Software-Defined Networking

Software-Defined Networking

Prasad Calyam, Ph.D.

Spring 2014

VIMAN Lab Cloud Computing Research

• Cloud Resource Allocation

– Computer and network virtualization models, algorithms, tools

• Cloud Monitoring

– Software-defined measurements and performance diagnosis

• Cloud Testbeds for Apps, Marketplaces

– e.g., Manufacturing/Healthcare/Education

• Cloud Security

– Cyber attacks, Authentication, Authorization, Policy

2

Discussion Topics

• Traditional Networking versus Software-Defined Networking

– Overlay Networking

– Network Function Virtualization – OpenFlow Protocol for SDN – SDN Programming for Applications

– SDN Experiments on Real Cloud Platforms

3

Discussion Topics

• Traditional Networking versus Software-Defined Networking

– Overlay Networking

– Network Function Virtualization – OpenFlow Protocol for SDN – SDN Programming for Applications

– SDN Experiments on Real Cloud Platforms

Cloud Applications

Science and Technical Applications

Business Applications Consumer/Social Applications 5

App Marketplaces

Evolution of Big Data

years ago Today and the Future

Theoretical Last few hundred years 2 2 2 . 3 4 a c G a a _{ }         _{ } Simulation of complex phenomena Newton’s laws, Maxwell’s equations… Description of natural phenomena

Unify theory, experiment and computation with large multidisciplinary Big Data

Using data exploration and data mining (from instruments, sensors, humans…)

7

End-to-End Overlay Networks

8

Big Data handling requires overlay networking, especially for satisfying real-time application requirements!

GENI: Infrastructure for Overlay Experimentation

GENI provides compute resources that can be connected in experimenter specified topologies. (Funded by NSF for Future Internet Experiments)

GENI provides compute resources that can be connected in experimenter specified Layer 2 topologies.

Inter aggregate connectivity

Experiments live in isolated “slices”

How are these links formed?

Unified Resource Broker (URB)

Provisioning Issues

How can we centrally create intelligent overlay network infrastructures?

Centralized Control: Inherent Benefits

Distributed/Centralized Switch Control Architecture

• Distributed Control

• Centralized Control

13

Discussion Topics

• Traditional Networking versus Software-Defined Networking

– Overlay Networking

– Network Function Virtualization

– OpenFlow Protocol for SDN – SDN Programming for Applications

– SDN Experiments on Real Cloud Platforms

Network Virtualization

• Virtualizes a physical network interfaces as a virtual network

interface; user flows are treated as ‘virtual tenant’ flows

– This layer sits in between Layer 2 and Layer 3 (i.e., Layer 2.5) and uses encapsulation (i.e., Mac-in-UDP) for Layer 2 elasticity and IP address localization

• Enables VM migration, virtual tenancy – across multiple Layer 2 domains!

– Typical protocols: OpenFlow, Overlay Transport Virtualization (OTV), VXLAN

Controller

15

Network Function Virtualization

16 • vSwitch and Stateless Transport Protocol (STT) allow running a custom network protocol

over a network built for a different protocol

– STT enables transporting Ethernet data inside IP packets

• Open vSwitch is a virtual switch used as the network stitching component in the hypervisor

– Maintains logical state of VM’s network connection across physical hosts when VM is migrated – Managed and monitored by OpenFlow, NetFlow and others

SDN Related Work

Related Work Features

NEC ProgrammableFlow Matching of packet flows based on the IP addresses, MAC addresses and the port numbers

Cisco Overlay Transport Virtualization (OTV)

MAC-in-IP, Multi-point Tunneling using IP Multicast

VMware Virtual Extensible LAN (VXLAN)

MAC-in-UDP, 24-bit LAN segment identifier Virtual Private LAN Service (VPLS) Multi-point to multi-point communication

over IP/MPLS networks

17

Discussion Topics

• Traditional Networking versus Software-Defined Networking

– Overlay Networking

– Network Function Virtualization

– OpenFlow Protocol for SDN

– SDN Programming for Applications

– SDN Experiments on Real Cloud Platforms

Software-Defined Networking with OpenFlow

OpenFlow Network

19

Flow Table Management

OpenFlow Protocol Interactions

Forwarding Rule

20

More overview details at - http://archive.openflow.org/documen ts/openflow-wp-latest.pdf

OpenFlow is an API

• Controller has to populate forwarding table of the switch

– Controls how packets are forwarded through a network path

– In a table miss, switch asks the Controller • Controller reserves “flow space” in a Slice

– Installs flow entries either ‘proactively’ or ‘reactively’ in switches

– Once flow is setup, subsequent traffic does not go through the controller

• Controller is responsible for all traffic, not just your application!

– Should handle: ARPs, DHCP, etc.

