Affan A. Syed affan.syed@nu.edu.pk Syed Ali Khayam ali.khayam@seecs.nust.edu.pk
OpenFlow: History and Overview Dr. Affan A. Syed OpenFlow and Software Defined Networking Dr. Syed Ali Khayam Demo of OpenFlow@home routers 11/22/2014 2
PhD (CS) and Master (EE) from USC Thesis on underwater sensor networks Essentially a Systems researcher Post-Doctoral Studies from ISI Energy-harvesting based sensing systems Director of an (undercover) Lab at FAST Systems and Networking Lab (SysNet) Systems research (embedded and cyberphysical systems) and networking (WSN and Internet) 3
11/22/2014 Many slides credit to Nick McKeown, used with his permission 4
Deconstruct the OpenFlow myth Have a good understanding of the why? a little of the how? and even a little of why not! Correlate OpenFlow with the SDN concept Get people excited about this area and explore it for research purposes 11/22/2014 5
Started as part of CleanSlate initiative at Stanford (2006) Reinvent the internet Some Research Projects POMI 2020 NetFPGA OpenFlow 11/22/2014 6
March 22, 2011 11/22/2014 7
Current Innovation? Everything over the Web (application layer) IP over everything (below link layer) Middle of the stack is stagnant Paths are fixed (by the network) Addresses dictated by DNS, DHCP, etc Cleanslate.stanford.edu Experiments we d like to do Mobility management New naming/addressing, transport, and congestion control schemes WISH: get deployed at the Internet scale
Gap between testing and full scale deployment Currently: Design (whiteboard) Simulate (ns-2) Test (emulab, DETER)???? Production Deployment 11/22/2014 9
Commercial switch platform not open Complexity of support Market protection and barrier to entry Don t want a fancy protocol to break their system Also has lead to monopoly and stasis! Compare with server and PC market. Hard to build my own Prototypes are flakey Software only: Too slow Hardware/software: Fanout too small (need >100 ports for wiring closet)
A way to innovate in the networks we use everyday. A pragmatic compromise Allow researchers to run experiments in their network without requiring vendors to expose internal workings. 1. Work with switch and AP vendors to add OpenFlow to their products 2. Deploy on university campuses 3. Stand back and watch students innovate Basics An Ethernet switch (e.g. 128-ports of 1GE) Use flow-table already in every switch and chipset An open protocol to remotely add/remove flow entries 11
Google, Microsoft, Facebook, Amazon Huge data centers (~10,000 servers) Existing protocols donot scale STP and issues in VM migration (later) Already doing a lot of innovation OpenFlow provides standardization 11/22/2014 12
Make a forwarding decision for each incoming packet and then implement it at line rate Ethernet Switch
Control Control Plane (Software) Path Data Plane (Hardware)
Jargon for forwarding/switching(data plane) and routing (control plane) Data plane look up in usecs, control plane in secs Control plane decision can be done remotely! http://wiki.nil.com/wk /images/6/64/control _Data_Plane.png 11/22/2014 16
OpenFlow Controller OpenFlow Protocol (SSL) Control Plane OpenFlow Data Plane (Hardware)
FlowTables in network device switch or router Software Controller remote or local OpenFlow protocol Controller-to-Switch Communication Over a secure SSL channel 11/22/2014 18
Centralized control for a large domain like a DCN, campus or corporate network OpenFlow Controller OpenFlow Protocol (SSL) Control Path OpenFlow (Flow Tables) Data Path (Hardware) Control Path OpenFlow (Flow Tables) Control Path OpenFlow (Flow Tables) Data Path (Hardware) Data Path (Hardware) Control Path OpenFlow (Flow Tables) Data Path (Hardware) 11/22/2014 19
Allow production traffic to use the normal switch data path Allow experimental traffic to bypass it Implement fancy new protocol! 11/22/2014 20
Policy Rule Commercial Switch or AP Ali: Use production network User Space Open API Ali Controller Llinux kernel sw Normal Software Secure Channel Linux PC hw Normal datapath Flow Table 21 Ali
Policy Rule Commercial Switch or AP Affan: Use Affan s protocol User Space Open API Affan Controller Llinux kernel sw Normal Software Secure Channel Linux PC hw Normal datapath Flow Table 22 Affan
Rule Action Stats Packet + byte counters 1. Forward packet to port(s) 2. Encapsulate and forward to controller 3. Drop packet 4. Send to normal processing pipeline Switch Port + mask MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport
Switching Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action * * 00:1f:.. * * * * * * * port6 Firewall replacement Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action port3 * *.. * * * 5.6.7.8 * * 80 drop VLAN Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action * * * * vlan1 * * * * * port6, port7,port9
Cascaded FlowTables Scalability and flexibility Compounded actions Metadata passing between FlowTables Support for MPLS and MPLS-like tags OpenFlow 1.0 uses a single TCAM (flow table) and is thus totally boring compared to rich OpenFlow 1.1 functionality. Ivan Pepelnjak http://www.openflow.org/documents/ openflow-spec-v1.1.0.pdf 11/22/2014 25
Mid 90 s: Active Networking To enable innovation in the network, we need to program on top of a simple hardware datapath Problems: performance, complexity Late 90 s: Network Processors To enable innovation in the network, we need the datapath substrate to be programmable Problem: Accelerated complexity of the datapath substrate 11/22/2014 26
No per-packet programming in the network Not complicating the datapath OpenFlow: a portion of the datapath is programmable, at per-low granularity Provides a abstract view of the network to its owner (not user) to build functions on top of it Like the x86 ISA, on which you can build several OS and applications 11/22/2014 27
Scalability (wrt new flows) Each new flow needs controller interaction Thousands of new flow per rack, and for 1000 racks! Can this be done for 40 port/10gbs switches? Some evidence that it can... Peak of traffic coincides with peak of OpenFlow activity Double impact on physical resources 11/22/2014 28
Juniper MXseries NEC IP8800 WiMax (NEC) HP Procurve 5400 Cisco Catalyst 6k Quanta LB4G More coming soon...
http://trema.github.com/trema/ http://code.google.com/p/maestro-platform/ http://noxrepo.org http://beaconcontroller.net/ http://snacsource.org/about/ 11/22/2014 30
http://www.bigswitch.com/ Controller innovation http://www.nicira.com/ http://www.necam.com/pflow/ http://www.pica8.com/ Low cost, openflow whitebox switches http://xflowresearch.com/ 11/22/2014 31
The value proposition of OpenFlow is that it reduces the friction of implementing network changes for many organizations. Greg Ferro 11/22/2014 32
Questions? affan.syed@nu.edu.pk 11/22/2014 33