SDN Testbeds and Experimentation Vasileios Kotronis (vkotroni@tik.ee.ethz.ch) 1
What you have seen till now What SDN is about (and how it came to be) Basic concepts, abstractions Architectural components (switch, controller/nos) SDN and Virtualization, Routing, Embeddings SDN perspectives from vendor (CISCO), ISP (Swisscom) Proposed applications in diverse fields (cloud, VoD, interdomain, mobility, telcos, etc.), pros and cons Ongoing research efforts What is missing from this picture? 2
Well, how about testing these ideas yourselves on a real network? 3
This presentation: SDN Testbeds and Experimentation PART 1 ~45 min The OFELIA Project and Testbed Federation Supporting OpenFlow/SDN Experiments OFELIA description, user workflows, etc. Part 2 ~10 min On Bringing Private Traffic into Public SDN Testbeds General directions for SDN testbed engineering PART 3 ~20-30 min Live demo of conducting a simple experiment on OFELIA Setup network, VMs, verify connectivity via OpenFlow substrate 4
PART 1 5
The OFELIA Project and Testbed Federation Supporting OpenFlow/SDN Experiments http://www.fp7-ofelia.eu/ Monday, 08 December 2014 ATCN 2014 6
What is OFELIA OpenFlow in Europe: Linking Infrastructure and Applications EU FP7-funded project Duration: 2010-2013 Project ended on 31/10/2013, facility remains Federated, distributed testbed that: enables clean-slate SDN experimentation hosts islands with diverse resource types is publicly available as best-effort service Main concepts: experiment on an SDN network control the network resources dynamically 7
Who is on board Academic institutes Industrial partners 8
What OFELIA offers Virtualized OpenFlow switches (v1.0): commercial solutions (NEC, HP switches) optical / copper ports wireless Access Points (OpenFlow firmware) NetFPGAs Virtual Machines (VMs, using XEN) used as end-hosts or controllers Linking infrastructure LANs, overlays, fibers, spectrum These resources are sliced: allow concurrent experiments minimize interference FlowVisor for network, XEN for end-hosts 9
Network Virtualization Applications on top of OFELIA Support for Content Centric Networks OpenFlow and Path Computation Elements OpenFlow-based Video on Demand OpenFlow in Brazil, Mobility & Multicast OpenFlow and Cloud Data Center management Monday, 08 December 2014 ATCN 2014 10
Projects that use OFELIA Software and Testbeds ALIEN Abstraction layer for extending programmable networks with heterogeneous equipment FELIX Allow users to build their own virtual slices using resources of remote Future Internet facilities GN3Plus The Geant R&E pan-european Testbed FIBRE EU and Brazil cooperation for experimental research into networks and distributed applications Fed4FIRE Focus on testbed federation procedures OFERTIE QoS for Real-Time Online Interactive Applications ALIEN: http://www.fp7-alien.eu/, FELIX: http://www.ict-felix.eu/, GN3Plus: https://www.grnet.gr/en/gn3plus, FIBRE: http://www.fibre-ict.eu/, Fed4FIRE: http://www.fed4fire.eu/, OFERTIE: http://www.ofertie.org/ Monday, 08 December 2014 ATCN 2014 11
New applications New EU testbeds Sep 2010 Sep 2013 : 3 years, 17 Partners First OpenFlow Testbed across Europe (10 federated islands) Oct 2012 Nov 2016 : 4 years, 17+ partners Provide a common federation framework for Future Internet Research and Experimentation facilities GN3plus : Apr 2013 Mar 2015 : 2 years, 41+ Partners GN3Plus : Extend/expand GEANT s network across EU 12
OFELIA Design Goals (I) Flexibility and programmability for SDN experiments minimize restrictions of pre-defined functionality make such functionality extensible Fidelity: islands/testbeds are real networks evaluate new ideas in parallel with production operation Ease of use tools and interfaces to ease resource management experimenter concentrates on the experiment (not the tool) Island independency/autonomy testbed facilities act as a federation or standalone islands each island managed by separate administrative entities does this requirement sound familiar? 13
