introduction to openflow -...
TRANSCRIPT
© 2013 Cisco and/or its affiliates. All rights reserved. 1
Introduction to OpenFlowPresented by:Shangxin Du – TAC DC Solution
20 April, 2015
© 2013 Cisco and/or its affiliates. All rights reserved. 2
Forget everything you know about:
• Transparent Bridging
• STP
• L2 Forwarding
• IP Routing
• L3 Forwarding
• And so on …
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Open Networking Foundation
© 2013 Cisco and/or its affiliates. All rights reserved. 4
• Control plane is decoupled from data plane; centralized and given span of control over multiple data plane switch elements
• Controller manages switch flow table using OpenFlow protocol
Add, update, delete flow entries, both reactively and proactively
I/O Module (Line Card)
OpenFlow Controller
I/O Module (Line Card)
I/O Module (Line Card)
I/O Module (Line Card)
I/O Module (Line Card)
I/O Module (Line Card)
DPID:0001000573ff61e0DPID:0001000573ff58e0
OpenFlow Protocol
© 2013 Cisco and/or its affiliates. All rights reserved. 5
I/O Module (Line Card)
• Traditional captive control plane/data plane components co-exist with OpenFlow Switch capabilities
• OpenFlow defines logical “ports” for passing packets to traditional and OpenFlow pipelines
Supervisor
I/O Module (Line Card)
I/O Module (Line Card)
OpenFlow Controller
Hybrid Switch A
OF Agent
I/O Module (Line Card)
Supervisor
I/O Module (Line Card)
I/O Module (Line Card)
Hybrid Switch A
OF Agent
OpenFlow Protocol
© 2013 Cisco and/or its affiliates. All rights reserved. 6 6
Controller port
Physical Port
Logical Port
(representing link bundle)
LOCAL “Port”
NORMAL “Port”
Flow Tables
Normal
Switch
stage
Logical Port (representing a VLAN)OpenFlow
Switch
stage
Log. Port (Tunnel)
Logical Port (representing a VLAN)
© 2013 Cisco and/or its affiliates. All rights reserved. 7
• Each OpenFlow Switch has a single flow table, which is used for packet lookup and forwarding
• Packets not matching an entry in the flow table are punted to the controller
flow 0
flow 1
flow 2
flow 3
flow 4
flow 5
Table N
© 2013 Cisco and/or its affiliates. All rights reserved. 8
• A flow table consists of one or more flow entries
• Each entry consists of one row in the flow table
flow 0
flow 1
flow 2
flow 3
flow 4
flow 5
Table N
• match fields: ingress port + packet headers
• priority: precedence of the flow entry
• counters: updated for each matching packet
• timeouts: maximum amount of time or idle time before flow entry expires
• action(s): one or more actions to take on match packets
• cookie: opaque data chosen by controller
Match Fields Priority Counters Timeouts CookieAction(s)
© 2013 Cisco and/or its affiliates. All rights reserved. 9
Flow Table in more detail…
FLOW TABLE
HEADER FIELDS COUNTERS ACTIONS
…
…
… …
… …
Ingress
Port
Source
MAC
Dest
MAC
Ether
Type
VLAN
IDVLANPriority
IP
SRC
IP
DEST
IP
Proto
IP
TOS
TCP/
UDP
SRC
TCP/
UDP
DEST
OF1.0 HEADER FIELDS
This is the “Famous” OpenFlow 12 Tuple
1 2 3 4 5 6 7 8 9 10 11 12
© 2013 Cisco and/or its affiliates. All rights reserved. 10
Data Data Data
Sw
itch
FLOW
TABLE
SWITCH FORWARDING
ENGINE
OPENFLOW CONTROLLER
** CPU
**OpenFlow 1.0 supports a lookup into a single flow table
© 2013 Cisco and/or its affiliates. All rights reserved. 11
Data Data Data
FLOW
TABLE
SWITCH FORWARDING
ENGINE
CPU
Lookup Key
Header fields used to build lookup key
Sw
itc
h
© 2013 Cisco and/or its affiliates. All rights reserved. 12
Sw
itc
h
FLOW
TABLE
SWITCH FORWARDING
ENGINE
OPENFLOW CONTROLLER
CPU
Data Data Data
If no match, Controller may
receive packet and program
the flow table
© 2013 Cisco and/or its affiliates. All rights reserved. 13
Data Data
Sw
itc
h
FLOW
TABLE
SWITCH FORWARDING
ENGINE
OPENFLOW CONTROLLER
Forwarding Engine forwards packets
CPU
© 2013 Cisco and/or its affiliates. All rights reserved. 14
FLOW TABLE
HEADER FIELDS COUNTERS ACTIONS
…
…
… …
… …
Several important OF1.0 Actions
Let us explore in more detail…
© 2013 Cisco and/or its affiliates. All rights reserved. 15
Sw
itch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
CPU
1
Packet
© 2013 Cisco and/or its affiliates. All rights reserved. 16
Sw
itch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
CPU
Packet
2
© 2013 Cisco and/or its affiliates. All rights reserved. 17
Sw
itch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
CPU
Packet
3
© 2013 Cisco and/or its affiliates. All rights reserved. 18
Sw
itch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
CPU
Packet4
© 2013 Cisco and/or its affiliates. All rights reserved. 19
Sw
itch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
CPU
5Packet
© 2013 Cisco and/or its affiliates. All rights reserved. 20
Sw
itch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
CPU
Packet
6
© 2013 Cisco and/or its affiliates. All rights reserved. 21
Sw
itch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
