[PPT]Slide 1 - McKeown Groupyuba.stanford.edu/~srini/tutorial/Beginners_OpenFlow... · Web viewOpenFlow/SDN Beginner’s TutorialJune, 2013 SriniSeetharaman Deutsche Telekom Innovation

OpenFlow/SDN Beginner’s Tutorial

June, 2013

1

Srini SeetharamanDeutsche Telekom Innovation center

Why SDN? What is SDN?

2

Critical needs for cloud DC networks1. Tenant virtualization

– Traffic isolation, prioritization and rate limiting

– Overlapping IP addressing, along with IPv6 support

2. Speed up configuration to allow reduced time to revenue:

– Automatically create required network configs for new tenants

– Transparently bridging a L2 network will help reduce time

3. Hybrid clouds with bursting– Adding computational capacity (in the form

of new VMs) as needed– Lossless live migration

VM A1

Hypervisor

Host 1

Switch-1 Switch-2 Switch-3

Switch-1 Switch-2 Switch-3

WAN

VLAN-101-x VLAN-101-x VLAN-101-x

VLAN-101-x

VLAN-101-x

VLAN-101-x

VLAN-101-x VLAN-101-x



VM B1

VMC1

Million of linesof source code

6000+ RFCs Barrier to entry

Billions of gates Bloated Power Hungry

Many complex functions baked into the infrastructureOSPF, BGP, multicast, differentiated services,Traffic Engineering, NAT, firewalls, MPLS, redundant layers, …

An industry with a “mainframe-mentality”, reluctant to change

Welcome to the Ossified Network

Specialized Packet Forwarding Hardware

OperatingSystem

Feature Feature

Routing, management, mobility management, access control, VPNs, …

4

5

Current Internet Closed to Innovations in the Infrastructure


Service Service Service








OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem


Closed

“Software Defined Networking” approach to open it










OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem


Network Operating System

LB service

FW service

IP routing service

Simple Packet Forwarding Hardware



Simple Packet Forwarding Hardware Simple Packet

Forwarding Hardware

The “Software-defined Network”LB

serviceFW

serviceIP routing service

Network Operating System

OpenFlow API

North-boundinterface API

Unchanged mgmt API

How does OpenFlow work?

8

Ethernet Switch

9

Data Path (Hardware)

Control PathControl Path (Software)

10

Data Path (Hardware)

Control Path OpenFlow

OpenFlow Controller

OpenFlow Protocol (SSL/TCP)

11

Controller

PC

OpenFlow usage

OpenFlow Switch

OpenFlow Switch

OpenFlow Switch

Alice’s code

Decision?OpenFlowProtocol

Alice’s Rule

Alice’s Rule

Alice’s Rule

OpenFlow offloads control intelligence to a remote software

OpenFlow Example

13

Cluster ofControllers

PC

HardwareLayer

SoftwareLayer

OpenFlow-enabled hardware

Flow Table

MACsrc

MACdst

IPSrc

IPDst

TCPsport

TCPdport Action

OpenFlow Client (e.g., OVS)

**5.6.7.8*** port 1

port 4port 3port 2port 1

1.2.3.45.6.7.8

PC

SoftwareHardware

OpenFlow-enabled hardware

OpenFlowprotocol

OpenFlow Basics Flow Table Entries

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

L4sport

L4dport

Rule Action Stats

1. Forward packet to zero or more ports2. Encapsulate and forward to controller3. Send to normal processing pipeline4. Modify Fields5. Any extensions you add!

+ mask what fields to match+ priority+ timeout (idle and hard)

Packet + byte counters

14

VLANpcp

IPToS

Examples

15

Firewall service

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* * * * * * * * 22 drop

IP Routing service

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* * * * * 5.6.7.8 * * * port6

VLAN multicast service

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* * vlan1 * * * * *port6, port7,port9

00:1f..

OpenFlow benefits• Hardware speed, scale, and fidelity for new services

– Made possible through unified API supported by hardware platforms from multiple vendors

• Flexibility and control of software and simulation• Vendors don’t need to expose implementation• Leverages hardware inside most switches today

(ACL tables implemented using TCAMs)

16

Usage examples

– Network Virtualization– Network access

control/firewall– Load Balancing– per flow switching– New routing for unicast,

multicast, multipath– Home network manager– Network monitoring and

debugging

… and much more you can create!

