Networking for the Cloud - Software Defined Networks
Content
Networking for the Cloud
Software Defined Networks - OpenFlow Approach
R.Mahalingam
Netcon Technologies India Pvt Ltd Coimbatore, India
Email: [email protected], Web: http://www.netcon.in
Traditional Network Architecture
• Control and Data Plane together
– Control Plane builds and maintains forwarding tables – Data plane forwards packets based on the table entries – Primarily destination based forwarding
Traditional Network
Control plane
Control traffic (RIP/OSPF/Bridging)
Data plane
• Static • No programmability to leverage modern cloud technologies • Device centric • Proprietary
Control plane
Data plane
Control plane
Data plane
Traditional Switch Control Plane
Control Algorithm (RIP/OSPF, Bridging) Forwarding tables Forwarding Decision
Uplink port
Data Plane Forwarding Plane
1
2
3
4
Ports
Can you do innovation in your campus network??
Experiments we’d like to do…
• New network protocols
– – – – – Application based forwarding Mobility management Network-wide energy management New naming/addressing schemes Network access control
• Problem with our networks
– – – – Paths are fixed (by the network) IP-only Addresses dictated by DNS, DHCP, etc No means to add our own processing
Software Defined Networking
SDN NETWORK
• •
Is an emerging and transforming networking architecture for Computer Networking In SDN Control plane and data planes are decoupled.
– Separate policy from Mechanism SDN Switch (only data/forwarding plane) Controller Open interface between switch & controller (e.g. OpenFlow) API for application integration and feature development
Applications
Features (FW, IPS, NMS, etc.)
API
Controller
(Routing, Policy Management)
•
4 Major components
– – – –
SDN Switch
Open Flow (logical tunnel) Server
• •
Network intelligence and state are logically centralized Underlying network infrastructure is abstracted from the applications.
SDN Switch
SDN Switch
•
OpenFlow is a leading technology frame work for SDN
SDN Switch Flow Table
Data Plane
1
2
3
4 Ports
What is OpenFlow?
• Open Flow is a network framework that centralizes the control plane of the network • Open flow is an open interface for controlling the forwarding tables in network switches, routers and access points remotely. • OpenFlow is specified by Open Networking Forum (ONF) • OpenFlow is a vendor neutral specification
Who drives Open Flow?
Open Flow Summary
• Separate Data From Control
– A standard protocol between data and control
• Define a “generalized flow” based data path
– Very flexible and generalized flow abstraction – Delayer or open up layers 1-7
OpenFlow Controller
Control Path *
Open flow
• Hierarchically centralized “open” controller with API
– For control and Management applications
Data Path (Hardware)
* Optional for Hybrid switch
• Virtualization of data & control planes • Backward compatible
– Though allows completely new header
OpenFlow Table Abstraction
Controller
Software Layer
OpenFlow Firmware
Flow Table
PC
MAC src Hardware Layer
* *
MAC dst
* *
IP Src
* 1.2.3.4
IP Dst
5.6.7.8 *
TCP TCP Action sport dport
* * * 80 port 1 port 5 port 5
Proxy Server
port 1
port 2
port 3
port 4
5.6.7.8
1.2.3.4
Flow Table Entry
Rule Action Stats
Packet + byte counters
1. 2. 3. 4. 5.
Forward packet to port(s) Encapsulate and forward to controller Drop packet Send to normal processing pipeline Modify Fields
Switch Port
VLAN ID
MAC src
MAC dst
Eth type
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
+ mask what fields to match
Putting it all together…
SDN LAN Architecture
Logically-centralized control Smart, slow
Open Interface (e.g., OpenFlow)
Dumb, fast Switches
The SDN advantage
• • • • Better network visibility Better control Better security Dynamic Provisioning of Networks No need to program 100s and 1000s of switches in large network • Application programmability • New protocols • Seamless network virtualization
Cloud Network Challenge
• Cloud is an advanced evolution of virtualization • Physical machines have 100s of virtual machines • A standard virtual switch enables communication between virtual servers
– – – – – – Control plane requires additional hardware resources Each virtual switch need to be statically configured Virtual servers are created/modified/deleted dynamically Is the network programmable to handle this dynamic environment? Which is the bottle neck? Network? Limitations
• VLAN limit (4096) – Why 4096? • Spanning tree • VM mobility issues – You need the same VLAN extended to multiple physical switches
Networking for the cloud – SDN
• The solution is Open Flow based virtual switch
– – – – No need of VLANs or Spanning Tree Dynamically Programmable Absolute control Only lightweight forwarding engine at the virtual switch – Examples: Open-V Switch
Typical Architecture
Image Source: www.bigswitch.com
OpenStack and SDN
• • OpenStack is a cloud provisioning tool OpenFlow based SDN can be integrated with OpenStack – To provide true Infrastructure As A service (IAAS)
• • • • CPU Memory Storage Network
– Dynamically provision the network resources
Image Source: www.openstack.org
Building your own SDN
• SDN is not expensive • You do not require special hardware • Open Source tools are available.
