Software Defined Networks

(SDN)/ OpenFlow
Experience sharing
Baraki H. Abay
Nov 04,2011
Outline
1. Legacy Networks
2. Software defined networks
 Motivation ,Architecture, Principles,
3. OpenFlow
 Principles, Architecture
 OpenFlow Basics- Flow table, controller, protocol
 How it works
 Centralized vs Distributed, Aggregated vs Flow based, Proactive
vs Reactive
 Network Slicing - FlowVisor
 How to get started to play with OpenFlow
4. Industry trends
5. Demo screen shoots
Current Networking Scheme
Fully distributed protocols - hard to add a feature to a
network
Network is closed for research and innovation
Network administrators and Researchers
can only configure devices
Software is embedded in Industry
Data plan and control plan in the
same device
 Routers and switches are locked
Packet forwarding and decision
controlled by underlined switched and
routers
Closed System Ap Ap Ap
Ap Ap Ap
p
p p
p p
p

Operating
Operating
System
System
Packet
Packet
Forwarding
Forwarding
Hardware
Hardware

Ap
Ap Ap
Ap Ap
Ap
p
p p
p p
p

Operating
Operating
System
System
Packet
Packet
Forwarding
Forwarding
Hardware
Hardware Ap Ap Ap
Ap Ap Ap
p p p
p p p

Operating
Operating
System
System
Ap
Ap Ap
Ap Ap
Ap Packet
Packet
p
p p
p p
p
Forwarding
Forwarding
Operating
Operating Hardware
Hardware
System
System
Hardwared
Hardwared
Packet
Packet
Forwarding
Forwarding
Mitigation approach
Open Development environment for Networking
Isolation:
regular production Network untouched
Virtualized and Programmable networks

Software Defined Networking (SDN)

 Software Defined Networking(SDN)

Network Architecture to remotely control

network hardware with software
To open the closed network
Enables innovations by researchers,
operators, application/service providers
Managed by Open Network Foundation
(ONF)

6
SDN Architecture Principles
1. Separation of data and control
planes
 well defined API/protocol

between the two

API
2. Logically centralized control
plane
 with an open API for network
applications and services ControlPath(Software)
Control Protocol
3. Network slicing and Path
virtualization Data Path (Hardware)
 to support experimentation on a
production network.
 Software Defined Networking Principles
2. Operating
3. Open API App System
App App

Network Operating System

1. Open Interface to HW

Ap Ap Ap
Ap Ap Ap
p p p
p p p

Operating
Operating
System
System
Packet
Packet
Ap
Ap
Ap
Ap
Ap
Ap Forwarding
Forwarding
p p p
p p p Hardware
Hardware
Operating
Operating
System
System
Packet
Packet
Forwarding
Forwarding
Hardware
Hardware Ap
Ap Ap
Ap Ap
Ap
p
p p
p p
p

Ap
Ap
Ap
Ap
Ap
Ap
Operating
Operating
p p p
p p p System
System
Operating Packet
Packet
Operating
System
System Forwarding
Forwarding
Hardware
Hardware
Hardware
Hardware Packet
Packet
Forwarding
Forwarding
OpenFlow
What is OpenFlow?

“OpenFlow is an open standard

to deploy innovative protocols
in production networks”

openflow.org
OpenFlow
Motivation
Network changes are sluggish
The need for programmable networks
Goal
Use a centralized controller to determine traffic
forwarding
Principle
Separate control plane from data plane
OpenFlow
SDN protocol(API) that modifies forwarding tables in
network switches.
Added as a feature to commercial Ethernet switches,
routers and wireless access points
Developed by Stanford University
Sits between a switch and controller
Allows the path of network packets through the
network of switches to be determined by software
running on a separate server
OpenFlow
Vendor independent
Protocol is open source

Version status
 OF 1.0 : most widely used version
OF 1.1: multiple tables and counters
OF 1.2 : Wire protocol IPv6, basic configuration
OF 1.3 : Topology discovery, test processes
OF 1.4 : capability discovery , test labs
Classic Switch Vs OpenFlow Switch
Classic Switch/Router
 Data path and control path
occur on the same device
 Data path- packet forwarding
path
 Control path- routing
decisions
OpenFlow Enabled
Switch/Router
 Separates the data path and
control path
 Data path portion still
resides on the switch
 High level routing decisions
reside in controller
 The OpenFlow switch and
the controller communicate
via the OpenFlow protocol
 OpenFlow Specification Basics
Consists at least three parts
Flow Table – define how the switch will process each flow
Secure Channel –to connect to controller
OpenFlow Protocol(API) Controller

