1 Herbert Etlinger Acronet Introduction To SDN and OpenFlow mTEH2014

www.cubro.
net
Tapping, Aggregation and Filtering
Software Defined Networks & Open Flow
Herbert Etlinger Cubro Acronet GesmbH Vienna, Austria
Bringing simplicity to todays and tomorrows communication networks
www.cubro.net
Agenda
Networks Today Software Defined Networks OpenFlow Live/Remote Demo
www.cubro.net
The Internet: A Remarkable Story

Tremendous success
From research experiment to global infrastructure
Brilliance of under-specifying
Network: best-effort packet delivery Hosts: arbitrary applications
Enables innovation in applications

Web, P2P, VoIP, social networks, virtual worlds
But, change is easy only at the edge

www.cubro.net
Inside the Net: A Different Story

Closed equipment
Software bundled with hardware Vendor-specific interfaces
Over specified
Slow protocol standardization
Few people can innovate

Equipment vendors write the code Long delays to introduce new features
Impacts performance, security, reliability, cost

www.cubro.net
Networks are Hard to Manage

Operating a network is expensive
More than half the cost of a network Yet, operator error causes most outages
Buggy software in the equipment

Routers with 20+ million lines of code Cascading failures, vulnerabilities, etc.
www.cubro.net
We lost our way

Routing, management, mobility management, access control, VPNs,
App App Operating System App
Million of lines of source code
5400 RFCs
Specialized Packet Forwarding Hardware
500M gates 10Gbytes RAM
Many complex functions baked into the infrastructure
OSPF, BGP, multicast, differentiated services, Traffic Engineering, NAT, firewalls, MPLS, redundant layers,
Too complex
www.cubro.net
IPSec Firewall
Software Control
OSPF-TE HELLO HELLO
Router
RSVP-TE
HELLO
Hardware Datapath
www.cubro.net
How other industries do it?
www.cubro.net
Making ASICs Work

Specification
Functional Description (RTL) Functional Verification Logical Synthesis Static Timing Place & Route Design Rule Checking (DRC) Layout vs Schematic (LVS) Layout Parasitic Extraction (LPE) Manufacture & Validate Testbench & Vectors
100s of Books >10,000 Papers 10s of Classes
www.cubro.net
Making Networks Work (Today)

traceroute, ping, tcpdump, SNMP, Netflow
. er, thats about it.
www.cubro.net
Networks are kept working by
Masters of Complexity
A handful of books Almost no papers No classes
YoYo
Youre On Your Own
www.cubro.net
Mainframes
App App App App App App App App App App App
Specialized Applications Specialized Operating System Specialized Hardware Windows (OS)
Open Interface or
Linux
or
Mac OS
Open Interface
Microprocessor
Vertically integrated Closed, proprietary Slow innovation Small industry
Horizontal Open interfaces Rapid innovation Huge industry

www.cubro.net
Routers/Switches
Specialized Features Specialized Control Plane Specialized Hardware
Vertically integrated Closed, proprietary Slow innovation
www.cubro.net
Classical network architecture

Distributed control plane Distributed routing protocols: OSPF, IS-IS, BGP, etc.
Feature
Feature
Operating System Specialized Packet Forwarding Hardware

Feature
Feature
Feature
Feature

Feature
Feature

Feature
Feature
www.cubro.net
From All-in-One to SDN

App App App
Network Operating System
Ap p
Ap p
Ap p

Ap p Ap p Ap p Ap p Ap p Ap p

Ap p Ap p Ap p

Ap p Ap p Ap p
The Software-defined Network

3. Well-defined open API
www.cubro.net
Feature
Feature Network OS
2. At least one Network OS probably many. Open- and closed-source
1. Open interface to packet forwarding OpenFlow Packet Forwarding
Packet Forwarding Packet Forwarding
Packet Forwarding
Packet Forwarding
16
www.cubro.net
Follows the Computer Industry
App App App App
App
App
Windows Windows Windows (OS) (OS) (OS)
Linux Linux Linux
Mac Mac Mac OS OS OS
Controller Controller NOX 11 (Network OS)
Controller Controller Network OS 22
Virtualization layer
x86 (Computer)
Virtualization or Slicing
OpenFlow
Computer Industry
Network Industry
www.cubro.net
Routers/Switches
App App App App App App App App App App App
Specialized Features Specialized Control Plane Specialized Hardware
Open Interface
Control Plane
or Plane
Control
or Plane
Control
Open Interface
Merchant Switching Chips
Vertically integrated Closed, proprietary Slow innovation
Horizontal Open interfaces Rapid innovation

www.cubro.net
Software Defined Networking (SDN)

Logically-centralized control Smart, slow
API to the data plane (e.g., OpenFlow)
Dumb, fast Switches
www.cubro.net
Openflow
The Software-defined Network