– E.g. Floodlight controller, NOX, Beacon
• Standard vendors offer OpenFlow based switches
– Extreme, HP, Arista etc – Even some low end COTS switches can be programmed with OpenFlow firmware!!
• It is great fun to experiment this new technology
OpenFlow Testbed
vSwitch with Openflow OpenFlow OpenFlow Switch (Extreme/HP /Netgear/Arista)
OpenFlow
Experimenter’s Dream
(Vendor’s Nightmare)
sw Network hw Processing
Standard
Userdefined Processing
Experimenter writes experimental code on switch/router
Clean Slate Program http://cleanslate.stanford.edu
References
1. Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, Jonathan Turner, Open Flow: Enabling Innovation in Campus Networks, http://www.openflow.org Open Network Foundation, “Software Defined Networks: New form of Networks”, http://www.openflownetworking.org, 2012 OpenFlow Specification 1.3.1, http://www.opennetworking.org Phillip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, Guofei Gu, “A Security Enforcement Kernel for OpenFlow Networks”, ACM SIGCOMM Helsinki, 2012 M. Canini, D. Venzano, P. Peresini, D. Kostic, and J. Rexford. A NICE Way to Test OpenFlow Applications. In Proceedings of the Symposium on Network Systems Design and Implementation, 2012. M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker. Ethane: Taking Control of the Enterprise. In Proceedings of ACM SIGCOMM, 2007. M. Casado, T. Garfinkel, M. Freedman, A. Akella, D. Boneh, N. McKeowon, and S. Shenker. SANE: A Protection Architecture for Enterprise Networks. In Proceedings of the Usenix Security Symposium, 2006. http://h17007.www1.hp.com/in/en/solutions/technology/openflow/index.aspx http://www.cisco.com/web/solutions/trends/open_network_environment/open_networking.html 2. 3. 4. 5. 6. 7. 8. 9.
22
Software Defined Networks - OpenFlow Approach
R.Mahalingam
Netcon Technologies India Pvt Ltd Coimbatore, India
Email: [email protected], Web: http://www.netcon.in
Traditional Network Architecture
• Control and Data Plane together
– Control Plane builds and maintains forwarding tables – Data plane forwards packets based on the table entries – Primarily destination based forwarding
Traditional Network
Control plane
Control traffic (RIP/OSPF/Bridging)
Data plane
• Static • No programmability to leverage modern cloud technologies • Device centric • Proprietary
Control plane
Data plane
Control plane
Data plane
Traditional Switch Control Plane
Control Algorithm (RIP/OSPF, Bridging) Forwarding tables Forwarding Decision
Uplink port
Data Plane Forwarding Plane
1
2
3
4
Ports
Can you do innovation in your campus network??
Experiments we’d like to do…
• New network protocols
– – – – – Application based forwarding Mobility management Network-wide energy management New naming/addressing schemes Network access control
• Problem with our networks
– – – – Paths are fixed (by the network) IP-only Addresses dictated by DNS, DHCP, etc No means to add our own processing
Software Defined Networking
SDN NETWORK
• •
Is an emerging and transforming networking architecture for Computer Networking In SDN Control plane and data planes are decoupled.
– Separate policy from Mechanism SDN Switch (only data/forwarding plane) Controller Open interface between switch & controller (e.g. OpenFlow) API for application integration and feature development
Applications
Features (FW, IPS, NMS, etc.)
API
Controller
(Routing, Policy Management)
•
4 Major components
– – – –
SDN Switch
Open Flow (logical tunnel) Server
• •
Network intelligence and state are logically centralized Underlying network infrastructure is abstracted from the applications.
SDN Switch
SDN Switch
•
OpenFlow is a leading technology frame work for SDN
SDN Switch Flow Table
Data Plane
1
2
3
4 Ports
What is OpenFlow?
• Open Flow is a network framework that centralizes the control plane of the network • Open flow is an open interface for controlling the forwarding tables in network switches, routers and access points remotely. • OpenFlow is specified by Open Networking Forum (ONF) • OpenFlow is a vendor neutral specification
Who drives Open Flow?
