Jon Turner, John DeHart, Fred Kuhns Computer Science & Engineering Washington University Wide Area OpenFlow Demonstration

Planned Wide-Area OpenFlow WashU Princeton Stanford GaTech Texas NOX to SPP CP net FPGA NOX lookup parse hdrFmt queue SC

OpenFlow Site NOX to SPP via I2 Gateway Acts as gateway between Local OpenFlow Network and SPP node with OpenFlow code option. Implemented in NetFPGA? OpenFlow  SPP Receives Ethernet Frames from an OpenFlow Switch Encapsulates Ethernet frames in IP/UDP pkt Sends IP/UDP pkt to SPP SPP  OpenFlow Receives IP/UDP pkt from SPP node Removes IP/UDP encapsulation Sends Ethernet frame to OpenFlow switch

SPP Node CP net FPGA lookup parse hdrFmt queue SPP-NOX SC Switch NPE GPE LC TCAM Filter Updates OFP

SPP Node CP net FPGA lookup parse hdrFmt queue SC Switch NPE GPE LC TCAM Filter Updates IP DAddr (32b) Intf (4b) UDP DPort (16b) Protocol (8b) Type (8b) Rsv (4b) Rx UDP DPort (16b) T 0 (1b) Slice ID (VLAN) (11b) Rx IP DA Index (4b) MN Key Bits (32b) MN Key Bits (32b) MN Key Bits (32b) MN Key Bits 15-0 (16b) LC Lookup Key NPE Lookup Key SPP-NOX OFP

SPP Node CP net FPGA lookup parse hdrFmt queue SC Switch NPE GPE LC TCAM Filter Updates LC Lookup(Interface, IP DA, Protocol, Rx UDP Dport)  Slice ID Slice ID is encoded as VLAN used in Switch VLAN will be used as Slice ID in NPE on other side of Switch SPP-NOX OFP

SPP Node CP net FPGA lookup parse hdrFmt queue SC Switch NPE GPE LC TCAM Filter Updates Rx Meta-Interface: (Interface, Slice ID, Rx UDP Dport) NPE Lookup(Rx Meta-Interface, MN Key(112b))  Tx Meta-Interface Hit: Causes pkt to be sent out on specificed physical interface with a new encapsulation header Miss: Causes pkt to be sent to SC for communication to SPP-NOX SPP-NOX OFP

NPE Lookup Key: 144 bits 32 bits of Substrate Key 112 bits of MetaNet Specific key MetaNet Specific Lookup Key: 112 bits For IPv4 MN: IP DA (32b) IP SA (32b) Src Port (16b) Dst Port (16b) Proto/TCP Flags (16b) Proposed For OpenFlow (109b) VLAN Valid (1b) VLAN (12b) Src MAC (32b): Low 32 bits of Source MAC Dst MAC (48b) Ethertype (16b) We are considering increasing the size of the NPE lookup key to a total of 288 bits, giving us 256 bits for the MetaNet specific lookup key. Thus allowing us to support the full OpenFlow key (232b) NPE Lookup Key

Forward: Forwarding the pkt to physical ports and the following virtual ones: All: Send pkt out all interfaces, not including incoming interface Controller: Encapsulate and send packet to the controller Local: Send the packet to the switch’s local networking stack Table: Perform the actions in the flow table. Only for packet-out messages Packet-out messages are data packets that the controller wants to have the switch send out. In-Port: Send pkt out the input port Drop OpenFlow Required Actions

Forward: Forwarding the pkt to a physical ports and the following virtual ones: All: Send pkt out all interfaces, not including incoming interface Controller: Encapsulate and send packet to the controller Local: Send the packet to the switch’s local networking stack ???Table: Perform the actions in the flow table. Only for packet-out messages Packet-out messages are data packets that the controller wants to have the switch send out. In-Port: Send pkt out the input port Drop SPP-OpenFlow Supported Req’d Actions

Forward Normal: process the packet using the traditional forwarding path supported by the switch. Flood: Flood the packet along the minimum spanning tree Modify-Field Set VLAN ID Set VLAN Priority Strip VLAN Header Modify Ethernet SMAC Modify Ethernet DMAC Modify IP SA Modify IP DA Modify Transport Sport Modify Transport DPort OpenFlow Optional Actions