• Implementable on Commercial off-the-shelf (COTS) hardware

– Make deployed networks programmable; Not just configurable

21

Virtual Data Center Example

Data Center _{OpenFlow Switches Thin-clients} Unified Resource Broker

Connection Broker Marker Packet Handler Packet Capture OpenFlow Switch Flow tables Group Tables

Data Plane Packet/Flow Inspector Routing Engine Thin-client Virtual Desktop Secure Channel User Applications Hypervisor Security Token RDP/PCoIP Server Active Directory RDP/PCoIP Client Load Balancing Control Plane Service Engine Measurement Plane System Provisioning File System Resource Optimization Secure Channel Control Plane OpenFlow Controller Measurement Engine Active Measurement Congestion Detection Fault Detection 22

Debugging OpenFlow Networks is Hard!

• Mininet

– Before actual deployment, test your OpenFlow Controller in the Mininet network emulation tool with ‘virtual switches & hosts’

• OVS (Open vSwitch) virtual switch software or a “soft switch” is used in Mininet

– Does not require the initial network co-ordination for Controller setup, and also does not require console access to switches – Requires an OpenFlow Controller Application Framework

• Floodlight, POX, OpenDaylight, Beacon, Trema, … – http://yuba.stanford.edu/~casado/of-sw.html

– http://groups.geni.net/geni/wiki/OpenFlow/Controllers

– Wireshark helps with debugging control flows of your OpenFlow Controller application

23

OpenFlow Controller Flavors

Floodlight Controller REST API

25

Wireshark for Debugging your OpenFlow Controller!

Virtual Ethernet ports for each switch

OpenFlow Protocol packet analysis

Discussion Topics

• Traditional Networking versus Software-Defined Networking

– Overlay Networking

– Network Function Virtualization – OpenFlow Protocol for SDN

– SDN Programming for Applications

– SDN Experiments on Real Cloud Platforms

27

GENI/SDN Lab Steps

• Lab Experiment – QoS Configuration and Load Balancing using

Software Defined Networking/OpenFlow

• Purpose of the Lab

– Install and configure Mininet SDN emulator with 2 traffic engineering experiment applications to understand how to program ‘flow spaces’ within networks to: (i) comply with enterprise network capacity provisioning policies, and (ii) balance the utilization of network resources – Use Iperf and Ping Tools to verify your SDN functionality Mininet Installation Floodlight OpenFlow Controller installation QoS Configuration in Controller Application QoS Experimentation using Iperf Tool

Floodlight OpenFlow Controller installation Load Balancer Configuration in Controller Application Load Balancing Experimentation using Ping Tool

Lab Experiment #1 (QoS Control through Network-Edge Rate Limiting) Steps Overview

Lab Experiment #2 (Load Balancer for Scalable Handling of Traffic Flows) Steps Overview

SDN/GENI Lab Experiment #1

• Use the OpenvSwitch commands to set the network policies • Setup 3 queues (Q0, Q1 and Q2) on every switch and configure

network-edge bandwidth capacity using the ‘ovs-vsctl’ commands – Q0 – default queue

– Q1 – queue 1 rate limiting bandwidth to 50 Mbps – Q2 – queue 2 rate limiting bandwidth to 40 Mbps

29

SDN/GENI Lab Experiment #2

• Use a Load Balancing experiment topology with pools of end-hosts and load balancers

– Test load balancing functionality with Ping requests from end-hosts

• Extend the ‘Load Balancing’ module in your Floodlight Controller

– Scale the load balancer to handle more Ping requests by adding two new hosts to the load balancer pool

– Examine the response patterns from end-host Ping responses

In-class Exercise

• What emerging technologies can you think that SDN will

enable in the next “Hype Cycle(s)”?

– Location-aware Apps

– Virtual Assistants; Virtual Worlds – Social Analytics based Mobile Services – Augmented Reality

– Desktop-as-a-Service – Simulation-as-a-Service – Remote Elder-care – ….others

See US Ignite – http://us-ignite.org/next-gen-applications that is fostering creation of next-generation Internet applications that provide transformative public benefit

31

Discussion Topics

• Traditional Networking versus Software-Defined Networking

– Overlay Networking

– Network Function Virtualization – OpenFlow Protocol for SDN – SDN Programming for Applications

– SDN Experiments on Real Cloud Platforms

Science DMZ Use Case with OpenFlow

Gatekeeper Proxy Middleware

Extended VLAN Overlay Science Application Science Application Software-Defined Network Remote Collaborator Instrument Site on Campus Science Application Normal Application Campus Network C am p u s A cc es s N et w or k C am p u s A cc es s N et w or k Public Cloud Science Application D ir ec t C on n ec t N et w or k Web Application IP Network 33

