Floodlight tutorial - Clemson / Georgia Tech

OpenFlow Controller

http://floodlight.openflowhub.org

©2012 – Big Switch Networks Inc. 2

About Us

Big Switch Networks builds and promotes Open Software Defined Networking Solutions

We use and help support Floodlight and a number of other OpenFlow tools

Yes, you can contact us about jobs and internships at [email protected]

Big Switch Networks


Introduction

SDN and OpenFlow

Real world use cases

Floodlight

Demo! (if time allows)

4

Limitations in Modern Networking

Hardware focus

Hard to innovate, update software

Vendor specific components

An Slowly Evolving Environment

Operating System / Firmware

Hardware / ASICs

Fully distributed protocols

Independent components

Interoperability and design challenges

©2012 – Big Switch Networks Inc.

5

Introduction to SDNSoftware-defined Networking

OF Switch

OF Switch

OF Switch

OF Switch

OF Switch

SDN Controller

App

licatio

n

App

licatio

n

App

licatio

n

App

licatio

n

Application tier

Controller tier

Data plane tier

App

licatio

n

Software Defined Networking decouples data, control, and application planes, creating a programmable network


6

OpenFlow and SDNA southbound SDN protocol

OpenFlow-based SDN Controller

App

licatio

n

App

licatio

n

App

licatio

n

App

licatio

n

Northbound API

Southbound API - OpenFlow

App

licatio

n

OF Switch

OF Switch

OF Switch

OF Switch

OF Switch


7

Advantages of SDN

Innovation and speed to marketAn “app store” for network programming

Decoupled software and hardware developmentSupport for multi-vendor environmentsSeparate upgrade cycles, etc.

Simplified network management / automation


Real World Examples

8

FlowVisor

Alice Bob Cathy

IsolationPolicy

1

Scalable isolation domains and network slicing.

Example: Flowvisor

Network Virtualization

2

Inserting and managing network services such as load balancing, firewall, IDS/IPS, QoS, etc.

Example: FlowScale

Platform for Network Services

3

Flexible mobility of virtual machines

Example: Stanford WAN VM Migration

Virtual Machine Management

4

CLOS Fabrics

Lower cost, high performance networks

Example: non-blocking CLOS architectures

5

Simplified data vibility and traffic monitoring

Example: TBD

Data analysis / monitoring

6

Hybrid clouds

Networks spanning public / private DC’s

Example: Amazon VPC

OpenFlow

10

Introduction to OpenFlow

TCP / SSL

Controller <-> Switch communication

OpenFlow-based SDN Controller

OpenFlow Client

**5.6.7.8*** port 1

Non-OF Control Path

ActionMAC src

MAC dst

IP Src

IP Dst

TCP sport

TCP dport

Flow table

x86 style instruction set

Based on Ethernet Switch with: OF software client

Hardware flow table

Control channel between switch and controller


11

OpenFlow in Action

SDN ControllerA

pplica

tion

App

licatio

n

App

licatio

n

App

licatio

n

App

licatio

n

OF Switch

Rule Action Stats

OF Switch

OF Switch

Rule Action Stats Rule Action Stats

0101001010


12

Why OpenFlow?

‘XXX’ = LISP, MPLS-TE, policy routing, etc.

Broad answer:OpenFlow is a very-low level abstraction/APICould probably implement XXX using OpenFlowCould not implement OpenFlow using XXX

If XXX meets my needs, why use OpenFlow?More holistic network viewReduced complexity from feature interaction

Isn’t OpenFlow the same as XXX?


13

OpenFlow Standards

OF v1.0 (most popular), Dec 2009 Initial OpenFlow specificationmatch on 12-tuple

OF v1a.1: Extensions for WAN, late 2010multiple tables: dodge state space explosion fast failover, interface bonding

OF v1.2 : IPv6 support, generalized match, vendor extensions


Floodlight©2012 – Big Switch Networks Inc. – Confidential and Proprietary 14

15

Floodlight Overview

Floodlight is a completely open, free, Apache-licensed Java-based OpenFlow controller.


