Lec 12_03_Oct

8/16/2019 Lec 12_03_Oct

1/50

BITS PilaniPilani Campus

Advanced Computer

Networks (CS ZG525)Virendra S Shekhawat

Department of Computer Science and Information Systems

8/16/2019 Lec 12_03_Oct

2/50

BITS PilaniPilani Campus

First Semester 2015-2016Lecture-12 [03rd Oct 2015]

8/16/2019 Lec 12_03_Oct

3/50

BITS Pilani, Pilani CampusFirst Sem 2015-16

Agenda

• Centralized and Distributed Control and Data Planes , SDN

Architecture [CH-21]

– Reading

• Software-Defined Networking: The New Norm for Networks, ONF White

Paper, 2012

https://www.opennetworking.org/images/stories/downloads/sdn-

resources/white-papers/wp-sdn-newnorm.pdf

• OpenFlow: Protocol to Program the Networks [CH-22]

– Reading• OpenFlow: Enabling Innovation in Campus Networks, Nick McKeown, 2008

• http://archive.openflow.org/documents/openflow-wp-latest.pdf

• Web Reference: https://www.opennetworking.org/

3Advanced Computer Networks CS ZG525

http://archive.openflow.org/documents/openflow-wp-latest.pdfhttp://archive.openflow.org/documents/openflow-wp-latest.pdf

8/16/2019 Lec 12_03_Oct

4/50


Topics

• Software Defined Networking (SDN)

– Motivation

– Architecture

– OpenFlow Protocol


8/16/2019 Lec 12_03_Oct

5/50


What is SDN….??????

Advanced Computer Networks CS G525

5

8/16/2019 Lec 12_03_Oct

6/50


Existing/Current Networks

6Advanced Computer Networks CS G525

8/16/2019 Lec 12_03_Oct

7/50BITS Pilani, Pilani CampusFirst Sem 2015-16

Existing Networks

Million of lines

of source code

Billions of gates

Many complex functionsbaked into infrastructure

OSPF, BGP, multicast,differentiated services,Traffic Engineering, NAT,

firewalls, … Specialized Packet

Forwarding Hardware

Operating

System

Feature Feature


8/16/2019 Lec 12_03_Oct


Limitations of Existing Networks [1]

•Research stagnation – Difficult to perform real world experiments on large scale

production networks

• Rate of innovation in networks is slower – Due to lack of high level abstraction

•

Closed Systems – Stuck with interfaces

– Hard to collaborate meaningfully

– Vendors starting to open-up but not meaningfully!


8/16/2019 Lec 12_03_Oct



• Network Equipments in recent decades – Hardware centric – usage of custom ASICs

– Why…?

•

Growth in network capacity• Faster packet switching capability

•

Impact – Slower Innovation

– Reduced flexibility once chips are fabricated

• Firmware provides some programmability!9


8/16/2019 Lec 12_03_Oct



• Vendor specific software – Why…?

• IPR generation, increased competition

• Custom built Efficient

– Impact

• Closed software

• Non-standard interfaces to H/W

•

Proprietary networking devices with proprietarysoftware and hardware

– Innovation is limited to vendor/ vendor partners

– Huge barriers for new ideas in networking10


8/16/2019 Lec 12_03_Oct



• No control plane abstraction for the wholenetwork!

– Packets travel inside the network…

– Switches pass them along…

– But the decisions are made individually by the

switches.. such as where to pass them

–

Nobody is dynamically controlling the networkflow…!


8/16/2019 Lec 12_03_Oct


Idea: An OS for Networks

Specialized Packet

Forwarding Hardware

App App App

Specialized Packet

Forwarding Hardware

App App App

Specialized PacketForwarding Hardware

App App App

Specialized Packet

Forwarding Hardware

App App App

Specialized Packet

Forwarding Hardware

Operating

System

Operating

System

Operating

System

Operating

System

Operating

System

App App App

Closed


8/16/2019 Lec 12_03_Oct


Idea: An OS for Networks

Specialized Packet

Forwarding Hardware

App App App

Specialized Packet

Forwarding Hardware

App App App

Specialized Packet

Forwarding Hardware

App App App

Specialized Packet

Forwarding Hardware

App App App

Specialized Packet

Forwarding Hardware

Operating

System

Operating

System

Operating

System

Operating

System

OperatingSystem

App App App

Network Operating System

Control Programs


8/16/2019 Lec 12_03_Oct


An OS for Networks

Simple Packet

Forwarding

Hardware

Simple Packet

Forwarding

Hardware

Simple Packet

Forwarding

Hardware

Simple Packet

Forwarding

HardwareSimple Packet

Forwarding

Hardware


Control Programs


A whole network is like a big machine

8/16/2019 Lec 12_03_Oct


An OS for Networks

• “NOX: Towards an Operating System forNetworks”

Global Network View

Protocols Protocols

Control via

forwarding

interface


Control Programs

Software-Defined Networking (SDN)


8/16/2019 Lec 12_03_Oct


What is SDN ...?

