• No results found

big switch FlowVisor Engineering Tutorial Open Networking Summit 2012 Rob Sherwood

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "big switch FlowVisor Engineering Tutorial Open Networking Summit 2012 Rob Sherwood"

Copied!
27
0
0

Loading.... (view fulltext now)

Download now ( 27 Page )

Full text

(1)

n e t w o r k s

big switch

FlowVisor  Engineering  Tutorial  

Open  Networking  Summit  2012  

(2)

Talk  Outline  

 

Glossary:  Flavors  of  VirtualizaEon  

 

Use  Cases  

 

Case-­‐study:  FlowVisor  network  slicing  tool  

  Architecture  

  Opt-­‐In  

  Resource  allocaEon:  FlowSpace  

  Deployments  

 

VirtualizaEon  discussion  

(3)

Flavors  of  Network  VirtualizaEon  

  Topology  VirtualizaEon  

  Who  decides  the  network  topology?  

  Virtual  links,  broadcast  isolaEon,  virtual  nodes  

  e.g.,  tunnels,  VLANs,  “single-­‐touch-­‐management”  soluEons  

  Address  VirtualizaEon  

  Who  controls  10.0.0.0/8?  

  Prevent  MAC  address  collisions  

  e.g.,  VRF  +  MPLS,  VLANs    

  This  talk:  Policy  VirtualizaEon;  a.k.a.  network  slicing     Who  sets  ACLs?    Who  decides  forwarding  paths?  

  e.g.,  FlowVisor:  www.flowvisor.org    

  Commercial  SDN  soluEons  emerging  that  combine  all  three!  

©2012 – Big Switch Networks Inc. – Confidential and Proprietary 3

(4)

Network  VirtualizaEon  Use  Cases  

 

MulE-­‐tenancy  

  Public/Private  Cloud  service  providers  

 

Be]er  resource  uEliEzaEon  

  Move  traffic  around  by  load  –  turn  off  the  rest  

 

Simplified  Management  

  Network  policies  migrate  with  VMs  

  Decouple  policy  from  topology  

  MulE-­‐layer  delgaEon  

 

Rapid/Isolated  service  deployment  

  FlowVisor’s  iniEal  use  case  

(5)

FlowVisor’s Original Problem:

 

Realisticly evaluating new network services

is

hard

• 

services that require changes to switches and routers

• 

e.g.,

o  routing protocols

o  traffic monitoring services o  IP mobility

Result: Many good ideas don't gets deployed; Many deployed services still have bugs.

(6)

Why is Evaluation Hard?

Real Networks

(7)

Network Slicing with FlowVisor

 

A network slice is a collection of sliced switches/routers

• 

Data plane is unmodified

– 

Packets forwarded with no performance penalty

– 

Works with existing hardware/ASICs

• 

Transparent slicing layer

– 

each slice believes it owns the data path

– 

enforces isolation between slices

• 

i.e., rewrites, drops rules to adhere to slice police

(8)

Real User Traffic: Opt-In

• 

Allow users to Opt-In to services in real-time

o  Users can delegate control of individual flows to

Slices

o  Add new FlowSpace to each slice's policy

• 

Example:

o  "Slice 1 will handle my HTTP traffic" o  "Slice 2 will handle my VoIP traffic" o  "Slice 3 will handle everything else"

(9)

Slicing Policies

 

The policy specifies resource limits for each slice:

– 

Link bandwidth

– 

Maximum number of forwarding rules

– 

Topology

– 

Fraction of switch/router CPU

– 

FlowSpace

: which packets does the slice

control?

(10)
(11)

FlowVisor Architecture

Custom Control Plane Stub Control Plane Data Plane OpenFlow Protocol Switch/Router Server Network Servers OpenFlow Firmware Data Path OpenFlow Controller Switch/Router OpenFlow Firmware Data Path OpenFlow

Controller OpenFlow Controller OpenFlow Controller

FlowVisor

OpenFlow OpenFlow

(12)

FlowVisor  Message  Handling  

OpenFlow Firmware Data Path Alice Controller Bob Controller Cathy Controller

FlowVisor

OpenFlow OpenFlow Packet Exception

Policy Check:

Is this rule

allowed?

Policy Check:

Who controls

this packet?

Full Line Rate

Forwarding

Rule

(13)

FlowVisor Deployment: Stanford

• 

Our real, production network

o 

15 switches, 35 APs

o 

25+ users

o 

2+ year of use

o 

my personal email and

web-traffic!

• 

Same physical network

hosts Stanford demos

(14)
(15)

FlowVisor  Commands  

 

>  /usr/sbin/flowvisor  /usr/etc/flowvisor/config.xml  &  

 

>  man  flowvisor  

 

>  man  fvconfig  

(16)

FVCTL  

 

fvctl  is  the  cli  used  to  control  a  running  instance  of  flowvisor   (over  XMLRPC)  

 

fvctl  -­‐-­‐passwd-­‐file=/etc/flowvisor/fvpasswd  command   [args…]  

(17)

>  fvctl  createSlice  

 

Specifies  a  controller/slice  

 

fvctl  createSlice  <slicename>  <controller_url>  

<email>  

 

controller_url  =  tcp:<ip  address>:<port  #>  

 

fvctl  createSlice  FinanceDept  tcp:

(18)

>  fvctl  addFlowSpace  

 

Insert  a  flowspace  rule  

  fvctl  addFlowSpace  <dpid>  <priority>  <match>  <acEons>  

  fvctl  addFlowSpace  00:c8:08:17:f4:4b:82:00  100  in_port=22   Slice:ESNet=4  

(19)

