software defined networking nick mckeown stanford university
TRANSCRIPT
Software Defined Networking
Nick McKeownStanford University
(part 1)
Why I love my job
I work with people much smarter than me.
I get to work on intellectually interesting ideas.
… that might positively change the practice.
Then, we try to actually change the practice.
Whatever it takes
• Prove a theorem• Write a paper• Build a demo• Talk to lots of industry people• Write a standard• Give lots of talks• Write a blog• Start a company• Build an open source tool• …
Choosing research projects
• Pick a problem that is intellectually interesting.• And improves the practice.• And industry doesn’t like (yet).
PacketForwarding
PacketForwarding
PacketForwarding
PacketForwarding
PacketForwarding
Control
Control
Control
Control
Control
EthaneMartin Casado et al [Sigcomm ‘07]
Policy
“Laptops can’t accept incoming connections”
“A can’t talk to B”
Network Control Plane
Microsoft: “Come on in….”Cisco: “It will never work…”
Raw nerve.We must be onto something.
Checklist
• Intellectually interesting.• And improves the practice.• And industry doesn’t like (yet).
Corollary: You can’t give stuff awayExample 1: Order of magnitude faster router (1997)
– Tried to give Tiny-Tera away for free.– Industry wasn’t ready.– Started Abrizio.
Example 2: Network Memory (2001)– Tried to give it away for free, to save $500M per year.– Industry wasn’t ready.– Started Nemo.
Example 3: Ethane (2007)– Tried to give it away for free; early stages of SDN.– Industry wasn’t ready.– Started Nicira.
I put everything in public domain
Industry– Invests huge amounts to develop and sell products.– Patents protect ideas, giving the confidence to invest.
University research– Serves society at large.– Stay ahead by running fast, not by protecting.– Makes it easier to work with industry.– If it’s good research, industry doesn’t see it yet.
Everything in public domain since 1999.
(part 2)
If you are in any doubt about whether OpenFlow/SDN will be deployed in the WAN
Urs Hölzle (Google), ONS 2012
Software Defined Networks
Martin Casado
What is SDN?
(when we clear away all the hype)
SDN is the separation of the control plane from the forwarding plane.
Software Defined Network (SDN)
Global Network Map
PacketForwarding
PacketForwarding
PacketForwarding
PacketForwarding
PacketForwarding
Network OS
ControlProgram
ControlProgram
ControlProgram
Abstract Forwarding
Model(e.g. OpenFlow)
The Technical Benefits (1)
Well-defined control abstraction– Control plane can run on modern servers– Can adopt software engineering best-practices– Easier to add new control programs– …or customize locally– Solve distributed systems problem once, rather
than for every protocol
SpecializedHardware
OS
OSPFDijkstra
NetworkMap
95%
5%
OSPF Dijkstra
Network OS
PacketForwarding
PacketForwarding
PacketForwarding
PacketForwarding
Global Network Map
The Technical Benefits (2)
Well-defined forwarding abstraction– e.g. OpenFlow– Vendor-agnostic interface to forwarding plane– Simpler, lower-cost, lower-power hardware
Match Action
F Action(F)
G Action(G)
H Action(H)
H H’
Action Primitives1. “Forward to ports 4 & 5”2. “Push header Y after bit 12”3. “Pop header bits 8-12”4. “Decrement bits 13-18”5. “Drop packet”6. …
Match-Action Forwarding Abstraction“Plumbing primitives”
Match Action
F1 Action(F)
G1 Action(G)
H1 Action(H)
Multiple Table Match-Action
Match Action
Fn Action(F)
Gn Action(G)
Hn Action(H)
Hn H1 H’
OpenFlow Philosophy
Long-term, forwarding looking Match: Very general, not protocol specific. Action: Small instruction set, not protocol specific.– Make it easy to add new headers and actions.– Any network (packet, circuit, radio).
Short-term, backward lookingMatch: include well-known header fields.Action: necessary set for existing protocols.– Support existing protocols on existing switch chips.
MatchTable Ac
tion
MatchTable Ac
tion
HEA
DER
DATA
Reco
mbi
neIn OutData H
H
Data H
OutputQueues
New switch chips emerging
The Technical Benefits (3)
Well-defined forwarding behavior– The forwarding tables capture the entire
forwarding behavior.– Control plane writes the forwarding state.– Therefore, we can verify its correctness.
Software Defined Network (SDN)
Global Network Map
PacketForwarding
PacketForwarding
PacketForwarding
PacketForwarding
PacketForwarding
ControlProgram
ControlProgram
ControlProgram
firewall.c…
if( TCP_port == SMTP)dropPacket();
…
Match Action
F Action(F)
G Action(G)
H Action(H)
Match Action
A Action(A)
G Action(G)
D Action(D)
Match Action
A Action(A)
B Action(B)
C Action(C)
Match Action
X Action(X)
Y Action(Y)
Z Action(Z)
Match Action
A Action(A)
G Action(G)
H Action(H)
Network OS
Software Defined Network (SDN)
Global Network Map
PacketForwarding
PacketForwarding
PacketForwarding
PacketForwarding
PacketForwarding
ControlProgram
ControlProgram
ControlProgram
Match Action
F Action(F)
G Action(G)
H Action(H)
Match Action
A Action(A)
G Action(G)
D Action(D)
Match Action
A Action(A)
B Action(B)
C Action(C)
Match Action
X Action(X)
Y Action(Y)
Z Action(Z)
Match Action
A Action(A)
G Action(G)
H Action(H)
Network OS
firewall.c…
if( TCP_port == SMTP)dropPacket();
…
1
3
2
Software Defined Network (SDN)
Global Network Map
PacketForwarding
PacketForwarding
PacketForwarding
PacketForwarding
PacketForwarding
ControlProgram
ControlProgram
ControlProgram
Match Action
F Action(F)
G Action(G)
H Action(H)
Match Action
A Action(A)
G Action(G)
D Action(D)
Match Action
A Action(A)
B Action(B)
C Action(C)
Match Action
X Action(X)
Y Action(Y)
Z Action(Z)
Match Action
A Action(A)
G Action(G)
H Action(H)
Network OS
“A can talk to B”
“Guests can’t reach PatientRecords”
“No loops”
Policy
ForwardingBehavior
Networks notoriously hard to debug
Today, even simple questions hard to answer:– Can host A talk to host B?– What are all the packet headers from A that can
reach B?– Are there any loops in the network?– Is Group X provably isolated from Group Y?– What happens if I remove a line in the config file?
