Software Defined Networking - Yinzhi Cao

Software Defined Networking

Presenter: Yinzhi CaoLehigh University

CSE343/443 Lehigh University Fall 2015

AcknowledgementMany materials are borrowed from the following links:https://www.cs.duke.edu/courses/spring13/compsci514/lectures/SDN.pptxhttps://www.cs.princeton.edu/courses/archive/spring12/cos461/docs/lec24-sdn.ppthttp://www.cs.northwestern.edu/~ychen/classes/cs450-w15/lectures/openflow.pptxhttps://www.clear.rice.edu/comp529/www/papers/tutorial_4.pdfhttp://flowgrammable.org/sdn/openflow/

RoadmapIntroduction and MotivationOpenflow

8/23/15 Instructor: Dr M. Chuah CSE343/443 4

Computer Network

Network1

Network2

Host

LAN

Router

Host

Router Router

RouterRouter

Host HostHost Host

Host Host

HostHost

A closer look at network structure:network edge:n hosts: clients and serversn servers often in data centers

• access networks, physical media:• wired, wireless

communication links

• network core: § interconnected routers§ network of networks

mobile network

global ISP

regional ISP

home network

institutionalnetwork

1-5

Traditional Computer Networks

Data plane:Packet streaming

Forward, filter, buffer, mark, rate-limit, and measure packets

Inside a Router

Routing Engine

Packet Forwarding Fabric

Input Ports Output Ports


Track topology changes, compute routes, install forwarding rules

Control plane:Distributed algorithms


Collect measurements and configure the equipment

Management plane:Human time scale

Death to the Control Plane!Simpler managementn No need to “invert” control-plane operationsFaster pace of innovationn Less dependence on vendors and standardsEasier interoperabilityn Compatibility only in “wire” protocolsSimpler, cheaper equipmentn Minimal software

Software Defined Networking (SDN)

API to the data plane(e.g., OpenFlow)

Logically-centralized control

Switches

Smart,slow

Dumb,fast

Separate Control-plane from Data-plane

Routing Engine

Packet Forwarding Fabric

Input Ports Output Ports

Switch

Controller

Network Protocol over SSL

OpenFlow Switch Model Controller

OpenFlow Switch

FlowTable

SecureChannel

PC

hw

sw

OpenFlow Switch specification

Sub-roadmap(1) FlowTable(2) Secure Channel (OpenFlow Protocol)(3) Controller

Flow Table Entry

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport

Matcher Action Counters

1. Forward packet to port(s)2. Encapsulate and forward to controller3. Drop packet4. Rewrite headers5. Map to queue

+ mask

Packet + byte counters

Package Matching

Package Matching Cont’d

Package Matching Cont’dEach flow entry contains a set of instructions that are executed when a packet matches the entryInstructions contain either a set of actions to add to the action set, contains a list of actions to apply immediately to the packet, or modifies pipeline processing.An Action set is associated with each packet. Its empty by defaultAction set is carried between flow tables A flow entry modifies action set using Write-Action or Clear-Action instruction Processing stops when the instruction does not contain Goto-Table and the actions in the set are executed.

List of Instructions to modify action setApply Actions n Apply the specified actions immediately n Clear Actions n Clear all the actions in the set immediately Write n Merge the specified actions to the current set n Write Metadata n Write the meta data field with the specified value Goto-Table n Indicated the next table in the processing pipeline

List of ActionsRequired Actions n Output – Forward a packet to the specified port n Dropn Group Optional Actions n Set-Queue n Push/Pop Tag n Set-Field

Secure ChannelSSL Connection, site-specific keyController discovery protocolEncapsulate packets for controllerSend link/port state to controller

OpenFlow Protocol

OpenFlow Protocol Cont’dConnectionn Hello, Echo, Feature, Config…Read-Staten Statistics, Port-status, ErrorModify-Staten Flow, Group, ConfigPacket-in/Packet-out

OpenFlow Protocol Cont’dController-to-Switch - initiated by the controller and used to directly manage or inspect the state of the switch n Features, Config, Modify State, Read-State, Packet-Out, Barrier

Asynchronous - Asynchronous messages are sent without the controller soliciting them from a switch n Packet-in, Flow Removed / Expiration, Portstatus, ErrorSymmetric - Symmetric messages are sent without solicitation, in either direction n Hello, Echo, Experimenter / Vendor

State Machine – Controller

State Machine – Switch

Controller and Switch Communication

Reactive vs. Proactive (pre-populated)

Reactive Flow-Push

Proactive Flow-Push

Key Task of OF Controller

OpenFlow protocol is largely deltas:n Switch-to-Controller: changes of network staten Controller-to-Switch: changes of configurationIt is a natural way to write control logic

Architectural View: Network OS

OF Controller

Operating System

App AppApp App

Switch Switch Switch

Controller PlatformsOpen Sourcen OpenDaylightn NOX/POXn Floodlightn RyuProprietaryn BigSwitchn HPn NECn …

Network Virtualization

Slicing

Slicing Cont’dDefinition of a slice n Slice is a set of flows (called flowspace) running on a topology of switches.

Given a packet header, can decide which flowspace contains it, and hence which slice (or slices) it belongs to 5 Primary Slicing Dimensionsn Bandwidthn Topologyn Trafficn Device CPUn Forwarding TablesDesigned with the following goals n Transparency • Isolation • Slice Definition

An ExampleImagine a multi tenant datacenter which has multiple customers each having their applications deployed in the data center servers. Say the customers wants to run their own proprietary switching logic (Control Plane Protocols) for their respective traffic. n With the existing network architecture there is no way to address this requirement.

n FlowVisor solves this problem by slicing the networks based on some of the attributes either in the packet or based on the interface configs in the OpenFlow switches.

An Example Cont’d

Software Defined Networking - Yinzhi Cao

Documents

Transcript of Software Defined Networking - Yinzhi Cao