-
Programmable Flow-based Networking with OpenFlow
Page 1 NEC Confidential
Dr. Marcus Brunner
NEC Labs Europe - Network [email protected]
ETSI Workshop on Future Internet, March 10-11, 2010, Nice,
France
Networking with OpenFlow
-
OpenFlow - Overview
Switch Controller
Switch Controller
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #2
Dumb but fastAs dumb or intelligent as you want it to be
Protocol
Switch Controller
-
What’s OpenFlow technology ?
• Separation of control plane and data plane• Enable flow-based
network programmability from controllers
OpenFlowControllerOpenFlow
Switch
Securesw
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #3
FlowTable
SecureChannel
hw
sw
-
OpenFlow’s Flow Switching Definition
Legacy L2/L3 switching and routingLegacy L2/L3 switching and
routingLegacy L2/L3 switching and routingLegacy L2/L3 switching and
routingLayer 2 (MAC) SwitchingLayer 2 (MAC) SwitchingLayer 2 (MAC)
SwitchingLayer 2 (MAC) Switching
Layer 3 (IP) RoutingLayer 3 (IP) RoutingLayer 3 (IP)
RoutingLayer 3 (IP) Routing
Ingress Port
Ether src
Ether dst
Ether type
VLAN id IP src IP dst IP proto
TCP/UDP src
port
TCP/UDP dst
port
VLAN PCP (*6)
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #4
port port(*6)
Flow Switching with any combinations of tuples as a keyFlow
Switching with any combinations of tuples as a keyFlow Switching
with any combinations of tuples as a keyFlow Switching with any
combinations of tuples as a key- Exact Matching : - Wild Card
Matching:
-Aggregated MAC-subnet: MAC-src: A.*, MAC-dst: B.*-Aggregated
IP-subnet: IP-src: 205.16.*/24, IP-dst: 206.12.*/24
-
Definition of Flow and programmabilityRule
(exact & wildcard) Action Statistics
Rule(exact & wildcard) Default Action Statistics
Flow 1.
Flow N.
Actions for flow(ie)Switch: Unicast, Multcast,
Definition of flow filtering(ie)
Flow statistics(ie) Switch: Number of
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #5
(ie)Switch: Unicast, Multcast, bandwidth control, Flitering,
load
balancing, alarm recovery, tunneling, encryption
(ie)Switch: Port, VLAN ID, L2,
L3, L4, …
(ie) Switch: Number of packet, byte, connection
time
1.
Unicast
2.Multicast
4.
Waypoints� Middleware� Intrusion detection� …
3.Multipath� Load-balancing� Redundancy
Example ofActions
-
OpenFlow - Operation
Switch
ControllerController
ControllerController
Secure channel
Flow table
change
Rules/Headers Actions Counters
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #6
Switch Controller
• Ethernet switch + OpenFlow• Dedicated OpenFlow switch
• Specialized piece of HW/SW• PC and a process
-
OpenFlow - Operation
Switch ControllerSecure channel
Flow tableIngress Port
Eth src
Eth dst
Eth type
VLAN ID
IP src IP dst IP proto
src port
dst port
Any Any Any Any Any 1.1.1.1 Any 6 Any 80
OpenFlow 10-tuple
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #7
Switch Controller
Actions:• Forward
• physical port• all• controller (= encapsulate)• switch’s
“normal” processing pipeline•…
• Drop
-
OpenFlow - Operation
Switch ControllerSecure channel
Flow tableIngress Port
Eth src
Eth dst
Eth type
VLAN ID
IP src IP dst IP proto
src port
dst port
action
Any Any Any Any Any 1.1.1.1 Any 6 Any 80 To(4)
Any Any Any Any Any Any Any Any Any Any cntrl
Any Any Any Any Any 2.2.2.2 Any Any Any Any drop
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #8
Switch Controller
Switch
port(4)
-
What can we do with it?
