COMPSCI 314: SDN: Software Defined Networking Nevil Brownlee n.brownlee@auckland.ac.nz Lecture 23
Current approach to building a network Buy 802.3 (Ethernet) switches, connect hosts to them using UTP cabling Make tree of switches, using higherspeed switches closer to root of tree Buy firewall and router, use them to connect root switch to Internet 2
Current approach (2) Switches maintain tables of MAC addresses for reachable hosts per port Routers maintain tables of address blocks reachable per port Routers have a data plane switching hardware that forwards packets and a control plane applications that maintain the routing/switching tables 3
Routers and switches are proprietary devices Switches implement 802.3, Spanning Tree, 802.11q, etc Routers implement routing protocols such as R, OSPF, BGP4 Implementations a proprietary, i.e. closed-source Need a new protocol for anything new, that raises deployment issues 4
Current network example Closed 5
Network maintenance issues Large networks of switches and routers are hard to maintain Web interface only works for a few hosts, e.g. home networks Several 'network management' systems/protocols exist, e.g. SNMP (Simple Network Management Protocol) every managed device runs an SNMP server objects to be managed are addressed via an OID (seqence of dotseparated integers) manager application querys devices by making SNMP requests, and maintaining a database from their SNMP responses Netconf is emerging as a new standard way to configure and manage devices and networks 6
Towards an open network Network 7
The 'software-defined' network 2. At least one good operating system Extensible, possibly open-source 3. Well-defined open API Network 1. Open interface to hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware 8
An SDN approach: OpenFlow Seminal paper: OpenFlow: Enabling Innovation in Campus Networks. March 14, 2008. Nick McKeown, Tom Anderson, Hari Balakrishnan et al (8 authors) Flows sets of packets with common properties e.g. source/destination addresses and ports OpenFlow switches use a table of flows 9
Transition Ethernet Switch Ethernet Switch 10
Transition (2) Control Path (Software) Data Path (Hardware) 11
Transition (3) OpenFlow Controller OpenFlow Protocol (SSL/) Control Path OpenFlow Data Path (Hardware) 12
OpenFlow example Software Layer Controller PC OpenFlow Client Flow Table Hardware Layer MAC src MAC dst Src Dst Action sport dport 5.6.7.8 port 1 5.6.7.8 port 2 port 3 port 1 port 4 1.2.3.4 13
OpenFlow basics Rule Action Stats Packet + byte counters 1. Forward packet to zero or more ports 2. Encapsulate and forward to controller 3. Send to normal processing pipeline 4. Modify Fields 5. Any extensions you add! Switch VLAN Port ID VLAN MAC pcp src MAC dst Eth type Src Dst ToS Prot L4 sport L4 dport + mask what fields to match 14
Flow table usage examples Switching Switch MAC Port src MAC dst Eth type VLAN ID Src Dst Prot sport dport Eth type VLAN ID Src Dst Prot sport dport 00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 Eth type VLAN ID Src Dst Prot sport dport 22 00:1f:.. Action port6 Flow Switching Switch MAC Port src port3 MAC dst 4 Action 17264 80 port6 Firewall Switch MAC Port src MAC dst Action drop 15
Flow table usage examples (2) Routing Switch MAC Port src MAC dst Eth type VLAN ID Src Dst Eth type VLAN ID Src Prot sport dport 5.6.7.8 Dst sport dport Action port6 VLAN Switching Switch MAC Port src MAC dst 00:1f.. vlan1 Prot Action port6, port7, port9 16
How OpenFlow works A packet reaches an OpenFlow switch, the switch tests whether the packet is part of an existing flow If it is, the switch just forwards it If not, the switch sends the packet to its controller The controller determines a path to the packet's destination, creates a flow table entry for it, and updates the switch tables 17
SDN issues So now the OpenFlow controller is a single point of failure? Well, yes so we need several controllers with the ability to co-operate Can we do more than simple switching? Yes! There's a lot of interest in SDN in New Zealand, for example the WAND group have implemented a BGP router in their controller in Wellington VUW also have a strong SDN group 18
Masters scholarship opportunities Victoria University of Wellington have some scholarship opportunities for Masters projects on software defined networking topics, more information here: http://sdnvuw.blogspot.co.nz/2015/08/ scholarships-available-to-work-on.html 19