1 Herbert Etlinger Acronet Introduction to SDN and OpenFlow mTEH2014

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net

Bringing simplicity to todays and tomorrows communication networks

Software Defined Networks& Open Flow

Herbert EtlingerCubro Acronet GesmbHVienna, Austria

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Agenda

Networks Today

Software Defined Networks

OpenFlow

Live/Remote Demo

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


The Internet: A Remarkable Story

Tremendous success From research experiment

to global infrastructure Brilliance of under-specifying Network: best-effort packet delivery Hosts: arbitrary applications

Enables innovation in applications Web, P2P, VoIP, social networks, virtual

worlds But, change is easy only at the edge

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Inside the Net: A Different Story

Closed equipment Software bundled with hardware Vendor-specific interfaces

Over specified Slow protocol standardization

Few people can innovate Equipment vendors write the code Long delays to introduce new features

Impacts performance, security, reliability, cost

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Networks are Hard to Manage

Operating a network is expensive More than half the cost of a network Yet, operator error causes most outages

Buggy software in the equipment Routers with 20+ million lines of code Cascading failures, vulnerabilities, etc.

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Million of linesof source code 5400 RFCs

500M gates10Gbytes RAM

Many complex functions baked into the infrastructureOSPF, BGP, multicast, differentiated services,Traffic Engineering, NAT, firewalls, MPLS, redundant layers,

We lost our way

Specialized PacketForwarding Hardware

OperatingSystem

App App App

Routing, management, mobility management,access control, VPNs,

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


SoftwareControl

Router

HardwareDatapath

HELLO

OSPF-TERSVP-TE

HELLOHELLO

FirewallIPSec

Too complex

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


How other industries do it?

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Making ASICs Work

100s of Books>10,000 Papers10s of Classes

100s of Books>10,000 Papers10s of Classes

SpecificationSpecification

FunctionalDescription (RTL)

Testbench &Vectors

FunctionalVerification

LogicalSynthesis

Static Timing

Place & Route

Design RuleChecking (DRC)

Layout vsSchematic (LVS)

Layout ParasiticExtraction (LPE)

Manufacture& Validate

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Making Networks Work (Today)

traceroute, ping, tcpdump, SNMP, Netflow

. er, thats about it.

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Networks are kept working by

Masters of ComplexityA handful of booksAlmost no papers

No classes

A handful of booksAlmost no papers

No classesYoYoYoure On Your Own

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Vertically integratedClosed, proprietarySlow innovationSmall industry

SpecializedOperatingSystem

SpecializedHardware

AppAppAppAppAppAppAppAppAppAppApp

SpecializedApplications

HorizontalOpen interfacesRapid innovationHuge industry

Microprocessor

Open Interface

Linux MacOSWindows(OS) or or

Open Interface

Mainframes

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Vertically integratedClosed, proprietary

Slow innovation

SpecializedControlPlane

SpecializedHardware

SpecializedFeatures

Routers/Switches

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Specialized PacketForwardingHardware

Feature Feature





OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

Feature Feature

Feature Feature

Feature Feature

Feature Feature

Classical network architecture

Distributed control plane Distributed routing protocols: OSPF,

IS-IS, BGP, etc.

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net



App

App

App


App

App

App


App

App

App


App

App

App


OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

App

App

App

Network Operating System

App App App

From All-in-One to SDN

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Feature Feature

Network OS

1. Open interface to packet forwarding

3. Well-defined open API2. At least one Network OS

probably many.Open- and closed-source

The Software-defined Network

OpenFlow

16

PacketForwarding

PacketForwarding Packet

ForwardingPacket

Forwarding

PacketForwarding

PacketForwarding

PacketForwarding

PacketForwarding

PacketForwarding

PacketForwarding

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Windows(OS)

Windows(OS)

Linux MacOS

x86(Computer)

Windows(OS)