Open Flow Summary
• Separate Data From Control
– A standard protocol between data and control
• Define a “generalized flow” based data path
– Very flexible and generalized flow abstraction – Delayer or open up layers 1-7
OpenFlow Controller
Control Path *
Open flow
• Hierarchically centralized “open” controller with API
– For control and Management applications
Data Path (Hardware)
* Optional for Hybrid switch
• Virtualization of data & control planes • Backward compatible
– Though allows completely new header
OpenFlow Table Abstraction
Controller
Software Layer
OpenFlow Firmware
Flow Table
PC
MAC src Hardware Layer
* *
MAC dst
* *
IP Src
* 1.2.3.4
IP Dst
5.6.7.8 *
TCP TCP Action sport dport
* * * 80 port 1 port 5 port 5
Proxy Server
port 1
port 2
port 3
port 4
5.6.7.8
1.2.3.4
Flow Table Entry
Rule Action Stats
Packet + byte counters
1. 2. 3. 4. 5.
Forward packet to port(s) Encapsulate and forward to controller Drop packet Send to normal processing pipeline Modify Fields
Switch Port
VLAN ID
MAC src
MAC dst
Eth type
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
+ mask what fields to match
Putting it all together…
SDN LAN Architecture
Logically-centralized control Smart, slow
Open Interface (e.g., OpenFlow)
Dumb, fast Switches
The SDN advantage
• • • • Better network visibility Better control Better security Dynamic Provisioning of Networks No need to program 100s and 1000s of switches in large network • Application programmability • New protocols • Seamless network virtualization
Cloud Network Challenge
• Cloud is an advanced evolution of virtualization • Physical machines have 100s of virtual machines • A standard virtual switch enables communication between virtual servers
– – – – – – Control plane requires additional hardware resources Each virtual switch need to be statically configured Virtual servers are created/modified/deleted dynamically Is the network programmable to handle this dynamic environment? Which is the bottle neck? Network? Limitations
• VLAN limit (4096) – Why 4096? • Spanning tree • VM mobility issues – You need the same VLAN extended to multiple physical switches
Networking for the cloud – SDN
• The solution is Open Flow based virtual switch
– – – – No need of VLANs or Spanning Tree Dynamically Programmable Absolute control Only lightweight forwarding engine at the virtual switch – Examples: Open-V Switch
Typical Architecture
Image Source: www.bigswitch.com
OpenStack and SDN
• • OpenStack is a cloud provisioning tool OpenFlow based SDN can be integrated with OpenStack – To provide true Infrastructure As A service (IAAS)
• • • • CPU Memory Storage Network
– Dynamically provision the network resources
Image Source: www.openstack.org
Building your own SDN
• SDN is not expensive • You do not require special hardware • Open Source tools are available.
– E.g. Floodlight controller, NOX, Beacon
• Standard vendors offer OpenFlow based switches
– Extreme, HP, Arista etc – Even some low end COTS switches can be programmed with OpenFlow firmware!!
• It is great fun to experiment this new technology
OpenFlow Testbed
vSwitch with Openflow OpenFlow OpenFlow Switch (Extreme/HP /Netgear/Arista)
OpenFlow
Experimenter’s Dream
(Vendor’s Nightmare)
sw Network hw Processing
Standard
Userdefined Processing
Experimenter writes experimental code on switch/router
Clean Slate Program http://cleanslate.stanford.edu
References
1. Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, Jonathan Turner, Open Flow: Enabling Innovation in Campus Networks, http://www.openflow.org Open Network Foundation, “Software Defined Networks: New form of Networks”, http://www.openflownetworking.org, 2012 OpenFlow Specification 1.3.1, http://www.opennetworking.org Phillip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, Guofei Gu, “A Security Enforcement Kernel for OpenFlow Networks”, ACM SIGCOMM Helsinki, 2012 M. Canini, D. Venzano, P. Peresini, D. Kostic, and J. Rexford. A NICE Way to Test OpenFlow Applications. In Proceedings of the Symposium on Network Systems Design and Implementation, 2012. M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker. Ethane: Taking Control of the Enterprise. In Proceedings of ACM SIGCOMM, 2007. M. Casado, T. Garfinkel, M. Freedman, A. Akella, D. Boneh, N. McKeowon, and S. Shenker. SANE: A Protection Architecture for Enterprise Networks. In Proceedings of the Usenix Security Symposium, 2006. http://h17007.www1.hp.com/in/en/solutions/technology/openflow/index.aspx http://www.cisco.com/web/solutions/trends/open_network_environment/open_networking.html 2. 3. 4. 5. 6. 7. 8. 9.
22
