing periods 3 rd party test labs certified by the ONF A Brand or Logo Program maintained by the ONF

OpenFlow certification programs OpenFlow 1.0 certification program Generally Available Available for all ONF members and nonmember companies OpenFlow 1.3 certification program Based on 1.3.4 switch specification In pilot phase 25

How can you get certified? 26

ONF Certified International Testing Facilities (Labs) BII (China) CNLabs (India) In-CNTRE (USA) NBL (Taiwan) CTTL (China) UNH-IOL (USA)

ONF OpenFlow Certified Products PF5240 and PF5248 Switches from NEC CS6500-48S4Q Switch from DCN MC4200 Wireless LAN Controller from MERU HP2920, HP3800 and HP 5400 Switches from HP https://www.opennetworking.org/openflow-conformancecertification#labs