Software Defined Networking (SDN) OpenFlow and OpenStack. Vivek Dasgupta Principal Software Maintenance Engineer Red Hat

(1)

Software Defined Networking (SDN)

OpenFlow and OpenStack

Vivek Dasgupta

(2)

Introduction – SDN and related technologies

• SDN is a technology enabling programmable networks

• Using software running on general purpose OS/Hardware

• SDN – Separation of

control and data plane

Infrastructure Layer Infrastructure Layer Application Layer Application Layer Control Layer Control Layer S D N A rc h it e c tu re S D N A rc h it e c tu re

Programmable Open APIs

Data Plane Interface Network Devices

(4)

(5)

The need for SDN

Router/SwitchRouter/Switch

APP

APP _APPAPP

APP APP Control Plane Control Plane Data Plane Data Plane APP APP Router/Switch Router/Switch APP

APP _APPAPP

(6)

(7)

Evolution to SDN

Router/SwitchRouter/Switch

APP

APP _APPAPP

APP APP Control Plane Control Plane Data Plane Data Plane APP APP Applications Layer Control Layer

Infrastructure Layer / Data plane

(8)

SDN Architecture

• SDN Applications • SDN Control Plane Controller NOS • SDN Data Plane Devices OpenFlow APPLICATION LAYER APPLICATION LAYER Business Applications Business Applications CONTROL LAYER CONTROL LAYER

Network Operating System (NOS) Network Operating System (NOS)

Network Services INFRASTRUCTURE LAYER DATA PLANE INFRASTRUCTURE LAYER DATA PLANE API

(9)

(10)

(11)

SDN Components - (Ecosystem)

• Cloud Orchestration • Network Virtualization • Network Functions Virtualization (NFV) PUBLIC CLOUDS PUBLIC CLOUDS ENTERPRISE PRIVATE CLOUDS ENTERPRISE PRIVATE CLOUDS VIRTUAL PRIVATE CLOUDS VIRTUAL PRIVATE CLOUDS HYBRID CLOUDS HYBRID CLOUDS NFV APPLICATIONS NFV APPLICATIONS IT SERVICES (PASS,IAAS) IT SERVICES

(PASS,IAAS) APPLICATION SERVICESAPPLICATION SERVICES_(SAAS)_(SAAS)

SDN

CLOUD ORCHESTRATION & AUTOMATION

CLOUD ORCHESTRATION

& AUTOMATION NETWORK VIRTUALIZATIONNETWORK VIRTUALIZATION_{& AUTOMATION} & AUTOMATION

(12)

SDN Controller

OpenDayLight

• Open Source • Southbound - OF • Northbound -> Neutron • Plugin ->

Red Hat Enterprise Linux OpenStack

Platform

Management GUI

Management

GUI Network Application_{Orchestration &}

Services Network Application Orchestration & Services OpenStack Neutron OpenStack Neutron NTN Coordinator NTN Coordinator

OpenDay Light API's (REST)

SNMP SNMP PCEP PCEP BCP BCP LISP LISP NETCONF NETCONF OVSDB OVSDB OpenFlow OpenFlow OpenFlow Enabled Devices OpenFlow Enabled Devices

Additional Virtual & Physical Devices

Open vSwitches

Open vSwitches Dataplane Elements

(Virtual Switches, Physical Device Interfaces) Dataplane Elements (Virtual Switches, Physical Device Interfaces)

Southbound Interfaces & Protocol Plugins

Controller Platform

Service Abstraction Layer (SAL)

(Plugin Manager, Capability Abstraction, Flow Programming, Inventory etc. )

Service Abstraction Layer (SAL)

(Plugin Manager, Capability Abstraction, Flow Programming, Inventory etc. )

LLSP Services LLSP Services ManagerVTN VTN Manager DOVE Manager DOVE Manager

Base Network Service Functions

(13)

(14)

OpenFlow introduction

Controller OpenFlow Protocol OpenFlow Protocol Pipeline OpenFlow Switch Pipeline OpenFlow Switch Secure Channel

Secure Channel _{Group Table}_{Group Table}

Flow Table

• Openflow - standard for

interacting with forwarding behaviours of switches

• Control the behaviour of switches

dynamically and programmatically

• Flow tables, Group tables and

(15)

OpenFlow protocol - Messages

•

Controller to Switch

:: Switch / Flow table config, Packet out,

Barrier, Role Req, Bundle [Controller to Switch messages]

