JeronimoBezerra,JulioIbarraFloridaInternationalUniversity{jbezerra,julio}@amlight.net

VIIWorkshopPesquisa ExperimentaldaInternetdoFuturo (WPEIF)

June3rd 2016

AmLight’s OpenFlow Snifferdissected:Troubleshootingproductionnetworks

Humberto Galiza,MarcosSchwarzRede Nacional deEnsino ePesquisa

{humberto.galiza,marcos.schwarz}@rnp.br

Outline

• Context• Motivation• Features• Outputs• Roadmap

2

ContextAmLight isaDistributedAcademicExchangePoint

• Production SDNInfrastructure(sinceAug2014)• ConnectsAMPATHandSouthernLightGOLES- GLIFOpen

Lightpath Exchanges• CarriesAcademicandNon-Academictraffic

– L2VPN,IPv4,IPv6,Multicast• SupportsNetworkVirtualization/Slicing

– Openflow1.0– FlowSpaceFirewallforNetworkVirtualization/Slicing– OESSforL2VPNs– NSIenabled

• IncludingAMPATHandSouthernLight– Currently5slicesforexperimentation(includingONOSSDN-IP)

3

Context(2)

4

NSI

AmLight’sNRENs

FIBRESDN-IPONOS

SouthernLightAmpath2

Virtualization/Slices (FlowSpace Firewall)

Ampath1Andes1

Phys

ical L

ayer

Sout

hbou

nd A

PI:

Open

Flow

1.0

North

boun

d:Us

ers’

APIs

NOX

IDCP

Other NRENs

NOX

OpenNSA

OESS

OSCARS

OESS

Andes2

Univ.Twente

ONOS Internet2

Other Testbeds

Motivation

• AstroubleshootingSDNisstillcomplex,afewtoolsarebeingdevelopedatAmLight:– Testbed Sanitizer– AnOpenFlow Sniffer– Amulti-sliceSDNTraceroute– Integrationtools:Zabbix NMSw/OESS andFSFW

• WhyanewOpenFlow sniffer?– Wireshark requiresXorcapture/sendanddissectorforOF

• OF1.0:<50%dissected

– TsharkusesWiresharkdissectors– Thereareothertools,buttheyarenotspecificforrealtimeand

commandlineOpenFlow troubleshooting(lackofOpenFlow filters)5

Features

• OpenFlow 1.0support• Completelypassive/libpcap• RunsonLinuxshell– NoneedforXWindows

• Colorsimportantuserfields• Easytoinstall(installpython-pcapy &&git clone)• SupportsOpenFlow typefilteringusingaJSONfile• ConvertsFlowMods toOVS-OFCTLcommands– Help“reproduce”someproblems

• ApacheLicense• https://github.com/jab1982/ofp_sniffer 6

Outputs(1/2)

7

Outputs(2/2)

8

HandlingNetworkVirtualization(1/2)

• SupportingNetworkTestbeds isanewtrend– Butcreatesanotherlayer

• Applicationsdon’ttalktoOFswitchesdirectly– Virtualizationlayerinterfacesbothentities

• NetworkSniffersdon’tseetheend-to-endflow:– OritseesOFswitchtalkingtoVirtualization

Layer– OritseesVirtualizationLayertalkingto

Application

• OpenFlowmessagesdon’tidentifytheOFswitch:– HowtoassociateOFswitchtoApplication?

• SpeciallyforOFP_ERRORmessages? 9

10

HandlingNetworkVirtualization(2/2)

11

HandlingNetworkVirtualization(2/2)

Roadmap

• Version0.3– ByJune2016– FullOF1.3 (.5)support– ReadfromLibpcap files– Betterdocumentation– Bettercodeorganization– Supportforvirtualization– Interfaceforextrafiltersè

• Version0.4- ?– FullNICIRA/OVSsupport– SSL/TLSsupport– TrafficProfile?– Suggestions??

12

UseCases• Teaching/Learning:

– Greattooltoteach/learnSDNandOpenFlow– EasytoseeallOpenFlowmessagesandfields

• Coding:– Greatwaytoseeifyourcontroller(Ryu,POX,ONOS)issendingthe

OpenFlowmessagethewayyouexpect– Example:MalformedOFmessagesarenotsendbyRyu andnoalarmis

generated

• andTroubleshooting:– SDNnetworksareveryhardtodebug:lackoftools,protocolsandlogs– MostOFswitchagentsareinabetadeploymentphase

• Moreinformation:– www.sdn.amlight.net– Papers,Presentations,Videos,etc.

13

JeronimoBezerra,JulioIbarraFlorida InternationalUniversity{jbezerra,julio}@amlight.net

VIIWorkshopPesquisa ExperimentaldaInternetdoFuturo (WPEIF)

June3rd 2016

AmLight’s OpenFlow Snifferdissected:Troubleshootingproductionnetworks

Humberto Galiza,MarcosSchwarzRede Nacional deEnsino ePesquisa

{humberto.galiza,marcos.schwarz}@rnp.br

Questions?