AppApp

LinuxLinuxMacOS

MacOS

Virtualization layer

App

Controller1

AppApp

Controller2

Virtualization or Slicing

App

OpenFlow

Controller1NOX(Network OS)

Controller2Network OS

Follows the Computer Industry

Computer Industry Network Industry

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Vertically integratedClosed, proprietarySlow innovation

AppAppAppAppAppAppAppAppAppAppApp

HorizontalOpen interfacesRapid innovation

ControlPlane

ControlPlane

ControlPlane or or

Open Interface

SpecializedControlPlane

SpecializedHardware

SpecializedFeatures

MerchantSwitching Chips

Open Interface

Routers/Switches

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Software Defined Networking (SDN)

API to the data plane(e.g., OpenFlow)

Logically-centralized control

Switches

Smart,slow

Dumb,fast

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Openflow

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Feature Feature

Network OS

The Software-defined Network

OpenFlow

21

PacketForwarding

PacketForwarding Packet

ForwardingPacket

Forwarding

PacketForwarding

PacketForwarding

PacketForwarding

PacketForwarding

PacketForwarding

PacketForwarding

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Network OS

Network OS: distributed system that creates aconsistent, up-to-date network view Runs on servers (controllers) in the network

Uses an open protocol to: Get state information from forwarding

elements Give control directives to forwarding elements

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


OpenFlow

OpenFlow is one element of

SDN is a protocol for

remotely controllingthe forwarding tableof a switch or router

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Network OS

Step 1:Separate Control from Datapath

OpenFlowSwitch

OpenFlowSwitch

OpenFlowSwitch

OpenFlowSwitch

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Step 2:Cache flow decisions in datapath

If header = x, send to port 4If header = ?, send to meIf header = y, overwrite header with z, send to ports 5,6Network OS

OpenFlowSwitch

OpenFlowSwitch

OpenFlowSwitch

OpenFlowSwitch

FlowTableFlowTable

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Data-Plane: Simple Packet Handling

Simple packet-handling rules Pattern: match packet header bits Actions: drop, forward, modify, send to

controller Priority: disambiguate overlapping patterns Counters: #bytes and #packets

1. src=1.2.*.*, dest=3.4.5.* drop2. src = *.*.*.*, dest=3.4.*.* forward3. src=10.1.2.3, dest=*.*.*.* send to controller1. src=1.2.*.*, dest=3.4.5.* drop2. src = *.*.*.*, dest=3.4.*.* forward3. src=10.1.2.3, dest=*.*.*.* send to controller

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


OpenFlow BasicsFlow Table Entries

SwitchPort

MACsrc

MACdst

EthtypeVLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport

Rule Action Stats

1. Forward packet to port(s)2. Encapsulate and forward to controller3. Drop packet4. Send to normal processing pipeline5. Modify Fields

+ mask what fields to match

Packet + byte counters

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Examples

Switching

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* 00:1f:.. * * * * * * * port6

Firewall

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Forward

* * * * * * * * 22 drop

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Example Applications

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


CongestionControlCongestionControl

..via Variable Bandwidth Packet Links

Example Application

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Dynamic Access Control Inspect first packet of a

connection Consult the access control policy Install rules to block or route

traffic

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


OpenFlow in the Wild Open Networking Foundation

Google, Facebook, Microsoft, Yahoo, Verizon,Deutsche Telekom, and many other companies

Commercial OpenFlow switches HP, NEC, Quanta, Dell, IBM, Juniper,

Network operating systems NOX, Beacon, Floodlight, Nettle, ONIX, POX,

Frenetic Network deployments

Eight campuses, and two research backbonenetworks

Commercial deployments (e.g., Googlebackbone)

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


If you are in any doubt about whetherOpenFlow/SDN will be deployed in the WAN:

Urs Hlzle (Google) at Open NetworkingSummit 2012

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


OpenFlow @ Google

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Overview

Google operates two large backbonenetworks Internet-facing backbone (user traffic) Datacenter backbone (internal traffic)

Managing large backbones is hard OpenFlow has helped us improve backbone

performance and reduce backbonecomplexity and cost

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Google Backbone Scale

If Google were an ISP, it would rank as thesecond largest carrier on the planet.

