Tutorial: OpenFlow in GENI - PowerPoint PPT Presentation

lynton
tutorial openflow in geni n.
Skip this Video
Loading SlideShow in 5 Seconds..
Tutorial: OpenFlow in GENI PowerPoint Presentation
Download Presentation
Tutorial: OpenFlow in GENI

play fullscreen
1 / 43
Download Presentation
Tutorial: OpenFlow in GENI
176 Views
Download Presentation

Tutorial: OpenFlow in GENI

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Tutorial: OpenFlow in GENI

  2. “The current Internet is at an impasse because new architecture cannot be deployed or even adequately evaluated” [PST04] [PST04]: Overcoming the Internet Impasse through Virtualization, Larry Peterson, Scott Shenker, Jonothan Turner Hotnets 2004 Modified slide from: http://cenic2012.cenic.org/program/slides/CenicOpenFlow-3-9-12-submit.pdf

  3. OpenFlow… • Enables innovation in networking • Changes practice of networking Google’s SDN WAN

  4. OpenFlow basics How OpenFlow works … (1.0) Hands-on tutorial OpenFlow basics

  5. Traditional Switch

  6. OpenFlow’s basic idea

  7. OpenFlow is an API • Control how packets are forwarded • Implementable on COTS hardware • Make deployed networks programmable • not just configurable • Makes innovation easier Modified slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt

  8. Network Devices DHCP access point router DNS proxy VPN gateway firewall NAT switch software Any network device can be OpenFlow enabled

  9. Network Function Virtualization (NFV) Slide from: http://docbox.etsi.org/Workshop/2013/201304_FNTWORKSHOP/S07_NFV/BT_REID.pdf

  10. OpenFlow benefits [1] • External control • Enables network Apps • General-purpose computers (Moore’s Law) • Deeper integration • Network hardware becomes a commodity • Centralized control • One place for apps to interact (authentication, auth, etc) • Simplifies algorithms • Global Optimization and planning [1]: OpenFlow: A radical New idea in Networking, Thomas A. LimoncelliCACM 08/12 (Vol 55 No. 8)

  11. Network Types Campus Multiple buildings, heterogeneous IT, groups of users, campus backbone Enterprise Data Centers Security, various sizes, storage, WAN optimizations Data Centers – Clouds Multi-tenant, virtualization, disaster recovery, VM mobility WAN Diversity, multiple domains/carriers/users

  12. Deployment Stories Google global private WAN [1] Connects dozens of datacenters worldwide with a long-term average of 70% utilization over all links Stanford Campus deployment Part of Stanford campus migrated to OpenFlow NTT’s BGP Free Edge Internet 2 - AL2S Can build Layer 2 circuits between any Internet 2 end-points https://www.ntt-review.jp/archive/ntttechnical.php?contents=ntr201310fa3.html [1] B4: Experience with a Globally-Deployed Software Defined WAN, SIGCOMM’13, Jain et al.

  13. GENI and OpenFlow deployment • Key GENI concept: slices & deep programmability • Internet: open innovation in application programs • GENI: open innovation deep into the network OpenFlow switches one of the ways GENI is providing deep programmability Good old Internet Slice 0 Slice 1 Slice 1 Slice 2 Slice 3 Slice 4

  14. GENI OpenFlow Deployment OpenFlow-enabled hardwareswitch at: • Each GENI Rack • Backbone and regional networks

  15. GENI OpenFlow Experiments VDC: real-time load-balancing functionality deep into the network to improve QoE Prasad Calyam, Missouri MobilityFirst: A new architecture for the Internet designed for emerging mobile/wireless service requirements at scale Dipankar (Ray) Raychaudhuri, Rutgers, leads MobilityFirst ActiveCDN: Program content distribution services deep into the network Jae Woo Lee, Columbia

  16. OpenFlow basics Hands-on tutorial How OpenFlow works … (1.0)

  17. OpenFlow versions (‘11) Open Networking Foundation (ONF) formed to shepherd standards (‘12/’13) OpenFlow 1.3.x Complex & support in progress (Dec ’09) OpenFlow 1.0.0 Simple & widely supported (Oct ‘13) OpenFlow 1.4 (Feb ‘11) OpenFlow 1.1.0 Not implemented by HW vendors (Oct‘13) OpenFlow 1.0.2 Under ratification (Dec ‘11) OpenFlow 1.2 First ONF standard Docs at: https://www.opennetworking.org/sdn-resources/onf-specifications/openflow