More available at openflow.org/videos

OpenFlow design, architecture and protocol evolution

18

Design choice 1: Modes of SDN Deployment1. In-network: Existing/green-field network fabrics upgraded to support OpenFlow

2. Overlay: WITHOUT changing fabric, the intelligence is added to edge-devices, – as an additional appliance (e.g., bump-in-wire managed by controller)– as enhanced server kernel bridge (e.g., OpenVSwitch in x86 hypervisors)

Control Path OpenFlowHardware switch Data path

(Hardware)

Figure courtesy of Martin Casada @ ONS 2012

Design choice 2: Centralized vs Distributed Control

Centralized Control

OpenFlow Switch

OpenFlow Switch

OpenFlow Switch

Controller

Distributed Control

OpenFlow Switch

OpenFlow Switch

OpenFlow Switch

Controller

Controller

Controller

20

Design choice 3: Per-Flow Routing vs. Aggregation

Flow-Based

• Every flow is individually set up by controller

• Exact-match flow entries• Flow table contains one

entry per flow• Good for fine grain

control, e.g. campus networks

Aggregated

• One flow entry covers large groups of flows

• Wildcard flow entries• Flow table contains one

entry per category of flows• Good for large number of

flows, e.g. backbone

21

Design choice 4: Reactive vs. Proactive (pre-populated)

Reactive

• First packet of flow triggers controller to insert flow entries

• Efficient use of flow table• Every flow incurs small

additional flow setup time• If control connection lost,

switch has limited utility

Proactive

• Controller pre-populates flow table in switch

• Zero additional flow setup time

• Loss of control connection does not disrupt traffic

• Essentially requires aggregated (wildcard) rules

22

Design choice 5: End-to-end OpenFlow vs. Hybrid

• Based on how OpenFlow is deployed, there may be issues coexisting with legacy networks

• OpenFlow controller view is not always complete. For instance, what does the controller see here?

HostA

X YNon-OFswitch

Non-OFswitch

OFswitch

OFswitch

HostB

HostCInternet

OpenFlow Implementations(Switch and Controller)

24

Open-source controllersController NotesRyu •Apache license

•Python

NOX/POX •GPL•C++ and Python

Stanford’s Beacon •BSD-like license•Java-based

Maestro (from Rice Univ)

•GPL•Based on Java

NEC’s Trema •Open-source•Written in C and Ruby•Included test harness

Big Switch’s Floodlight •Apache license•Java-based

25

Sample Commercial SwitchesModel Virtualize Notes

HP Procurve 5400zl or 6600

1 OF instance per VLAN

-LACP, VLAN and STP processing before OpenFlow-Wildcard rules or non-IP pkts processed in s/w-Header rewriting in s/w-CPU protects mgmt during loop

NEC IP8800 1 OF instance per VLAN

-OpenFlow takes precedence-Most actions processed in hardware-MAC header rewriting in h/w

Brocade MLX routers

Multiple OF instance per switch

-Hybrid OpenFlow switch with legacy protocols and OpenFlow coexisting-OpenFlow commands can override state created by legacy protocos

Pronto 3290 or 3780 with Pica8 or Indigo firmware

1 OF instance per switch

-No legacy protocols (like VLAN, STP)-Most actions processed in hardware-MAC header rewriting in h/w

Hands-on Tutorial

27

28

Bootstrap1. Install VirtualBox or Vmware player or Vmware Fusion

2. Import the tutorial VM appliances available at:– 64-bit: (Login: ubuntu, Passwd: ubuntu) http://yuba.stanford.edu/~

srini/OpenFlow_tutorial_64bit.ova – 32-bit: (Login: ubuntu, Passwd: ubuntu)

http://yuba.stanford.edu/~srini/OpenFlow_tutorial_32bit.ova

3. Install X-Windows if you do not already have it– Mac user: Install xquartz– Windows user: Install xming

4. Start the VM, and “ssh -X” to its host-only IP address– VirtualBox: Ensure the vboxnet0 interface is configured for “host-only”

• File->Preferences->Network and “Add host-only network” button with default settings.




29

Inside the Virtual Machine• openvswitch: Virtual switch programmable using OpenFlow

• mininet: Network emulation platform– $sudo mn --topo single,3 --mac --switch ovsk --controller remote

• wireshark: Graphical tool for viewing packets with OF protocol plug-in– Start wireshark: $sudo wireshark– Start capture packets going through interface “lo” and Decode as OFP

• dpctl: Command-line utility for checking switch status and manually inserting flow entries.– Check supported commands in manual: $ man dpctl

• Multiple OpenFlow controllers with sample apps prepackaged – NOX, POX, Ryu, and OpenDayLight

Mininet-based Virtual Topology #1

Controllerport6633 c0

OpenFlow Switchs1 dpctl

(user space process)

h310.0.0.3

h210.0.0.2

h110.0.0.1

virtual hosts

OpenFlow Tutorial3hosts-1switchTopology

loopback(127.0.0.1:6633)

loopback(127.0.0.1:6634)

s1-eth0 s1-eth1 s1-eth2

h1-eth0 h2-eth0 h3-eth0

30$ sudo mn --topo single,3 --mac --switch ovsk --controller remote

Mininet-based Virtual Topology #2

OpenFlow Tutorial2hosts-2switchTopology

31$ sudo mn --topo linear --switch ovsk --controller remote

32

dpctl and wireshark workflow• Before controller is started, execute the following

