OpenFlowでの サービスチェイニングによる SDNの実現 MPLS Japan 2013 株式会社エーアイコーポレーション 岩下 雅幸 / 溝口 茂 http://www.aicp.co.jp/
OpenFlowでの サービスチェイニングによる
SDNの実現
MPLS Japan 2013
株式会社エーアイコーポレーション
岩下 雅幸 / 溝口 茂
http://www.aicp.co.jp/
アジェンダ
• Service Chaining とは?
• Service Chainingで要求されること
• Service Chainingのモデル化
• デモ
• 標準技術による汎用化
2013/10/30 2
Service Chaining とは?
Customer
C
Customer
B
Customer
C
FW
IDS
WAN ACCEL
APP FILTER
Customer
A Service Provider
2013/10/30 3
Service Chaining のイメージ
Traffic Shaper IPS/IDS
Content Filtering
WAN acceleration Firewall
A
B
A
B
2013/10/30 4
Traffic Shaper
既存の手法でのService Chaining
IPS/IDS Content Filtering
WAN acceleration Firewall
Network Engineers
2013/10/30 5
A
B
A
B
A
B
A
B
Traffic Shaper
ダイナミックな Service Chaining
IPS/IDS Content Filtering
WAN acceleration Firewall
Networking Applications
Network Engineer
Programmed by Software
2013/10/30 6
A
B
A
B
Traffic Shaper
Service Chainingで要求されること
IPS/IDS Content Filtering
WAN acceleration Firewall
Networking Applications
Network Engineer
3
1
2
2013/10/30 7
A
B
A
B
Traffic Shaper
1への対応:OpenFlowの導入
IPS/IDS Content Filtering
WAN acceleration Firewall
1
2013/10/30 8
Openflowを組み合わせた構成
2013/10/30 9
A
B
A
B
Traffic Shaper
OpenFlowでのService Chaining
IPS/IDS Content Filtering
WAN acceleration Firewall
Networking Applications
Network Engineer
3?
1
2?
2013/10/30 10
2?
SDN Architecture
www.slideshare.net/martin_casado/sdn-abstractions
“The Future of Networking, and the Past of Protocols”
Service Chainingのモデル化
2013/10/30 12
A
B
A
B
Traffic Shaper IPS/IDS
Content Filtering
WAN acceleration Firewall
“Abstract Network View”
2013/10/30 13
A
B
A
B
Traffic Shaper IPS/IDS
Content Filtering
WAN acceleration Firewall
モデル間のマッピング
Traffic Steering Device Model
Port: unique integer 0..47
Src: IP-address/mask
Dst: IP-address/mask
Action: drop | output(N) | …
Firewall Device Model
Src: IP-address/mask
Dst: IP-address/mask
Port: integer 1..65535
Action: drop | allow
Service Application
VPN Service Model
Flow Profile Name: unique string
From Networks: [ IP-address/mask ]
To Networks: [ IP-address/mask ]
Reserved bandwidth: integer > 0
2013/10/30 14
Service Application
Network-wide Transaction
In Out
1 6 2 7 3 8 4 9 5 10
ネットワーク全体への適用
Rule #117: Src=*, Dst=116.54.16.128/26, Port=80, Action=allow
Rule #118: Src=*, Dst=116.54.16.128/26, Port=*, Action=drop
Rule #46: Port=1, Src=*, Dst=116.54.16.128/26, Action=output(6)
Rule #47: Port=7, Src=*, Dst=116.54.16.128/26, Action=output(8)
Demo
A
B
A
B
Traffic Shaper IPS/IDS
Content Filtering
WAN acceleration Firewall 3
1
2 2
モデルベースでのService Chaning
2013/10/30 17
- - - - - - - - - - - - - - - - - - NETCONF(RFC 6241) - - - - - - - - - - - - - - - - -
標準技術による汎用化
2013/10/30 18
A
B
A
B
Traffic Shaper IPS/IDS
Content Filtering
WAN acceleration Firewall
YANG (RFC6020)
ドイツテレコムの実績 • “A Realtime OSS-based SDN Approach”
• Deutsche Telekom: A Software-Defined Operator – http://www.lightreading.com/ethernet-ip/routers/deutsche-telekom-a-software-defined-
operator/d/d-id/706099
2013/10/30 19
ベンダー様でのNETCONF採用状況
2013/10/30 20
– Alaxala • Ethernet switches
– BATM/Telco Systems • T-Metro 7224
– BigBand • MSP2800
– Brocade • NetIron XMR, CES, and CER • MLX Series • VDX
– Cisco • IOS 12.4(9)T and later • IOS XE 2.1 and later
– Edgeware • WTV-2X
– Ericsson • SEA 20
– H3C • S9500E Series Routing Switches
– Huawei • AR3200/2200 Enterprise Routers
– Juniper Networks • JUNOS 7.5 and later
– Nexor • Messaging Gateways
– RuggedCom • RX5000 and MX5000
– Sonus • NBS5200 Session Border Controller
– Taseon • TN 320
– Verivue • MDX 9020
Please Note that this list is work in progress and feedback on accuracy and completeness is strongly encouraged
標準化動向
- NETCONF WG
- NETMOD(YANG) WG
- OF-CONFIG YANG Modules
- YANG models for Service OAM PM and FM
- YANG module for CCAP: next generation cable head-end systems
- OpenStack Plugin http://blog.ipspace.net/2013/10/openstack-
quantum-neutron-plug-in-there.html
2013/10/30 21
Please Note that this list is work in progress and feedback on accuracy and completeness is strongly encouraged
2013/10/30 22
Service Chainingで迅速なサービス実現、
そして さらなる付加価値を! Network Engineers
Networking Applications
Network Engineer
Perl Scripts
Standards-Based Abstraction and
Automation
Tomorrow Today
Various CLIs Various APIs Manual Activities Tedious Script Maintenance