OpenFlow: Enabling Innovation in Campus Networks Yongli Chen
Problems Recently, it is difficult to make real-world impact on network innovation. Due to: Enormous base of equipment Cisco’s annual sale in 2015 is $49.16 Billion Many kinds of protocols Total number of RFCs > 7,400 Reluctance to experiment with production traffic Thus, there is almost no practical way to experiment with new network protocols in realistic network environment.
Solution: SDN(Software Defined Networking) GENI: A researcher will be allocated a slice of resources across the WHOLE network However, plans for nationwide like GENI are ambitious, costly, and they take years to be deployed. PC with several network interfaces and Operating System But PC’s performance is less than satisfying, comparing to wiring closet: PCCollege Wiring Closet Packet processing rate1Gb/s100Gb/s Number of ports~10~100
Solution: OpenFlow Enabling researchers to run experimental protocols in the campus networks we use every day. Which means: Take less time to deploy(compare to large scale SDNs like GENI) Acceptable cost In short, realistic.
OpenFlow: Goals High performance/cost ratio Capable of supporting a broad range of research Isolation of production traffic and experimental traffic Consistent with vendors’ need for closed platforms
OpenFlow switch: meets all 4 goals An OpenFlow switch consists of at least three parts: 1. A Flow Table, used to instruct the switch how to process the flow. 2. A Secure Channel, used to connect the switch to a remote control process(called Controller) using 3. The OpenFlow Protocol, which provides an open and standard way for a controller to communicate with a switch.
OpenFlow: concept explained OpenFlow decouples data plane & control plane inside the switch, and allows control plane to exist outside of the switch. This external control plane is controller. Youtube Explanation
OpenFlow: What is flow? Flow is broadly defined, for example: A TCP connection All packets with the same VLAN tag All packets from the same switch port Etc… In general, you can define flow by yourself.
OpenFlow: Flow Table of OpenFlow switch An entry in the Flow Table contains three fields: 1. A packet header that defines the flow. 2. The action, which defines how the packets should be processed. 3. Statistics, which keep track of the number of packets and bytes for each flow.
OpenFlow: Actions on Flows by OpenFlow switches 1. Forward this flow’s packets to a given port. This action allows packets to be routed. 2. Encapsulate and forward this flow’s packets to a controller. This action allows controller to decide whether the flow should be added to the Flow Table. 3. Drop this flow’s packets. This action can be used for security reasons, etc. 4. Optional: Forward this flow’s packets through the switch’s normal processing pipeline. This action allows experimental traffic to be isolated from production traffic. Alternatively, isolation can be achieved through defining separate sets of VLANs. We can also treat OpenFlow as generalization of VLAN!
OpenFlow: Upgrade to current devices Flow Table will re-use existing hardware, such as TCAMs(ternary content-addressable memory) used in modern switches and routers. Secure Channel and OpenFlow Protocol will be supported through devices’ operating system ugrade.
OpenFlow Example: New Data Center (from OpenFlow.org) Cost 200,000 servers Fanout of 20 -> 10,000 switches $5k vendor switch = $50M $1k commodity switch = $10M Savings in 10 data centers = $400M Control More flexible control Tailor network for services Quickly improve and innovate
OpenFlow: Summary OpenFlow is a pragmatic compromise that allows researchers to run experiments on heterogeneous switches and routers.
OpenFlow: Discussion How about reliability of OpenFlow? Controller: Single point of failure How about scalability of OpenFlow? Flow table: How many flows can it handle? How secure is OpenFlow? Attacks are possible
OpenFlow: Q&A Any questions?
Thanks!