Post on 21-Apr-2018
©2011Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Protokół OpenFlow
• w służbie Software Defined Networks (SDN)
Piotr Gierz Architekt Rozwiązań Sieciowych
Źródła:
2
• Materiały, informacje:– OpenFlow (www.openflow.org,)– ONF (www.opennetworking.org),– NOX (www.noxrepo.org),– Floodlight (floodlight.openflowhub.org),– HP Networking (www.procurve.com),
… różne inne miejsca w sieci.
Agenda
3
• Co to jest OpenFlow i sieć typu SDN– Definicja– Struktura protokołu– Model komunikacji– Zasada działnia
• OpenFlow i HP• Open Networking Fundation (ONF)• Demo
Co to jest protokół OpenFlow
5
• Software Defined Networking (SDN)– Nowa architektura sieci – Oddzielenie „control plane” od „forwarding hardware”.
– Umożliwienie aby „data plane” był zdefiniowany jako logiczny, centralny kontroler (lub zbiór kontrolerów).
• OpenFlow– Standardowy protokół komunikacyjny używany pomiędzy „control” i „data planes”.
Definicja
Transformacja sieci do modelu SDN
Specialized Packet
Forwarding Hardware
Feature
Feature
Specialized Packet
Forwarding Hardware
Specialized Packet
Forwarding Hardware
OperatingSystem
OperatingSystem
OperatingSystem
Network OS
Feature Feature
Feature
Feature
Feature
Feature
Elementy logiczne modelu SDN
Feature Feature
Network OS
OpenFlow – protokół definuijący przesyłanie pakietów,
Dobrze zdefiniowane API (~6000 RFC) Network OS – implementacja
mechanizmów i protokołów sieciowych
PacketForwarding
PacketForwarding
PacketForwarding
Elementy sieci typu SDNKontroler OF (Network OS)
Komunikacja out-of-band
Ruch produkcyjnysterowany przez protokół OF
Urządzenia sieciowewspierające OF
Elementy sieci typu SDN – Network OSResearch
– NOX (C++/Python),– Beacon (Java),– Floodlight (Java),– Trema (C/Ruby),
Commercial– ONIX [OSDI 2010, Google, Nicira, NEC]– HP The Openflow Management System
Komunikacja w OpenFlow1. Fizyczne urządzenia sieciowe rejestrują się w kontrolerze
OpenFlow,2. Protokół i port komunikacyjny TCP/6633,3. Opcja: TCP/6633 szyfrowane i autentykowane w SSL.4. Działanie Reaktywne lub Proaktywne
Zasada działania“If header = x, send to port 4”
“If header = ?, send to me”“If header = y, overwrite header with z, send to ports 5,6”
FlowTable
OpenFlow – Flow Table
OpenFlow – Flow TableQoS Actions – En-queue on a specific priority
queue – Rate limit using a specific meterForwarding Actions – Forward packet to ports– Forward via NORMAL processing– Flood along Spanning Tree– Drop packet– Send packet to controllerModify Actions – VLAN: set/strip VLAN, VLAN
priority– L2: set MAC source, set MAC
dest– L3: set IP source/dest, set IP ToS– L4: set TCP/UDP source/dest port
Match Rule Attributes Ingress port
MAC source address MAC destination address Ether Type VLAN ID VLAN PCP IPv4 source address IPv4 destination address IPv4 protocol TCP/UDP source port TCP/UDP destination port IPv4 ToS(wildcard or exact match on all
fields)
OpenFlow i HP
OpenFlow Switch SoftwareAvailable now!• Runs on these switches:
– HP 8200 Series– HP 6600 Series– HP 6200 Series– HP 5400 Series– HP 3500 Series
• Fully supported, controlled release this year
• Included as standard feature in production releases mid-CY12
• MRD in development and discussion for integration on A-series.
Key Contributor and Leader in Advancing the StandardHP’s Leadership in OpenFlow
– HP and Stanford began collaborating on Ethane—the predecessor to OpenFlow—in 2007
– HP developed the first commercial switch implementation of OpenFlow and demonstrated it with Stanford at the ACM SIGCOMM conference in 2008
– HP network switches are now the leading choice for academic and commercial researchers worldwide using OpenFlow technology.
– HP Labs formed a team of researchers focused on OpenFlow in 2008 and that team continues to contribute to the standard and publish research on solutions using OpenFlow
– HP is a member of the Open Networking Foundation – the newly formed standards body for OpenFlow and will continue to be a key contributor and leader in advancing the standard
– HP is a member of the SDN Interoperability Lab (InCNTRE at Indiana University) to ensure confidence in product interoperability and further advance the OpenFlow standard
“DevoFlow: Cost-Effective Flow Management for High Performance Enterprise Networks,”, HotNets, October 2010
“Network Integrated Transparent TCP Accelerator,” AINA, April 2010
"ElasticTree: Saving Energy in Datacenter Networks,” NSDI, April 2010
"Automated and Scalable QoS Control for Network Convergence," WREN/INM 2010 Workshop, held in conjunction with NSDI, April 2010.