$ dpctl show tcp:127.0.0.1:6634$ dpctl dump-flows tcp:127.0.0.1:6634mininet> h1 ping h2

$ dpctl add-flow tcp:127.0.0.1:6634 in_port=1,actions=output:2$ dpctl add-flow tcp:127.0.0.1:6634 in_port=2,actions=output:1mininet> h1 ping h2

• Start controller and check OF messages on wireshark (enabling OFP decode)– Openflow messages exchanged between switch and controller:

openflow/include/openflow/openflow.h/* Header on all OpenFlow packets. */ struct ofp_header { uint8_t version; /* OFP_VERSION. */ uint8_t type; /* one of the OFPT_ constants.*/ uint 16_t length; /*Length including this ofp_header. */ uint32_t xid; /*Transaction id associated with this packet..*/ };

All ports of switch shown, but no flows installed. Ping fails because ARP

cannot go through

Ping works now!

33

Top 3 features in most controllersA. Event-driven model

– Each module registers listeners or call-back functions– Example async events include PACKET_IN, PORT_STATUS,

FEATURE_REPLY, STATS_REPLY

B. Packet parsing capabilities– When switch sends an OpenFlow message, module extracts

relevant information using standard procedures

C. switch.send(msg), where msg can be– PACKET_OUT with buffer_id or fabricated packet– FLOW_MOD with match rules and action taken– FEATURE_REQUEST, STATS_REQUEST, BARRIER_REQUEST

OpenDayLight controller

34

35

Controller Architecture

36

Java, Maven, OSGi, Interface• Java allows cross-platform execution

• Maven allows easier building

• OSGi:– Allows dynamically loading bundles– Allows registering dependencies and services exported– For exchanging information across bundles

• Java Interfaces are used for event listening, specifications and forming patterns

37

SetupINSTALL OPENDAYLIGHT (Dependency Maven, JDK1.7)• git clone https://git.opendaylight.org/gerrit/p/controller.git• mv controller opendaylight; cd opendaylight• cd opendaylight/distribution/opendaylight/• mvn clean install• cd

target/distribution.opendaylight-0.1.0-SNAPSHOT-osgipackage/opendaylight/

• ./run.sh

IMPORT OPENDAYLIGHT TO ECLIPSE• Install Eclipse with Maven Integration Version 1.2.0• File => Import => Maven => Existing Maven Projects• Browse ~/opendaylight/opendaylight/distribution/opendaylight• In distribution.opendaylight, right click on opendaylight-assembleit.launch

and select “Run”. Then “Run” opendaylight-application.launch

http://www.youtube.com/watch?v=hXWhgWMoNHM

http://www.youtube.com/watch?v=vjRJ8d_0Jwo

38

OpenDayLight web interface

39

Writing a new application

Clone an existing module (e.g., arphandler) in

Eclipse project explorer

Include the new app in opendaylight/distribution/opendaylight/pom.xml and in the Eclipse“Run Configurations”

Update dependencies and services exported

in the new bundle’s pom.xml

List dependencies imported and interfaces

implemented in the module’s Activator.java

Update set/unset bindings in the module’s

class so as to access other bundle objects

Implement the interface functions to handle the

async events or use other bundle objects to edit state

Add needed northbound REST API and associate with the web bundle

Done

40

InterfacesPackage/OSGi Bundle Exported Interfaces Description

arphandler •IHostFinder•IListenDataPacket

Component responsible for learning about host location by handling ARP.

forwarding.staticrouting

•IForwardingStaticRouting•ICacheUpdateAware•IfNewHostNotify•IConfigurationContainerAware

Provide the necessary hooks to inject in the area controlled by the controller, routes to reach traditional IP networks.

forwardingrulesmanager

•IContainerListener•ISwitchManagerAware•IForwardingRulesManager•IInventoryListener•ICacheUpdateAware•IConfigurationContainerAware•IFlowProgrammerListener

Manager of all the Forwarding Rules, this component take care of forwarding rules and is the one that manage conflicts between them.

hosttracker

•ISwitchManagerAware•IInventoryListener•IfIptoHost•IfHostListener•ITopologyManagerAware

Track the location of the host relatively to the SDN network.

41


routing.dijkstra_implementation

•ITopologyManagerAware•IRouting

Implementation of Dijkstra routing algorithm over the network graph as seen by the topology manager.

sal.implementation

•IReadService•IPluginOutTopologyService•ITopologyService•IInventoryService•IPluginOutInventoryService•IFlowProgrammerService•IPluginOutFlowProgrammerService•IPluginOutDataPacketService•IDataPacketService

Implements the services that SAL export to the applications using it as well to the protocol plugins.

samples.loadbalancer •IListenDataPacket•IConfigManager

Implementation of a simple load-balancer.

samples.simpleforwarding

•IInventoryListener•IfNewHostNotify•IListenRoutingUpdates

Sample implementation of an application simulating a traditional IP network.

