OpenFlow: Enabling Technology Transfer to Networking Industry
Nikhil Handigol [email protected]
Cisco Nerd Lunch, July 2009
Interes=ng Problems in Networking Research
• Mobility management • Network security • Energy management
• Flow management and measurement
• Packet processing • …
Technology Transfer Academia to Industry
• Accelerates innova=on in the field • Desirable to both academia and industry – Academic research can have impact
– Industry can benefit from academic research, improve products
Problem with Networking Research
• Lack of technology transfer from academia to industry – No dearth of smart people – No lack of ideas
• Lack of ideas tested at scale – No way for academia to test ideas at scale – No reason for industry to invest in untested ideas
Possible Solu=ons
• Separate testbed of programmable open source switches and routers – Expensive – No real traffic
• Make Cisco boxes open source – Not prac=cal
• Can we strike a middle ground?
Our Approach
1. A clean separa=on between the substrate and an open programming environment
2. A simple hardware substrate that generalizes, subsumes and simplifies the current substrate
New func=on!
Operators, users, 3rd party developers, researchers, …
Step 1: Separate intelligence from datapath
Our Approach
1. A clean separa=on between the substrate and an open programming environment
2. A simple hardware substrate that generalizes, subsumes and simplifies the current substrate
Step 2: Cache decisions in minimal flow-‐based datapath
“If header = x, send to port 4”
Flow Table
“If header = ?, send to me” “If header = y, overwrite header with z, send to ports 5,6”
Our Solu=on: OpenFlow
• OpenFlow is an open external API to a flow-‐table
• Allows separa=on of control and data path via a simple, well defined interface
• Defined to be easy to add to exis=ng hardware switches, routers, APs, …
OpenFlow Basics
Ethernet Switch
OpenFlow Protocol (SSL)
OpenFlow Basics
Rule (exact & wildcard)
Ac=on Sta=s=cs
Rule (exact & wildcard)
Ac=on Sta=s=cs
Rule (exact & wildcard)
Ac=on Sta=s=cs
Rule (exact & wildcard)
Default Ac=on Sta=s=cs
• Exploit the flow table in switches, routers, and chipsets Flow 1.
Flow 2.
Flow 3.
Flow N.
Flow Table Entry OpenFlow Protocol Version 1.0
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
Rule Ac=on Stats
1. Forward packet to port(s) 2. Encapsulate and forward to controller 3. Drop packet 4. Send to normal processing pipeline
+ mask what fields to match
Packet + byte counters
Examples Switching
*
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
Ac=on
* 00:1f:.. * * * * * * * port6
Flow Switching
port3
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
Ac=on
00:2e.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6
Firewall
*
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
Forward
* * * * * * * * 22 drop
Examples Rou=ng
*
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
Ac=on
* * * * * 5.6.7.8 * * * port6
VLAN
*
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
IP Src
IP Dst
IP Prot
TCP sport
TCP dport
Ac=on
* * * vlan1 * * * * *
port6, port7,port9
OpenFlowSwitch.org
Controller
OpenFlow Switch
PC
OpenFlow Usage Dedicated OpenFlow Network
OpenFlow Switch
OpenFlow Switch
OpenFlow Protocol
Atul’s code
Rule Ac=on Sta=s=cs
Rule Ac=on Sta=s=cs Rule Ac=on Sta=s=cs
Atul
Usage examples
• Atul’s code: – Sta=c “VLANs” – His own new rou=ng protocol: unicast, mul=cast, mul=path, load-‐
balancing – Network access control – Home network manager – Mobility manager – Energy manager – Packet processor (in controller) – IPvAtul – Network measurement and visualiza=on – …
Separate VLANs for Produc=on and Research Traffic
Normal L2/L3 Processing
Flow Table
Produc=on VLANs
Research VLANs
Controller
Virtualize OpenFlow Switch
Normal L2/L3 Processing
Flow Table
Flow Table
Flow Table Researcher A VLANs
Researcher B VLANs
Researcher C VLANs
Produc=on VLANs
Controller A
Controller B
Controller C
OpenFlow Switch
OpenFlow Protocol
OpenFlow FlowVisor & Policy Control
Jie’s Controller
Jimit’s Controller Atul’s
Controller
OpenFlow Protocol
Virtualizing OpenFlow
OpenFlow Switch
OpenFlow Switch
OpenFlow Protocol
OpenFlow FlowVisor & Policy Control
Broadcast Mul=cast
OpenFlow Protocol
HTTP Load-‐balancer
Virtualizing OpenFlow
OpenFlow Switch
OpenFlow Switch
OpenFlow Switch
OpenFlow Deployment
OpenFlow Hardware
NEC IP8800
HP Procurve 5400
Juniper MX-‐series WiMax (NEC)
PC Engines Quanta LB4G
coming soon... Cisco Catalyst 3K
OpenFlow Deployments
• Stanford Deployments – Wired: CS Gates building, EE CIS building, EE Packard building
– WiFi: 100 OpenFlow APs across SoE – WiMAX: OpenFlow service in SoE
• Other deployments – Internet2 (NetFPGA switches) – JGN2plus, Japan (NEC switches) – 10-‐15 research groups have switches
Summer Plan
Summer Plan Step-‐1: Sorware Implementa=on
• OpenFlow as an IOS subsystem in the C3750E switch
• Thorough tes=ng and debugging • Fully func=onal OpenFlow switch, though not efficient
Summer Plan Step-‐2: Hardware Implementa=on
• Explore feasibility • Implement as many features in hardware as possible
• Eg. Exploit ACLs – Define packet matching rules – Define basic ac=ons such as packet dropping and packet forwarding
Thank you!