• Asynchronous

_{:: Packet-in, Flow-removed, Port-status,}

Controller Role status, Table status, Request forward [Async messages ]

• Symmetric messages

:: Hello, Echo Req/Reply, Error,

(16)

OpenFlow – FlowTables and Routing

• Packet-in message

for table miss

• Controller sends a packet-out mesg specifying action • Buffer id -> packet • Flow modification VM 1VM 1 VM 2VM 2 OpenFlow compliant Open vSwitch OpenFlow compliant Open vSwitch SDN Controller SDN Controller Packet IN

Packet IN _{Packet OUT}Packet OUT

Table Miss

(17)

OpenFlow – FlowTables and Routing

• Flow Table Components

Match fields, Priority, Counters, Instructions, Timeouts, Cookie

(18)

OpenFlow – FlowTables

SDN Controller Software SDN Controller Software

OpenFlow-enabled Network Device FlowTable compared to an instruction set

OpenFlow-enabled Network Device

FlowTable compared to an instruction set

MAC

Src MAC dst SrcIP dstIP dportTCP …. Action Count

. 10.20 . . . . Port 1 250 . . . 5.6.7.8 . . Port 2 300 . . . . 25 . drop 892 . . . 192. . . local 120 . . . . . . controller ₁₁ MAC

Src MAC dst SrcIP dstIP dportTCP …. Action Count

(19)

• OpenFlow

(20)

Open vSwitch

• Networking in Software

• In 2012 – total # of virtual ports

surpassed physical ports

• A opensource software switch

• High performance forwarding

using Linux Kernel Module

• OpenFlow Compliant

(21)

Open vSwitch

• Kernel Datapath • Userspace daemon • Configuration database • Since RHEL 6.4 vSwitchd

vSwitchd _ovsdbovsdb

OpenFlow

OpenFlow _sFlowsFlow

ovs-vsctl ovs-vsctl ovs-dpctl ovs-dpctl ovs-ofctl ovs-ofctl ovsdb-tool ovsdb-tool Datapath Datapath Management Management User Space User Space Kernel Kernel Promiscuous Mode Promiscuous Mode From NetDevice From

NetDevice _{To NetDevice}_{To NetDevice}

(22)

Open vSwitch

operations

• Normal mode vs

Flow mode

• Flow Table Match

based on L2/L3/L4

• Forward, Drop

Modify headers

(23)

(24)

(25)

Nova Networking

- Early days of Openstack networking

(26)

(27)

Neutron plugin architecture

• Neutron services • Various plugins connect to controllers or OpenFlow Switches Neutron API

Neutron API _{API Extensions}API Extensions

Neutron Service

● L2 Network Abstraction

● Device and Service framework ● Does NOT do any actual

Implementation of abstraction

Neutron Service

● L2 Network Abstraction

● Device and Service framework ● Does NOT do any actual

Implementation of abstraction

Neutron Plug-in API

Vendor User Plug-in

● Maps Abstraction to Implementation on Physical Network ● Makes all decisions about how a network is implemented ● Can provide additional features through API extension

Vendor User Plug-in

(28)

OpenStack Network Topology

(29)

OpenStack SDN

• Various Components • Iptables • Open vSwitch • Overlay networks • Tunnels – GRE/VXLAN • Network Namespace

• Netfilter NAT for

Floating IP addresses IPTABLES IPTABLES Open vSwitch Open vSwitch Overlays Overlays Tunnels Tunnels Netfilter NAT

Netfilter NAT Network

Namespaces Network Namespaces

(30)

OpenStack

Floating IP

(31)

OpenStack SDN

• A, B, C :: Tap,

Fw Bridge, Iptables

• D, E :: VLAN tagging

• F, G :: Tunnels

• Open vSwitch, GRE

• O, P :: DHCP

• M, N :: Router

Netfilter NAT

(32)

Future Trends

• Need to stick to open standards

• Need to have a stable SDN ecosystem

• Standardization for various components

• Allows for various vendor solutions

(open/closed source)

• Scope for Innovation at each layer- Apps, Controller, Protocols,

Devices (Physical/Virtual)

• Possible scope for Hardware acceleration products in SDN

space

(33)

Software Defined Networking (SDN) OpenFlow and OpenStack. Vivek Dasgupta Principal Software Maintenance Engineer Red Hat