© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Controller-Based Networking and SDN Development이정근, HP Labs

jklee@hp.com

June 26, 2012

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2

Agenda

1. Industry view of SDN & OpenFlow

2. Controller-based networking case studies

3. SDN development and OpenFlow

4. Conclusion

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Industry view of SDN & OpenFlow

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4

HP & HPLabs on OpenFlow

HP Labs contributions to the OpenFlow specificationFirst commercial, hardware-based OpenFlow switch in 2008

Leadership on OF 1.1, OF 1.2, …

Support for QoS, multi pathing, Flow API virtualization

QoS API contribution to Open vSwitch

Member of Open Networking Foundation(ONF)Chair, Extensibility Working group

Technical Advisory Group (TAG) Member

16 switch models with OpenFlow supportFree firmware upgrade

Top choice for academic and commercial researchers with over 70+ deployments worldwide

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5

Legacy Networks Slow Application Deployment

System Admin

Time in Months

Are you ready yet?Are you ready yet?

Which server?

Which VLAN?

Which subnets?

How muchbandwidth?

QoSPriority?

QoSMethod?

Rack 3Server 5

VLAN 10

VLAN 10

Subnet.16.31

10M CIR20M PIR

Priority4 IP TOS

Ok, starting switch config

Deploying Exchange VMs

… ready!

… 250,000+ CLI entries for typical data center

Network Admin

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6

Legacy Networks Slow Application Deployment

App Admin

Network Admin (Layer 4 – 7)

Time in Months

Are you ready yet?

…OWA?

Active Sync? SSL? IMAP4?

Yes IP 16.31:995

ConfiguringADC

1,200+ network attributesfor Exchange Deployment

… ready!

Deploying Exchange VMs

TCP Profile?

HTTP Redirect? POP3?

IP/owa 16.31:993Cert.mailLarge conn

pool

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7

HP Virtual Application Networks (VAN)

System Admin

Network Admin

Deploying Exchange VMs

Application deployedin 3 steps

CharacterizeCharacterize

IMC VAN Manager

OrchestrateOrchestrate

VMsVMs

IMC VAN Manager

Minutes

Wow! That was fast!

… ready!

Virtualizing

VirtualizeVirtualize

Plug-in

vCenter

Build profilewith template

Choose connection

profile

Choose connection

profile

Power onvirtual

machines

1

2

3

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8

HP FlexNetwork

Network managerw/

OpenFlow

Data Center Enterprise Branch

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9

Network management and controllers

Wired controller

Wired controller

Wired controller

Wired controller

Wired controller

Wireless controller

Wired controller

Wired controller

Radius controller

Wired controller

Wired controllerOpenflowcontroller

Wired controller

Wired controller

Management console

Wired controller

Wired controllerSwitch

Wired controller

Wired controllerRouter

Wired controller

Wired controllerAccess Point

Wired controller

Wired controllerFirewall

Wired controller

Wired controllerLoad balancer

Wired controller

Wired controller

Application & Service

Wired controller

Wired controller

SDN controller

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10

SDN is NOT

OpenFlow != SDNAnalogy: VM != cloud

OpenFlow APIs can be seen as• Assembly language

In addition to OpenFlow specs, we also need• Holistic control framework, network programming abstraction

• Integration with mgmt, config systems

• Interaction with services & applications

Network virtualization != SDNRather, one of SDN applications

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11

SDN is

“.. decoupling the network control and data planes, and putting the former under the control of software running in a (logically) central location.” from Verivue blog posing by Larry Peterson

(ONF, research community perspective)

Protocol (e.g., OpenFlow) connectsswitches and controllers

Logically-centralized controllers

Dumb, cheapswitches

stats, events

Flow rules

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12

(Networking vendor perspective)

SDN is

Centralized network management/configuration? YESEx) network virtualization is currently possible with centralized, automated configuration of VLAN and QoS.

Centralized control plane ? ArguableVaries over vendors, target networks

• Southbound (smart controller & dump switches)

• vs. Northbound (intelligent switches expose APIs)

OpenFlow and conventional networking hybrid

SDN is a moving targetCf) SDN was not there in 2008

In the rest of this talk, stick to “SDN = centralized control”

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13

(Personal perspective)

Reception of SDN per industry

Cloud, big datacenterFast adoptionSingle operator, virtualized computing infraSDN is a key enabler of low-cost automated operation of large Cloud DCN

Enterprise/campusMostly research platform coexist on production networkIT is changing relatively slowly Enterprise application into cloud, eventual adoption

Carriers High interest on cost saving and new serviceHigh bar on core networksEasier adoption on edge, ex) enterprise cloud hosting, home network control

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Controller-based Networking Case study

