SDN Testbeds and Experimentation

(1)

SDN Testbeds and Experimentation

Vasileios Kotronis (

[email protected]

)

(2)

What you have seen till now…



What SDN is about (and how it came to be)



Basic concepts, abstractions



Architectural components (switch, controller/NOS)



SDN and Virtualization, Routing, Embeddings



SDN perspectives from vendor (CISCO), ISP (Swisscom)



Proposed applications in diverse fields (cloud, VoD,

inter-domain, mobility, telcos, etc.), pros and cons



Ongoing research efforts



What is missing from this picture?

(3)

Well, how about testing these ideas

yourselves on a real network?

(4)

This presentation: SDN Testbeds and Experimentation



PART 1 ~45 min

 The OFELIA Project and Testbed Federation

 Supporting OpenFlow/SDN Experiments

 OFELIA description, user workflows, etc.



Part 2 ~10 min

 On Bringing Private Traffic into Public SDN Testbeds

 General directions for SDN testbed engineering



PART 3 ~20-30 min

 Live demo of conducting a simple experiment on OFELIA

 Setup network, VMs, verify connectivity via OpenFlow substrate

(5)

PART 1

(6)

The OFELIA Project and Testbed Federation

Supporting OpenFlow/SDN Experiments

Monday, 08 December 2014 6

http://www.fp7-ofelia.eu/

(7)

What is OFELIA



“OpenFlow in Europe: Linking Infrastructure and Applications”



EU FP7-funded project



Duration: 2010-2013

 Project ended on 31/10/2013, facility remains 



Federated, distributed testbed that:

 enables clean-slate SDN experimentation

 hosts islands with diverse resource types

 is publicly available as best-effort service



Main concepts:

 experiment on an SDN network

 control the network resources dynamically

(8)

Who is on board

Academic institutes

Industrial partners

(9)

What OFELIA offers



Virtualized OpenFlow switches (v1.0):

 commercial solutions (NEC, HP switches)

 optical / copper ports

 wireless Access Points (OpenFlow firmware)

 NetFPGAs



Virtual Machines (VMs, using XEN)

 used as end-hosts or controllers



Linking infrastructure

 LANs, overlays, fibers, spectrum

These resources are sliced:

 allow concurrent experiments

 minimize interference

 FlowVisor for network, XEN for end-hosts

(10)

Applications on top of OFELIA



Network Virtualization



Support for Content Centric Networks



OpenFlow and Path Computation Elements



OpenFlow-based Video on Demand



OpenFlow in Brazil, Mobility & Multicast



OpenFlow and Cloud Data Center management

10

(11)

Projects that use OFELIA Software and Testbeds



ALIEN  Abstraction layer for extending programmable

networks with heterogeneous equipment



FELIX  Allow users to build their own virtual slices using

resources of remote Future Internet facilities



GN3Plus  The Geant R&E pan-European Testbed



FIBRE  EU and Brazil cooperation for experimental

research into networks and distributed applications



Fed4FIRE  Focus on testbed federation procedures



OFERTIE  QoS for Real-Time Online Interactive

Applications

Monday, 08 December 2014 11

ALIEN: http://www.fp7-alien.eu/, FELIX: http://www.ict-felix.eu/,

GN3Plus: https://www.grnet.gr/en/gn3plus, FIBRE: http://www.fibre-ict.eu/, Fed4FIRE: http://www.fed4fire.eu/, OFERTIE: http://www.ofertie.org/

(12)

New applications  New EU testbeds

Montag, 8. Dezember 2014 ATCN 2014 12

• Sep 2010 – Sep 2013 : 3 years, 17 Partners

• First OpenFlow Testbed across Europe (10 federated islands)

• Oct 2012 – Nov 2016 : 4 years, 17+ partners

• Provide a common federation framework for Future Internet Research and Experimentation facilities

• GN3plus : Apr 2013 – Mar 2015 : 2 years, 41+ Partners

• GN3Plus : Extend/expand GEANT’s network across EU

(13)

OFELIA Design Goals (I)



Flexibility and programmability for SDN experiments

 minimize restrictions of pre-defined functionality

 make such functionality extensible



Fidelity: islands/testbeds are real networks

 evaluate new ideas in parallel with production operation



Ease of use

 tools and interfaces to ease resource management

 experimenter concentrates on the experiment (not the tool)



Island independency/autonomy

 testbed facilities act as a federation or standalone islands

 each island managed by separate administrative entities

 does this requirement sound familiar?