Science DMZ Flow Orchestration with OpenFlow

Extended VLAN Overlay

Imaging Microscope Image Processing _Cluster

Campus-A Edge Campus-B Edge

Gatekeeper Proxy Middleware

OpenFlow Controller Authenticated

Researcher Performance

Engineer

1. Define application end-points and monitoring objectives

Service Engine Routing Engine Measurement Engine

3. Install HTC flow 3. Install HTC flow 2. Provision policy-directed flow rules

Campus-A Firewall IP Campus-B Firewall Network

Non-IP Network

3. Install measurement flow

4. Non-Science DMZ flow

4. Authorized HTC flow 4. Authorized measurement flow

Legend: Data Flow Control Flow

Virtual Desktop Clouds (DaaS)

“Brain of the Cloud”

35

Example DaaS Use Cases

(b) Computationally intensive interactive applications for biomedical community (e.g., remote volume visualization)

(c) Simulation-as-a-Service requiring HPC resources for advanced manufacturing (d) ElderCare-as-a-Service requiring proactive medical intervention for health care (e) Virtual desktops for underserved communities

Leveraging OpenFlow for Resource Placement of Virtual Desktop Cloud Applications

VD Provisioning and Placement

GENI Slice Testbed for VDC Hosting

• VDC-Analyst → GENI

• Design & Development → Validation and design tuning • Large-scale simulations →

Cloud deployment experiments

37

VDC-Analyst Features

VDC-Analyst Use Cases

• Research

– Plug-in new provisioning and placement schemes – Study cloud dynamics to see how they affect net-utility

• Education

– Explore server-side adaptation

• E.g., write a macro script to reduce user interaction round-trips for control actions during network health bottlenecks

– Explore client-side adaptation

• E.g., select thin-client encodings that delivers best QoE for different user groups – knowledge worker vs. designer/artist

– Explore network-side adaptation • E.g., ??

39

Problem Scope

• To use OpenFlow for dynamic resource placement of VD

applications via an URB

– Provisioning of non-IP VD application traffic flows between thin-client sites and data centers

– Path selection and load-balancing of VD flows to improve performance of interactive applications and video playback – Leveraging in-band instrumentation and measurement to gather

performance intelligence on cross traffic impact affecting VD – Automated management and centralized network control

Marker Packet Header Format

Join OpenFlow network Install flow rules for

marker packets

Send marker packet to request virtual desktop

Recognize and punt the marker packet

Parse marker packet and install client/server flows

Access virtual desktop applications

Flow Setup Sequence Diagram

1 2 3 4 5 6 42

VDC-Analyst Experiment w/o Load-Balancing

43

VDC-Analyst Experiment w/ Load-Balancing

OpenFlow Switch Client In Port Out Port SUNNW PG48 50 51 SUNNW PG49 50 51 ATLANTA PG46 52 52 ATLANTA PG47 52 52 ATLANTA PG46 20 52 ATLANTA PG47 20 52 Route setup

Step-1 Step-2 Cross-traffic _Impact Step-3 Load-balancing _Improvement

OpenFlow Switch Client In Port Out Port ATLA PG46 20 52 ATLA PG47 20 52 OpenFlow Switch Client In Port Out Port ATLANTA PG46 20 52 ATLANTA PG47 20 52 SUNNW PG48 50 52 SUNNW PG49 50 52

Video runs smooth, GUI applications are responsive

Video freezes, disconnects, GUI applications are not responsive

Video runs smooth, GUI applications are responsive

45 0.21 15.36 0 5 10 15 20 Application Cross-Traffic

VDC-Analyst OpenFlow Demonstration

Route setup

Step-1 Step-2 Cross-traffic _Impact Step-3 Load-balancing _Improvement

Video runs smooth, GUI applications are responsive

Video freezes, disconnects, GUI applications are not responsive

Video runs smooth, GUI applications are responsive

BandwidthConsumed (Mbytes/s)

4.45 14.8 0 5 10 15 20 Application Cross-Traffic 4.6 0 0 5 10 15 20 Application Cross-Traffic 46

Simulation-as-a-Service

47

ElderCare-as-a-Service

Further Reading

• GENI – http://www.geni.net

• Open Networking Foundation - https://www.opennetworking.org • Select papers network and server adaptation for scientific

applications on virtual desktops:

– P. Calyam, S. Rajagopalan, S. Seetharam, A. Selvadhurai, K. Salah, R. Ramnath, “VDC-Analyst: Design and Verification of Virtual

Desktop Cloud Resource Allocations”, Elsevier Computer Networks

Journal (COMNET), 2014.

– P. Calyam, S. Rajagopalan, A. Selvadhurai, S. Mohan, A.

Venkataraman, A. Berryman, R. Ramnath, “Leveraging OpenFlow for Resource Placement of Virtual Desktop Cloud

Applications”, IFIP/IEEE International Symposium on Integrated

Network Management (IM), 2013.