Feature Feature Network OS
OpenFlow Packet Forwarding
www.cubro.net
Packet Forwarding Packet Forwarding
Packet Forwarding
Packet Forwarding
21
www.cubro.net
Network OS
Network OS: distributed system that creates a consistent, up-to-date network view
Runs on servers (controllers) in the network
Uses an open protocol to:

Get state information from forwarding elements Give control directives to forwarding elements
www.cubro.net
OpenFlow
OpenFlow
is one element of SDN is a protocol for remotely controlling the forwarding table of a switch or router
Step 1: Separate Control from Datapath

Network OS
www.cubro.net
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
Step 2: Cache flow decisions in datapath

Network OS
www.cubro.net
If header = x, send to port 4 If header = y, overwrite header with z, send to ports 5,6 If header = ?, send to me FlowOpenFlow Switch Table
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
www.cubro.net
Data-Plane: Simple Packet Handling

Simple packet-handling rules
Pattern: match packet header bits Actions: drop, forward, modify, send to controller Priority: disambiguate overlapping patterns Counters: #bytes and #packets
1. src=1.2.*.*, dest=3.4.5.* drop 2. src = *.*.*.*, dest=3.4.*.* forward 3. src=10.1.2.3, dest=*.*.*.* send to controller
www.cubro.net
OpenFlow Basics
Flow Table Entries
Rule
Action
Stats Packet + byte counters
1. 2. 3. 4. 5.
Forward packet to port(s) Encapsulate and forward to controller Drop packet Send to normal processing pipeline Modify Fields
Switch VLAN Port ID
MAC src
MAC dst
Eth type
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
+ mask what fields to match

www.cubro.net
Examples
Switching
Switch MAC Port src * * MAC Eth dst type 00:1f:.. * VLAN IP ID Src * * IP Dst * IP Prot * TCP TCP Action sport dport * * port6
Firewall
Switch MAC Port src * * * MAC Eth dst type * VLAN IP ID Src * * IP Dst * IP Prot * TCP TCP Forward sport dport * 22 drop
www.cubro.net
Example Applications
Example Application
Congestion Control
www.cubro.net
..via Variable Bandwidth Packet Links
www.cubro.net
Dynamic Access Control

Inspect first packet of a connection Consult the access control policy Install rules to block or route traffic
www.cubro.net
OpenFlow in the Wild

Open Networking Foundation
Google, Facebook, Microsoft, Yahoo, Verizon, Deutsche Telekom, and many other companies HP, NEC, Quanta, Dell, IBM, Juniper, NOX, Beacon, Floodlight, Nettle, ONIX, POX, Frenetic Eight campuses, and two research backbone networks Commercial deployments (e.g., Google backbone)
Commercial OpenFlow switches Network operating systems Network deployments
www.cubro.net
If you are in any doubt about whether OpenFlow/SDN will be deployed in the WAN: Urs Hlzle (Google) at Open Networking Summit 2012
www.cubro.net
OpenFlow @ Google
www.cubro.net
Overview
Google operates two large backbone networks
Internet-facing backbone (user traffic) Datacenter backbone (internal traffic)
Managing large backbones is hard OpenFlow has helped us improve backbone performance and reduce backbone complexity and cost
www.cubro.net
Google Backbone Scale

If Google were an ISP, it would rank as the second largest carrier on the planet.
YouTube Web Search Google+ Photos and Hangouts Maps AppEngine Android and Chrome updates
www.cubro.net
Google WAN
100s of ports of nonblocking 10GE OpenFlow support Open source routing stacks for BGP, ISIS
www.cubro.net
WAN Economics
Cost per bit/sec delivered should go down with additional scale, not up broadcast overhead of all-to-all communication requires more expensive equipment Manual management and configuration of individual elements Complexity of automated configuration to deal with non-standard vendor configuration APIs
www.cubro.net
Solution: WAN Fabrics

Goal: manage the WAN as a fabric not as a collection of individual boxes
Current equipment and protocols don't allow this
Internet protocols are box centric, not fabric centric

Little support for monitoring and operations Optimized for eventual consistency in routing Little baseline support for low latency routing and fast failover
www.cubro.net
Why Software Defined WAN?

Separate hardware from software
Choose hardware based on necessary features Choose software based on protocol requirements
Logically centralized network control

More deterministic More efficient More fault tolerant
Separate monitoring, management, and operation from individual boxes Flexibility and Innovation
Result: A WAN that is higher performance, more fault tolerant, and cheaper
www.cubro.net
Google SDN Deployment History
www.cubro.net
Conclusions
OpenFlow is ready for real-world use SDN is ready for real-world use
Enables rapid rich feature deployment Simplifies network management
Google's datacenter WAN successfully runs on OpenFlow

