©2011Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice

Protokół OpenFlow

• w służbie Software Defined Networks (SDN)

Piotr Gierz Architekt Rozwiązań Sieciowych

Źródła:

2

• Materiały, informacje:– OpenFlow (www.openflow.org,)– ONF (www.opennetworking.org),– NOX (www.noxrepo.org),– Floodlight (floodlight.openflowhub.org),– HP Networking (www.procurve.com),

… różne inne miejsca w sieci.

Agenda

3

• Co to jest OpenFlow i sieć typu SDN– Definicja– Struktura protokołu– Model komunikacji– Zasada działnia

• OpenFlow i HP• Open Networking Fundation (ONF)• Demo

Co to jest protokół OpenFlow

5

• Software Defined Networking (SDN)– Nowa architektura sieci – Oddzielenie „control plane” od „forwarding hardware”.

– Umożliwienie aby „data plane” był zdefiniowany jako logiczny, centralny kontroler (lub zbiór kontrolerów).

• OpenFlow– Standardowy protokół komunikacyjny używany pomiędzy „control” i „data planes”.

Definicja

Transformacja sieci do modelu SDN

Specialized Packet

Forwarding Hardware

Feature

Feature

Specialized Packet

Forwarding Hardware

Specialized Packet

Forwarding Hardware

OperatingSystem

OperatingSystem

OperatingSystem

Network OS

Feature Feature

Feature

Feature

Feature

Feature

Elementy logiczne modelu SDN

Feature Feature

Network OS

OpenFlow – protokół definuijący przesyłanie pakietów,

Dobrze zdefiniowane API (~6000 RFC) Network OS – implementacja

mechanizmów i protokołów sieciowych

PacketForwarding

PacketForwarding

PacketForwarding

Elementy sieci typu SDNKontroler OF (Network OS)

Komunikacja out-of-band

Ruch produkcyjnysterowany przez protokół OF

Urządzenia sieciowewspierające OF

Elementy sieci typu SDN – Network OSResearch

– NOX (C++/Python),– Beacon (Java),– Floodlight (Java),– Trema (C/Ruby),

Commercial– ONIX [OSDI 2010, Google, Nicira, NEC]– HP The Openflow Management System

Komunikacja w OpenFlow1. Fizyczne urządzenia sieciowe rejestrują się w kontrolerze

OpenFlow,2. Protokół i port komunikacyjny TCP/6633,3. Opcja: TCP/6633 szyfrowane i autentykowane w SSL.4. Działanie Reaktywne lub Proaktywne

Zasada działania“If header = x, send to port 4”

“If header = ?, send to me”“If header = y, overwrite header with z, send to ports 5,6”

FlowTable

OpenFlow – Flow Table

OpenFlow – Flow TableQoS Actions – En-queue on a specific priority

queue – Rate limit using a specific meterForwarding Actions – Forward packet to ports– Forward via NORMAL processing– Flood along Spanning Tree– Drop packet– Send packet to controllerModify Actions – VLAN: set/strip VLAN, VLAN

priority– L2: set MAC source, set MAC

dest– L3: set IP source/dest, set IP ToS– L4: set TCP/UDP source/dest port

Match Rule Attributes Ingress port

MAC source address MAC destination address Ether Type VLAN ID VLAN PCP IPv4 source address IPv4 destination address IPv4 protocol TCP/UDP source port TCP/UDP destination port IPv4 ToS(wildcard or exact match on all

fields)

OpenFlow i HP

OpenFlow Switch SoftwareAvailable now!• Runs on these switches:

– HP 8200 Series– HP 6600 Series– HP 6200 Series– HP 5400 Series– HP 3500 Series

• Fully supported, controlled release this year

• Included as standard feature in production releases mid-CY12

• MRD in development and discussion for integration on A-series.

Key Contributor and Leader in Advancing the StandardHP’s Leadership in OpenFlow

– HP and Stanford began collaborating on Ethane—the predecessor to OpenFlow—in 2007

– HP developed the first commercial switch implementation of OpenFlow and demonstrated it with Stanford at the ACM SIGCOMM conference in 2008

– HP network switches are now the leading choice for academic and commercial researchers worldwide using OpenFlow technology.

– HP Labs formed a team of researchers focused on OpenFlow in 2008 and that team continues to contribute to the standard and publish research on solutions using OpenFlow

– HP is a member of the Open Networking Foundation – the newly formed standards body for OpenFlow and will continue to be a key contributor and leader in advancing the standard

– HP is a member of the SDN Interoperability Lab (InCNTRE at Indiana University) to ensure confidence in product interoperability and further advance the OpenFlow standard

“DevoFlow: Cost-Effective Flow Management for High Performance Enterprise Networks,”, HotNets, October 2010

“Network Integrated Transparent TCP Accelerator,” AINA, April 2010

"ElasticTree: Saving Energy in Datacenter Networks,” NSDI, April 2010

"Automated and Scalable QoS Control for Network Convergence," WREN/INM 2010 Workshop, held in conjunction with NSDI, April 2010.