OFELIA Design Goals (II) Resource isolation resources are sliced : OpenFlow switches, VM servers virtualization concurrent experiments over same substrate minimize interference between different experiments/slices Federation OFELIA supports integration/federation between its islands network slices can span multiple islands goal = large scale experimentation with resource heterogeneity Modularity multiple components communicating over well-defined interfaces quick, pluggable module integration and improvements Security user authentication, authorization and accountability 14
Important terms (I) OFELIA island acts as a single administrative domain offers its experimental network resources for tests OFELIA Control Framework (OCF) is the main control and management software supports users to conduct experiments Intra-federation inter-connect heterogeneous OFELIA islands use the homogeneous OCF offer a unified experimental facility to end-user (experimenter) ClearingHouse is a trust authority to verify user permissions and policies provides service and slice information 15
Important terms (II) Slice a set of reserved resources e.g., two ports of an OpenFlow switch and two VMs at ETHZ Resource Manager (RM) entity that manages resources and maintains resource states e.g., FlowVisor for Flow Spaces, XEN for VMs Aggregate a composition of resources e.g., the set of all switches and ports at the ETHZ island Aggregate Manager (AM) entity that manages Aggregates, other AMs or RMs authentication, delegation, policy management functions e.g., FOAM for FlowVisor, VT-Manager for XEN 16
And now the details 17
Rollout phases of such a testbed Communication Systems Group (CSG) Could we have built it in one go? Probably not Time=function(partner_num, purchase_times, SW_development, ) Phase 1: Setup (First year) OpenFlow switches, VM servers and OCF* in place First local experiments conducted Phase 2: Interconnection (Second year) Connect islands with each other (intra-federation) Extend experimentation to wireless and optics Phase 3: Customization (Third year) Automate resource assignment (OCF* evolution) Provide connection to external facilities (e.g., other testbeds) *OCF: OFELIA CONTROL FRAMEWORK 18
OFELIA testbeds: Slice isolation via FlowVisor FlowSpace slicing example OpenFlow OpenFlow OpenFlow Controller Controller Controller OpenFlow FlowVisor OpenFlow OpenFlow Firmware Policy Checks: Is a rule allowed? Rule prioritization Who controls the packets? Packet Data Path (More dimensions: ingress ports, VLANs, etc.) Switch/Router Slide borrowed from Rob Sherwood 19
Island Example: The ETHZ OFELIA testbed INTERNET Does this setup seem familiar? VM servers, edge/core switches * Extensions: -Privacy and Availability Layer -Gateways to other resources (e.g., GpENI, public Internet) 20
Core Software: OFELIA Control Framework (OCF) Set of SW tools for testbed management The OCF controls: Experimentation life-cycle Reservation / Instantiation / Deletion of resources Configuration of slices Monitoring of experiments OCF features: Full S/W stack: frontend, clearinghouse and resource AMs Support for OpenFlow resources and VMs (XEN) Extendable to more resource types Slice orchestration 21
OCF software stack (single island) Communication Systems Group (CSG) (Expedient UI*) (Expedient CH) (OpenFlow AM, VM AM) (FlowVisor, XEN) *(Plug-ins are resource /functionality specific) (Switches, VMs, other ) 22
Example of an OpenFlow Aggregate Manager: FOAM 23
Putting it all together with plug-ins Communication Systems Group (CSG) *AMsoil: light-weight SW framework for creating AMs for testbeds 24
THE (INTRA-/INTER-)FEDERATION CONCEPT 25
Intra-Federation: high level architecture Common Control framework (OCF) Common UI (Expedient) Well-defined interfaces (GENI) Create and run experiments across islands Communication Systems Group (CSG) INTERNET 26
SFA (Slice Federation Architecture) based on the GENI API : AM API calls v2 GetVersion (options) ListResources (credentials[], options) CreateSliver (slice_urn, credentials[], rspec, users[], options) DeleteSliver (slice_urn, credentials[], options) SliverStatus (slice_urn, credentials[], options) RenewSliver (slice_urn, credentials[], expiration_time, options) Shutdown (slice_urn, credentials[], options) *sliver: instantiation of a slice on the physical component(s) of the testbed 27