“SPAIN: Design and Algorithms for Constructing Large Data-Center Ethernets from Commodity Switches,” HP Tech Report, 2009
"A Demonstration of Virtual Machine Mobility in an OpenFlow network" ACM SIGCOMM, (Best Demo Award), Seattle, WA, August 2008.
Examples of Early OpenFlow Adopters
17
• University/Commercial Research– Perform networking experiments in a large scale – Leverage parts of production network
• Cloud Providers– Optimized data center operation and management– Differentiate their services with OpenFlow capability to dynamically redirect traffic
• Campus Network– Virtualize the network for ease of management and enhanced security– Reduced cost to develop new capabilities
Customers and OpenFlow • Currently over 60 customers using HP OpenFlow
switches– 95% use OpenFlow in a research test bed, not a production network
– Test beds are modest sized networks with 5 – 20 switches– Nearly all are using the NOX controller– Many use LLDP and STP in their OpenFlow networks– Some are looking forward to deployments with 100,000+ users and 1,000+ switches
– Most are happy with OpenFlow1.0 – Requested extensions to OF protocol: ipv6, mac-in-mac, ip-in-ip, rate limiting, priority queue assignment, traffic shaping, discovery/capabilities
19
HP Virtual Service Network (VSN) Architecture
Management
Infrastructure
Controlappliance module softwareembedded
switches/routers security serviceswireless APs embedded apps
Network Services
virtualresources
virtual service networks
Resource Mgmt Provisioning
status control
HP OpenFlow in ActionOpenFlow Management Software
Flow Specsuser < > application
connections
Sue Smith Webcast Services
Services Specsservice levels: performance,
latency
Video
Sue Smith VideoWebcast Services
Virtual Service Network
WebcastServices
SueSmith
HP OpenFlow in Action
OpenFlow Controller
OpenFlow Management Software
ConnectionPolicies
Network WebcastServers
SueSmith
DeviceSettings
HP OpenFlow in ActionBy User
• Connections + Flow Specs
• Users/Paths per connection
HP OpenFlow in Action
• Connections + Flow Specs
• Users/Paths per connection
By Application
ONF
25
OpenFlow Enabled
Virtually all the ONF Members have made some type of announcement about supporting OpenFlow.
26
Competitive Landscape HighlightsCompany Data Plane Control Plane NotesBig Switch
Cisco
IBM Partnership with NEC to use their controller.
Juniper OpenFlow in JunOS SDK.
Marvell
NEC Only vendor with complete solution, but virtually no market share outside Japan.
Nicira
Pronto Systems
HP Available in ProCurve switches, under consideration in H3C. Interoperate with any controller.
Yes No Announcement Uncertain
Demo
UrządzeniaHP ProCurve 5400zl
UrządzeniaHP ProCurve 3500yl
Kontroler OFKonfiguracja• Linux Ubuntu 10.04.4 LTE,• C++ (gcc), Python, kde-libs• NOX (wersja „Destiny”)• NOX GUI
Uruchomienie./nox_core -v -i ptcp:6633 switch monitoring ... <moduły>
Zasady konfiguracji OF w przełącznikach HPKonfiguracja:
• Wymiana ruchu kontrolnego OpenFlow pomiędzy przełącznikiem a kontrolerem powinna odbywać się przez dedykowany VLAN.
• Dedykowany VLAN nie może być VLANem skonfigurowanym jako OpenFlow eksperyment,
• „VLAN 1” nie powinien być wykorzystywany jako „dedykowany VLAN”,• „VLAN 1” nie powinien być wykorzystywany jako OpenFlow eksperyment,
Tryb pracy urządzenia:• Każdy VLAN na przełączniku to oddzielny eksperyment OpenFlow,• VLAN Virtualization/Aggregate mode• Hybrydowy/Forward Normal/OF-only
Konfiguracja przełączników1. Dedykowany VLAN do
wymiany ruchu kontrolnego
2. VLAN skonfigurowany jako „OpenFlow eksperyment”
3. Włączenie OpenFlow dla VLANu
4. Konfiguracja kontrolera OpenFlow
5. Komendy „show”
vlan 10 name OFMgmtip address 172.16.10.1
255.255.255.0untagged 1-4
vlan 20 openflow controller tcp:172.16.10.1:6633
vlan 20 name OFExpuntagged 21-24tagged 11-14
vlan 20 openflow enable
show openflow versionshow openflowshow openflow 20 flowshow openflow rulesshow openflow 20
Topologia sieci
Thank you