“SPAIN: Design and Algorithms for Constructing Large Data-Center Ethernets from Commodity Switches,” HP Tech Report, 2009

"A Demonstration of Virtual Machine Mobility in an OpenFlow network" ACM SIGCOMM, (Best Demo Award), Seattle, WA, August 2008.

Examples of Early OpenFlow Adopters

17

• University/Commercial Research– Perform networking experiments in a large scale – Leverage parts of production network

• Cloud Providers– Optimized data center operation and management– Differentiate their services with OpenFlow capability to dynamically redirect traffic

• Campus Network– Virtualize the network for ease of management and enhanced security– Reduced cost to develop new capabilities

Customers and OpenFlow • Currently over 60 customers using HP OpenFlow

switches– 95% use OpenFlow in a research test bed, not a production network

– Test beds are modest sized networks with 5 – 20 switches– Nearly all are using the NOX controller– Many use LLDP and STP in their OpenFlow networks– Some are looking forward to deployments with 100,000+ users and 1,000+ switches

– Most are happy with OpenFlow1.0 – Requested extensions to OF protocol: ipv6, mac-in-mac, ip-in-ip, rate limiting, priority queue assignment, traffic shaping, discovery/capabilities

19

HP Virtual Service Network (VSN) Architecture

Management

Infrastructure

Controlappliance module softwareembedded

switches/routers security serviceswireless APs embedded apps

Network Services

virtualresources

virtual service networks

Resource Mgmt Provisioning

status control

HP OpenFlow in ActionOpenFlow Management Software

Flow Specsuser < > application

connections

Sue Smith Webcast Services

Services Specsservice levels: performance,

latency

Video

Sue Smith VideoWebcast Services

Virtual Service Network

WebcastServices

SueSmith

HP OpenFlow in Action

OpenFlow Controller

OpenFlow Management Software

ConnectionPolicies

Network WebcastServers

SueSmith

DeviceSettings

HP OpenFlow in ActionBy User

• Connections + Flow Specs

• Users/Paths per connection

HP OpenFlow in Action

• Connections + Flow Specs

• Users/Paths per connection

By Application

ONF

25

OpenFlow Enabled

Virtually all the ONF Members have made some type of announcement about supporting OpenFlow.

26

Competitive Landscape HighlightsCompany Data Plane Control Plane NotesBig Switch

Cisco

IBM Partnership with NEC to use their controller.

Juniper OpenFlow in JunOS SDK.

Marvell

NEC Only vendor with complete solution, but virtually no market share outside Japan.

Nicira

Pronto Systems

HP Available in ProCurve switches, under consideration in H3C. Interoperate with any controller.

Yes No Announcement Uncertain

Demo

UrządzeniaHP ProCurve 5400zl

UrządzeniaHP ProCurve 3500yl

Kontroler OFKonfiguracja• Linux Ubuntu 10.04.4 LTE,• C++ (gcc), Python, kde-libs• NOX (wersja „Destiny”)• NOX GUI

Uruchomienie./nox_core -v -i ptcp:6633 switch monitoring ... <moduły>

Zasady konfiguracji OF w przełącznikach HPKonfiguracja:

• Wymiana ruchu kontrolnego OpenFlow pomiędzy przełącznikiem a kontrolerem powinna odbywać się przez dedykowany VLAN.

• Dedykowany VLAN nie może być VLANem skonfigurowanym jako OpenFlow eksperyment,

• „VLAN 1” nie powinien być wykorzystywany jako „dedykowany VLAN”,• „VLAN 1” nie powinien być wykorzystywany jako OpenFlow eksperyment,

Tryb pracy urządzenia:• Każdy VLAN na przełączniku to oddzielny eksperyment OpenFlow,• VLAN Virtualization/Aggregate mode• Hybrydowy/Forward Normal/OF-only

Konfiguracja przełączników1. Dedykowany VLAN do

wymiany ruchu kontrolnego

2. VLAN skonfigurowany jako „OpenFlow eksperyment”

3. Włączenie OpenFlow dla VLANu

4. Konfiguracja kontrolera OpenFlow

5. Komendy „show”

vlan 10 name OFMgmtip address 172.16.10.1

255.255.255.0untagged 1-4

vlan 20 openflow controller tcp:172.16.10.1:6633

vlan 20 name OFExpuntagged 21-24tagged 11-14

vlan 20 openflow enable

show openflow versionshow openflowshow openflow 20 flowshow openflow rulesshow openflow 20

Topologia sieci

Thank you