CPU
Packet
7
© 2013 Cisco and/or its affiliates. All rights reserved. 22
Sw
itch
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
CPU
Packet
8
© 2013 Cisco and/or its affiliates. All rights reserved. 23
FLOW
TABLE
SWITCH
FORWARDING
ENGINE
OPENFLOW
CONTROLLER
7
2
8
CPU
1
45
6
Important Actions
1 Forward to all ports
except input
2 Redirect to Controller
3 Output from Controller
4 Forward to local CPU
5 Rewrite Packet Header
6 Forward to input port
7 Forward to dest port
8 Drop packet
3
© 2013 Cisco and/or its affiliates. All rights reserved. 24
Dec 2009
OF 1.0
Feb 2011
OF 1.1
• Single flow
Table
• L2, IPv4
focused
matching
• Basic actions
• Multiple flow tables
• Group table
• Packet processing
options
• MPLS
• VLAN
© 2013 Cisco and/or its affiliates. All rights reserved. 25
Dec 2009
OF 1.0
Feb 2011
OF 1.1 OF 1.2
Dec 2011
• Single flow
Table
• L2, IPv4
focused
matching
• Basic actions
• Group table
• Multiple flow
tables
• Packet
Processing
Options
• MPLS, VLAN
• IPv6
• Extensible
matching
© 2013 Cisco and/or its affiliates. All rights reserved. 26
Dec 2009
OF 1.0
Feb 2011
OF 1.1 OF 1.2 OF 1.3.0
Dec 2011 Apr 2012
• Single flow
Table
• L2, IPv4
focused
matching
• Basic actions
• Group table
• Multiple flow
tables
• Packet
Processing
Options
• MPLS, VLAN
• IPv6
• Extensible
matching
• IPv6 Extended Headers
• Meter table
• Auxiliary Connections
• Advanced MPLS
• PBB
• Version negotiation
• Controller connections
OF 1.3.1
(stability)
Sep 2012 Apr 2013
OF 1.3.2
© 2013 Cisco and/or its affiliates. All rights reserved. 27
OF 1.0
stability
Cisco
OF 1.1 OF 1.2 OF 1.3
stability
Cisco
• Table sync
• Non-Ethernet
• Flow monitoring
• Generic
tunnels
• “Split brain”
OF 1.4
Aug 2013 in progress
OF 1.5
28© 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 29
C, JAVA Program
onePK API Presentation
onePK API Infrastructure
IOS / XE
(Catalyst, ISR,
ASR1K)
NX-OS
(Nexus Platforms)
IOS-XR
(ASR 9K, CRS)
© 2013 Cisco and/or its affiliates. All rights reserved. 30
Application -> OpenFlow Agent
onePK API Presentation -> Native NOS and Container
onePK API Infrastructure -> Native NOS
IOS / XE
(Catalyst)
NX-OS
(Nexus Platforms)
IOS XR
(ASR 9K)
© 2013 Cisco and/or its affiliates. All rights reserved. 31
IOS / XE NX-OS IOS-XR
onePK API Infrastructure
Application Framework / XNC Controller
onePK SDK
Applications
Network Device
onePK transport
OpenFlow
OpenFlow
Agent
OpenFlow 1.0/1.3
© 2013 Cisco and/or its affiliates. All rights reserved. 32
OF Switch 30
OF Switch 10
OF Switch 20
Supervisor OF Agent
OpenFlow Controller
OpenFlow Controller
CID=10
CID=20
CID=30
© 2013 Cisco and/or its affiliates. All rights reserved. 33
Pure OpenFlow* Ships in the Night Integrated
• All ports are OpenFlow only
• All forwarding decisions by Controller
• Example: Network Monitoring
* There still may be some non OpenFlow ports for connecting to management device or initial setup
• OF co-exists with normal forwarding
• Port segregation
• No traffic flow between domains
• Example:Network Slicing
• Packet may traverse OpenFlowpipeline and normal pipeline
• Output to NORMAL and Logical ports
• Example: Traffic Steering
34© 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 35
Visibility Tools Production Network
Wireshark
Video
Monitor
SPAN Ports
Dynamic Filter and
Forwarding Event
Driven / Real Time
Replaces Matrix Network withNexus 3000s, Controller, and Monitor Manager App
With XNC Monitor Manager Solution
OpenFlow
Enabled
Nexus 3000s
Java and
RESTful
NEW CUSTOM
TOOLS
Extensible
Network
Controller
© 2013 Cisco and/or its affiliates. All rights reserved. 36
Objective: Establish a flow
to bypass the
firewall for
trusted traffic
to improve
application
performance
Firewall Trusted Flow Acceleration
Trusted Flow Path
Accelerated Flows and “Science DMZ” Slice
External Resourcesor Networks
Controller
© 2013 Cisco and/or its affiliates. All rights reserved. 37
Transit Selection: Network Parameter Driven (Latency)
2 ms
OpenFlow / onePK
Cisco XNC
Controller
Other Transit Selection Parameters Also Possible
© 2013 Cisco and/or its affiliates. All rights reserved. 38
Site 1 / Branch Site 2 / DC
Transit Selection
MPLS
PUBLIC
CAMPUS /
INTERNAL
Cisco XNC
Controller
Control egress path based on application requirement and prioritySimple forwarding rules help improve WAN utilization
© 2013 Cisco and/or its affiliates. All rights reserved. 39
SDN Application
XNC ControllerPCE (Cariden)
Existing
Functionality
New Functionality
15
4
2
State Report
Traffic steering Path Request from Application
Tunnel Create
Request
MPLS-TE LSP
RSVP
Signaling
3
Traffic Engineering with PCE and OpenFlow
© 2013 Cisco and/or its affiliates. All rights reserved. 40
• A Linux Foundation Project
• Industry-Supported
© 2013 Cisco and/or its affiliates. All rights reserved. 41
© 2013 Cisco and/or its affiliates. All rights reserved. 42
Thank you.