The State of OpenFlow: Advice for Those Considering SDN Steve Wallace Executive Director, InCNTRE SDN Lab Indiana University ssw@iu.edu 2
3
4
SDN is an architecture Separation of Control and Data Planes Centralization of Control Plane
OpenFlow is both a protocol and an API OpenFlow is used by a central controller to program the behavior of network equipment (e.g., switches, routers, etc.)
OpenFlow Programmability Network features are developed in software on a standard controller platform The behavior of the network becomes an extension of your enterprise applications
OpenFlow 1.0 Flow Table Header Fields Counters Actions Priority Ingress Port Ethernet Source Addr Ethernet Dest Addr Ethernet Type VLAN id VLAN Priority IP Source Addr IP Dest Addr IP Protocol IP ToS ICMP type ICMP code Per Flow Counters Received Packets Received Bytes Duration seconds Duration nanosecconds Forward (All, Controller, Local, Table, IN_port, Port# Normal, Flood) Enqueue Drop Modify-Field
OpenFlow 1.0 Flow Table Header Fields Counters Actions Priority If ingress port == 2 if IP_addr == 129.79.1.1 if Eth Addr == 00:45:23 Drop packet re-write to 10.0.1.1, forward port 3 add VLAN id 110, forward port 2 32768 32768 32768 if ingress port == 4 forward port 5, 6 32768 if Eth Type == ARP If ingress port == 2 && Eth Type == ARP forward CONTROLLER forward NORMAL 32768 40000
OpenFlow 1.0 to 1.1
1.0 Flow Table Header Fields Counters Actions Priority 1.1 Match Fields Priority Counters Instructions Cookie... New Data Structure in Pipeline media data packet Action Set Group ID Type Counters Action Buckets...
Packet Processing OF 1.0 Does packet match flow table entry, if so, perform action. OF 1.1 Does packet match flow table entry, if so, look at instructions...
Actions vs. Instructions OF 1.1 Flow entries contain instructions. Instructions may be immediate action(s), or instructions may set actions in the action set Instructions can also change pipeline processing: o Goto table X o Goto group table entry x
More Tables OF 1.1 Allows for multiple flowtables Includes a group table with multiple group table types Instructions can jump to other tables, but only in a positive direction
Group Table Types all - execute each bucket (each bucket gets copy of packet, used for flooding, multicast, etc.) select - execute one bucket in group (used for span ports) indirect - used for next hops fast failover - execute first live bucket
OpenFlow QoS OF 1.0 Optional action "Enqueue" Forwards packet through a queue attached to a port. The behavior of the queue is determined outside the scope of OF. Header fields can include VLAN priority and IP ToS, so they can be matched against and rewritten.
OF 1.3 Stuff from 1.0 New table "Meter Table" OpenFlow QoS Meter Identifier Meter Bands Counters 32 bit integer used to identify the meter list of meter bands each band specifies rate and behavior
OpenFlow QoS (1.3 cont.) Match Fields Priority Counters Instructions Timeouts Timeouts Cooke New instructionmeter meter_id Meter Identifier Meter Bands Counters Band Type Rate Counters Type Specific Arguments drop or remark DSCP kb/s burst
OpenFlow QoS (1.3 cont.) Meter Identifier Meter Bands Counters Band Type Rate Counters Type Specific Arguments drop or remark DSCP kb/s burst One or more Meter Bands per Meter Table Entry "the meter applies the meter band with the highest configured rate that is lower than the current measured rate"
OpenFlow use cases Cloud orchestration Network access control Bandwidth on demand Traffic engineering Application/tenant isolation New stuff you just thought up
Something completely different, brought to you by the Forwarding Abstractions Working Group (FAWG) Problem: need to control existing network functions (e.g., IP routing) via OpenFlow, while leveraging existing ASICs/hardware Solution: TTPs for table typing patterns (remarkably poor name!) TTPs allow the OpenFlow protocol to control the behavior of things like routers...
TTPs Imagine using the table abstraction to program a router One table might hold IP address and masks as its "match fields", but they are interpreted as IP prefixes, and matching is done via the longest prefix match algorithm. The instruction field might contain the next-hop for the prefix encoded as a "rewrite IP address to this new value". Another table might contain next-hop encapsulation information. In other words, tables are exposed at the knobs to a routing engine.
The OpenFlow Standard OpenFlow 1.0.1 o current hardware OpenFlow 1.1 o interim standard OpenFlow 1.2 o interim standard OpenFlow 1.3 Understanding standards compliance can be complex. Buyer beware. o new equipment
Caveat Emptor Most devices (nearly all) do NOT implement every feature of the OpenFlow spec. This has led to grouping of features within a spec into "profiles". New performance metrics of interest: flow-mod performance number and type of flows supported packet-in performance
The OpenDaylight Project SDN/OpenFlow controller Open source project organized under the Linux Foundation members include: Big Switch, Brocade, Cisco, Citrix, Ericsson, IBM, Juniper, Microsoft, redhat, NEC, vmware, Arista, Dell, Fuitsu, HP, Intel, etc... What it *may* mean...
Thank You Steve Wallace ssw@iu.edu 26