Tenant network abstraction in CloudIdentity-based QoS in EnterpriseNetwork cut-through in carrier backboneNote) HP’s prototyping efforts. not in a production stage

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15

Network Abstraction in Cloud Data Center

Traditional Pre-Cloud Data Center: Multi-Tier Service

IPSGateway

Web/Mail servers Database/File servers

Firewall

InternetLoad Balancer

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16

Network Abstraction in Cloud Data Center

Cloud DCN with hardware-based network service solution

Flat network and no server hierarchyNetwork services are still provided by hardwareProblem 1: No network performance guarantee Problem 2: inefficient packet re-routingProblem 3: all tenants receive monolithic network services

IPS/Firewall

Gateway

Virtualized servers(Web/Mail/DB/File)

Internet Load Balancer

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17

HPLabs WiP

Network Abstraction in Cloud Data Center

Network service appliances

in VM or hypervisor

A tenant virtual topology with

Bandwidth and Network service requirement

Easy to allow user access to service VM

vSwitch

Web1 Web2

App1 App2

DB1

1) IPS service is required

Web1 Web2

App1 App2

DB1

IPS VM1 IPS VM2

2) Map tenant VMs with IPS VMs

Datacenter

3) Launch VMs on servers in datacenter

(d) Deployment of VMs w/ guaranteed bandwidth

Optimal Mapping and Placement Algo

(a) Tenant request

(c) New description with network service VMs

(b) Physical topology

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18

W. Kim, et al., “Automated and Scalable QoS Control for Network Convergence,” USENIX INM/WREN 2010

User Identity based Fine Grained QoS

Problem: inability to provide identity-based fine grained handling of a set of network flows that require special security or performance constraints

Solution: combine per-flow QoS control with traffic and end-user identity information

Demo @ HP Discovery 2012

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21

Network cut-through after initial determination

Problem: user verification and authentication require significant resources for the life of the flow

Courtesy of S. Elby, “Carrier Adoption of Software-defined Networking,” ONS 2012

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22

Network cut-through after initial determination

Solution: identify authorized flows and steer traffic directly to application

Courtesy of S. Elby, “Carrier Adoption of Software-defined Networking,” ONS 2012

Verizon-HP collaboration work

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

SDN Development and OpenFlow

OpenFlow recap

OpenFlow-based SDN development

SDN controller research

Wireless SDN

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24

Recap: OpenFlow 1.0 Flow Table

Rules Action Stats

Packet + Byte Counters

1. Forward packet to zero or more ports2. Encapsulate and forward to controller3. Send to normal processing pipeline4. Modify fields5. Any extensions you add

Switch Port

VLAN IDVLAN pcp

MAC src

MAC dst

Eth type

IPSrc

IPDst

IPToS

IPProt

L4sport

L4dport

* (wildcard)

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25

Oversimplified example

switch

controller

actionsmatch rules

Forward to IDS Tunnel Port

Rate Limit, Forward Normal

Forward Normal

TCP Port 16384

TCP Port 80 from 01:23:45:67:89:ab

* (wildcard)

Both fine-grain and coarse-grain flow control are possible

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26

Pro-Active and/or Reactive Flow Table

OpenFlow supports various flow table managementPre-loaded flow entries

First packets to controller

All packets to controller

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27

OpenFlow development platform

Hardware switchLarge port base, easy config interface, well-documented manuals

Some actions w/o native HW support

Software/virtual switchHypervisor vSwitch is a popular SDN innovation point in cloud• Ex) Open vSwitch into OpenStack Quantum

I/O performance bound by CPU• Cannot replicate core switches

netFPGAProgrammable HW switch

Line rate OF processing but limited port base

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28

A. Curtis, et al., "DevoFlow: Scaling Flow Management for High-Performance Networks,” SIGCOMM 2011

Hardware switch performance & scalability

Switch-hardware support isn’t exactly “native” yetUnlike routers, switches are supposed to do fast forwarding in ASIC

Limited H/W support of some OpenFlow actions

Limited CPU/NP cycles

Scaling problem for highly dynamic applications with many new flows every secondSwitching capacity: 300 Gbps

Switch dataplance↔ switch CPU : ~ 100 Mbps

Switch dataplance↔ controller: ~ 20 Mbps

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29

A. Curtis, et al., "DevoFlow: Scaling Flow Management for High-Performance Networks,” SIGCOMM 2011

DevoFlow – Devolved OpenFlow

Devolve control over most flows back to the switchesConcept of significant flows

Manage the “Elephants”, leave the “mice” alone

DesignKeep flows in the data-plane

Maintain just enough visibility for effective flow management

Simplify the design and implementation of high-performance switches

MechanismsControl Mechanisms: Rule cloning, Local Actions (Multipath support, Rapid Rerouting)

Statistics Gathering: Sampling, Triggers & Reports, Approximate Counters

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30

Partitioning control space

Centralized and/or Distributed Control

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31

Network Slicing and Virtualization

• A virtualization layer (ex. FlowVisor) allows the network to be divided into slices.