GENI API call arguments slice_urn: The URN (Unified Resource Name) of the slice rspec: matches the GENI standard request RSpec schema, containing the resources that the caller is requesting for allocation to the slice specified in slice_urn users[]: An array of user structs, which contain information about the users of the slice credentials[]: An array of credentials granting the caller privileges to perform this operation (e.g., create slivers) options: A struct with particular semantics (AM-dependent) expiration_time: Time when the slice reservation will expire points to de-allocation of resources 28
Intra-Federation: abstracting away inter-island links 29
Intra-Federation: user uses home-island as portal to access AMs/resources of the federation Communication Systems Group (CSG) *LDAP Lightweight Directory Access Protocol: share information about users, services, resources 30
Inter-Federation architecture (discussed) 31
Well, how do I use OFELIA? 32
Full User workflow Learn about OFELIA Register for an OFELIA account and acquire credentials Connect over VPN to OFELIA control network Login to home island Expedient UI Acquire project permissions from IM of home island Wait for OF resource allocation upon IMs permission Define OF resources, define OF controller, allocate VMs, start the slice Create an experimental slice within the project Add federated AMs to project Create a Project Run your slice controller, run VMs, run experiment Update the slice (optional) Collect results Stop the slice Slice expiration/del etion 33
You (Experimenter) User Access Cycle Expedient (UI) FOAM, FV, XEN, 34
Feel free to become a user! (it s free) 1) Register for an OFELIA account, get credentials 2) Set up an OpenVPN connection to the federation 3) Fire up UI and create an experimental project 4) Run your experiment(s) 5) Repeat (3) Communication Systems Group (CSG) Notes: This is a best-effort service! OFELIA home: http://www.fp7-ofelia.eu/ Check out our usage policy and manuals Contact us (helpdesk, mailing lists) 35
Information Sources Official OFELIA web-site: http://www.fp7-ofelia.eu/ OFELIA user manual and documentation wiki: https://alpha.fp7-ofelia.eu/doc/index.php/main_page Sample OFELIA tutorial: http://www.fp7-ofelia.eu/assets/uploads/ofelia-tutorial.pdf OFELIA Control Framework on GitHub: https://github.com/fp7-ofelia/ocf AMsoil (SW base for AMs): https://github.com/motine/amsoil GENI Glossary: http://groups.geni.net/geni/wiki/geniglossary GENI APIs (v2 presented in lecture for simplicity): http://groups.geni.net/geni/wiki/geniapi OFELIA whitepaper: SUÑÉ, Marc, et al. Design and Implementation of the OFELIA FP7 Facility: the European OpenFlow Testbed. Computer Networks, 2014, 61: 132-150. 36
Tutorial Videos How to set up slice and project: https://www.youtube.com/watch?v=ie2zvpviff8 How to configure experiment: https://www.youtube.com/watch?v=qzlr07aes-c FIBRE demo: using OFELIA Control Framework for multi-island experiment allocation: https://www.youtube.com/watch?v=dsq17cmx3hq 37
End of PART 1 Any Questions 38
PART 2 (see PAL pdf presentation) 39
General directions for SDN testbed engineering Network Virtualization/Isolation as a basic primitive FlowVisor, OpenVirtex, beyond VLANs Heterogeneous resources (optical, copper, wireless, etc.) Inter-federation between different testbeds Physical connectivity (data plane) Control plane interoperability Standardized inter-testbed APIs (GENI initiative) Scale-out experimental resources Running new protocols at large scales Dynamically request more resources to use Bringing real user-traffic to the testbed still open Privacy and availability concerns Policy compliance, user policy language Monday, 08 December 2014 ATCN 2014 40
End of PART 2 Any Questions 41
PART 3 42
How to register/login Demo (~30 min) How the Expedient UI looks like Experimental project management Experimental slice management Connection to VMs Run some pings 43
End of PART 3 Any Questions 44