OpenFlow

A short tutorial

Omar Baldonado
omar@bigswitch.com

OpenFlow: ! What is it?! Why should I care?! What can I see in the OpenFlow Lab?! What are some next steps?!

OpenFlow ! What is it?!

CORE TECHNOLOGY: OPENFLOW PROTOCOL!

Protocol that allows an external server (controller) to control the data path of a switch!

OpenFlow Protocol!

Control Path! Data Path (Hardware)!

OpenFlow!

AN OPENFLOW SWITCH SIMPLIFIED!

Core of the OpenFlow switch: the flow table abstraction

Flow table !
Generic primitive that sits on top of switch TCAM, designed to match well with common switch ASICs.! Example actions:! 1. Switching and routing (port),! 2. Firewalling (drop),! 3. Using to switchs nonOpenFlow logic (local),! 4. Send to controller for processing (controller)! Foundation network functions are split between per-packet rules on the switch and high-level decisions at the server!

Controller (Server So,ware)

OpenFlow-enabled Switch

Flow Table
MAC src
* * * * *

MAC dst
10:20:. * * * * * * * * *

IP Src

IP Dst *

TCP dport
* * * * * *

Action Count
port 1 port 2 drop local controller 250 300 892 120 11

5.6.7.8 * * 192.* *
25 * *

OPENFLOW DEPLOYMENT IN PRACTICE!

Incremental deployments at edge

Switches: Only the edge switches need to be OpenFlow-enabled! VLANs: Only a subset of VLANs on the edge switch need to be enabled for OpenFlow. ! Forklift: There may areas in your overall network where this may be possible (e.g., a new datacenter)!

and growing

OpenFlow ! Why should I care?!

OpenFlow architectures ! enable! Virtualization,! Advanced Forwarding, and ! Programmability!

OPENFLOW PROTOCOL AND OPENFLOW ARCHITECTURES!

An architecture of switches, controllers and software applications
THE ARCHITECTURE!

THE PROTOCOL!
Minimal and powerful, like the x86 instruction set!

Rich variety of uses and applications, like x86 + Linux + applications + python!

EVERY SEGMENT SEES SOMETHING DIFFERENT!

OpenFlow has many potential propositions
Large scale datacenter and service provider Enterprise private cloud Enterprise Campus LAN Commercial

Virtualiza)on Advanced Forwarding Programmability

Mul)- tenancy

Mul)-team Delegated admin No more spanning tree failures

The new stackable

Fat Trees for Larger L2 Big Data apps domains, VM mobility Integra)on with proprietary systems Vendor choice

No more spanning tree failures

NEW STRUCTURE FOR THE NETWORKING INDUSTRY!

Horizontal industry, open system strategy unleashing innovation
Horizontal/Open Monolithic

Applica)on Applica)on vendors vendors

Apps

In-House soLware Sound familiar? !

Open OS Open OS/Controller PlaPorms

OS

Mainframe to PC! SunOS, HPUX, AIX to Linux to VMware!

Device

System vendor

Merchant silicon Hardware Merchant silicon vendors

Closed cellphones to App Stores!

Silicon

Merchant silicon Merchant silicon Merchant silicon

VIRTUALIZATION IS CHANGING ECONOMICS OF COMPUTE!

Networking cant keep up
The New Economics of Compute Infrastructure!
600
Hours to Prep a! New Server!

The Current Economics of Networking Infrastructure!

500 400 300 200 100 0

Company 1 Company 2 Company 3

Before ALer

The network is in my way.!

James Hamilton, ! Chief Architect, Amazon Data Center!

Total Admin Costs!

$500k $400k $300k $200k $100k $k

Company 1 Company 2 Company 3

Before ALer

VMware TCO study! http://www.vmware.com/pdf/TCO.pdf!

AN OPENFLOW SWITCH SIMPLIFIED!

Core of the OpenFlow switch: the flow table abstraction

Flow table !
Generic primitive that sits on top of switch TCAM, designed to match well with common switch ASICs.! Example actions:! 1. Switching and routing (port),! 2. Firewalling (drop),! 3. Using to switchs nonOpenFlow logic (local),! 4. Send to controller for processing (controller)! Foundation network functions are split between per-packet rules on the switch and high-level decisions at the server!

