Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
COMPSCI 314: SDN: Software Defined Networking
Nevil Brownlee
Lecture 23
314 SDN, Nevil, 2015 2
Current approach to building a network● Buy 802.3 (Ethernet) switches, connect
hosts to them using UTP cabling● Make tree of switches, using higher-
speed switches closer to root of tree● Buy firewall and router, use them to
connect root switch to Internet
314 SDN, Nevil, 2015 3
Current approach (2)● Switches maintain tables of MAC addresses for
reachable hosts per port● Routers maintain tables of address blocks
reachable per port● Routers have a data plane
– switching hardware that forwards packets● and a control plane
– applications that maintain the routing/switching tables
314 SDN, Nevil, 2015 4
Routers and switches are proprietary devices
● Switches implement 802.3, Spanning Tree, 802.11q, etc
● Routers implement routing protocols such as RIP, OSPF, BGP4
● Implementations a proprietary, i.e. closed-source
● Need a new protocol for anything new, that raises deployment issues
314 SDN, Nevil, 2015 5
Current network example
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
Specialized Packet Forwarding Hardware
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
Closed
Slide from Deutsche Telekom SDN tutorial, 2011
314 SDN, Nevil, 2015 6
Network maintenance issues● Large networks of switches and routers are hard to maintain● Web interface only works for a few hosts, e.g. home networks● Several 'network management' systems/protocols exist, e.g.
SNMP (Simple Network Management Protocol)– every managed device runs an SNMP server– objects to be managed are addressed via an OID (seqence of dot-
separated integers)– manager application querys devices by making SNMP requests,
and maintaining a database from their SNMP responses● Netconf is emerging as a new standard way to configure and
manage devices and networks
314 SDN, Nevil, 2015 7
Towards an open network
Slide from Deutsche Telekom SDN tutorial, 2011
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
Specialized Packet Forwarding Hardware
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
Network Operating System
App App App
Specialized Packet Forwarding Hardware
OperatingSystem
314 SDN, Nevil, 2015 8
The 'software-defined' network
Slide from Deutsche Telekom SDN tutorial, 2011
App
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
App App
Simple Packet Forwarding Hardware Simple Packet
Forwarding Hardware
Network Operating System
1. Open interface to hardware
3. Well-defined open API2. At least one good operating system
Extensible, possibly open-source
Simple Packet Forwarding Hardware
314 SDN, Nevil, 2015 9
An SDN approach: OpenFlow● Seminal paper:
– OpenFlow: Enabling Innovation in Campus Networks. March 14, 2008.
Nick McKeown, Tom Anderson, Hari Balakrishnan
et al (8 authors)● Flows
– sets of packets with common properties– e.g. source/destination addresses and ports– OpenFlow switches use a table of flows
314 SDN, Nevil, 2015 10
Transition
Ethernet SwitchEthernet SwitchEthernet SwitchEthernet Switch
Slide from Deutsche Telekom SDN tutorial, 2011
314 SDN, Nevil, 2015 11
Transition (2)
Data Path (Hardware)Data Path (Hardware)
Control PathControl PathControl Path (Software)Control Path (Software)
Slide from Deutsche Telekom SDN tutorial, 2011
314 SDN, Nevil, 2015 12
Transition (3)
Data Path (Hardware)Data Path (Hardware)
Control PathControl Path OpenFlowOpenFlow
OpenFlow ControllerOpenFlow Controller
OpenFlow Protocol (SSL/TCP)
Slide from Deutsche Telekom SDN tutorial, 2011
314 SDN, Nevil, 2015 13
OpenFlow example
Slide from Deutsche Telekom SDN tutorial, 2011
Controller
PC
HardwareLayer
SoftwareLayer
Flow Table
MACsrc
MACdst
IPSrc
IPDst
TCPsport
TCPdport Action
OpenFlow Client
**5.6.7.8*** port 1
port 4port 3port 2port 1
1.2.3.45.6.7.8
314 SDN, Nevil, 2015 14
OpenFlow basics
Slide from Deutsche Telekom SDN tutorial, 2011
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
L4sport
L4dport
Rule Action Stats
1. Forward packet to zero or more ports2. Encapsulate and forward to controller
3. Send to normal processing pipeline4. Modify Fields
5. Any extensions you add!
+ mask what fields to match
Packet + byte counters
VLANpcp
IPToS
314 SDN, Nevil, 2015 15
Flow table usage examples
Slide from Deutsche Telekom SDN tutorial, 2011
Switching
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
Action
* 00:1f:.. * * * * * * * port6
Flow Switching
port3
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
Action
00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6
Firewall
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * * * * * 22 drop
314 SDN, Nevil, 2015 16
Flow table usage examples (2)
Slide from Deutsche Telekom SDN tutorial, 2011
Routing
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
Action
* * * * * 5.6.7.8 * * * port6
VLAN Switching
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * vlan1 * * * * *port6, port7,port9
00:1f..
314 SDN, Nevil, 2015 17
How OpenFlow works● A packet reaches an OpenFlow switch,
the switch tests whether the packet is part of an existing flow
● If it is, the switch just forwards it● If not, the switch sends the packet to its
controller● The controller determines a path to the
packet's destination, creates a flow table entry for it, and updates the switch tables
314 SDN, Nevil, 2015 18
SDN issues● So now the OpenFlow controller is a single point
of failure?– Well, yes – so we need several controllers with the
ability to co-operate● Can we do more than simple switching?
– Yes! There's a lot of interest in SDN in New Zealand, for example
– the WAND group have implemented a BGP router in their controller
– in Wellington VUW also have a strong SDN group
314 SDN, Nevil, 2015 19
Masters scholarship opportunities● Victoria University of Wellington have
some scholarship opportunities for Masters projects on software defined networking topics, more information here:
● http://sdnvuw.blogspot.co.nz/2015/08/ scholarships-available-to-work-on.html