42


statisticsmanager •IStatisticsManagerComponent in charge of using the SAL ReadService to collect several statistics from the SDN network.

switchmanager•IListenInventoryUpdates•ISwitchManager•ICacheUpdateAware•IConfigurationContainerAware

Component holding the inventory information for all the known nodes in the controller.

topologymanager•IListenTopoUpdates•ITopologyManager•IConfigurationContainerAware

Component holding the whole network graph.

usermanager•ICacheUpdateAware•IUserManager•IConfigurationAware

Component taking care of user management.

northbound JAXRS implementation of REST API for each module.

web •IDaylightWebComponent tracking the several pieces of the UI depending on bundles installed on the system.

The End

43

Summary• OpenFlow/SDN is evolving to facilitate an ecosystem

for innovation through programmability • OpenFlow/SDN is being deployed in over 100

organizations world-wide– Many academic ones,

but also includes service provider clouds• SDN provides a simple solution to problems with

complex solutions without vendor lock-in

Backup

45

POX controller

46

Intro to POX controllerGeneral execution: $ ~/pox/pox.py <dir>.<name>Example: $ ~/pox/pox.py forwarding.hub

Parses messages from switch and throws following events

FlowRemovedFeaturesReceivedConnectionUpFeaturesReceivedRawStatsReplyPortStatusPacketInBarrierInSwitchDescReceivedFlowStatsReceivedAggregateFlowStatsReceivedTableStatsReceivedPortStatsReceivedQueueStatsReceived

Packets parsed by pox/lib

arpdhcpdnseapoleapetherneticmpigmpipv4llclldpmplsriptcpudpvlan

Example msg sent from controller to switch

ofp_packet_out header: version: 1 type: 13 length: 24 xid: 13 buffer_id: 272 in_port: 65535 actions_len: 1 actions: type: 0 len: 8 port: 65531 max_len: 65535

(A)

(B)

(C)

Application 1: Hub(inspect file pox/pox/misc/of_tutorial.py)

OF Switch

POX

Hub

(1)

(2)

(3) (4)

(5)

(6)

49

Application 2: MAC-learning switch(convert pox/pox/misc/of_tutorial.py to L2 switch)• Build on your own with this logic:

– On init, create a dict to store MAC to switch port mapping• self.mac_to_port = {}

– On packet_in, • Parse packet to reveal src and dst MAC addr• Map src_mac to the incoming port

– self.mac_to_port[dpid] = {}– self.mac_to_port[dpid][src_mac] = in_port

• Lookup dst_mac in mac_to_port dict to find next hop• If found, create flow_mod and send• Else, flood like hub.

• Execute: pox/pox.py misc.of_tutorial

msg = of.ofp_flow_mod()msg.match = of.ofp_match.from_packet(packet)msg.buffer_id = event.ofp.buffer_id

action = of.ofp_action_output(port = out_port)msg.actions.append(action)self.connection.send(msg)

Ryu controller

50

Intro to RYU: OpenFlow Controller

51

RYU Controller

OF Switch

OF Switch

OF Switch

TopologyViewer

StatisticsFirewall

1.01.2

1.3

Libraries:– Functions called by components– Ex: OF-Config, Netflow, sFlow,

Netconf, OVSDB

Components:– Provides interface for control and state and

generates events– Communicates using message passing

app_manager

of_parser of_header

simple_switch

ofctl_rest

app

base

controller

ofproto

controller

handler dpset

ofp_event ofp_handler

event

lib

lib

quantumplugin

(A)

(B)

(C)

Application 1: Hubryu-manager --verbose ryu/ryu/app/tutorial_l2_hub.py

OF Switch

RYU

Hub

(1)

(2)

(3) (4)

(5)

(6)

53

Application 2: MAC-learning switch• Build on your own with this logic:

– On init, create a dict to store MAC to switch port mapping• self.mac_to_port = {}

– On packet_in, • Parse packet to reveal src and dst MAC addr• Map src_mac to the incoming port

– self.mac_to_port[dpid] = {}– self.mac_to_port[dpid][src_mac] = in_port

• Lookup dst_mac in mac_to_port dict to find next hop• If found, create flow_mod and send

• Else, flood like hub.

Pssst… solution in tutorial_l2_switch.py

Documents

[PPT]Slide 1 - McKeown Groupyuba.stanford.edu/~srini/tutorial/Beginners_OpenFlow... · Web viewOpenFlow/SDN Beginner’s TutorialJune, 2013 SriniSeetharaman Deutsche Telekom Innovation