 >  fvctl  addFlowSpace:  match  

 

Flow  packet  match  fields  

  in_port=port_no     dl_vlan=vlan     dl_src/dl_dst=mac     nw_src/nw_dst=ip[/netmask]     nw_proto=proto     nw_tos=tos/dscp     tp_src/tp_dst=port  

(20)

>  fvctl  addFlowSpace:  acEons  

 

Comma-­‐separated  list  of  slices  with  control  permissions  over   matching  flowspace  

 

Permissions     Delegate=1     Read=2     Write=4  

 

Ex.  Slice:IU-­‐LB=4,Monitor=2  

(21)

>  fvctl  getSliceInfo  

 

Dumps  informaEon  about  the  slice  

  controller_port=6633  

  controller_hostname=140.221.223.153  

  creator=fvadmin  

(22)

>  fvctl  changeSlice  

 

Edit  a  slice  a]ributes:  

  controller_port=6633  

  controller_hostname=140.221.223.153  

  creator=fvadmin  

  [email protected]  

 

Examples:  

  fvctl  changeSlice  <slicename>  <key>  <value>  

(23)

>  fvctl  listSlices  ;  fvctl  deleteSlice  

 

lists  the  slices  that  have  been  created  

  Slice  0:  iCAIR     Slice  1:  CPQD     Slice  2:  Clemson     Slice  3:  I2-­‐NOX     Slice  4:  IU-­‐100G     Slice  5:  SARA     Slice  6:  ESNet     Slice  7:  fvadmin  

 

fvctl  deleteSlice  ESNet  

(24)

>  fvctl  listDevices  

  List  DPID  of  all  connected  OpenFlow  devices   Device  0:  00:00:0e:83:40:39:18:58   Device  1:  00:00:0e:83:40:39:1a:57   Device  2:  00:00:0e:83:40:39:19:96   Device  3:  00:00:0e:83:40:39:1b:93   Device  4:  00:00:0e:83:40:39:18:1b   Device  5:  00:00:0e:84:40:39:19:96   Device  6:  00:00:0e:84:40:39:1a:57   Device  7:  00:00:0e:84:40:39:1b:93   Device  8:  00:00:0e:84:40:39:18:1b   Device  9:  00:00:0e:84:40:39:18:58  

(25)

>  fvctl  getLinks  

•  List  port  #  and  DPID  of  both  ends  of  each  link  

•  Link  0:  Link[srcDPID=00:00:0e:83:40:39:1b:

93,srcPort=2,dstDPID=00:00:0e:83:40:39:18:1b,dstPort=2]  

•  Link  1:  Link[srcDPID=00:00:0e:

84:40:39:18:1b,srcPort=2,dstDPID=00:00:0e:84:40:39:1b: 93,dstPort=2]  

(26)

VirtualizaEon  Discussion  

 

Why  OpenFlow  for  both  Sound  and  North  interface?  

  Why  not  in  the  controller  with  a  custom  North  Bound  API?  

  Why  not  in  the  switch,  with  a  custom  Sound  Bound  API  

 

Decouple  virtualizaEon  from  control  

  Let  them  evolve  independently  

  FlowVisor  works  with  most  (all?)  publicly  available  controllers  

 

Incrementally  deployable  

  First:  Deploy  in  slice    

  Then  deploy  same  code  directly  on  real  network  

(27)

Conclusion  

• 

FlowVisor  is  an  OpenFlow-­‐based  virtualizaEon  tool  

• 

Deployed  in  lots  of  R&E  networks,  Interop  2011-­‐12  

• 

Open  source,  documentaEon,  tools  

• 

Thanks  to  Ron  Milford/InCntre  for  slides!  

References

Download now ( PDF - 27 Page - 2.48 MB )

Related documents

Resale Price Maintenance for Books in Germany and the European Union: A Legal and Economic Analysis

Any European decision will have to take notice of the priority of the cultural aspect over the competition aspect, hence the main question that has to be addressed is exactly

Several Issues Concerning the Corruption Crimes of Private Entrepreneurs: Based on Empirical Research

In this study, this conclusion is verified by the “means of declared sentences for crimes without statutory sentencing circumstances” in the crime of private entrepreneurs’

The Effect of Np Fertlizer Rates on the Yield and Yield Components of Ginger (Zingiber Offcinale Rosc.) in Kindo-Koysha Woreda; Wolaita, South Ethiopia

The analysis revealed that increase in N level had very highly significant (p&lt;0.001) effect on average leaves number per plot, plant height, leaf length, leaf width, leaf

Cultural landscape of ancient Viminacium and modern Kostolac – creation of a new approach to the preservation and presentation of its archaeological and industrial heritage

3 The Viminacium archaeological site is included in the Spatial Plan of the Republic of Serbia from 2010 to 2020 as a priority cultural area and strategic priority in the field

Identity and Social Support: LGBTQIA+ Individuals and Help-Seeking Behaviors.

There is a significant main effect on sexual identity and the types of support individuals seek, Post-hoc corrected comparisons indicated that heterosexual individuals

Quality of life of adults born very preterm or very low birth weight : a systematic review

Abbreviations: AGA, appropriate for gestational age; APIC, Adults born Preterm International Collaboration; BPD, bronchopulmonary dysplasia; BW, birth weight; ELBW, extremely low

Authors’ Response

In Section 7, we consider variable selection for classification and propose a two-stage discriminant procedure after screening some variables.. CONFIDENCE REGION FOR

Grammar Worksheets Secondary School

Present progressive / continuous tense Put the verb into the correct form.. Sometimes you need the negative (I’m not