• Separation of Control Plane and Data Plane,

implementation of complex networking apps on the top

• Promotes innovation at both levels-

– Each being independent of each other

• Global monitoring of the network devices, network stats

now possible

• Easy interface to the user to manipulate the network.

• An architecture to control not just a networking device

but an entire network!!!


8/16/2019 Lec 12_03_Oct


SDN Layers

• Infrastructure Layer – Also called the data plane, comprises the forwarding network

elements.

– Does Data forwarding, as well as monitoring localinformation and gathering statistics

• Control Layer – Also called the control plane, responsible for managing and

programming the forwarding plane, by using information bythe data plane.

– Has software controllers that have a standardized interface(south-bound) to the forwarding plane. E.g. OPENFLOW.

• Application Layer – Contains apps that can introduce new network features like

security, management, forwarding schemes, network

policies etc. – Can be used to have an abstracted, global view of the

network.

– Interface called as north-bound interface.

Advanced Computer Networks CS ZG52517

8/16/2019 Lec 12_03_Oct


Functional Architecture of SDN


8/16/2019 Lec 12_03_Oct


Southbound Interface – Popular

Protocols

• ForCES (Forwarding and Control ElementsSeparation): Forwarding devices are modeled using logicalfunction blocks (LFB) that can be composed in a modular way to

form complex forwarding mechanisms. The LFBs model a

forwarding device and cooperate to form even more complex

network devices.

– ForCES CE mainly connects several LFBs to create a packet flow (topology)

to achieve the needed functionality

• OpenFlow : Describes the interaction of one or more controlservers with OpenFlow-compliant switches. An OpenFlow

controller installs flow table entries in switches.


8/16/2019 Lec 12_03_Oct


How OpenFlow Works…?

20

OpenFlow is an open API that provides a standard interface

for programming the data plane switches


8/16/2019 Lec 12_03_Oct


Open Flow

Data Path (Hardware)

Control Path (Software)


8/16/2019 Lec 12_03_Oct


OpenFlow

Data Path (Hardware)

Control Path OpenFlow

OpenFlow Controller

OpenFlow Protocol (SSL/TCP)


8/16/2019 Lec 12_03_Oct

23/50


Open Flow Protocol: Two Parts

• Wire Protocol – To establish a control session

– Define a message structure for exchanging flow

modifications and collecting statistics – Define fundamental structure of a switch (i.e. ports

and tables)

•

Configuration and Management Protocol – To allocate physical switch ports to a particular

controller

– Define high availability (active/standby)


8/16/2019 Lec 12_03_Oct

24/50


OpenFlow Protocol

• OpenFlow Switches have flow tables, and forward elementsbased on its entries also known as flow-rules.

• Header fields allow mapping of entries to packets. For fast

searching, TCAM (Ternary Content Addressable Memory) is

required for lookup of wildcard matches.• Counters store network statistics – no of packets/bytes, duration

of flow etc.

• Actions specify how packets are handled (modify, drop, forward

etc.)

HEADER COUNTER ACTION

A typical flow entry


8/16/2019 Lec 12_03_Oct

25/50


Classes of Communications in

OpenFlow Control

Controller to Switch (Asynchronous)

Switch to Controller (Asynchronous)

Symmetric

• Feature Detection/Information Retrieval

• Programming and Configuration of Switch

• Initiated by switch to controller, informs about packet arrivals,

state changes at switch or error

• Hello and Echo messages, doesn’t require solicitation from

either side.25


8/16/2019 Lec 12_03_Oct

26/50


Example: OpenFlow Switching

Source: The Stanford Clean Slate Program, http://cleanslate.stanford.edu

Controller

PC

Hardware

Layer

Software

Layer

OpenFlow Table

MAC

src

MAC

dst

IP

Src

IP

Dst

TCP

sport

TCP

dport

Action

OpenFlow Client

**5.6.7.8*** port 1

port 4port 3port 2

port 1

1.2.3.45.6.7.826


8/16/2019 Lec 12_03_Oct

27/50

BITS Pilani, Pilani CampusFirst Sem 2015-16 Advanced Computer Networks CS ZG52527

