networking technologies for cloud computing ustc-iny5316 instructor: chi zhang fall 2014 welcome to

Networking Technologiesfor Cloud Computing

USTC-INY5316Instructor: Chi Zhang

Fall 2014

Welcome to

Today’s agenda

• Introduction

• OpenFlow

• SDN applications

• SDN ecosystem and SDN standardization

• SDN development tools and business ramifications

• Future research directions

2

OpenFlow• Introduction of OpenFlow• Flow abstraction• OpenFlow separation• OpenFlow match process• Secure channel• Messages between controller and switch• OpenFlow additions

– Multiple table and Group table– Extensional match support and multiple controllers– More Flexible Table-Miss Support, per-flow meters and

auxiliary connections3

Where does OpenFlow fit in?

• The X86 instruction set of SDN

5

Flow abstraction

7

End – to – End Flow

L4: TCP src/dst port L3: IP src/dst addr, IP protoL2.5: L2:

Flow Identifiers

CommonDestFlow

L4: L3: IP dst prefix for ChinaL2.5: L2:

Flow abstraction

8

• Classification of packets that have a logical association• Action & Maintaining Flow State• Flow based Accounting & Resource Management

What is a Flow? L4: L3: IP src prefix L2.5: L2:

Flow Identifiers

Common Src Flow

L4: TCP dst port 80 L3: IP protoL2.5: L2: MAC src

Web traffic from a Handset

L4: L3:L2.5: MPLS Label ID L2:

All packets between 2 routers

Traditional router architecture

10

• Control plane• Forwarding plane• Management plane

Traditional switch component

11

OpenFlow separation

12Drop

Flow matching process

14

OpenFlow 1.0 flow table

15

ClassifierClassifier ActionAction

Modify Field

Enqueue

ForwardNORMAL

FLOOD

Virtual Port

Physical PortPhysical Port

ForwardForward

Mandatory ActionMandatory Action

Optional ActionOptional Action

CountersCounters

ClassifierClassifier ActionAction CountersCounters



…

Flow TableOF1.0 style

Ingress

Port

Ingress

Port

EthernetEthernet

SASA DADA TypeType

IPIP

SASA DADA ProtoProto

TCP/UDPTCP/UDP

SrcSrc

VLANVLAN

IDID PriorityPriority TOSTOS DstDst

Virtual Port

Virtual Port

ALLALL

CONTROLLERCONTROLLER

LOCALLOCAL

TABLETABLE

IN_PORTIN_PORT

Drop

Header Fields

Actions

Layer 2 to layer 4

16Modify Field

Enqueue

ForwardNORMAL

FLOOD

Virtual Port

Physical PortPhysical Port

ForwardForward

Mandatory ActionMandatory Action

Optional ActionOptional Action

Virtual Port

Virtual Port

ALLALL

CONTROLLERCONTROLLER

LOCALLOCAL

TABLETABLE

IN_PORTIN_PORT

Drop

ExamplesSwitching

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* 00:1f:.. * * * * * * * port6

Flow Switching

port3

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport

Action

00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6

Firewall

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* * * * * * * * 22 drop

17

ExamplesRouting

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* * * * * 5.6.7.8 * * * port6

VLAN Switching

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport

Action

* * vlan1 * * * * *

port6, port7,port9

00:1f..

18

Packet Forwarding

19

The Controller-Switch Secure Channel

• The path used for communications between the OpenFlow controller and the OpenFlow device

• In-band secure channel– Messages from the port of the data plane– Packets will be handled by the OpenFlow packet-

matching logic

• Out-of-band secure channel– Messages from the port which is not switched by the

data plane

21

Messaging Between Controller and Switch

• Message between controller and switch starts with the OpenFlow header(specifies the version number, the message type, the length of the message, and the transaction ID of the message).

• Message categories:– Symmetric: be sent by either controller or the switch– Async: be sent from the switch to the controller– Controller- switch: be sent from the controller to the

switch

23

Message Types

• Symmetric messages– HELLO: be exchanged after the secure channel has

been established to determine the highest OpenFlow version number supported by the peers.

– ECHO: ascertain that the connection is still alive and to measure the current latency or bandwidth of the connection

– VENDOR: available for vendor-specific experimentation or enhancements

24

Message Types

• Async messages– PACKET_IN: The switch passes data packets back to

the controller for exception handling.– FLOW_REMOVED: The switch can inform the

controller that a flow entry is removed from the flow table.

– PORT_STATUS: Be used to communicate changes in port status.