Controller (Server So,ware)

OpenFlow-enabled Switch

Flow Table
MAC src
* * * * *

MAC dst
10:20:. * * * * * * * * *

IP Src

IP Dst *

TCP dport
* * * * * *

Action Count
port 1 port 2 drop local controller 250 300 892 120 11

5.6.7.8 * * 192.* *
25 * *

DATACENTER PROBLEMS AND ARCHITECTURES!

A compilation of what weve been seeing

1. Private Cloud Delegated Administration 2. VM Mobility 3. Virtual + Physical Policy! 4. Fat Tree / Non-Spanning-Tree Topologies! 5. Reduce Spanning Tree Risk for Large L2 Domains!

CAMPUS PROBLEMS AND ARCHITECTURES!

1. Delegated Administration

2. NAC / Guest Access

3. Virtual Desktop / Bring-Your-Own Hardware Deployments!

What can I see in the InteropNet OpenFlow Lab?!

LOTS OF EXAMPLE FUNCTIONALITY ENABLED BY OPENFLOW!

Booth #2019 - a dozen switch vendors and controller vendors with standards-based, interoperable products

One example:! Streamline app deployment ! by creating a ! Big Virtual Switch ! for the hosts and the admins!

EXAMPLE: PAYMENT APP FROM LAB TO PRODUCTION!

Apps are typically designed with a simple network in mind
Ingredients! Admin Consoles/Terminals (offce + DC)! 2+ Payment Server VMs (DC)! Application Requirements! Require L2 connectivity! Require ACLs in front of the VMs! Other Constraints! VMs may move around as we re-work DC capacity planning! Need to be ready for PCI DSS compliance: password rotation, bi-annual audit, etc. driven by payment team! Admin console/terminals may change location, driven by the employee ofce location!

EXAMPLE: PRODUCTION IS ALWAYS HARDER THAN THE LAB!

Target production environment: a mix of physical and virtual machines

L2/L3 problem for initial roll-out! ACL placement problem for initial roll-out! Scale-up problem as we add VMs! M/A/C problem on terminal & admin console! => None of these can be solved by the payment team admin alone!

EXAMPLE: THE BENEFITS OF A BIG VIRTUAL SWITCH!

For the architect!

For the team admin!

EXAMPLE: VIRTUAL SWITCHES BASED ON OPENFLOW!

Smooth roll-out and smooth scale-out
Payment! Virtual Switch Support Apps Virtual Switch Accounting Virtual Switch Quarantine Virtual Switch

Network Virtualization Controller!

Switch ! hardware! Switch hardware! Switch Switch hardware! hardware! Switch hardware! Switch Switch hardware! hardware!

EXAMPLE: NEW ARCHITECTURE, NEW CAPABILITIES!

Some of the subtle implications of this approach Recall: OpenFlow architectures enable virtualization, advanced forwarding, and programmability! Virtualization!
Administration of a big virtual switch is roughly the same basic training (and software) as administration of a physical switch! VM mobility (and any other mobility) is a solved problem in this approach!

Advanced Forwarding & Programmability!

Use of OpenFlow-oriented forwarding to take advantage of resources in the network (tunnels, rewalls, IDS/IPS)! Scaling out networks (i.e., with non-tree topologies) becomes possible and doesnt require L2/L3 redesigns! Integration with other systems (e.g., VMware vCenter)!

OpenFlow ! What are some next steps?!

GO ONLINE AND START EXPERIMENTING!

Lots of info, open source, articles and more on the way!

Reference/Specication/Commmunities!
www.openow.org ! www.openowhub.org! www.opennetworkingfoundation.org!

Open-Source Controllers, Switches, Tools!

Controllers - Beacon, Maestro, Nox, SNAC, Trema! Switches - Indigo, Open vSwitch! Tools Mininet, Beacon Workbench, test suites!

Thanks
and come see the OpenFlow booth!
(#2019)