• No results found

L2-L7 BASED SERVICE REDIRECTION WITH SDN/OPENFLOW

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "L2-L7 BASED SERVICE REDIRECTION WITH SDN/OPENFLOW"

Copied!
26
0
0

Loading.... (view fulltext now)

Download now ( 26 Page )

Full text

(1)

L2-L7 BASED SERVICE REDIRECTION

WITH SDN/OPENFLOW

Marc LeClerc

(2)

NoviFlow offers the Highest Performance

Switches and Forwarding Plane Products

for the SDN and NFV Markets

About NoviFlow

•  Technology : Innovative use of Network Processors, instead of ASIC or X86

•  Products:

ü

  Novi

Switches

: Pure-play OpenFlow switches based on NPUs

•  Delivering unparalleled OpenFlow throughput, flow table capacity and flow handling capabilities

•  Supports ALL OpenFlow 1.3 actions, instructions and matching fields, and key OpenFlow 1.4 features •  Compatible with the leading controllers and applications, incl. NEC, OpenDaylight, Ryu etc

ü

  Novi

Ware

: Operating Systems for NPU-based SDN and NFV forwarding planes

•  Used in all NoviSwitches •  Also licensed to OEMs •  Typical deployments:

•  WAN: Network appliance and router replacement or complement •  Data Center: Gateway switches, aggregation switches or as ToR switches

(3)

NoviFlow’s Evolution

Research   NoviFlow   Founded   1st  Launch   U.S.   Expansion   OpenFlow   1.3   Customer   and  Partner   growth  

Far  East,  US   DistributorEx pansion   Europe  and   Israel   Expansion   OpenFlow   1.4   Q1 2013 Q2 2013 NoviFlow releases the 1st OpenFlow 1.1 Switch to achieve 100 Gbps Silicon Valley and Seattle offices open Q3-Q4 2013 2014 1st OpenFlow 1.3 switch to achieve 200 Gbps and 1 million flows per 1U 2009-2011 Q1-Q3 2012 Q4 2012 Original research on Network Processor-based OpenFlow switches at University UQAM Q1-2 2014

Named as one of the 8 SDN start-ups to watch by

Business Insider. Jan 2013

Named as one of the 8 SDN start-ups to watch by Business Insider. Jan 2013

One of 6 SDN Solutions to Watch

at ONS 2014: Hottest Company

(4)

How  can  large  data  

centers  with  significant  

scalability  &  

performance  

requirements  embrace  

SDN  and  OpenFlow?  

The SDN Market is Maturing

Carriers and large data centers

–  have been experimenting with SDN and OpenFlow for two or three years now…

–  Have confirmed the potential for lower costs, increased flexibility and efficiencies that come with SDN and OpenFlow

–  Based on this, these are the key requirements for scalable SDN networks:

1. Full and complete OpenFlow 1.3 specs implementation ALL OpenFlow 1.3 actions, instructions and matching fields, Fully programmable packet processing pipeline

Multiple tables (eg. 10+) each supporting the full OpenFlow specifications 2. Millions of Flow Entries

Many SDN applications (eg. Router replacement, DC Gateways switches,

tenant ToR switches, service chaining, etc) require very large number of Flow Entries

3. Ability to do match and act on L2 to L7 header fields and payload

Many SDN applications (eg. GTP load balancing, firewalls, network monitoring, service chaining, etc) benefit greatly from the ability to inspect and act upon packet headers and payload

4. High OpenFlow processing throughput

Hundreds of Gbps of OpenFlow throughput is required

NoviFlow’s NoviSwitch products are specifically designed in response to these issues and meet the needs of carriers and large datacenters

(5)

NoviFlow’s Focus:

High Performance SDN Infrastructure

SD

N

 A

rc

hi

te

ctu

re

 

ApplicaAon  Layer  

Control  Layer  

SDN applications

SDN Control

Software

Programmable APIs

Infrastructure  Layer  

OpenFlow 1.3/1.4

(6)

Novi

NID® 106:

