Worksho 2012 LuaFlow, an oen source Oenflow Controller Rahael Amorim rahael@atlantico.com.br rahael.leite@h.com Renato Aguiar aguiar_renato@atlantico.com.br
Talk Overview What is OenFlow? How OenFlow Works Lua Flow aroach Demo Next stes
Current Internet Closed to Innovations in the Infrastructure A A A Oerating System Secialized Packet Forwarding Hardware A A Oerating System A A A Oerating System A Secialized Packet Forwarding Hardware A A Oerating System A Secialized Packet Forwarding Hardware A A A Secialized Packet Forwarding Hardware Oerating System Secialized Packet Forwarding Hardware 3
Software Defined Networking aroach to oen it A A A Network Oerating System A A A Oerating System Secialized Packet Forwarding Hardware A A Oerating System A A A Oerating System A Secialized Packet Forwarding Hardware A A Oerating System A Secialized Packet Forwarding Hardware A A A Secialized Packet Forwarding Hardware Oerating System Secialized Packet Forwarding Hardware
The Software-defined Network 3. Well-defined oen API A A A Network Oerating System 2. At least one good oerating system Extensible, ossibly oen-source 1. Oen interface to hardware Simle Packet Forwarding Hardware Simle Packet Forwarding Hardware Simle Packet Forwarding Hardware Simle Packet Forwarding Hardware Simle Packet Forwarding Hardware
What is OenFlow?
Short Story: OenFlow is an API Control how ackets are forwarded Make deloyed networks rogrammable not just configurable Makes innovation easier Goal (exerimenter s ersective): No more secial urose test-beds Validate your exeriments on deloyed hardware with real traffic at full line seed
How Does OenFlow Work?
Ethernet Switch
Control Path (Software) Data Path (Hardware)
OenFlow Controller OenFlow Protocol (SSL/TCP) Control Path OenFlow Data Path (Hardware)
OenFlow Flow Table Abstraction Controller Software Layer OenFlow Firmware PC Hardware Layer MAC src MAC dst Flow Table IP Src IP Dst TCP sort TCP dort Action * * * 5.6.7.8 * * ort 1 ort 1 ort 2 ort 3 ort 4 5.6.7.8 1.2.3.4
OenFlow Basics Flow Table Entries Rule Action Stats Packet + byte counters 1. Forward acket to ort(s) 2. Encasulate and forward to controller 3. Dro acket 4. Send to normal rocessing ieline 5. Modify Fields Switch Port VLAN ID MAC src MAC dst Eth tye IP Src IP Dst IP Prot TCP sort TCP dort + mask what fields to match
Examles Switching Switch Port MAC src MAC dst Eth tye VLAN ID IP Src IP Dst IP Prot TCP sort TCP dort Action * * 00:1f:.. * * * * * * * ort6 Flow Switching Switch Port MAC src MAC dst Eth tye VLAN ID IP Src IP Dst IP Prot TCP sort TCP dort Action ort3 00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 ort6 Firewall Switch Port MAC src MAC dst Eth tye VLAN ID IP Src IP Dst IP Prot TCP sort TCP dort Forward * * * * * * * * * 22 dro
Examles Routing Switch Port MAC src MAC dst Eth tye VLAN ID IP Src IP Dst IP Prot TCP sort TCP dort Action * * * * * * 5.6.7.8 * * * ort6 VLAN Switching Switch Port * MAC src MAC dst Eth tye VLAN ID IP Src IP Dst IP Prot TCP sort * 00:1f.. * vlan1 * * * * * TCP dort Action ort6, ort7, ort9
OenFlow Usage Dedicated OenFlow Network Controller OenFlow Switch Rule Action Statistics PC OenFlow Protocol OenFlow Switch OenFlow Switch Rule Action Statistics Rule Action Statistics Bob OenFlowSwitch.org Alice
Exeriment Design Decisions Forwarding logic (of course) Centralized vs. distributed control Fine vs. coarse grained rules Reactive vs. Proactive rule creation Likely more: oen research area
Centralized vs Distributed Control Centralized Control Controller Distributed Control Controller OenFlow Switch OenFlow Switch Controller OenFlow Switch OenFlow Switch Controller OenFlow Switch OenFlow Switch