(14)

OFELIA Design Goals (II)



Resource isolation

 resources are “sliced”: OpenFlow switches, VM servers

 virtualization concurrent experiments over same substrate

 minimize interference between different experiments/slices



Federation

 OFELIA supports integration/federation between its islands

 network slices can span multiple islands

 goal = large scale experimentation with resource heterogeneity



Modularity

 multiple components communicating over well-defined interfaces

 quick, pluggable module integration and improvements



Security

 user authentication, authorization and accountability

(15)

Important terms (I)



OFELIA island

 acts as a single administrative domain

 offers its experimental network resources for tests



OFELIA Control Framework (OCF)

 is the main control and management software

 supports users to conduct experiments



Intra-federation

 inter-connect heterogeneous OFELIA islands

 use the homogeneous OCF

 offer a unified experimental facility to end-user (experimenter)



ClearingHouse

 is a trust authority to verify user permissions and policies

 provides service and slice information

(16)

Important terms (II)



Slice

 a set of reserved resources

 e.g., two ports of an OpenFlow switch and two VMs at ETHZ



Resource Manager (RM)

 entity that manages resources and maintains resource states

 e.g., FlowVisor for Flow Spaces, XEN for VMs



Aggregate

 a composition of resources

 e.g., the set of all switches and ports at the ETHZ island



Aggregate Manager (AM)

 entity that manages Aggregates, other AMs or RMs

 authentication, delegation, policy management functions

 e.g., FOAM for FlowVisor, VT-Manager for XEN

(17)

And now the details…

(18)

Rollout phases of such a testbed



Could we have built it in one go?

 Probably not…

 Time=function(partner_num, purchase_times, SW_development,…)



Phase 1: Setup (First year)

 OpenFlow switches, VM servers and OCF* in place

 First local experiments conducted



Phase 2: Interconnection (Second year)

 Connect islands with each other (intra-federation)

 Extend experimentation to wireless and optics



Phase 3: Customization (Third year)

 Automate resource assignment (OCF* evolution)

 Provide connection to external facilities (e.g., other testbeds)

(19)

OFELIA testbeds: Slice isolation via FlowVisor

Montag, 8. Dezember 2014 19 Switch/Router OpenFlow Firmware Data Path OpenFlow Controller OpenFlow Controller OpenFlow Controller

FlowVisor

OpenFlow OpenFlow Policy Checks:



Is a rule allowed?



Rule prioritization



Who controls the

packets?

Packet

Slide borrowed from Rob Sherwood

FlowSpace slicing example

(More dimensions: ingress ports, VLANs, etc.)

(20)

Island Example: The ETHZ OFELIA testbed

Montag, 8. Dezember 2014 20

* Extensions:

-Privacy and Availability Layer -Gateways to other resources (e.g., GpENI, public Internet)

ATCN 2014

INTERNET

Does this setup seem familiar?