Forward Normal: process the packet using the traditional forwarding path supported by the switch. Flood: Flood the packet along the minimum spanning tree Modify-Field Set VLAN ID Set VLAN Priority Strip VLAN Header Modify Ethernet SMAC Modify Ethernet DMAC Modify IP SA Modify IP DA Modify Transport Sport Modify Transport DPort SPP-OpenFlow Supported Opt’l Actions

Uses an SSL Connection Can we support this? If we use the NOX software, how easy is it to change this? OpenFlow Switch/Controller Communication

Message Types: Immutable Messages: HELLO Exchanged between Switch and Controller upon connection startup. Negotiates OFP version to be used. ERROR Switch alerts Controller of problems or error conditions ECHO {REQUEST, REPLY} Initiated by either Switch or Controller, other side must reply. May be used to indicate: latency, bandwidth or liveness of the connection VENDOR Identifies Switch Vendor using IEEE OUI (Organizationally Unique Identifier) OpenFlow Protocol (OFP)

Message Types: Switch Configuration Messages (initiated by controller) FEATURES {REQUEST, REPLY} Controller requests switch to report its capabilities GET_CONFIG {REQUEST, REPLY} Controller queries current configuration of switch SET_CONFIG Controller sets configuration parameters of switch No response OpenFlow Protocol (OFP) (con’t)

Message Types: Asynchronous Messages (Switch to Controller) PACKET_IN Packets with no matching flow entry are sent to controller Packets that match a flow entry with an action of “send to controller” FLOW_EXPIRED: switch reports expiration/removal of an entry. Flow entries have idle timeouts assigned for inactivity removal Flow entries have a hard timeout for removal regardless of activity. Timeout based removal is done by the switch and the controller is notified. PORT_STATUS Switch sends port status messages to report port configuration state changes. OpenFlow Protocol (OFP) (con’t)

Message Types: Controller Command Messages PACKET_OUT Controller to send packets out a specified port on switch FLOW_MOD Add, Delete, Modify Flow entries in Flow Table PORT_MOD Set Switch port properties Statistics Messages: STATS {REQUEST, REPLY} Collect statistics from Switch OpenFlow Protocol (OFP) (con’t)

ADD Identical entry already exists (identical header fields and priority): Remove existing entry and its counters and add new entry. Conflicting entry already exists (same priority both could be match): Refuse addition and respond with OFPEFM_ADD_OVERLAP error message. No conflict: Add new entry so priority is handled appropriately. MODIFY If a flow entry with identical header fields does not exist then the new flow entry should be added and its counters zeroed. If one or more entries match then they are ALL modified MODIFY_STRICT If all fields including wildcards and priority match then that entry is modified DELETE If one or more entries match then they are ALL deleted DELETE_STRICT If all fields including wildcards and priority match then that entry is deleted OFP: FLOW_MOD Messages

ADD Can we tell if there are conflicts? MODIFY Only support _STRICT? MODIFY_STRICT DELETE Only support _STRICT? DELETE_STRICT SPP-OFP: FLOW_MOD Messages

FLOW_STATS Able to report per flow statistics TABLE_STATS Able to report per Flow Table statistics PORT_STATS Able to report per Port statistics STP Able to support 802.1d spanning tree protocol MULTI_PHY_TX Able to support transmitting received packet out multiple physical interfaces IP_REASM Able to support reassembly of IP fragments OFP: Capabilities

FLOW_STATS Able to report per flow statistics TABLE_STATS ???Able to report per Flow Table statistics PORT_STATS Able to report per Port statistics STP Able to support 802.1d spanning tree protocol MULTI_PHY_TX Able to support transmitting received packet out multiple physical interfaces IP_REASM Able to support reassembly of IP fragments SPP-OFP: Capabilities

Step 1: Fast Path Code Option Implementation Test using current set of control utilities to populate lookup table Step 2: SC/NOX Implemented using out-of-band SSL connections Step 3: SC/NOX Implemented through data path Still unclear how to support SSL for this. Plan for SPP Implementation