  18. OpenFlow controllers • Open source controller frameworks • NoX/PoX • Open Daylight • FloodLight(BigSwitch) • Trema (NEC) • Maestro • Ryu • Production controllers • Mostly customized solutions based on Open Source frameworks • ProgrammableFlow - NEC

  19. OpenFlow • The controller is responsible for populating forwarding table of the switch • In a table miss the switch asks the controller Any Host OpenFlow Controller OpenFlow Protocol (SSL/TCP) Switch Control Path OpenFlow Data Path (Hardware) Modified slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt

  20. OpenFlow in action • Host1 sends a packet • If there are no rules about handling this packet • Forward packet to the controller • Controller installs a flow • Subsequent packets do not go through the controller Any Host OpenFlow Controller OpenFlow Protocol (SSL/TCP) Switch Control Path OpenFlow Data Path (Hardware) host2 host1 Modified slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt

  21. OpenFlowBasics(1.0) Rule Action Stats Packet + byte counters • Forward packet to port(s) • Encapsulate and forward to controller • Drop packet • Send to normal processing pipeline • Modify Fields Eth type VLAN PCP Switch Port IP Prot IP Src IP Dst TCP sport TCP dport IP ToS VLAN ID MAC src MAC dst + mask what fields to match slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt

  22. Use Flow Mods • Going through the controller on every packet is inefficient • Installing Flows either proactively or reactively is the right thing to do • A Flow Mod consists of : • A rule/matchon any of the 12 supported fields • A actionabout what to do with matched packets • Timeouts about the rules: • Hard timeouts • Idle timeouts • The packet id in reactive controllers

  23. OpenFlow common PitFalls • Controller is responsible for all traffic, not just your application! • ARPs, DHCP, LLDP • Reactive controllers • Cause additional latency on some packets • UDP – many packets queued to your controller by time flow is set up • Performance in hardware switches • Not all actions are supported in hardware • No STP to prevent broadcast storms

  24. Multiplexing ControllersFlowVisor Any Host Any Host Any Host • Only one controller per switch • FlowVisor is a proxy controller that can support multiple controllers FlowSpacedescribes packet flows : • Layer 1: Incoming port on switch • Layer 2: Ethernet src/dstaddr, type, vlanid, vlanpcp • Layer 3: IP src/dstaddr, protocol, ToS • Layer 4: TCP/UDP src/dst port FlowVisor OpenFlow Controller OpenFlow Controller OpenFlow Protocol (SSL/TCP) Switch OpenFlow Protocol (SSL/TCP) Control Path OpenFlow Data Path (Hardware)

  25. OpenFlow basics How OpenFlow works … (1.0) Hand’s on tutorial Hands-on tutorial

  26. OpenFlow Experiments Debugging OpenFlow experiments is hard: • Network configuration debugging requires coordination • Many networking elements in play • No console access to the switch Before deploying your OpenFlow experiment test your controller. http://mininet.github.com/ http://openvswitch.org/

  27. Run an OpenFlow experiment 1 host as OVS switch 3 VMs connected to OVS • Setup OVS • Write simple controllers • e.g. diverge traffic to a different server • use python controller PoX Host2 Host1 OVS Host3

  28. To Save Time … • Slices have been created for you: • Slice name: ofNN • Resources have been added to your slice: • 1 Xen VM running OVS • 3 OpenVZ VMs that act as traffic sources & sinks • Resources are from various InstaGENI racks • Download your private SSH key https://portal.geni.net/secure/profile.php#ssh • Download key and put in a standard place: $ mv ~/Downloads/id_geni_ssh_rsa ~/.ssh/. $ chmod 0600 ~/.ssh/id_geni_ssh_rsa • Add the key to your ssh-agent: $ ssh-add ~/.ssh/id_geni_ssh_rsa