Largest production network at Google Improved manageability Improved cost (too early to have exact numbers)
Keys to Openflow/Software-Defined Networking
www.cubro.net
Summary
Separation of Control Plane & Data Plane with Open API Between the Two Logically Centralized Control-Plane with Open API to Applications Creates Open Interfaces between Hardware, OS and Applications Similar to Computer Industry Increases Competition, Enables Innovation
www.cubro.net
Packetmaster Series
High Performance Network Packet Broker
www.cubro.net
Overview
The Packetmaster family is available in two variations PM products
Network Processor based Filtering up to Layer 7 Up to 250G load
EX products
Based on high performance switch fabric Filtering up to Layer 4 Up to 1,2T load
www.cubro.net
Packetmaster EX484-2
Packetload Ports 1G/10 Gbit Ports 40 Gbit GUI Packetbuffer Delay Dual Power
1,2 Tbit 48 SFP/SFP+ 4 QSFP CLI/GUI YES 1 s YES
1024 Filters Layer 4 MPLS tag/detag VLAN tag/detag Header modification Layer 4 Load balancing Layer 3 GRE de/encapsualtion All ports activated All software activated
www.cubro.net
Applications some examples
www.cubro.net
Live Demo
www.cubro.net
Setup
EX484-2
Packetload Ports 1G/10 Gbit Ports 40 Gbit
1,2 Tbit 48 SFP/SFP+ 4 QSFP CLI/GUI YES 1 s YES
UX400 Multiservice Plattform
GUI Packetbuffer Delay
10M to 100GE OTU-1 to OTU-4 FC 1G to 16G CPRI/OBSAI SDH to STM-256 SyncE 1588v2
Dual Power
www.cubro.net
Setup
EX484-2
P1 1G P2 1G P11 10G
Stream 1 & 2
Stream 3 & 4
Stream 1 2 3
IP Source 10.0.0.1 10.0.0.3 100.0.0.1 100.0.0.3
Bandwidth 900Mbit/s 10Mbit/s 800Mbit/s 100Mbit/s
1G Traffic Analyzer
10G Traffic Gen
UX400
www.cubro.net
Thank you

1 Herbert Etlinger Acronet Introduction To SDN and OpenFlow mTEH2014

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

1 Herbert Etlinger Acronet Introduction To SDN and OpenFlow mTEH2014

Hochgeladen von

Copyright:

Verfügbare Formate

www.cubro.

Tapping, Aggregation and Filtering

Software Defined Networks & Open Flow

Herbert Etlinger Cubro Acronet GesmbH Vienna, Austria

Bringing simplicity to todays and tomorrows communication networks

Tapping, Aggregation and Filtering

Bringing simplicity to todays and tomorrows communication networks

Tapping, Aggregation and Filtering

The Internet: A Remarkable Story

Enables innovation in applications

But, change is easy only at the edge

Tapping, Aggregation and Filtering

Inside the Net: A Different Story

Few people can innovate

Impacts performance, security, reliability, cost

Tapping, Aggregation and Filtering

Networks are Hard to Manage

Buggy software in the equipment

Bringing simplicity to todays and tomorrows communication networks

Tapping, Aggregation and Filtering

We lost our way

Million of lines of source code

Specialized Packet Forwarding Hardware

500M gates 10Gbytes RAM

Many complex functions baked into the infrastructure

Bringing simplicity to todays and tomorrows communication networks

Tapping, Aggregation and Filtering

Bringing simplicity to todays and tomorrows communication networks

Tapping, Aggregation and Filtering

How other industries do it?

Bringing simplicity to todays and tomorrows communication networks

Tapping, Aggregation and Filtering

Making ASICs Work

100s of Books >10,000 Papers 10s of Classes

Bringing simplicity to todays and tomorrows communication networks

Tapping, Aggregation and Filtering

Making Networks Work (Today)

. er, thats about it.

Bringing simplicity to todays and tomorrows communication networks

Tapping, Aggregation and Filtering

Networks are kept working by

Bringing simplicity to todays and tomorrows communication networks

Tapping, Aggregation and Filtering

Specialized Applications Specialized Operating System Specialized Hardware Windows (OS)

Vertically integrated Closed, proprietary Slow innovation Small industry

Horizontal Open interfaces Rapid innovation Huge industry

Tapping, Aggregation and Filtering

Specialized Features Specialized Control Plane Specialized Hardware

Vertically integrated Closed, proprietary Slow innovation

Bringing simplicity to todays and tomorrows communication networks

Tapping, Aggregation and Filtering

Classical network architecture

Operating System Specialized Packet Forwarding Hardware

Operating System Specialized Packet Forwarding Hardware

Operating System Specialized Packet Forwarding Hardware

Operating System Specialized Packet Forwarding Hardware

Operating System Specialized Packet Forwarding Hardware

Bringing simplicity to todays and tomorrows communication networks

Tapping, Aggregation and Filtering

From All-in-One to SDN

Network Operating System

Operating System Specialized Packet Forwarding Hardware

Operating System Specialized Packet Forwarding Hardware