16

Floodlight Controller

Research and commercial friendly

A great platform for OpenFlow

Easy to build, run, and develop

Rich set of build and debugging tools

Community of OpenFlow experts, access to commercial upgrades, and frequent testing

Toolchain


17

Building Floodlight

$ git clone git://github.com/floodlight/floodlight.git

$ sudo apt-get install build-essential default-jdk ant python-dev

$ cd floodlight; ant

$ java –jar target/floodlight.jar

Fast…an easy…

Download from Github

$ wget http://floodlight.openflowhub.org/files/floodlight-vm.zip

(login as “floodlight” user, no password)

Get the VM (including mininet)


Internals

19

Floodlight Architecture

DeviceManager

FloodlightProvider


TopologyManager

RestServer

StorageSource

Forwarding

StaticFlowPusher

Modules exporting “services”

All modules in Java, support for Jython as well

Main module is FloodlightProvider Manages I/O to switches Translates OF messages to

Floodlight events Multi-threaded via Netty library (all

modules must be thread-safe)

Rich, extensible REST API

LinkDiscovery

20

Module Descriptions

FloodlightProvider


Computes shortest path using Dijsktra Keeps switch to cluster mappings

Installs flow mods for end-to-end routing

Handles island routing

Tracks hosts on the network

MAC -> switch,port, MAC->IP, IP->MAC

Implements via Restlets (restlet.org)

Modules must implement RestletRoutable

Supports the insertion and removal of static flows

REST-based API

DeviceManager

TopologyManager

RestServer

StorageSource

Forwarding

StaticFlowPusher

LinkDiscovery Maintains state of links in network

Sends out LLDPs

DB style storage (queries, etc)

Modules can access all data and subscribe to changes

Other Tools

22

OpenFlow Controllers

Beacon: beaconcontroller.net (Java)

NOX: noxrepo.org (C++ and Python)

Trema: trema.github.com/trema/ (Ruby and C)

Reference controller (C)

Options Beyond Floodlight


23

Mininet

Emulate OpenFlow network in a box

Uses Linux Containers and IP namespace

Runs your choice of software switchStanford’s reference OpenFlow switchOpenVSwitch

CLI allows interactive management of emulated virtual hosts

Packaged in the Floodlight VM at:http://floodlight.openflowhub.org/download

OpenFlow network simulator


Switch Options

Controller Platform

Switch EcosystemMajor vendors have upcoming products

Southbound APIsVirtual Switches Physical Switches

Stanford Reference Switch


Available

Announced

* Supported platforms: Pronto w/ indigo – 3240/3290, HP: 3500, 5400, 8200 (procurves), IBM 8264, NEC PF 5820 / 5240, Extreme – Summit series

Demo

Submit a project

Write a blog post

http://www.openflowhub.org

Contact: [email protected]

Getting Involved - OpenFlowHub

1. A community of open source OpenFlow developers

2. An OpenFlow Blog (available for guest authors)

3. Free hosting, tools, and marketing for open source projects

Wiki, forums, bug tracking tools, logos, etc.

A community of open source OpenFlow developers


What it is: Get involved:

Projects:

http://www.openflowhub.org/

http://www.openflowhub.org/

Interested in Learning More?

Check out the websitehttp://floodlight.openflowhub.org

Join the mailing list:http://groups.google.com/a/openflowhub.org/group/floodli

ght-dev/topicsOr just email [email protected]

Get the code:http://floodlight.openflowhub.org/download


http://floodlight.openflowhub.org/

http://groups.google.com/a/openflowhub.org/group/floodlight-dev/topics

http://groups.google.com/a/openflowhub.org/group/floodlight-dev/topics

mailto:[email protected]

http://floodlight.openflowhub.org/download


Presenters

Mike Cohen

Product Manager

[email protected]

Alex Reimers

Member of Technical Staff

[email protected]

End

Operational Considerations


Network considerations

Why OpenFlow? Lots of reasons we talked about already... Simplest is network monitoring from a single location – packetin, flow modes, cpu

usage, throughput, devices connected, etc.

