enabling innovation in campus networks
DESCRIPTION
Open flow Enabling Innovation in Campus NetworksTRANSCRIPT
OpenFlow : Enabling Innovation in Campus Networks
THALLAPAKA MAHENDRA REDDY
Email : [email protected]
1/17
Contents• Introduction• The Need For Programmable Network• Internet Closed for Innovations• OpenFlow
– Goals– Concepts– Architecture– Flow Table Structure– Controller
• Summary• Conclusion• Reference
2/17
Introduction
• It is based on an Ethernet switch, with an internal flow-table, and a standard-ized interface to add and remove flow entries.
• OpenFlow could serve as a useful cam-pus component in proposed large-scale testbeds like GENI.
The Need For Programmable Net-work
• Today, there is almost no practical way to experiment with new network protocols in sufficiently realistic setting to gain the confidence needed for their widespread deploy-ment.
• These programmable networks call for programmable switches and routers that can process packets for multiple isolated experimental networks simultaneously.
• Virtualized programmable networks could lower the barrier to entry for new ideas, increasing the rate of innovation in the network infrastructure.
OpenFlow is a specification that is an initial attempt to meet the goal
high-performance and low-cost imple-mentations.
Capable of supporting a broad range of research.
Assured to isolate experimental traffic from production traffic.
Consistent with vendors’ need for closed platforms.
Innovations in Legacy Internet
• Experiments we’d like to do new– Mobility management– Network-wide energy management– New naming/addressing schemes– Network access control
• Problem with our network– Paths are fixed– IP-only– Addresses dictated by DNS, DHCP, etc– No means to add our own processing
6/17
Why Internet Closed for Innovations?
• Commercial Vendor won’t open software and hardware development environment– Complexity of support– Market protection and barrier to entry
• Hard to build my own– Prototypes are unstable– Software only : Too slow– Hardware/Software : Fanout too small
(need>100 ports for wiring closet)7/17
Experimenter’s Dream(Vendor’s Nightmare)
8/17
StandardNetwork
Processing
StandardNetwork
Processinghwsw Experimenter writes
experimental codeon switch/router
User-defined
Processing
User-defined
Processing
StandardNetwork
Processing
StandardNetwork
Processing
OpenFlow’s Goal
• Put an open platform– researchers/students to test new ideas at scale
through production networks– without requiring vendors to expose internal
workings• Bring Future Internet to legacy Internet• An open development environment for all re-
searchers(e.g. Linux, Verilog, etc)
9/17
OpenFlow Concept
10/17
Ethernet SwitchControl Path (Software)
Data Path (Hardware)
Control Path
Data Path (Hardware)
OpenFlow
OpenFlow Controller
OpenFlow Protocol (SSL/TCP)
Using OpenFlow
• If someone want to try their protocol in a net-work of OpenFlow Switches, without changing any end-host software.
The protocol will run in a controller; each time
a new application flow starts that protocol
picks a route through a series of OpenFlow
Switch,and adds a flow entry in each switch
along the path.
Using OpenFlow(2)
• If someone is testing a new protocol in a network used by lots of other people. It will have two additional properties:1. Packets belonging to users other than the researcher
should be routed using a standard and tested routing protocol running in the switch or router from a “name-brand” vendor.
2. the researcher should only be able to add flow entries for his traffic, or for any traffic his network administra-tor has allowed her to control.
Using Openflow(3)Example 1 : Network Management and access Control•an OpenFlow Switch can be thought of as a generalization of Ethane’s datapath switch. The controller checks a new flow against a set of rules , and associates packets with their senders by managing all the bindings between names and ad-dresses.Example 2: VLANs•The simplest approach is to statically declare a set of flows which specify the ports accessible by traffic on a given VLAN ID. Example 3: Mobile wireless VOIP•In the experiment VOIP clients establish a new connection over the OpenFlow-enabled network. A controller is imple-mented to track the location of clients, re-routing connections as users move through the network (by reprogramming the Flow Tables ), allowing seamless handoff from one access point to another.
Using OpenFlow(4)Example 4: A non-IP network•OpenFlow doesn’t require packets to be of any one format — so long as the Flow Table is able to match on the packet header. This would allow experiments using new naming, ad-dressing and routing schemes.Example 5: Processing packets rather than flows1.To force all of a flow’s packets to pass through a controller.2.To route them to a programmable switch that does packet processing
OpenFlow Network Architecture
15/17
Controller
OpenFlow Switch
FlowTableFlowTable
SecureChannelSecure
Channel
PCOpenFlow
Protocol
SSL
hw
sw
OpenFlow Switch specification
Operation Step
16/17
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
New func-tion!
If header = x, send to port 4If header =y, overwrite header with z,
send to ports 5,6If header = ?, send to me
FlowTa-ble
FlowTa-ble
FlowTa-ble
FlowTa-ble
Packet Processing
• OpenFlow SW’s Packet Processing– Search a matched entry of flow table with arriving
packet’s information
17/17
Packetin from
NetworkFlow lookup
Send to securechannel
Apply actions
No match
Match
Flow Table Structure
• Exploit flow table in switches, routers, and chipsets
18/17
Flow Table Entry
19/17
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
Rule Action Stats
1. Forward packet to port(s)2. Encapsulate and forward to controller3. Drop packet4. Send to normal processing pipeline
+ mask
Packet + byte counters
Flow Table Entry Examples(OpenFlow is Backward Compatible)
• Ethernet Switching
• IP Routing
• Application Firewall
20/17
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * 00:1F:. * * * * * * * port6
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * * * 5.6.7.8 * * * port6
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * * * * * * 22 drop
Flow Table Entry Examples(OpenFlow allows layers to be combined)
• Flow Switching
• VLAN + App
• Port + Ethernet + IP
21/17
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
port3 00:2E:.. 00:1F:. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * vlan1 * * * * 80 port6
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
port3 00:2E:.. * 0800 * * 5.6.7.8 4 * 22 drop
OpenFlow Controller
• Centralized Intelligential agency for entire OpenFlow network
• NOX is an open-source OpenFlow Controller• Researchers can insert their software code
into NOX controller for testing their idea
22/17
Nox Controller
OpenFlow SwitchOpenFlow Switch OpenFlow Switch
OpenFlow Hardware (Switches)
23/17
• NEC
• HP
• Pronto
Summary
• OpenFlow– Standard way to control flow-tables in commercial
switches and routers– Put an open platform– An open development environment for all re-
searcher– Test Environment for Future Internet Technologies
24/17
Conclusion
• We believe that OpenFlow is a prag-matic compromise that allows re-searchers to run experiments on het-erogeneous switches and routers in a uniform way, without the need for vendors to expose the internal work-ings of their products, or researchers to write vendor-specific control soft-ware.
Reference
1. N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, “OpenFlow: Enabling Innovation in Campus Networks,” ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, p. 6, 2008.
2. “OpenFlow Switch Specification, Version 1.0.0,” Decem-ber 2009.