SDN/OenFlow Performance U!, Winterschool, Zurich www.oenflow.org Kurt Baumann kurt.baumann@switch.ch Zurich, 08. March 2013 Outline SDN to OenFlow OenFlow a valid technology! Basic Concet How it works GÉANT OenFlow Facility (GN3-JRA2T5) 2
SDN Software Defined Networking (SDN) is transforming networking architecture. In the SDN architecture: Control and data lanes are decouled. Network intelligence and state are logically centralized. The underlying network infrastructure is abstracted from the alications. and OenFlow, is the first standardized interface designed secifically for SDN Source: ONS Whiteaer: Software-Defined Networking The new Norm for Networks, 13. Aril 2012! OenFlow Basic Concet and how it works Source: OenFlow tutorial, ONS, Santa Clara Marriot, Aril 16, 2012
OenFlow in a Nutshell OenFlow is created and hosted at the University of Stanford in 2008 for evangelizing and suorting the OenFlow Community What it is: An oen standardized interface aroaching SDN architectures L2 communication rotocol - gives access to the forwarding lan of a network switch, router. (www.oenflow.org) Motivation: The imrovement of research and innovation in networking, To encourage networking vendors to imlement OenFlow to their switching roducts. Basic Idea: OenFlow, is based on an Ethernet switch with an internal-flow table and a standardized interface to add and remove flow entries. Delivering a shared data & forwarding lane and a sliced, user-managed control lane at L2. Regulation of the SDN (OenFlow) Standards: Oen Network Forum (ONF) (www.oennetworking.org) The Network Industry today Rou*ng,'management,'mobility'management,'' access'control,'vpns,' ' Feature Feature' Oerating Million of lines of source code 5400 RFCs Barrier to entry Secialized Packet Billions of gates Comlex Power Hungry
OenFlow Controller OenFlow'Protocol'(SSL/TCP)' Control Path OenFlow Data Path () OenFlow Basics: Entities / Functionalities 8
OenFlow!Basics!! Flow!Table!Entries!OF!v1.1! Rule' Ac*on' Stats' < Match Action > Packet'+'byte'counters' 1. Forward'acket'to'orts'' 2. Encasulate'and'forward'to'controller' 3. Dro'acket'' 4. Send'to'normal'rocessing'ielene' 5. Any'extensions'you'add!' Switch' Port' VLAN' ID' VLAN' c' MAC' src' MAC' dst' Eth' tye' Src' Dst' ToS' Prot' L4' sort' L4' dort' +'mask'what'fields'to'match' Packet!Flow!! Packet IN Start at Table 0 YES Match in table n? YES Udate Counters, Executive Instructions: - Udate action set - Udate acket/ match set fields Go table n? NO NO Based on table configuration, do one: - Send to the controller - Dro it - Continue to the next table Execute action set.
OenFlow!!Rule!Examles!(1)!! Switching' Switch' MAC' Port' src' MAC' dst' Eth' tye' VLAN' ID' Src' Dst' Prot' sort' dort' Ac*on' *' *' 00:1f:..' *' *' *' *' *' *' *' ort6' Flow'Switching' Switch' MAC' Port' src' MAC' dst' Eth' tye' VLAN' ID' Src' Dst' Prot' sort' dort' Ac*on' ort3' 00:20..' 00:1f..'0800' vlan1' 1.2.3.4' 5.6.7.8' 4' 17264' 80' ort6' Firewall' Switch' MAC' Port' src' MAC' dst' Eth' tye' VLAN' ID' Src' Dst' Prot' sort' dort' Ac*on' *' *' *' *' *' *' *' *' *' 22' dro' 11 OenFlow!!Rule!!Examles!(2)! Rou*ng' Switch' MAC' Port' src' MAC' dst' Eth' tye' VLAN' ID' Src' Dst' Prot' sort' dort' Ac*on' *' *' *' *' *' *' 5.6.7.8'*' *' *' ort6' VLAN'Switching' Switch' MAC' Port' src' *' MAC' dst' Eth' tye' VLAN' ID' Src' Dst' Prot' sort' *' 00:1f..' *' vlan1' *' *' *' *' *' dort' Ac*on' ort6,'' ort7,' ort9' Details see: OF Switching Secification htt://www.oenflow.org/documents/oenflow-sec-v1.1.0.df
OenFlow Imlementations Vendors Commercial -> NEC, HP, Pronto, Toroki, IBM, Pica8 Exerimental -> Junier, Cisco Software OF switches Stanford's software reference design (user-sace imlementation) Oen vswitch (user-sace and kernel module imlementation) NetFPGA-based switch (hybrid solution based on Stanford's ref. sw) OF controllers NOX Beacon Trema (modular framework for develoing OF controllers) Other NOX-based imlementations NEC Programmable Flow FlowVisor (Proxy Controller for slicing)! SDN/OenFlow Alication Source: OenFlow tutorial, ONS, Santa Clara Marriot, Aril 16, 2012 14 ICT Focus 2012
Today'we'have'' Closed'Boxes,'Fully'Distributed'Protocols' Closed' A A A Oerating Secialized Packet A A Oerating A A A Oerating A Secialized Packet A A Oerating A Secialized Packet A A A Secialized Packet Oerating Secialized Packet SoCware!Defined!Networking!aroach! to!oen!it! Al Al Al Global Control Plan or Network Oerating A A A Oerating Secialized Packet A A Oerating A A A Oerating A Secialized Packet A A Oerating A Secialized Packet A A A Secialized Packet Oerating Secialized Packet