– ERROR: Notify the controller of problems

25

Message Types

• Controller-switch (five subcategories)– Switch configuration:

• SET_CONFIG: set configuration parameters in the switch

• FEATURES: ask the switch about which features it supports

• GET_CONFIG: retrieve a switch’s configuration settings

26

Message Types– Command from controller

• PACKET_OUT: send data packets to the switch for forwarding out through the data plane

• FLOW_MOD: modify existing flow entries in the switch

• PORT_MOD: modify the status of an OpenFlow port– Statics

• STATS: be used to obtain the statistics from the switch

– Barrier:• BARRIER: be used by the controller to ensure that

a particular OpenFlow command from the controller has finished executing on the switch

27

Message Types

– Queue configuration• QUEUE_GET_CONFIG: the controller learns from

the switch how a given queue is configured.

• Note:– In the event that the HELLO protocol detects a loss of

the connection between controller and switch, the switch should enter emergency mode and reset the TCP connection. At this time all flows are to be deleted except special flows that are marked as being part of the emergency flow cache.

28

Ports and Port Queues(v1.0)

29

OpenFlow support for multiple queues per port.

These queues are generallyserved by scheduling algorithms that allow the provisioning of different quality of service (QoS) levels for different types of packets.


– 1.1 Multiple table and Group table– 1.2 Extensional match support and multiple controllers– 1.3 More Flexible Table-Miss Support 、 per-flow

meters and auxiliary connections30

OpenFlow versions status

31

OpenFlow configuration protocol evolution

32

Multiple flow tables

34

Multiple flow tables

35

Group Table

36

• A richer extension to the FLOOD option• Consists of group entries, each entry consisting

of one or more action buckets.• Provide a more efficient way of handling the

routing change• Kind of action buckets: ALL 、 Select 、 Indirect

、 fast failover

Group table

37

Packet processing procedure

38

Controller Connection Failure

• Fail secure mode– The switch continues to operate as a normal V.1.1

switch except that all messages destined for the controller are dropped.

• Fail standalone mode– The switch additionally ceases its OpenFlow pipeline

processing and continues to operate in its native, underlying switch or router mode.

• The controller may choose to delete existing flow entries and begin to configure the switch anew.

39

EX1: Forwarding with Multiple Flow Tables

40

EX2:Multicast Using V.1.1 Groups

41


– Multiple table and Group table– Extensional match support and multiple controllers– More Flexible Table-Miss Support 、 per-flow meters

and auxiliary connections42

OpenFlow 1.2 Additions

43

Extensible Match Support

• Sufficient richness in the packet-matching descriptors that the controller can encode the desired logic in the rules themselves.

• Expands the possibilities for match fields by allowing for multiple match classes.

• OpenFlow Extensible Match(OXM) descriptors• Type-length-value(TLV)pairs can describe or

define any of the header fields an OF switch would need to use for matching.

44

Multiple Controllers

• Switch may be configured to maintain simultaneous connections to multiple controllers.

• A controller may be one of three different roles relative to a switch:– Equal (allow the controller the full ability to program the

switch)– Slave (only request data from the switch but make no

modifications)– Master(only one switch could be in a master mode and

all others be in slave mode)

45


– Multiple table and Group table– Extensional match support and multiple controllers– More flexible Table-Miss support, per-flow meters and


OpenFlow 1.3 Additions(milestone)

47

More Flexible Table-Miss Support

• Program a table-miss flow entry into a switch• Table-miss flow is the lowest priority• The last flow entry that can be matched in the

table

48

Per-Flow Meters(计量表）

49

v.1.3 instructions may direct packets to a meter identified by its meter ID.

Rate-limited meters

The type determines the action to take when that meter band is processed.

When a packet is processed by a meter, at most one band is used.

This band is selected based on the highest bandwidth rate band that is lower than the current measured bandwidth.

Duel level of counters

Auxiliary Connections• V.1.3 allows multiple connections per

communications channel.• Lies in achieving greater overall throughput

between the switch and the controller.• The first connection in the channel is specified to

be a TCP connection.UDP may be used for the secondary connections.

• Auxiliary connections can transmit packets in some special situations.

50

EX ： Enforcing QoS via Meter Bands

51

THANK YOU !

• Presenter: 王正琦• E-mail: [email protected]

• If you have any suggestions or questions about OpenFlow, welcome to contact with me.

52

mailto:[email protected]

networking technologies for cloud computing ustc-iny5316 instructor: chi zhang fall 2014 welcome to

Documents

flow state flow

flow meters

flow matching process

end flow l4

flexible tablemiss support

drop slide

multiple controllers

ip proto l2