( SSL) PC
tocol
Pro
OpenFlow Switch p en Flow
O
sw Secure •Flow table are set up on
Channel switches
•Controller talk to the
Flow switch via the OpenFlow
hw protocol
Table
 Flow table Entry
Flow table consists of set of entries to compare incoming
packets against
Each flow entry consist of match fields, counters, actions
Matching starts at the first flow table
Flow entries match in priority order
Match found
 Apply the instructions
Match not found
forwarded to the controller over the OpenFlow channel,
dropped
may continue to the next flow table
Table entry
Rule Action Stats

•Per table
Packet + byte counters •Per flow
•Per table

1. Forward packet to port(s)

2. Encapsulate and forward to controller
3. Drop packet
4. Send to normal processing pipeline

Switch MAC MAC Eth VLAN IP IP IP TCP TCP

Port src dst type ID Src Dst Prot sport dport
Actions:
1. Switching and routing
2. Firewall
3. Using non-OpenFlow
logic
4. Send to controller
Secure channel Controller

OpenFlow Switch col(SSL) PC

roto
w P
en Flo
Secure Op
sw Channel
Flow
hw
Table

SSL Connection, site-specific key

Controller discovery protocol
Encapsulate packets for controller
Send link/port state to controller
 OpenFlow Protocol Message Types
Controller-to-switch
 To directly manage or inspect the state of the switch
 may or may not require a response from the switch
 Operations/msg types: features, configuration, Ready-State,

Modify-State, barrier
Asynchronous
 To update the controller of network events and changes to the
switch state.
 sent without the controller soliciting them from a switch
 To tell controller a packet arrival, switch state change, or error

 Msg. types: Packet-in ,Flow-Removed , Port-status, Error

 Symmetric – Msg. types: Hello , Echo, Experimenter
The OpenFlow controller
Remotely control and manipulate flow table in switches
Available open-source controllers
NOX
Beacon
SNAC
FlowVisor- a special type of controller
 Act as a proxy between OpenFlow switches and multiple
controllers
 Slices network resource and delegate controller to each
How OpenFlow
works ?
 Send to
Switch No controller over
Packet In Check match secure channel
from matchin
network g
Match
Apply Actions

Controller

•Extract the destination address of the packet

Packet In •Define a table entry to create a path for the
from packet
switch •Send message to each switch in the path the
packet will traverse
 10.5.0.2 192.10.0.2

2
.0.
68
192.10.0.1

.1
192
Statistics 10.4.0.2
Action
Rule

192.168.0.1 Entry
OFS Available?
192.168.0.2
10.4.0.2
OFS
Rule Action Statistics

OFS

Inst.
rule
Rule Action Statistics Ins
rul t. PC
e 10.4.0.2
OFS Inst.
Rule Action Statistics rule

Controller

192.168.0.2
10.4.0.2
 Flow match Examples
Flow Rule(match) Action
Controller Usage Models
Centralized vs Distributed control
Centralized Control Distributed Conrol
Controller
Controller
PC PC
OFS OFS Controller

PC

Controller
OFS
OFS OFS PC
OFS
 Flow Routing vs Aggregation
Flow-based
 Every flow is individually set
up by controller
 Exact match flow entries
 Flow table contains one entry
per flow
 Good for fine grain control
Aggregated
 One flow entry covers large
groups of flows
 Wildcard flow entries
 Flow table contains one entry
per category of flows
 Good for large # of flows
Reactive vs Proactive
Reactive
 First packet of flow triggers
controller to insert flow entries
 Efficient use of flow table
 Every flow incurs small
additional set up time
 Switch has limited utility of
connection control is lost
Proactive
 Controller pre-populates flow
table in switch
 Zero additional flow set up
time
 Loss of control connection
doesn’t disrupt connection
 Requires aggregated rules
 Open Controllers
Controller name Language Platform

NOX C++, Python Linux

Beacon Java Win, Mac, Linux, Android

Maestro Java Win, Mac, Linux

Trema Ruby, C Linux

Network Slicing concept
 Divide the production network into logical slices
 each slice/service controls its own packet forwarding