OpenFlow BasicsFlow Table Entries

Switch

PortMAC

src

MAC

dst

Eth

typeVLAN

ID

IP

Src

IP

Dst

IP

Prot

TCP

sport

TCP

dport

Rule Action Stats

1. Forward packet to port(s)

2. Encapsulate and forward to controller

3. Drop packet

4. Send to normal processing pipeline

5. Modify Fields

+ mask what fields to match

Packet + byte counters

8/16/2019 Lec 12_03_Oct

28/50


Examples


Switching

*

Switch

Port

MAC

src

MAC

dst

Eth

type

VLAN

ID

IP

Src

IP

Dst

IP

Prot

TCP

sport

TCP

dportAction

* 00:1f:.. * * * * * * * port6

Flow Switching

port3

Switch

Port

MAC

src

MAC

dst

Eth

type

VLAN

ID

IP

Src

IP

Dst

IP

Prot

TCP

sport

TCP

dportAction

00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6

Firewall

*

Switch

Port

MAC

src

MAC

dst

Eth

type

VLAN

ID

IP

Src

IP

Dst

IP

Prot

TCP

sport

TCP

dportForward

* * * * * * * * 22 drop

8/16/2019 Lec 12_03_Oct

29/50


Examples


Routing

*

Switch

Port

MAC

src

MAC

dst

Eth

type

VLAN

ID

IP

Src

IP

Dst

IP

Prot

TCP

sport

TCP

dportAction

* * * * * 5.6.7.8 * * * port6

VLAN Switching

*

Switch

Port

MAC

src

MAC

dst

Eth

type

VLAN

ID

IP

Src

IP

Dst

IP

Prot

TCP

sport

TCP

dportAction

* * vlan1 * * * * *

port6,

port7,

port900:1f..

8/16/2019 Lec 12_03_Oct

30/50


The Basic Mechanism

Packet Arrives Parse HeaderFields

Match AgainstFlow Tables

Perform Actions

correspondingto the flow

entry


8/16/2019 Lec 12_03_Oct

31/50


OpenFlow Specifications [1]

• OpenFlow 1.0 (Dec 2009) – Single table

• OpenFlow 1.1 (Feb 2011)

– Pipelines of flow tables and group tables

– The result of pipeline are list of actions accumulated duringthe pipeline execution and are applied to packet at the end ofexecution.

– Flow table entries are instructions instead of actions.

–

Groups, VLAN and MPLS Support• OpenFlow 1.2 (Dec 2011)

– First ONF release

– IPV6 support


8/16/2019 Lec 12_03_Oct

32/50


OpenFlow Specifications [2]

• OpenFlow 1.3 (Apr 2012) – Long Term Release

– New features for monitoring, operations and management.

– Metering (i.e. measuring rate of packets)

• Open Flow 1.4 (Aug 2013) – Optical ports supports

– Flow monitoring

– Bundles of command and execute the bundle as an

atomic• OpenFlow 1.5 (Dec 2014)

– Egress port tables introduced


8/16/2019 Lec 12_03_Oct

33/50


OpenFlow Ports

• OpenFlow ports are the network interfaces for passingpackets between OpenFlow processing and the rest of

the network

• OpenFlow switches connect logically to each other via

their OpenFlow ports

• The set of OpenFlow ports may not be identical to the

set of network interfaces provided by the switch

hardware – Some network interfaces may be disabled for OpenFlow,

– OpenFlow switch may define additional OpenFlow ports


8/16/2019 Lec 12_03_Oct

34/50


OpenFlow Port Types

•Physical Ports – Switch defined ports correspond to a hardware interface of the

switch

• Logical Ports

– Higher level abstractions and don’t correspond directly to a

hardware interface of the switch

– Logical port may have an extra metadata field called Tunnel-IDassociated with it

• e.g. link aggregation groups, tunnels, loopback interfaces

•Reserved Ports – Specify generic forwarding actions such as sending to the controller,

flooding, or forwarding using non-OpenFlow methods, such as“normal” switch processing.