Flow Routing vs. Aggregation Both models are ossible with OenFlow Flow-Based Every flow is individually set u by controller Exact-match flow entries Flow table contains one entry er flow Good for fine grain control, e.g. camus networks Aggregated One fow entry covers large grous of fows Wildcard fow entries Flow table contains one entry er category of fows Good for large number of fows, e.g. backbone
Reactive vs. Proactive Both models are ossible with OenFlow Reactive First acket of flow triggers controller to insert flow entries Efficient use of flow table Every flow incurs small additional flow setu time If control connection lost, switch has limited utility Proactive Controller re-oulates fow table in switch Zero additional fow setu time Loss of control connection does not disrut traffic Essentially requires aggregated (wildcard) rules
Examles of OenFlow in Action VM migration across subnets Identity-Based QoS Energy-efficient data center network Network slicing Load balancing (DNS for instance)
Slide Credits Guido Aenzeller Nick McKeown Guru Parulkar Brandon Heller Rob Sherwood Lots of others (this slide was also stolen)
LuaFlow's aroach
Official Oen Source controllers NOX (Python/C) Mixed aroach Beacon (Java) Focus in roduction environments Java enterrise code Trema (Ruby) Focus on rototying testing
Write it short There's a strong correlation between the length of code (number of tokens) and rogrammers' roductivity e.g. Arc Programming Language [Paul Graham] With smaller code: - less time to write consistent code - less chances for bugs LuaFlow is secialized for rogrammers' roductivity, But not comromising efficiency
Why LuaFlow... because we write it in C and Lua (NOX written in C++ and Python, Beacon written in Java) This is the main reason!
Network configuration file switches{ switch1 = {dataath_id = "00:00:00:00:00:00:00:01"}, switch2 = {dataath_id = "00:00:00:00:00:00:00:02"}, } hosts{ host1 = {mac = "00:00:00:00:00:03"}, host2 = {mac = "00:00:00:00:00:04"}, } -- Connections: Connection.switch[ort#] = {switch=ort#} or -- Connection.switch[ort#] = {host} or -- Connection.host = {switch=ort#} Connection.host1 = { switch1 = 2} Connection.host2 = { switch2 = 2} Connection.switch1[1] = { switch2 = 1}
# Luaflow add_simle_flow(did, flow, buffer_id, out_ort, cache_timeout) # NOX Python inst.install_dataath_flow( did, extract_flow(acket), CACHE_TIMEOUT, oenflow.ofp_flow_permanent, [[oenflow.ofpat_output, [0, rt[0]]]], bufid, oenflow.ofp_default_priority, inort, buf ) VS
Catching network events function switch_ready(did, features) function switch_ready(did, features) rint(">> New switch connected: ".. did) for k,v in airs(features) do if k == "orts" then for i, in iairs(v) do rint("port ".. i) for k1,v1 in airs() do rint(k1, v1) end end else rint(k, v) end end end
Catching network events function acket_in(did, buffer_id, flow) rint(">> New acket (".. buffer_id.. ") received from ".. did) local idle_timeout = 10 local out_ort = "all" add_simle_flow(did, flow, buffer_id, out_ort, idle_timeout) end
Base classes base_config.lua custom_toology_config.lua Toology.lua Port.lua Host.lua Switch.lua Link.lua Dijkstra.lua Controller.lua Flow.lua
Base classes require "Toology" mytoology = Toology:new{name = "mininet"} mytoology:load_config("custom_toology_config.lua") function switch_ready(did, features) rint(">> New switch connected: ".. did) --TODO --Insert switch features into switch objects end function acket_in(did, buffer_id, flow) rint(">> New acket received from ".. did) route = mytoology:getroute(flow.dl_src, flow.dl_dst)... end
Demo
Next stes Pure lua controller using ffi/luajit More real-world scenarios Serious evaluation Oen WRT Oenflow wireless devices Community ull-requests Both ideas & Code
Thank you all Questions?