• Each slice can have it’s own independent set of attributes: traffic patterns, rule set (L2 vs. L3, for example), applications, etc.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.32

Network management and controllersChallengesIntegration & composition of various management & control modules

Layering, abstraction, programming model

Heterogeneous device types, capabilities

Wired controller

Wired controller

Wired controller

Wired controller

Wired controller

Wireless controller

Wired controller

Wired controller

Radius controller

Wired controller

Wired controllerOpenflowcontroller

Wired controller

Wired controller

Management console

Wired controller

Wired controllerSwitch

Wired controller

Wired controllerRouter

Wired controller

Wired controllerAccess Point

Wired controller

Wired controllerFirewall

Wired controller

Wired controllerLoad balancer

Wired controller

Wired controller

Application & Service

Wired controller

Wired controller

SDN controller

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.33

SDN programming research

Distributed controller design“Onix: A Distributed Control Platform for Large-scale Production Networks”, OSDI’10• Goal: general, scalable, reliable, high-performance, distributed controller• Consistent and fast state distribution among distributed controllers • Developers see network as a graph of physical or logical entities ex) forwarding engines, ports

High-level programming language“A Compiler and Run-time System for Network Programming Languages”, POPL’12• NetCore: declarative language for expressing packet-forwarding policies• Compile rich policies and generate flow rules• Run-time decision of rule installation and stat collection

Service-oriented programming“Serval: application program API for service oriented networking”, NSDI’12• Serval moves SDN model to the edges• New "service access layer" between network and transport• New naming abstractions for services & flows, socket APIs

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.34

Controller composition with modularity

Proliferation of network control functions, like for exampleEnergy management

Multipath load balancing

QoS controller

VM migration

Controller composition problem (HPLabs WiP)Plugin/unplug existing or new functional components at will

Uncoordinated control of shared infrastructure

Optimize for multiple objectives without losing modularity

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.35

M. Yu et al., “NOSIX: A portable switch interface for the network operating system”, NSDI’12 poster

Handling heterogeneous OpenFlow switches

Controller application expectationsHomogeneous forwarding model

Sufficiently large flow tables

Fixed feature set and predictable performance

Switch state known / deltas efficiently reconcilable

RealityHeterogeneous switch landscape

Limited OpenFlow primitives

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.36

Missing piece in SDN stack

JVM MySQL simple.c

POSIX

HW1 HW2 ...

OS Kernel

ONIX NetCore SimpleApp

?OF switchvendor A

OF switchvendor B OVS

OS Network OS

Courtesy of M. Yu, et al., “NOSIX: A portable switch interface for the network operating system”, NSDI’12 poster

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.37

NOSIX Architecture

Courtesy of M. Yu, et al., “NOSIX: A portable switch interface for the network operating system”, NSDI’12 poster

VFT: Virtualized Flow Tables• Created by the Application• Full Feature Set• No resource constraints

Switch drivers• Map VFT to the switch dataplane• Virtualize resource constraints,

e.g., rule paging• Optimize for switch specifics

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.38

Wireless SDN

Enterprise/Campus IT trendsBYOD (Bring-Your-Own-Device) and HotSpot 2.0Mobile cloud More wireless connections than Ethernet connections

Wireless SDN is needed forNetwork access controlNew service deployment Wired/wireless, WiFi/cellular convergence• Ex) OpenRadio by Stanford

HPLabs WiPSWANC: Service-oriented Wireless Access Networks with CloudNew network service APIs User context collection via CloudOpenFlow-wireless for Radio Resource Management

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.39

Conclusion

New software paradigm on networkingNo more ‘networking’ protocol

Lessons from distributed system, OS, compiler, PL, …• Scott Shenker, “An attempt to motivate and clarify SDN”

OpenFlow is low-level API, a part of entire SDN architecture Network management and configuration is big

Large problem space in SDN controller research

Yet shallow SDN standardization effort

Proxy, translation service may be needed

Adoption of SDN varies across vendors, industries, markets

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.40

Acknowledgements

HP LabsJeffrey Mogul, Sujata Banerjee, Jean Tourrilhes, Puneet Sharma, Yoshio Turner, Kyu-Han Kim, Paul Congdon

HP NetworkingAlvaro Retana, Charles Clark, Steve Brar, Rob Haviland, Vishwas Manral, Daniel Sohn

PurdueMyungjin Lee

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Thank you