OpenFlow: Enabling Innovation in Campus Networks Yongli Chen

OpenFlow: Enabling Innovation in Campus Networks Yongli Chen

Problems Recently, it is difficult to make real-world impact on network innovation. Due to: Enormous base of equipment Many kinds of protocols Cisco’s annual sale in 2015 is 49.16 Billion Total number of RFCs 7,400 Reluctance to experiment with production traffic Thus, there is almost no practical way to experiment with new network protocols in realistic network environment.

Solution: SDN(Software Defined Networking) GENI: A researcher will be allocated a slice of resources across the WHOLE network However, plans for nationwide like GENI are ambitious, costly, and they take years to be deployed. PC with several network interfaces and Operating System But PC’s performance is less than satisfying, comparing to wiring closet: PC College Wiring Closet Packet processing rate 1Gb/s 100Gb/s Number of ports 10 100

Solution: OpenFlow Enabling researchers to run experimental protocols in the campus networks we use every day. Which means: Take less time to deploy(compare to large scale SDNs like GENI) Acceptable In cost short, realistic.

OpenFlow: Goals High performance/cost ratio Capable of supporting a broad range of research Isolation of production traffic and experimental traffic Consistent with vendors’ need for closed platforms

OpenFlow switch: meets all 4 goals An OpenFlow switch consists of at least three parts: 1. A Flow Table, used to instruct the switch how to process the flow. 2. A Secure Channel, used to connect the switch to a remote control process(called Controller) using 3. The OpenFlow Protocol, which provides an open and standard way for a controller to communicate with a switch.

OpenFlow: concept explained OpenFlow decouples data plane & control plane inside the switch, and allows control plane to exist outside of the switch. This external control plane is controller. Youtube Explanation

OpenFlow: What is flow? Flow is broadly defined, for example: A TCP connection All packets with the same VLAN tag All packets from the same switch port Etc In general, you can define flow by yourself.

OpenFlow: Flow Table of OpenFlow switch An entry in the Flow Table contains three fields: 1. A packet header that defines the flow. 2. The action, which defines how the packets should be processed. 3. Statistics, which keep track of the number of packets and bytes for each flow.

OpenFlow: Actions on Flows by OpenFlow switches 1. Forward this flow’s packets to a given port. 2. Encapsulate and forward this flow’s packets to a controller. This action allows controller to decide whether the flow should be added to the Flow Table. 3. Drop this flow’s packets. This action allows packets to be routed. This action can be used for security reasons, etc. 4. Optional: Forward this flow’s packets through the switch’s normal processing pipeline. This action allows experimental traffic to be isolated from production traffic. Alternatively, isolation can be achieved through defining separate sets of VLANs. We can also treat OpenFlow as generalization of VLAN!

OpenFlow: Upgrade to current devices Flow Table will re-use existing hardware, such as TCAMs(ternary content-addressable memory) used in modern switches and routers. Secure Channel and OpenFlow Protocol will be supported through devices’ operating system ugrade.

OpenFlow Example: New Data Center (from Cost OpenFlow.org) 200,000 servers Fanout of 20 - 10,000 switches 5k vendor switch 50M 1k commodity switch 10M Savings in 10 data centers 400M Control More flexible control Tailor network for services Quickly improve and innovate

OpenFlow: Summary OpenFlow is a pragmatic compromise that allows researchers to run experiments on heterogeneous switches and routers.

OpenFlow: Discussion How about reliability of OpenFlow? How about scalability of OpenFlow? Controller: Single point of failure Flow table: How many flows can it handle? How secure is OpenFlow? Attacks are possible

OpenFlow: Q&A Any questions?

Thanks!