The! SoCwareKdefined!Network!! 3.'Well`defined'oen'API' Al Al Al Global Control Plan or Network Oerating 2.'At'least'one'good'oera*ng'system' Extensible,'ossibly'oen`source' 1.'Oen'interface'to'hardware' Simle Packet Simle Packet Simle Packet Simle Packet Simle Packet Isolated' slices ' Many'versions'of'OS/Controller' A A A A A A A A NOS or Controller 1 NOS or Controller 2 NOS or Controller 3 NOS or Controller 4 Oen'interface'to'hardware' Virtualization or Slicing Layer Oen'interface'to'hardware' Simle Packet Simle Packet Simle Packet Simle Packet Simle Packet
FlowVisor!Creates!Virtual!Networks! OenPies' Slice'' OenRoads' Slice' PlugNServe' Load`balancer' OenFlow Switch OenFlow' Protocol' FlowVisor' OenFlow' Protocol' OenPies Policy OenFlow Switch OenFlow Switch Conclusion in Grahics R. Sherwood, et. al, Carving research slices out of your roduction networks with OenFlow, ACM SIGCOMM Comuter Communications Review, 40-1, 2010
The!SDN!Stack!!in!racNce! odrace' oflos' oenseer' Monitoring/' debugging'tools' ENVI'(GUI)' LAVI' n`cas*ng' ' Alica*ons' NOX' Beacon' Trema' Maestro' ' Controller' FlowVisor' Console' FlowVisor' Slicing' Sodware' Commercial'Switches' HP,'NEC,'Pronto,' Junier..'and' many'more'' Sodware'' Ref.'Switch' OenWRT' NetFPGA' PCEngine''' WiFi'AP' Broadcom'' Ref.'Switch' Oen'vSwitch' OenFlow' Switches' 21'! The Case of GÉANT TaaS Source: GÉANT JRA2T5 GÉANT OenFlow Facility Design, GN3-09-331/ Joint Research Worksho JRA1/JRA2T5 in Utrecht NL, and Vienna AT.
Imlementation over GÉANT (1) 23! Imlementation over GÉANT (2) Shared data and forwarding lane Sliced, usermanaged control lane! 24
Design Princiles 5 OenFlow PoPs interconnected with a full mesh of L2VPNs over GÉANT Co-located with GÉANT PoPs 2 general urose servers er PoP for: 1x Oen vswitch roviding OenFlow functionality 1x XEN hyervisor delivering user VMs and hosting services Using OenFlow v1.0 -> VLAN-based slicing Limited caabilities for non-vlan slicing for VLAN-based exerimentation Orchestration software: FP7 OFELIA Control Framework (OCF) Resource allocation and instantiation (er slice) Authentication/Authorization (AA) and olicy framework Web-based user interface for slice access and management Robustness, stability and scalability in terms of number of users, suort for concurrent exeriments and number of managed resources. Monitoring of slices and the OCF comonents themselves 25 Oerations Virtualization Monitoring Resiliency AAI Servers Data lane Management & Control Plane OVS Authorization schema Proxy Controller Controllers Controllers/ Proxy Controller OCF User VMs OCF Services OCF Integration with Directory Source: Layer 123, SDN& OenFlow Wolrd Congress, Darmstadt, Presentation Alication of SDN in Research Networks, Michael Enrico, Chief Technology Officer DANTE, Afrodite Sevasti,Chief Business Develoment Officer, GRNET, 24. October 2012, Darmstadt.
Use Cases Categories / Activities Using OenFlow as a traffic engineering mechanism, managing backbone caacity and aths, for instance MPTCP and Using OenFlow to deliver vanilla layer 2 slices researching on layer 2 (and above) and exerimentation on the actual data and control lane network technologies, for instance research on new rotocols or caabilities Current activities on the OF Facility: Contest Winner Imroving resiliency and throughut of transort networks with OenFlow and Multiath TCP Budaest University of Technology and Economics, MTA- BME Future Internet Research Grou, 22.03.2013 OenFlow and Performance Performance Tests: On Mocku@grnet Results: - 1 st Test OVS mac forwarding without OenFlow - 2 nd Test MAC forwarding functionality rovided by OenFlow controller - 3 rd Test OFV mac forwarding OF enabled & VLAN tagged frames.
References OenFlow www.oenflow.org OenFlow White aer: htt://www.oenflow.org/documents/oenflow-w-latest.df SDN(OenFlow) activities Internet 2 htt://www.internet2.edu/network/ose/ OFELIA: htt://www.f7-ofelia.eu/ GÉANT GN3, JRA2 Multidomain Network Service Research, T5 htts://intranet.geant.net/sites/research/jra2/ages/home.asx Standards of OenFlow: Oen Network Forum (ONF) htt://www.oennetworking.org SDNRG (IRTF) - htt://irtf.org/sdnrg JGN-X: RISE htt://www.jgn.nict.go.j Deloyment and Oeration of Wide-area Hybrid OenFlow Networks htt://hiroshi1.hongo.wide.ad.j/hiroshi/aers/2013/kanaumi_e96- b_1_108.df Thank you for your attention! Questions? 30