• Allows to easily change the control (algorithms, policies,
etc.)– Innovative OpenFlow Controller functions are key
• Flexibility– Control can be simple to complex
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #9
– Control can be simple to complex– Granularity of control can
be different
• Applicable to various scenarios– Not only the test network use
case
-
Flow-based Network
Controller Flow 1Flow 2
AP 1
AP 2 AP 2
AP 1FabricSwitch
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #10
Server Server
AP 2 AP 2
Firewall or Load Balancer
Can be switched to powersaving modeCan be shutdown for
servicing
� Mesh and Per-flow QoS
� Service Insertion
� Load Concentration
-
Wide-area / mobile network
Internet2 ISPs
CarriersOpenFlow
switch
Controlserver
Campus network
innovative students develop their innovative students develop
their Fixed and mobile seamless control, Fixed and mobile seamless
control, integrated optical network control, integrated optical
network control,
Use case of OpenFlow switching network
Wireless
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #11
Data center network Enterprise network
innovative students develop their innovative students develop
their own services and algorithmsown services and algorithms
integrated optical network control, integrated optical network
control, flexible VPN management, etcflexible VPN management,
etc……
Network and computing resources are Network and computing
resources are tightly coupled and efficiently managedtightly
coupled and efficiently managed Network control and security are
tightly managedNetwork control and security are tightly managed
Controlserver
Controlserver
-
IT/NW Integration
• Unified platform for data center, transport and mobile
networks.– Integrated controller for infrastructure
virtualization/customization
• Real integration of IT and NW.– Optimized information flow
through IT and NW
• OpenFlow is a key technology.– Open interface for future
network control standard
Unified Controller
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #12
MobileNW
Data CenterNW
VM
TransportNW
Simplified Switch
Unified Controller
Open standards (e.g. OpenFlow)
Data CenterOperator
NetworkOperator
-
Virtualization with OpenFlow
• Virtual switching function (VSF)– Create multiple OpenFlow
slices with multiple controllers– Separate OpenFlow slices/networks
by VLAN
• Enable to coexist standard switch/router functions–
Simultaneous executions of traditional switching/routing
functions and OpenFlow, separated via VLAN
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #13
Norm al L2/L3 Processing
Experim ent A
C ontroller A
C ontroller B
C ontroller C
Flow Table
Flow Table
Flow Table
Production traffic
Experim ent B
Experim ent C
-
Interest in Programmable Switching• GENI trials received $30M
NSF Grant (Oct-19)
– “The funding will enable three sets of collaborating
academic/industrial research teams to replicate those GENI
prototype systems that have gained significant traction, based on
GENI-enabled commercial hardware, across 14 U.S. campuses and two
national research backbones.”
• European OpenFlow Testnetwork under discussion (FIRE, call5)•
EU projects related to OpenFlow under discussion (call5)
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #14
-
Standardization issues
• The Controller to Switch/Router Interface requires
standardization– OpenFlow is one example, there are a set of other
protocols as well
(Forces, GSMP, ….)• Interface to OpenFlow Controller
– might eventually require some standards as well, e.g.,
management interfacae
• Open specification by OpenFlow Consortium
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #15
• Open specification by OpenFlow Consortium – a larger
consortium of university researchers and network
administrators (no vendors allowed)– free even for commercial
use– Ver. 1.0 released in Dec. 2009
�
http://www.openflowswitch.org/documents/openflow-spec-v1.0.0.pdf
• Supported by Stanford Clean Slate Programme
-
OpenFlow in a Nutshell
• OpenFlow is…– A way for programmable flow-based networking–
Enables a large set of applications due to its flexibility– A way
for IT/NW integration
• Paradigm shift by OpenFlow– OpenFlow provides open interface
to “black box” networking
NEC ConfidentialETSI WS on FI - March 10-11, 2010 - #16
– OpenFlow provides open interface to “black box” networking
node (ie. Routers, L2/L3 switch) to enable visibility and openness
in network
http://www.openflowswitch.org