Multiple controllers (NOS)

Slicing Layer

Switch data
plane
 FlowVisor
A tool for slicing OpenFlow Networks
creating multiple isolated and programmable logical
networks on the same physical topology
Puts Slicing Policies
 The policy specifies resource limits for each slice:
– Link bandwidth
– Maximum number of forwarding rules
– Topology
– Fraction of switch/router CPU
Virtual networks through FlowVisor
Research 2
Research 1 controller Prod. nkt controller controller
PC PC PC

OpenFlow
protocol
OFS
OpenFlow
protocol
Flow Visor

FlowSpace: Maps Packets

to Slices
Topology discovery is per slice
OFS OFS
OpenFlow gains
Increased network control
Increased Network in flexibility
Shared Infrastructure – make innovation easier
 Current network infrastructure, LAN and WAN, does not
allow for much experimenting. In many cases, it is a
production network, there are firmware limitations, or
both
Some OpenFlow applications
Wireless mobility/migration
 Redirect specific application traffic to remote site
Network Virtualization
Power management
Load balancing
Traffic engineering
Security Applications
Load balancing
Firewall
Current version OpenFlow limitations
Non-flow-based(per-packet) networking
Use all tables on switch chips
New forwarding primitives
New packet formats/field definitions
Low-setup time individual flows
But can push flows proactively
 Industry support
Many vendors implemented OpenFlow in their devices
 How to get started with OpenFlow
Switch
Software switches
 Linux User-space Switch
 Reference Linux Kernel-space Switch
 Open vSwitch

Hardware switches
 OpenFlow enabled commercial switches – ex. pronto
Controller
 Reference Learning Switch Controller
 NOX, Beacon, SNAC
What can we do with OpenFlow
Write- configure – deploy
Experimenting our networks
Develop network applications on top of existing
controllers (ex. NOX, Beacon)
Customize controllers
Extend existing controllers
Developing our own controller
Example Developing on NOX
Basics – components and events
Develop components that handle events
Components can be developed using
C++
Python or
 Combination of them
NOX built-in component
 Core apps
 Network apps
 Web apps
 Third-part y extensions
Example – a component
Events
Drives execution in NOX
Core events
 Data_path_join event, Packet_in_event
Application events
 Host_in event, flow_in event etc

post events for other

applications to handle

Register for packet_in event

OpenFlow Practice
Using virtual machines
Required softwares
Virtualization software (Virtual box)
X server - (windows Xming , max X11, linux X server
installed)
Development tools
 Mininet
Wireshark
 Benchmark Controller w/iperf
What can we do in the tutorial
Create learning switch
NOX controller (Python, C++)
Beacon (java)
Control a Slice of a real Network
Creating router
Creating Firewall
Some
Demos
Dynamic Flow Aggregation on an OpenFlow Network
Dynamically define flow granularity by wildcarding arbitrary Header
fields
Granularity is on the switch flow entries, no packet rewrite or
encapsulation
 Elastic Tree: reducing energy in data centers

Shuts off links and switches to

reduce data center power
OpenFlow provides network
routes and port statistics
 Some OpenFlow Demos
Aster*x: Load-Balancing Web Traffic over Wide-Area Networks

 load balancing system for services

hosted in different services
 considers network congestion and
server load
 handles the dynamical adding and
removing of resources

By Stanford
OFELIA - Pan-European Test Facility for OpenFlow
Experimentation

test facility for network

experiments based on OpenFlow
allows the dynamic creation of
virtual machines to be used as
sources, sinks, and controllers for
OpenFlow switches
 Network Virtualization using EXOS OpenFlow

 flexible definitions of virtual

networks,
dynamic scaling of the virtual
networks, and
 isolation of the virtual networks
from physical network changes.
Industry trend
Increased interest
In Data centers
Service providers
 For example to slice their networks based on bandwidth
Enterprise networks
Questions?
References
http://www.openflow.org/
http://opennetsummit.org/
Openflow white paper
http://noxrepo.org/wp/
Slides from
 Brandon Heller (stanford)
 SriniSeetharaman
 Martin Casado
 Internet2 Joint Techs – Clemson
 Open Network Summit 2011 talks and slides