  29. Finding your login information • Browse to this page https://portal.geni.net/secure/slices.php • Click on the slice name (there should be only one) • Scroll down to the Slice Status section • Find the row for the aggregate listed on your worksheet • Click the "Details" button for this row • keep this window open throughout the tutorial • Find your Login information for each of the four nodes used in this exercise (OVS, host1, host2, host3)

  30. Part I: Design/Setup • Obtain Resources • What is OpenFlow, what can I do with Openflow? • Part II: Execute • Configure and Initialize Services • Execute Experiment • Part III: Finish • Teardown Experiment

  31. Configure OVS OVS is a virtual switch running on a xen VM • The interfaces of the node are the ports of the switch • Configure an ethernet bridge • add all dataplane ports to the switch • Can be an OpenFlow switch • Need to specify the controller (for convenience run on the same host but it can be anywhere) • Userspace OVS for this exercise

  32. Configure and Initialize OVS • Log in to OVS host and configure software switch: $ ifconfig $ sudoifconfig eth1 0 $ sudoifconfig eth2 0 $ sudoifconfig eth3 0 $ sudoovs-vsctl add-port br0 eth1 $ sudoovs-vsctl add-port br0 eth2 $ sudoovs-vsctl add-port br0 eth3 $ sudoovs-vsctl list-ports br0 $ sudoovs-vsctl set-controller br0 tcp:127.0.0.1:6633 $ sudoovs-vsctl set-fail-mode br0 secure $ sudoovs-vsctl show Host2 Host1 eth2 eth1 OVS eth3 Host3

  33. Part I: Design/Setup • Obtain Resources • What is OpenFlow, what can I do with Openflow? • Part II: Execute • Configure and Initialize Services • Execute Experiment • Part III: Finish • Teardown Experiment

  34. Experiments (1/4) • Use a Learning Switch Controller: • See the traffic flow changes between hosts as the controller is started or stopped. • Soft versus hard timeouts for traffic flows.

  35. Experiments (1/4) • Login host1 and start ping host2 $ ping 10.10.1.2 • Start learning switch controller: $ cd /local/pox $ ./pox.py --verbose forwarding.l2_learning • Look at ping… now works. • Kill controller (Ctrl-c) • Look at ping… still running,

  36. Experiments (2/4) • Write and run a Traffic Duplication Controller: • Controller will duplicate traffic to a different (physical) port on the OVS switch. • Use tcpdump to see the packet duplication.

  37. Experiments (2/4) • Open 2 windows on OVS host • Start tcpdump for on OVS:if1and OVS:if2 • Run duplication controller on OVS:if2 $ cd /local/pox $ ./pox.py --verbose myDuplicateTraffic --duplicate_port=<data_interface_name> • Look at ping from host1 to host2. • Kill controller (Ctrl-c)

  38. Experiments (3/4) • Write and run a (TCP) port forwarding controller: • Controller will do port forwarding on your OVS Switch to port specified. • Use two netcat servers on host2 to see traffic delivery.

  39. Experiments (3/4) • Two windows on host2 run the following: $ nc -l 5000 $ nc-l 6000 • Start learningswitchcontroller: • On host1: $ nc 10.10.1.2 5000  • Seewhathappens to traffic • Killcontroller(Ctrl-c) • Retrywith port forwardingcontroller and seewhathappens to traffic, and killwhendone.

  40. Experiments (4/4) 4. Write and run a server proxy controller • To redirect packets to a proxy: • What fields do you need to overwrite? • Which packets needs special handling? • Use netcat to see the deflection

  41. Experiments (4/4) • On host 3: $ nc –l 7000 • Run proxy controller: $ cd /local/pox $ ./pox.py --verbose myProxy • On host1: $ nc 10.10.1.2 5000 • Look at host3 window, shouldnowbegettingnctraffic.

  42. Part I: Design/Setup • Obtain Resources • What is OpenFlow, what can I do with Openflow? • Demo: Using OpenFlow in GENI • Part II: Execute • Configure and Initialize Services • Execute Experiment • Part III: Finish • Teardown Experiment

  43. Part III: Finish Experiment When your experiment is done, you should always release your resources. • Normally this is when you would archive your data • Delete your slivers at each aggregate sliver credentials sliver project RSpec resource user AM API aggregate certificate slice