Networking for the Cloud

Software Defined Networks - OpenFlow Approach

R.Mahalingam
Netcon Technologies India Pvt Ltd Coimbatore, India
Email: maha@netcon.in, Web: http://www.netcon.in

Traditional Network Architecture

Control and Data Plane together
Control Plane builds and maintains forwarding tables Data plane forwards packets based on the table entries Primarily destination based forwarding
Traditional Network
Control plane
Control traffic (RIP/OSPF/Bridging)

Data plane

Static No programmability to leverage modern cloud technologies Device centric Proprietary

Control plane

Data plane

Control plane

Data plane

Traditional Switch Control Plane

Control Algorithm (RIP/OSPF, Bridging) Forwarding tables Forwarding Decision

Uplink port

Data Plane Forwarding Plane

Ports

Can you do innovation in your campus network??

Experiments wed like to do

New network protocols

Application based forwarding Mobility management Network-wide energy management New naming/addressing schemes Network access control

Problem with our networks

Paths are fixed (by the network) IP-only Addresses dictated by DNS, DHCP, etc No means to add our own processing

Software Defined Networking

SDN NETWORK

Is an emerging and transforming networking architecture for Computer Networking In SDN Control plane and data planes are decoupled.
Separate policy from Mechanism SDN Switch (only data/forwarding plane) Controller Open interface between switch & controller (e.g. OpenFlow) API for application integration and feature development

Applications

Features (FW, IPS, NMS, etc.)

API
Controller
(Routing, Policy Management)

4 Major components

SDN Switch
Open Flow (logical tunnel) Server

Network intelligence and state are logically centralized Underlying network infrastructure is abstracted from the applications.

SDN Switch

SDN Switch

OpenFlow is a leading technology frame work for SDN

SDN Switch Flow Table

Data Plane

4 Ports

What is OpenFlow?
Open Flow is a network framework that centralizes the control plane of the network Open flow is an open interface for controlling the forwarding tables in network switches, routers and access points remotely. OpenFlow is specified by Open Networking Forum (ONF) OpenFlow is a vendor neutral specification

Who drives Open Flow?

Open Flow Summary

Separate Data From Control
A standard protocol between data and control

Define a generalized flow based data path

Very flexible and generalized flow abstraction Delayer or open up layers 1-7

OpenFlow Controller

Control Path *

Open flow

Hierarchically centralized open controller with API

For control and Management applications

Data Path (Hardware)

* Optional for Hybrid switch

Virtualization of data & control planes Backward compatible

Though allows completely new header

OpenFlow Table Abstraction

Controller
Software Layer

OpenFlow Firmware
Flow Table

PC

MAC src Hardware Layer

* *

MAC dst
* *

IP Src
* 1.2.3.4

IP Dst
5.6.7.8 *

TCP TCP Action sport dport

* * * 80 port 1 port 5 port 5
Proxy Server

port 1

port 2

port 3

port 4

5.6.7.8

1.2.3.4

Flow Table Entry

Rule Action Stats

Packet + byte counters

1. 2. 3. 4. 5.

Forward packet to port(s) Encapsulate and forward to controller Drop packet Send to normal processing pipeline Modify Fields

Switch Port

VLAN ID

MAC src

MAC dst

Eth type

IP Src

IP Dst

IP Prot

TCP sport

TCP dport

+ mask what fields to match

Putting it all together

SDN LAN Architecture

Logically-centralized control Smart, slow

Open Interface (e.g., OpenFlow)

Dumb, fast Switches

The SDN advantage

Better network visibility Better control Better security Dynamic Provisioning of Networks No need to program 100s and 1000s of switches in large network Application programmability New protocols Seamless network virtualization

Cloud Network Challenge

Cloud is an advanced evolution of virtualization Physical machines have 100s of virtual machines A standard virtual switch enables communication between virtual servers
Control plane requires additional hardware resources Each virtual switch need to be statically configured Virtual servers are created/modified/deleted dynamically Is the network programmable to handle this dynamic environment? Which is the bottle neck? Network? Limitations
VLAN limit (4096) Why 4096? Spanning tree VM mobility issues You need the same VLAN extended to multiple physical switches

Networking for the cloud SDN

The solution is Open Flow based virtual switch

No need of VLANs or Spanning Tree Dynamically Programmable Absolute control Only lightweight forwarding engine at the virtual switch Examples: Open-V Switch

Typical Architecture

Image Source: www.bigswitch.com

OpenStack and SDN

OpenStack is a cloud provisioning tool OpenFlow based SDN can be integrated with OpenStack To provide true Infrastructure As A service (IAAS)
CPU Memory Storage Network

Dynamically provision the network resources

Image Source: www.openstack.org

Building your own SDN

SDN is not expensive You do not require special hardware Open Source tools are available.
E.g. Floodlight controller, NOX, Beacon

Standard vendors offer OpenFlow based switches

Extreme, HP, Arista etc Even some low end COTS switches can be programmed with OpenFlow firmware!!

It is great fun to experiment this new technology

OpenFlow Testbed

vSwitch with Openflow OpenFlow OpenFlow Switch (Extreme/HP /Netgear/Arista)

OpenFlow

Experimenters Dream
(Vendors Nightmare)

sw Network hw Processing

Standard

Userdefined Processing

Experimenter writes experimental code on switch/router

Clean Slate Program http://cleanslate.stanford.edu

References
1. Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, Jonathan Turner, Open Flow: Enabling Innovation in Campus Networks, http://www.openflow.org Open Network Foundation, Software Defined Networks: New form of Networks, http://www.openflownetworking.org, 2012 OpenFlow Specification 1.3.1, http://www.opennetworking.org Phillip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, Guofei Gu, A Security Enforcement Kernel for OpenFlow Networks, ACM SIGCOMM Helsinki, 2012 M. Canini, D. Venzano, P. Peresini, D. Kostic, andJ. Rexford. A NICE Way to Test OpenFlow Applications. In Proceedings of the Symposium on Network Systems Design and Implementation, 2012. M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker. Ethane: Taking Control of the Enterprise. In Proceedings of ACM SIGCOMM, 2007. M. Casado, T. Garfinkel, M. Freedman, A. Akella, D. Boneh, N. McKeowon, and S. Shenker. SANE: A Protection Architecture for Enterprise Networks. In Proceedings of the Usenix Security Symposium, 2006. http://h17007.www1.hp.com/in/en/solutions/technology/openflow/index.aspx http://www.cisco.com/web/solutions/trends/open_network_environment/open_networking.html 2. 3. 4. 5. 6. 7. 8. 9.

22