Control / Data networks Offer critical services on non-OF network (ie. Voip) Control / data path separation – vlans in most cases Deploy OF from edge to core. Gain increased visibility over time. Measure traffic patterns and make sure your switch hardware can support it.

Some have limited control traffic throughput (flow set up rate, etc.).

Security considerations Do you need to protect against controller DoS attacks? Do you want encrypted control traffic?

Gotchas Physical loops into the OpenFlow network Wifi mesh networks

Backup

34

Network Virtualization: FlowvisorVirtualized Control Plane

OpenFlow Datapath

OpenFlow Datapath

OpenFlow Datapath

OpenFlowProtocol FlowVisor

Customer Alice Customer Bob

OpenFlowProtocol

Customer Cathy

IsolationPolicy

FlowVisor slices OpenFlow networks,

creating multiple isolated and

programmable logical networks on the same

physical topology.

Each use case/demo presented here runs in an isolated slice of Stanford’s production network.


35

Load balancing

Traffic load balancer using OpenFlow

Implemented in OF ToR switches

Deployed in IU IDS

FlowScale: Load balancing using Layer 2 OF switches


36

VM Management: WAN Migration

Moved a VM from Stanford to Japan without changing its IP.

VM hosted a video game server with active network connections. ©2012 – Big Switch Networks Inc.

37

OpenFlow Protocol (1)

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

L4sport

L4dport

Match Fields Action(s) Stats

1. Forward packet to zero or more ports2. Encapsulate and forward to controller3. Modify Fields4. Vendor specific extensions

+ mask what fields to match

Packet + byte counters

VLANpcp

IPToS


38

OpenFlow Protocol (2)

Switch port

MAC src

MAC dst

Eth type

VLAN ID

IP Src IP Prot TCP sport

TCP dport

Action

Switching * * 00:1f:..

* * * * * * Port6

Flow switching

Port3 00:20..

00:1f..

0800 Vlan1 1.2.3.4 5.6.7.8 4 17264 Port6

Firewall * * * * * * * * 22 Drop

Routing * * * * * * 5.6.7.8 * * Port6

VLAN switching

* * 00:1f..

* Vlan1 * * * * Port6,port7, port8


39

Other Floodlight Highlights

Floodlight Controller

Java A

pp

Jytho

n A

ppOF Switch

OF Switch

Switch

OF Switch

OF Switch

Static Flow

Pusher Active work in

defining standard “Northbound” APIs

REST-based App

1 Java event APIs

REST-based APIs

Ability to push flows

2

Support for integrating with non-OpenFlow networks

3


IFloodlightModule Interface

1. getModuleDependencies() What services does this module require?

2. getModuleServices(), getServiceImpls() Services does this module provide and how?

3. init(FloodlightModuleContext context) Internal, before dependencies have init()’d

4. startup(FloodlightModuleContext context) External, with dependencies initialization

Function Description

getModuleDependencies() What services does this module require?

getModuleServices() Services does this module provide and how?

init(FloodlightModuleContext context) Internal, before dependencies have init()’ed

startup(FloodlightModuleContext context)

External, with dependencies initialization


OpenFlow Topologies

Need OpenFlow at last hop in the network

For vms:vswitch

For physical hosts: Tor

Floodlight can manage multiple “islands” of OpenFlow switches

VM VM

VM VM

VM VM

…

VM VM

VM VM

…Physical host

Rack 2Rack 1

Physical host

VM VM

vswitch

Top of rack

Agg / Core


Demo

Problem:

Track the last N Packet-Ins seen by the controller and expose it via a REST API

What you will see:

1. Adding a new module

2. Creating a REST API

3. Running Floodlight

Technology

Floodlight tutorial - Clemson / Georgia Tech