jon matias, borja tornero, alaitz mendiola, nerea toledo ... 2012/2_3... · jon matias, borja...
TRANSCRIPT
![Page 1: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/1.jpg)
Implementing Layer 2 Network Virtualization using OpenFlow: Challenges and Solutions
Jon Matias, Borja Tornero, Alaitz Mendiola,Nerea Toledo, Eduardo Jacob
University of the Basque Country (UPV/EHU)
European Workshop on Software Defined Networks (EWSDN 2012)
![Page 2: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/2.jpg)
IntroductionResearch topics: Experimental facilities Neutral Access Networks (NaaS)
Network resources shared by researchers/operators
Network virtualization (Network slice) Characteristics
Scalability, flexibility, isolation and easy of management Requirements:
Support for VLAN at experiment, non‐IP approach, transparent
Solutions Traditional: VLAN (?), MAC address lists Proposal: L2PNV
1
![Page 3: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/3.jpg)
L2PNVDefinition Layer 2 prefix based network virtualization Network slices identified by L2 prefix
Objectives Easy to manage Easy to configure Easy to enforce isolaton Easy to avoid collisions Easy to remember
Implementation OpenFlow
Software Defined Networking to support new proposals FlowVisor
Virtualize the network and delegate control plane Slice isolation enforcement
2
![Page 4: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/4.jpg)
General conceptSlice identified by a L2 prefix
3
DESTINATION MAC ADDRESS SOURCE MAC ADDRESS
SLICE 1: 02:00:X:X:X:X/16
SLICE 2: 06:00:X:X:X:X/16
A:*
B:*
![Page 5: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/5.jpg)
General view
4
VM1
SLICE MGMT Tool
02:00:X:X:X:X/16
06:00:X:X:X:X/16
02:00:00:00:00:01/16
02:00:00:00:00:02/16
06:00:00:00:00:01/16
VM2
06:00:00:00:00:02/16
SLICE 1 A:*
SLICE 2 B:*
A:1
A:2
B:1
B:2
![Page 6: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/6.jpg)
MAC Address ConfigurationTypes of users End Host
Manual: change MAC address or new Tap device Automated: MAC Address Configuration Protocol (MACP)
VM at Virtualization Software Some isolation limitations due to virtual switch Tested systems
VMware (OUI): change at VM, promisc mode Xen: configuration file VirtualBox: VM configuration
5
![Page 7: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/7.jpg)
What happens when…ARP DST MAC: broadcast (FF:FF:FF:FF:FF:FF)
DHCP DST MAC: broadcast (FF:FF:FF:FF:FF:FF)
EAPoL DST MAC: multicast (01:80:C2:00:00:03)
LLDP DST MAC: multicast (01:80:C2:00:00:0E)
…
6
PROBLEM: MAC Destination
![Page 8: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/8.jpg)
Slice definition in detail
0 8 16 24 32 40 48
U/L = 0 GLOBALLY ADMINISTERED ADDRESSU/L = 1 LOCALLY ADMINISTERED ADDRESS
I/G = 0 INDIVIDUAL ADDRESSI/G = 1 GROUP ADDRESS
MAC PREFIX
7
![Page 9: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/9.jpg)
Slice definition in detail
…01 …00
…11 …10
GLO
BALLY
LOCA
LLY
GROUP INDIVIDUALI/GU/L
01234567
MAC ADDRESS SPACE
0 8 16 24 32 40 48
8
![Page 10: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/10.jpg)
Problem in detail
Slice 1 A:1 ‐> 01:80:C2:00:00:03 Slice 1 A:1 ‐> FF:FF:FF:FF:FF:FF
9
…01 …00
…11 …10
GLO
BALLY
LOCA
LLY
GROUP INDIVIDUAL
…01 …00
…11 …10
GLO
BALLY
LOCA
LLY
INDIVIDUAL
DESTINATION MAC ADDRESS SOURCE MAC ADDRESS
GROUP
SLICE 1: 02:00:X:X:X:X/16 A:*
SLICE 2: 06:00:X:X:X:X/16 B:*
…01
FF:FF:FF:FF:FF:FF
![Page 11: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/11.jpg)
Implementation Architecture
10
SLICE MGMT Tool
OPENFLOW PROTOCOL
OPENFLOW CONTROLLER
OPENFLOW CONTROLLER
RESEARCHERRESEARCHER
ADMINISTRATOR
L2PNV‐FlowVisor
SLICE B ‐ CONTROL SLICE A ‐ CONTROL
![Page 12: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/12.jpg)
11
VIRTUAL SWITCH
VM 1 VM 2
A:1 -> A:2
A:1
B:1
A:2 B:2
B:1 -> B:2
A:1 -> A:2
B:1 -> B:2
A:1 -> A:2
A:1 -> A:2
B:1 -> B:2
B:1 -> B:2
OPENFLOW CONTROLLER
OPENFLOW CONTROLLER
L2PNV‐FlowVisor
![Page 13: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/13.jpg)
L2PNV‐FlowVisorModified FlowVisor Matching & configuration interface OFv1.0
MAC subnetting not supported (until v1.1) Limitation: MAC wildcard not supported Full control plane isolation support
Slice definition MAC Address / prefix
12
![Page 14: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/14.jpg)
L2PN
V‐Flow
Visor DESTINATION MAC ADDRESS
BROADCASTFF:FF:FF:FF:FF:FFSRC/P == DST/P
L2PNV‐FlowVisor Matching
13
SOURCE MAC ADDRESS
OPENFLOW PROTOCOL
SLICE B ‐ CONTROL SLICE A ‐ CONTROL
A:* B:* X:* Z:*
MULTICAST 101:80:C2:00:00:03
MULTICAST 2…01:X:X:X:X:X
ADMINISTRATOR
RESEARCHER
![Page 15: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/15.jpg)
EHU‐OpenFlow Enabled Facility
14
![Page 16: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/16.jpg)
EHU‐OEF Slices
15
![Page 17: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/17.jpg)
Conclusions (I)EHU – OpenFlow Enabled Facility Production traffic
Non technical users: no extra configuration Research traffic
Network Researchers: MAC address configuration
Network Virtualization at L2 based on MAC prefixes: L2PNV No encapsulation: data plane transparent from source to
destination Support for:
VLAN: complete VLAN space available at the experiments Non‐IP experiments
16
![Page 18: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/18.jpg)
Conclusions (II)L2PNV‐FlowVisor Matching: MAC subnetting enabled Slice configuration interface: MAC/Prefix Admin configuration interface: Broadcast/Multicast
Developed modules AuthN/AuthZ, ARP, PFD, MACP, Modified Pyswitch
Easy to identify, manage and configure network slices
17
![Page 19: Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo ... 2012/2_3... · Jon Matias, Borja Tornero, Alaitz Mendiola, Nerea Toledo, Eduardo Jacob University of the Basque Country](https://reader030.vdocuments.site/reader030/viewer/2022020205/5ba4e7db09d3f2ee718bed40/html5/thumbnails/19.jpg)
Implementing Layer 2 Network Virtualization using OpenFlow: Challenges and Solutions
Jon Matias, Borja Tornero, Alaitz Mendiola,Nerea Toledo, Eduardo Jacob
University of the Basque Country (UPV/EHU)
European Workshop on Software Defined Networks (EWSDN 2012)