•  2000 flow entries •  Throughput of 24 Gbps, •  OpenFlow 1.3.x Customer

Premise Equipment •  Low power (<25W), fanless

operation, MTBF > 18 years •  6 data plane ports: 2 x SFP/

SFP+ and 4 x 10/100/1000 Base-T

•  Maintenance-free operation with remote configuration and provisioning

Novi

Switch® 1132:

•  0.5M flow entries in 1U

•  Throughput of 100 Gbps •  Support ALL OF 1.3 actions,

instructions and matching fields

•  3,200 flow mods/sec •  Up to 12,000 Group table

entries

•  Up to 4,096 Meters •  L2-L7 matching and

flow-switching functionality •  10 x 1/10GE and 22 x 1GE

ports

Novi

Switch® 1248:

•  1M flow entries in 1U •  Throughput of 200 Gbps •  Support ALL OF 1.3 actions,

instructions and matching fields •  3,200 flow mods/sec

•  Up to 12,000 Group table entries •  Up to 4,096 Meters

•  L2-L7 matching and flow-switching functionality

•  20 x 1/10GE and 28 x 1GE ports

Novi

Switch® 2128:

•  1M flow entries in 1U •  Throughput of 240 Gbps •  Support ALL OF 1.3 actions,

instructions and matching fields •  12,000+ flow mods/sec

•  Up to 12,000 Group table entries •  More than 4,096 Meters

•  L2-L7 matching and flow-switching functionality

•  24 x 1/10GE and 4 x 40GE ports

(7)
(8)

NoviFlow Products: Forwarding Plane Software

Novi

Ware® 300:

•  NoviWare 300 is the software running in the

NoviSwitches

including software for data

plane EZchip network processors and control plane PowerPC or Intel i7 host CPU

•  NoviWare 300 is also a licensed product

•  NoviWare 300 offers the industry’s broadest support of the OpenFlow standard in the

industry

  Key features of NoviWare 300 include:

•  All OpenFlow 1.3 match fields, instructions, actions and counters

•  Key OpenFlow 1.4 features including Bundles, PBB UCA header field, Eviction, Vacancy

Events, etc

•  L2-L7 header and packet payload matching and flow handling

•  Optimized algorithms for pipeline processing with multiple tables, instructions, action sets

•  Groups for complex forwarding including multipath and fast reroute •  Queues and Meters for quality of service

•  VLAN, MPLS and PBB tag processing (match, push/pop and Set Field)

•  Multiple OpenFlow Controllers and Controller role-changes •  Enhancements to support specific controllers

•  Hardware abstraction layer to facilitate porting to other forwarding plane hardware platforms •  Extensive set of O&M features

(9)

NoviSwitch

O&M Features

OF-CONFIG 1.1.1/1.2

CLI for Set/Show configuration for switch, controllers, ports, flow tables,

users, meters, etc

TACACS+/RADIUS for AAA services

ACL (allowed IP addresses) on management ports

VLAN on management ports

CLI Log with accessing IP address for configuration change traceability

CLI Log export to external Log server

CLI for status and stats

Remote installation, update and roll-back of software revisions

Remote power on/off and reboot

Switch configuration export/import in binary and text formats

Automatic periodic switch configuration uploads to an external server for

configuration management

(10)
(11)

www.noviflow.com

(12)

NoviFlow Targeted SDN/NFV Use Cases

• 

NoviFlow WAN Use Cases

– 

L2-L7 Load balancing (GTP Load Balancing – CENGN)

– 

IP/MPLS SDN Router

– 

Smart Traffic Steering

– 

Packet Filtering

– 

Network Redundancy

– 

Service Chaining

– 

Network Monitoring

– 

DC Gateway Switch

– 

ToR Switch

– 

SDN Enhanced Security

(13)

•  SDN Applications (routing protocols)

–  NoviSwitch supports all common routing protocols across the

OpenFlow interface

–  Key supported protocols

•  IP: BGP, OSPF, IS-IS

•  MPLS: LDP, RSVP-TE (future)

–  Sources of protocol stacks:

•  OEMs`, IP Infusion, Aricent, Metaswitch

•  Open source (Quagga)

