Embed Size (px)
Citation preview
備註:� 若要變更此投影片的圖像,請選取該圖片點選變更圖片,已插入自訂圖像。�
How SDN Works
SDN/NFV Core Network
Department of Computer Science & Information Engineering National Cheng Kung University
2015 Fall�
Forerunners of SDN
2
Precursors of SDN
3
Prior to OpenFlow/SDN, forward-thinking researchers and technologists were considering fundamental changes to current world of autonomous, independent devices and distributed networking intelligence. �
• DCAN separates the forwarding and control planes in ATM switching (1997).�
• Open signaling separates the forwarding and control planes in ATM switching (1999).�
• IP switching controls layer two switches as a layer three routing fabric (late 1990s).�
Precursors of SDN (cont.)
4
• MPLS separates control software and establishes semi-static forwarding paths for flows in traditional routers (late 1990s).�
• Active networking separates control and programmable switches (late 1990s).�
• RADIUS/COPS dynamically provisions policy through admission control (2010).�
• Orchestration automates configuration of networking equipment by using SNMP and CLI (2008).�
• Ethane achieves complete enterprise and network access and control using separate forwarding and control planes and utilizes a centralized controller (2007).�
Early Efforts
5
• Some of the earliest work in programmable networks began not with Internet routers and switches but with ATM switches, including Devolved Control of ATM Networks (DCAN) and open signaling.�
ü DCAN prescribes the separation of the control and management of the ATM switches, where the control is assumed by an external device (like controller in SDN).�
ü Open signaling proposed a set of open, programmable interfaces (e.g., General Switch Management Protocol or GSMP in RFC 1987) to separate control software from the ATM switching hardware.�
Early Efforts (cont.)
6
• IP Switch, proposed by Ipsilon Networks, utilized GSMP for TCP/IP flows.�
• Multiprotocol Label Switching (MPLS; also called tag switching in Cisco) is a deviation from the autonomous and distributed forwarding decisions characteristic for traditional Internet router.�
• Active Networking assumes that switches could be programmed by out-of-band management protocol with small downloadable programs called capsules that would travel in packets to reprogram router/switch on the fly.�
Network Access Control
7
• Remote Authentication Dial-In User Service (RADIUS) provides automatic reconfiguration of the network.�
• Via RADIUS, networking attributes would change based on the network node that just appeared.�
Source: Huawei Cloud Fabric Solution�
Orchestration
8
• Orchestration applications, called orchestrators, utilize common device APIs (CLI or SNMP) for automation.�
• Vendor-specific plugins are used to convert the higher-level policy requests into the corresponding native SNMP or CLI request specific to each vendor.�
• Since no capability exists in legacy equipment for network-wide coordination, virtual network management remains hard.�
Source: https://www.netiq.com/documentation/cloudmanager2/ncm2_install_plan/data/bx4b665.html�
Controller
Flow Switch
Host A Host B
Flow Switch
Flow Switch
Flow Switch
9
Ethane: Centralized, reactive, per-‐‑flow control�
Birth of OpenFlow
2
OpenFlow: a pragmatic compromise • + Speed, scale, fidelity of vendor hardware • + Flexibility and control of so>ware and simulaAon
• Vendors don’t need to expose implementaAon
• Leverages hardware inside most switches today (ACL tables)
11
Working Groups in ONF�
Members in ONF�
Three Layers in SDN�
Data Path (Hardware)
OpenFlow Client
OpenFlow Controller
OpenFlow Protocol (SSL/TCP)
15
Switch
OpenFlow: the Southbound Interface
Controller
PC
Hardware Layer
So>ware Layer
Flow Table
MAC src
MAC dst
IP Src
IP Dst
TCP sport
TCP dport AcAon
OpenFlow Client
* * 5.6.7.8 * * * port 1
port 4 port 3 port 2 port 1
1.2.3.4 5.6.7.8 16
OpenFlow Example
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
L4 sport
L4 dport
Rule AcAon Stats
1. Forward packet to zero or more ports 2. Encapsulate and forward to controller 3. Send to normal processing pipeline 4. Modify Fields 5. Any extensions you add!
Packet + byte counters
17
VLAN pcp
IP ToS
OpenFlow Basics: Flow Table Entries�
Examples Switching
*
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport AcAon
* 00:1f:.. * * * * * * * port6
Flow Switching
port3
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport AcAon
00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6
Firewall
*
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport AcAon
* * * * * * * * 22 drop
18
Examples (cont.) RouAng
*
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport AcAon
* * * * * 5.6.7.8 * * * port6
VLAN Switching
*
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport AcAon
* * vlan1 * * * * * port6, port7, port9
00:1f..
19
Centralized vs Distributed Control
Centralized Control
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
Controller
Distributed Control
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
Controller
Controller
Controller
20
Both models are possible with OpenFlow�
Flow Routing vs. Aggregation
Flow-‐Based • Every flow is individually set up by controller
• Exact-‐match flow entries • Flow table contains one entry per flow
• Good for fine grain control, e.g. campus networks
Aggregated • One flow entry covers large groups of flows • Wildcard flow entries • Flow table contains one entry per category of flows • Good for large number of flows, e.g. backbone
21
Both models are possible with OpenFlow�
Reactive vs. Proactive (pre-‐‑populated)
ReacAve • First packet of flow triggers controller to insert flow entries
• Efficient use of flow table • Every flow incurs small addiAonal flow setup Ame
• If control connecAon lost, switch has limited uAlity
ProacAve
• Controller pre-‐populates flow table in switch • Zero addiAonal flow setup Ame • Loss of control connecAon does not disrupt traffic • EssenAally requires aggregated (wildcard) rules
22
Both models are possible with OpenFlow�
Usage examples
• Alice’s code: • Simple learning switch • Per Flow switching • Network access control/firewall • StaAc “VLANs” • Her own new rouAng protocol: unicast, mulAcast, mulApath
• Home network manager • Packet processor (in controller) • IPvAlice
– VM migraAon – Server Load balancing – Mobility manager – Power management – Network monitoring and visualizaAon
– Network debugging – Network slicing
… and much more you can create!
Intercon8nental VM Migra8on Moved a VM from Stanford to Japan without changing its IP. VM hosted a video game server with acAve network connecAons.
S+.'&:"+L+'+.%4(VF(FEC&%L"+(Moved a VM from Stanford to Japan without changing its IP.
VM hosted a video game server with active network connections.