YouTube Web Search Google+ Photos and Hangouts Maps AppEngine Android and Chrome

updates

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Google WAN

100s of ports of nonblocking 10GE OpenFlow support Open source routing stacks for

BGP, ISIS

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


WAN Economics

Cost per bit/sec delivered should go downwith additional scale, not up

broadcast overhead of all-to-allcommunication requires more expensiveequipment

Manual management and configuration ofindividual elements

Complexity of automated configuration todeal with non-standard vendor configurationAPIs

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Solution: WAN Fabrics

Goal: manage the WAN as a fabric not as acollection of individual boxes Current equipment and protocols don't allow

this Internet protocols are box centric, not fabric

centric Little support for monitoring and operations Optimized for eventual consistency in

routing Little baseline support for low latency routing

and fast failover

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Why Software Defined WAN?

Separate hardware from software Choose hardware based on necessary features Choose software based on protocol requirements

Logically centralized network control More deterministic More efficient More fault tolerant

Separate monitoring, management, andoperation from individual boxes

Flexibility and InnovationResult: A WAN that is higher performance, more fault tolerant, and cheaper

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Google SDN Deployment History

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Conclusions

OpenFlow is ready for real-world use SDN is ready for real-world use

Enables rapid rich feature deployment Simplifies network management

Google's datacenter WAN successfully runs onOpenFlow Largest production network at Google Improved manageability Improved cost (too early to have exact numbers)

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Keys to Openflow/Software-DefinedNetworking

Separation of Control Plane & Data Planewith Open API Between the Two

Logically Centralized Control-Plane withOpen API to Applications

Creates Open Interfaces between Hardware,OS and Applications Similar to ComputerIndustry

Increases Competition, Enables Innovation

Summary

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


PacketmasterSeries

High Performance

Network Packet Broker

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Overview

The Packetmaster family is available in twovariations

PM products Network Processor based Filtering up to Layer 7 Up to 250G load

EX products Based on high performance switch fabric Filtering up to Layer 4 Up to 1,2T load

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Packetmaster EX484-2

Packetload 1,2 TbitPorts 1G/10 Gbit 48 SFP/SFP+

Ports 40 Gbit 4 QSFP

GUI CLI/GUI

Packetbuffer YES

Delay 1 s

Dual Power YES

1024 Filters Layer 4 MPLS tag/detag VLAN tag/detag Header modification Layer 4 Load balancing Layer 3 GRE de/encapsualtion All ports activated All software activated

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Applications some examples

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Live Demo

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Setup

Packetload 1,2 Tbit

Ports 1G/10 Gbit 48 SFP/SFP+

Ports 40 Gbit 4 QSFP

GUI CLI/GUI

Packetbuffer YES

Delay 1 s

Dual Power YES

EX484-2

UX400 Multiservice Plattform

10M to 100GE OTU-1 to OTU-4 FC 1G to 16G CPRI/OBSAI SDH to STM-256 SyncE 1588v2

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Setup

EX484-2

P11 10G

P2 1G

P1 1G

10G Traffic Gen

UX400

1G Traffic Analyzer

Stream IPSource

Bandwidth

1 10.0.0.1 900Mbit/s

2 10.0.0.3 10Mbit/s

3 100.0.0.1 800Mbit/s

4 100.0.0.3 100Mbit/s

Stre

am 1

& 2

Stre

am 3

& 4

Tapp

ing,

Agg

rega

tion

and

Filte

ring

www.cubro.net


Thank you

1 Herbert Etlinger Acronet Introduction to SDN and OpenFlow mTEH2014

Documents

netbringing simplicity

social networks

equipment software

equipment vendors

equipment routers

code long delays

outages buggy software

mobility management