1 / 21

CS 490.31: Software Defined Networks 4 th Lecture 1/4/2013

CS 490.31: Software Defined Networks 4 th Lecture 1/4/2013. Xenofontas Dimitropoulos ETH Zurich. Flowspace revisited. OpenFlow Basics Flow Table Entries. Action. Rule. Stats. Packet + byte counters. Forward packet to zero or more ports Encapsulate and forward to controller

Download Presentation

CS 490.31: Software Defined Networks 4 th Lecture 1/4/2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CS 490.31: Software Defined Networks4th Lecture1/4/2013 XenofontasDimitropoulos ETH Zurich

  2. Flowspace revisited

  3. OpenFlow Basics Flow Table Entries Action Rule Stats Packet + byte counters • Forward packet to zero or more ports • Encapsulate and forward to controller • Send to normal processing pipeline • Modify Fields • Any extensions you add! Eth type Switch Port IP Src IP Dst IP ToS IP Prot L4 sport L4 dport VLAN pcp MAC src MAC dst VLAN ID + mask what fields to match

  4. Switch Port Switch Port Switch Port MAC src MAC src MAC src MAC dst MAC dst MAC dst Eth type Eth type Eth type VLAN ID VLAN ID VLAN ID IP Src IP Src IP Src IP Dst IP Dst IP Dst IP Prot IP Prot IP Prot TCP sport TCP sport TCP sport TCP dport TCP dport TCP dport Action Action Action Examples Switching 00:1f:.. * * * * * * * * * port6 Flow Switching port3 00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6 Firewall * * * * * * * * * 22 drop

  5. Switch Port Switch Port MAC src MAC src MAC dst MAC dst Eth type Eth type VLAN ID VLAN ID IP Src IP Src IP Dst IP Dst IP Prot IP Prot TCP sport TCP sport TCP dport TCP dport Action Action Examples Routing * * * * * * 5.6.7.8 * * * port6 VLAN Switching port6, port7, port9 vlan1 00:1f.. * * * * * * * *

  6. What is a flow? • Application flow • All http • Jim’s traffic • All packets to Canada • … • Types of action • Allow/deny flow • Route & re-route flow • Isolate flow • Remove flow

  7. Properties of a Flow-based Substrate • We need flexible definitions of a flow • Unicast, multicast, waypoints • Different aggregations • We need direct control over flows • Flow as an entity we program: To route, to move, … • Exploit the benefits of packet switching • It works and is universally deployed • Itis efficient (when kept simple)

  8. Substrate: “Flowspace” Ethernet DA, SA, etc IP DA, SA, etc TCP DP, SP, etc Payload Collection of bits to plumb flows (of different granularities) between end points Header User-defined flowspace Payload

  9. Flowspace: Simple Example All flows from A Single flow All flows between two subnets IP DA A IP SA

  10. Flowspace: Generalization Single flow Set of flows Field 1 Field 2 Field n

  11. FlowSpace: Maps Packets to Slices

  12. Properties of Flowspace • Backwards compatible • Current layers are a special case • No end points need to change • Easily implemented in hardware • e.g. TCAM flow-table in each switch • Strong isolation of flows • Simple geometric construction • Can prove which flows can/cannot communicate

  13. Suggested Projects

  14. Route around outages • Route around failures • Implement algorithm to compute shortest paths and install appropriate rules in a network • Upon receiving a notification for a broken link recompute shortest paths and update rules

  15. Rule management tools • Implement and evaluate rule management tools. • Periodically check switches in a network (garbage collection). • Defragmentation: Merge rules when possible • Clean up: Remove unused rules • Compress: Create aggregate more compact rules • Other sanity checks

  16. Monitoring Radar • Implement a monitoring radar • Use OpenFlow for measurements • Scan the flow space over time: Dynamically change the rules you have over time to do finer granularity measurements to specific areas. • Take live traffic into account to avoiding spending too much time in inactive regions.

  17. Inter-controller Access Control Signaling • Denial o Service attack mitigation mechanisms • Assume two domains with separate controllers • Establish a connection between the controllers and write a simple protocol to notify the remote controller about blocking traffic from specific sources.

  18. Elastic SDN controller • Elastically scale SDN controller: • Monitor load to controller and when it exceeds a threshold span an additional controller and reconfigure switches to balance load.  • Monitor demand and when it goes bellow a threshold switch back to single controller. 

  19. Next Steps: Draft Proposal • Draft proposal (1 page) Due: Thu. 4th of Apr • Objectives, Work packages, Deliverables • Meet with the instructor and discuss proposal: Fri. 5th of Apr • Incorporate feedback and submit final proposal (2 pages max) Due: Wed. 10th of Apr

  20. This talk wouldn’t be possible without: • Past slides from: • Brandon Heller • Yashar Ganjali (CSC2203 Course) • Rob Sherwood • others

  21. Further Project Ideas • http://www.cs.toronto.edu/~yganjali/courses/csc2203/page27/#suggested-topics

More Related