OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf•...
Transcript of OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf•...
![Page 1: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/1.jpg)
OpenFlow: Enabling Technology Transfer to Networking Industry
Nikhil Handigol [email protected]
Cisco Nerd Lunch, July 2009
![Page 2: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/2.jpg)
Interes=ng Problems in Networking Research
• Mobility management • Network security • Energy management
• Flow management and measurement
• Packet processing • …
![Page 3: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/3.jpg)
Technology Transfer Academia to Industry
• Accelerates innova=on in the field • Desirable to both academia and industry – Academic research can have impact
– Industry can benefit from academic research, improve products
![Page 4: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/4.jpg)
Problem with Networking Research
• Lack of technology transfer from academia to industry – No dearth of smart people – No lack of ideas
• Lack of ideas tested at scale – No way for academia to test ideas at scale – No reason for industry to invest in untested ideas
![Page 5: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/5.jpg)
Possible Solu=ons
• Separate testbed of programmable open source switches and routers – Expensive – No real traffic
• Make Cisco boxes open source – Not prac=cal
• Can we strike a middle ground?
![Page 6: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/6.jpg)
Our Approach
1. A clean separa=on between the substrate and an open programming environment
2. A simple hardware substrate that generalizes, subsumes and simplifies the current substrate
![Page 7: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/7.jpg)
New func=on!
Operators, users, 3rd party developers, researchers, …
Step 1: Separate intelligence from datapath
![Page 8: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/8.jpg)
Our Approach
1. A clean separa=on between the substrate and an open programming environment
2. A simple hardware substrate that generalizes, subsumes and simplifies the current substrate
![Page 9: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/9.jpg)
Step 2: Cache decisions in minimal flow-‐based datapath
“If header = x, send to port 4”
Flow Table
“If header = ?, send to me” “If header = y, overwrite header with z, send to ports 5,6”
![Page 10: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/10.jpg)
Our Solu=on: OpenFlow
• OpenFlow is an open external API to a flow-‐table
• Allows separa=on of control and data path via a simple, well defined interface
• Defined to be easy to add to exis=ng hardware switches, routers, APs, …
![Page 11: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/11.jpg)
OpenFlow Basics
![Page 12: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/12.jpg)
Ethernet Switch
![Page 13: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/13.jpg)
![Page 14: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/14.jpg)
OpenFlow Protocol (SSL)
![Page 15: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/15.jpg)
OpenFlow Basics
Rule (exact & wildcard)
Ac=on Sta=s=cs
Rule (exact & wildcard)
Ac=on Sta=s=cs
Rule (exact & wildcard)
Ac=on Sta=s=cs
Rule (exact & wildcard)
Default Ac=on Sta=s=cs
• Exploit the flow table in switches, routers, and chipsets Flow 1.
Flow 2.
Flow 3.
Flow N.
![Page 16: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/16.jpg)
Flow Table Entry OpenFlow Protocol Version 1.0
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
Rule Ac=on Stats
1. Forward packet to port(s) 2. Encapsulate and forward to controller 3. Drop packet 4. Send to normal processing pipeline
+ mask what fields to match
Packet + byte counters
![Page 17: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/17.jpg)
Examples Switching
*
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
Ac=on
* 00:1f:.. * * * * * * * port6
Flow Switching
port3
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
Ac=on
00:2e.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6
Firewall
*
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
Forward
* * * * * * * * 22 drop
![Page 18: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/18.jpg)
Examples Rou=ng
*
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
Ac=on
* * * * * 5.6.7.8 * * * port6
VLAN
*
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
Ac=on
* * * vlan1 * * * * *
port6, port7,port9
![Page 19: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/19.jpg)
OpenFlowSwitch.org
Controller
OpenFlow Switch
PC
OpenFlow Usage Dedicated OpenFlow Network
OpenFlow Switch
OpenFlow Switch
OpenFlow Protocol
Atul’s code
Rule Ac=on Sta=s=cs
Rule Ac=on Sta=s=cs Rule Ac=on Sta=s=cs
Atul
![Page 20: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/20.jpg)
Usage examples
• Atul’s code: – Sta=c “VLANs” – His own new rou=ng protocol: unicast, mul=cast, mul=path, load-‐
balancing – Network access control – Home network manager – Mobility manager – Energy manager – Packet processor (in controller) – IPvAtul – Network measurement and visualiza=on – …
![Page 21: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/21.jpg)
Separate VLANs for Produc=on and Research Traffic
Normal L2/L3 Processing
Flow Table
Produc=on VLANs
Research VLANs
Controller
![Page 22: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/22.jpg)
Virtualize OpenFlow Switch
Normal L2/L3 Processing
Flow Table
Flow Table
Flow Table Researcher A VLANs
Researcher B VLANs
Researcher C VLANs
Produc=on VLANs
Controller A
Controller B
Controller C
![Page 23: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/23.jpg)
OpenFlow Switch
OpenFlow Protocol
OpenFlow FlowVisor & Policy Control
Jie’s Controller
Jimit’s Controller Atul’s
Controller
OpenFlow Protocol
Virtualizing OpenFlow
OpenFlow Switch
OpenFlow Switch
![Page 24: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/24.jpg)
OpenFlow Protocol
OpenFlow FlowVisor & Policy Control
Broadcast Mul=cast
OpenFlow Protocol
HTTP Load-‐balancer
Virtualizing OpenFlow
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
![Page 25: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/25.jpg)
OpenFlow Deployment
![Page 26: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/26.jpg)
OpenFlow Hardware
NEC IP8800
HP Procurve 5400
Juniper MX-‐series WiMax (NEC)
PC Engines Quanta LB4G
coming soon... Cisco Catalyst 3K
![Page 27: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/27.jpg)
OpenFlow Deployments
• Stanford Deployments – Wired: CS Gates building, EE CIS building, EE Packard building
– WiFi: 100 OpenFlow APs across SoE – WiMAX: OpenFlow service in SoE
• Other deployments – Internet2 (NetFPGA switches) – JGN2plus, Japan (NEC switches) – 10-‐15 research groups have switches
![Page 28: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/28.jpg)
Summer Plan
![Page 29: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/29.jpg)
Summer Plan Step-‐1: Sorware Implementa=on
• OpenFlow as an IOS subsystem in the C3750E switch
• Thorough tes=ng and debugging • Fully func=onal OpenFlow switch, though not efficient
![Page 30: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/30.jpg)
Summer Plan Step-‐2: Hardware Implementa=on
• Explore feasibility • Implement as many features in hardware as possible
• Eg. Exploit ACLs – Define packet matching rules – Define basic ac=ons such as packet dropping and packet forwarding
![Page 31: OpenFlow:EnablingTechnology …yuba.stanford.edu/~nikhilh/talks/Handigol-Cisco-July2009.pdf• Make!Cisco!boxes!open!source! ! – Notprac=cal! ... OpenFlow Switch PC! OpenFlow!Usage!](https://reader031.fdocument.pub/reader031/viewer/2022020315/5ae3291c7f8b9a0d7d8d3ce5/html5/thumbnails/31.jpg)
Thank you!