•  SDN Controllers:

–  NoviFlow will adopt to Customer’s chosen controller/apps

–  NoviFlow is involved in six different SDN router projects

–  NoviFlow may supply 3rd party controller and applications if

required by customers

•  SDN Data Plane:

–  One or more NoviSwitch 1132/1248/2128/2116

(14)

IP/MPLS SDN Router

Solution Components:

OpenFlow controller with protocol stack applications

One or more NoviSwitch OpenFlow switches

Operator Benefits:

Dramatically lower CAPEX and OPEX

Network configuration automation

L2-L7 forwarding optimization

Deterministic forwarding

APIs towards network management

Large Logical SDN Router:

•  8 x NS-2128 “line cards” •  1 x EX3248 “backplane” •  Size: 9 RU •  Ports: 192 x 10GE •  OF 1.3 processing capacity: •  1.9 Tbps •  2,400 MPPS

(15)

Smart Traffic Steering

•  Network Operator Benefits:

–  Low cost hardware and software solution

–  IP/MPLS core network off-load

–  Admission control to optimize use of IP/

MPLS core network

–  Fewer visits to the customer premise

thanks to remote configurations and upgrades

–  L2-L7 filtering and forwarding

–  Faster packet forwarding compared to

traditional routers

–  Low cost NoviFlow optical transceivers or

3rd party optical transceiver

•  Customer Benefits:

–  Lower cost traffic forwarding

–  Firewall, content filtering, ACL, admission

(16)

Packet Filtering

•  Key Features:

–  L2-L7 Packet Filtering and modification

–  SDN Controlled Packet Filtering Solution:

•  Dynamic filtering rules managed via OpenFlow controller

•  Multiple packet filtering Nodes per controller

•  Filtering Rules Examples:

–  Block/allow traffic from certain MAC or IP addresses based on black/white lists

–  Block/allow traffic from certain IP subnets

–  Application black/white lists

–  Obfuscate/redirect traffic

–  Transparent IP address translation for legacy systems

–  Identify and re-direct suspicious traffic to analysis tools

•  Use Cases:

–  Packet filtering as a service

–  Optimized video traffic handling

–  Filter out undesirable traffic from enterprise network

Network

(17)

Network Node Redundancy

Key Features:

4x4, 8x8 or 16x16 matrix

Optical data rates from

1Gbps to 100Gbps

OpenFlow controlled optical

switch fabric

Use Case:

Carrier grade 1+1

(18)

Service Chaining

Pools physical and/or virtual network

appliances located north of the

GGSN/PGW

Network appliances are in-stream or

mirrored stream

Each traffic type by service class

needs a unique set of network

appliances

How it works:

Rules for each traffic type by service

class is programmed into the

NoviFlow switch by the application

Incoming traffic (A) is analyzed and

sent to various network appliances

according to the traffic rules before it

is forwarded to the GGSN/PGW

Internet

PDNs

. . . #1 #N B A C 1+1 OF Controllers And Applications GGSN/PGW

Service Chaining

(19)

Network Monitoring

GGSN Gi service LAN Network TAP:

(20)

SDN DC Gateway Switch

(21)
(22)

TOR Switch

Use TOR Switch to create multiple

virtual tenant networks in the data

center

Key Features

–  Full isolation between tenants

–  IP Mobility/overlapping IP address

–  Independent network policy

–  Auto-configuration

Benefits

–  Optimized Network Utilization

–  Elastic Scalability

–  No device level configuration

–  Complete VM Mobility

–  Each virtual tenant has unique network policy

–  Reduced Power Consumption

–  No location dependencies Infrastructure Layer

Tenant  A  

Tenant  B  

Tenant  C  

Virtual Layer

Solution Components:

•  NEC ProgrammableFlow

Controller*

•  NoviFlow Switches

(23)

Security and SDN

Core Routers Transport Switches Intelligent L2-L7 Edge Devices Edge Routers Aggregation Switches Devices

Filter  incoming  traffic   based  on  L2-­‐L7   criteria  before  it   reaches  the  core  