VM servers, edge/core switches…

(21)

Core Software: OFELIA Control Framework (OCF)



Set of SW tools for testbed management



The OCF controls:

 Experimentation life-cycle

 Reservation / Instantiation / Deletion of resources

 Configuration of slices

 Monitoring of experiments



OCF features:

 Full S/W stack: frontend, clearinghouse and resource AMs

 Support for OpenFlow resources and VMs (XEN)

 Extendable to more resource types

 Slice orchestration

(22)

OCF software stack (single island)

Montag, 8. Dezember 2014 22 (FlowVisor, XEN) (OpenFlow AM, VM AM) (Expedient CH) (Expedient UI*) (Switches, VMs, other…)

*(Plug-ins are resource /functionality specific)

(23)

Example of an OpenFlow Aggregate Manager: FOAM

(24)

Putting it all together with plug-ins

(25)

THE (INTRA-/INTER-)FEDERATION CONCEPT

(26)

Intra-Federation: high level architecture

Montag, 8. Dezember 2014 26

 Common Control framework (OCF)

 Common UI (Expedient)

 Well-defined interfaces (GENI) Create and run experiments across islands

INTERNET

(27)

SFA (Slice Federation Architecture) based on the GENI

API : AM API calls v2



GetVersion (options)



ListResources (credentials[], options)



CreateSliver (slice_urn, credentials[],

rspec, users[], options)



DeleteSliver (slice_urn, credentials[],

options)



SliverStatus (slice_urn, credentials[], options)



RenewSliver (slice_urn, credentials[], expiration_time,

options)



Shutdown (slice_urn, credentials[], options)

(28)

GENI API call arguments



slice_urn: The URN (Unified Resource Name) of the slice



rspec: matches the GENI standard request

RSpec schema, containing the resources that the caller is

requesting for allocation to the slice specified in slice_urn



users[]: An array of user structs, which contain information

about the users of the slice



credentials[]: An array of credentials granting the caller

privileges to perform this operation (e.g., create slivers)



options: A struct with particular semantics (AM-dependent)



expiration_time: Time when the slice reservation will

expire  points to de-allocation of resources

(29)

Intra-Federation: abstracting away inter-island links

(30)

Intra-Federation: user uses home-island as portal

to access AMs/resources of the federation

(31)

Inter-Federation architecture (discussed)

(32)

Well, how do I use OFELIA?

(33)

Full User workflow

Learn about OFELIA Register for an OFELIA account and acquire credentials Connect over VPN to OFELIA control network Login to home island Expedient UI Acquire project permissions from IM of home island Create a Project Add federated AMs to project Create an experimental slice within the project Define OF resources, define OF controller, allocate VMs, start the slice Wait for

OF resource allocation upon IMs’ permission

Run your slice controller, run VMs, run experiment Update the slice (optional) Collect

results Stop the slice

Slice expiration/del

etion

(34)

User Access Cycle

You (Experimenter)

Expedient (UI)

FOAM, FV, XEN,…

(35)

Feel free to become a user! (it’s free)

1)

Register for an OFELIA account, get credentials

2)

Set up an OpenVPN connection to the federation

3)

Fire up UI and create an experimental project

4)

Run your experiment(s)

5)

Repeat (3)

Notes:



This is a best-effort service!



OFELIA home:

http://www.fp7-ofelia.eu/



Check out our usage policy and manuals



Contact us (helpdesk, mailing lists)

(36)

Information Sources

 Official OFELIA web-site: http://www.fp7-ofelia.eu/

 OFELIA user manual and documentation wiki:

https://alpha.fp7-ofelia.eu/doc/index.php/Main_Page

 Sample OFELIA tutorial:

http://www.fp7-ofelia.eu/assets/Uploads/OFELIA-Tutorial.pdf

 OFELIA Control Framework on GitHub: https://github.com/fp7-ofelia/ocf

 AMsoil (SW base for AMs): https://github.com/motine/AMsoil

 GENI Glossary: http://groups.geni.net/geni/wiki/GeniGlossary

 GENI APIs (v2 presented in lecture for simplicity): http://groups.geni.net/geni/wiki/GeniApi

 OFELIA whitepaper: SUÑÉ, Marc, et al. “Design and Implementation of the OFELIA FP7 Facility: the European OpenFlow Testbed”. Computer Networks, 2014, 61: 132-150.