8/16/2019 Lec 12_03_Oct

35/50


OpenFlow Reserved Ports

•

ALL – Represents all ports the switch can use for forwarding a specific

packet

• CONTROLLER – Represents the control channel with the OpenFlow controller

• TABLE – Represents starts of the OpenFlow pipeline

• ANY – Special value used in some OpenFlow commands when no port is

specified (wild card)

• NORMAL – Non OpenFlow mode

• FLOOD – To send the packet out all standard ports (except ingress port)


8/16/2019 Lec 12_03_Oct

36/50


Pipeline Processing


8/16/2019 Lec 12_03_Oct

37/50


Flow Table

• Consists of Flow entries

• Flow Table Example:

• The match fields and priority taken together

identify a unique flow entry in the flow table


Match

Fields

Priority Counters Instructions Timeouts Cookie

8/16/2019 Lec 12_03_Oct

38/50


Group Table

• The ability for a flow entry to point to a group, enablesOpenFlow to represent additional methods of

forwarding

• Group Types

– ALL (Executes all buckets in the group) [Required ]

• Used for multicast or broadcast forwarding

• The packet is cloned for each bucket; one packet is processed for each

bucket of the group.


Group

Identifiers

Group Type Counters Action

Buckets

8/16/2019 Lec 12_03_Oct

39/50


Example: Group Types

• Indirect (Execute the one defined bucket in this group) (Required ) – This group supports only a single bucket. Allows multiple flow entries

or groups to point to a common group identifier

– e.g. next hops for IP forwarding

• Fast-Failover (Execute the First Live Bucket) (Optional )

– Each action bucket is associated with a specific port and/or group

that controls its liveness.

– The buckets are evaluated in the order defined by the group, and thefirst bucket which is associated with a live port/group is selected.

– This group type enables the switch to change forwarding without

requiring a round trip to the controller.


8/16/2019 Lec 12_03_Oct

40/50


Meter Table

•A meter table consists of meter entries, defining per-flow meters

• Per-flow meters enable OpenFlow to implement various simple

QoS operations:

– Such as rate-limiting, and can be combined with per-port queues

•Meters are attached directly to flow entries

• Multiple meters can be used on the same set of packets by using

them in successive flow tables

– meter identifier: a 32 bit unsigned integer uniquely identifying the meter – meter bands: an unordered list of meter bands, where each meter band

specifies the rate of the band and the way to process the packet

– counters: updated when packets are processed by a meter


Meter identifier Meter bands Counters

8/16/2019 Lec 12_03_Oct

41/50


Counters

• Counters are maintained for each flow table, flow entry,port, queue, group, group bucket, meter and meter band


F di Ab t ti O

8/16/2019 Lec 12_03_Oct

42/50


Forwarding Abstraction: Open

Flow

•

Controller talks to OpenFlow switch through a secure channel• Switch contains:

– One or more flow tables

– A group table

• Flow tables: – Contain flow entries – Packets matched against flow entries

– Flow entry determines which packet matches and what action willbe taken

• Group table – Set of group entries

– Each group entry has: identifier, type, counters and action bucket

– Allows for additional action to be set on a packet: actions commonfor all packets of the same group


8/16/2019 Lec 12_03_Oct

43/50


Use case: Dynamic Flow Control

• Inspect first packet of a connection

• Consult the access control policy

• Install rules to block or route traffic


U C S l

8/16/2019 Lec 12_03_Oct

44/50


Use Case: Seamless

Mobility/Migration

•Observe hosts sends traffic from new location

• Modify flow tables to re-route the traffic


8/16/2019 Lec 12_03_Oct

45/50


Use Case: Saving Energy

• We can vary link speed, disable switch, move

VMs, disable link


8/16/2019 Lec 12_03_Oct

46/50


FlowVisor: Slicing the Network

• Divide the physical network into logical slices – Each slice/service controls its own packet forwarding

– Give different slices to different application or owners

– Enforce strong isolation between slices

• A network slice is a collection of slicedswitches/routers

• Slicing Policy: specifies resource limits for eachslice – Link Bandwidth

– Topology

– Maximum number of forwarding rules


8/16/2019 Lec 12_03_Oct

47/50


FlowVisor

• FlowVisor runs multiple OpenFlow

controller, one for each slice

– Talks OpenFlow to the 'Slice‘ Controller

• FlowVisor intercepts and re-writes

OpenFlow messages from the 'Slice'

controllers


47

OpenFlow Challenges:

8/16/2019 Lec 12_03_Oct

48/50



Controller Delay and Overhead

• Controller is much slower than the switches

• Processing packets leads to delay and

overhead

•

Need to keep most packets in “fast path”


48


8/16/2019 Lec 12_03_Oct

49/50



Distributed Controller

• Controller is “single-point of failure” and potential

bottleneck

• Partition or replicate controller for scalability and

reliability• Problems: keeping state consistent


49

8/16/2019 Lec 12_03_Oct

50/50

Thank You !

50

Lec 12_03_Oct

Documents

Transcript of Lec 12_03_Oct