Network  

Use  separate  out-­‐of-­‐ band  network  for  OF  

switch  provisioning      

OpenFlow  controller  for  centralized   response  to  network  threats    

Reduced   overprovisioning   Divert  suspicious  traffic  

to  “scrubbing  center”   then  re-­‐inject  “clean”  

traffic  to  original   desAnaAon     IdenAfy  suspicious  

traffic  between   servers  

Use  ‘edge  switch’   approach  for   distributed  VLANs,  

Firewalls,  Label   Switching,  etc…  via  

OF  apps     NoviSwitch  unique  features  for  security  applicaAons:  

•  Up  to  240  Gbps  OpenFlow  1.3/1.4  throughput  for  edge  capacity   •  Up  to  1  million  flow  entries  for  fine-­‐grain  access  tracking  

(24)

[ 24 ]

Dynamic Policy Creation via REST API

SPAN SPAN TAP TAP PRODUCTION NETWORK

•  Invoke REST API of the SDN

Monitoring Fabric

•  D y n a m i c a l l y p r o v i s i o n /

activate / update the policy

•  The Intruder Traffic is now

replicated to the malware analysis device Control Network NPB NPB 1G/10G/40G Tool Farm F1 D1 D2 Normal packet Intruder Packet SECURITY ANALYTICS MALWARE ANALYSIS DEVICE OpenFlow   Controller   Network   TAP  App  

(25)

NoviFlow’s Key Messages

1.

The SDN market is maturing

NFV and SDN are forcing a revision in how networks are built and operated

Early adopters of SDN are realising that ASIC- and X86-based SDN networking

gear have serious shortcomings preventing them from getting the full value of

software defined networking

2.

NoviFlow offers High Performance OpenFlow data planes that

leveraging NPU technology

–  Most complete implementation of OpenFlow 1.3/1.4 on the market for highly demanding SDN and NFV applications

–  Up to 1 Million entries in TCAM, for unparalleled performance and flow handling granularity

–  Up to 240 Gbps of full OpenFlow 1.3/1.4 throughput for solutions that scale!

(26)

[ 26 ]

References

Download now ( PDF - 26 Page - 6.61 MB )

Related documents

Intercultural schooling in Greece :a study of schooling processes and teaching practices in four urban intercultural primary schools

This centrality of the teacher's role in this process of schooling is at the centre of this inquiry, as it aims, not only to understand how intercultural education is implemented

Taking The Road Not Taken: Vermont s Health Benefit Exchange And The Green Mountain State s Journey To Single Payer Healthcare

In his inaugural address, Vermont Governor Peter Shumlin made healthcare reform a policymaking priority and offered a progressive healthcare reform plan that would create

Audit Types & Differences. Presented By: Sue Brewster LifeNet Health Regulatory Compliance Manager

Observation of the processes within the scope of the audit Can review the schedules and procedures for Management Review and for Internal and External Audits. Usually a high

MAKE THE MOST OF THE SALES TALENT WITHIN YOUR ORGANIZATION.

Knowledge is power, and PI Worldwide’s Selling Skills Assessment Tool (SSAT) gives you the specific data you need to increase the sales production and customer interaction skills

DEAF & HARD OF HEARING

Thank you for contacting the Office for the Deaf &amp; Hard of Hearing (ODHH) within the Department of Labor &amp; Industry with your questions regarding hearing aids,

A user guide to the. University of Plymouth Placements on Web (POW)

Placement areas can view live information about students allocated to their area and can access reports on specific placement information.. Much of the information held on the PEPs

Coherent Coupled Qubits for Quantum Annealing

Table I shows a list of sample parameters extracted from two different models of the coupled-qubit system — a semiclassical model, where the individual qubits and coupler are

Nurse Practitioner, Hereditary Cancer Program, Wilmot Cancer Institute/Pluta Cancer Center Present

Role: teaching a doctoral course in qualitative research methods 2016-present Nurse Scientist, Oncology Nursing, Dana-Farber Cancer Institute 07/2013- Instructor, Harvard