28
Header Space Analysis
A BLHeader
Data01110011…1
Header Data111..100000
Header Space Analysis
12
The set of packets from A that can reach B
A B
All packets from A that can reach B
A B
Header Space Analysis[Kazemian NSDI ‘12]
Consequences– Abstract forwarding model; protocol independent– Finds all packets from A that can reach B– Find loops, regardless of protocol or layer– Can prove that two groups are isolated
Can verify if network adheres to policy
HSA as a “foundation”
HSA enables many tools and methods– Independent static checking– In-line in-controller invariance checking– Dynamic testing: Automatic test packet generation– Dynamic testing: Automatic performance monitoring
Analogy to Boolean algebra for logic design
SDN: Business Consequences
The Business Consequences
1. Vertical integration will finally be replaced by a more competitive industry with a level playing field.
2. Large growth in software industry for networking. Faster innovation.
3. Hardware switches will focus on capacity, fan-out and power. (Think Intel for networking).
4. Multi $Bn tools industry will emerge.
Corollary
The customer and end-user will be better served– Networks will be cheaper.– Networks will be faster.– Networks will be (much) more reliable.– Networks will improve faster.– Networks will be in service of the owner, the
operator, the customer and the application rather than just the high-margin vendor.
SDN is in the best interest of society at large. To resist is to be protectionist and self-serving.
Vertically integratedClosed, proprietary
Slow innovationSmall industry
SpecializedOperatingSystem
SpecializedHardware
AppAppAppAppAppAppAppAppAppAppApp
SpecializedApplications
HorizontalOpen interfacesRapid innovation
Huge industry
Microprocessor
Open Interface
Linux MacOS
Windows(OS) or or
Open Interface
Vertically integratedClosed, proprietary
Slow innovation
AppAppAppAppAppAppAppAppAppAppApp
HorizontalOpen interfacesRapid innovation
ControlPlane
ControlPlane
ControlPlane or or
Open Interface
SpecializedControlPlane
SpecializedHardware
SpecializedFeatures
MerchantSwitching Chips
Open Interface
Tens of millions of lines of code.Closed, proprietary, outdated.
SpecializedControlPlane
SpecializedHardware
SpecializedFeatures
Hundreds of protocols6,500 RFCs
Billions of gates.Power hungry and bloated.
Ram in even more lines of code…
“My box now has an OpenFlow interface too!”
What SDN isn’t
(part 3)
What’s new?
1. Separation of control from forwarding.2. Programmatic control of forwarding by
writing entries into tables.
Transport networks have done this for decades!
Natural Evolution: Converged Control
Data Center
Data CenterMPLSMPLS
Global Network Map
ControlProgram
ControlProgram
ControlProgram
Network OS
TransportNetwork
Direct Control of Hardware, or
Virtual transport networkControl
New ONF Working Group: Optical Transport
Match-Action Forwarding Abstraction
Packet flow Packet flow Circuit/channelPacket flow
Circuit/channelCircuit/channel
OpenFlow OpenFlow
OpenFlow
Match Action
F Action(F)
G Action(G)
Match Action
F Action(F)
G Action(G)
Match Action
F Action(F)
G Action(G)
Dynamic Circuit Switching
PacketNetwork
PacketNetwork
TransportNetwork
TransportNetwork
UNI UNI
Why it was supposed to happen
Technology: High capacity optical crossconnects.
Aggregation: High capacity packet networks.
Cost: Circuit switches cost less; use less power.
Standard: GMPLS.
Why GMPLS failed
1. Router vendors prevented it.2. GMPLS standard much too complicated.
4949
EMS EMS EMS
Proprietary Interface Proprietary Interface
Vendor Islands
Packet Network Transport Network
UNI
We Didn’t Make it Easy!
IP/MPLS Control PlaneOSPF-TE, RSVP-TE + many more
GMPLS Control PlaneOSPF-TE, RSVP-TE
5050
EMS EMS EMS
Proprietary Interface Proprietary Interface
Vendor Islands
Packet Network Transport Network
UNI
IP/MPLS Control PlaneOSPF-TE, RSVP-TE + many more
GMPLS Control PlaneOSPF-TE, RSVP-TEOSPF-TE, RSVP-TE OSPF-TE, RSVP-TE
Quagga
Linux
OSPF RSVP
50k
175kGMPLS
Good Architecture Simplifies
PacketNetwork
PacketNetwork
Global Network Map
Aggregation DynamicBandwidth
Recovery
Network OS
TransportNetwork
4.7k
NOXLinux
68k
Quagga
Linux
OSPF RSVP
50k
175k
GMPLS
3% as much code!
Conclusions
• SDN is here to stay: It introduces the right abstractions into network control.
• It will sweep away protectionist practices, and level the playing field.
• It will enable converged control of packet and transport networks.
• I don’t recommend sitting on the sidelines.
SpecializedControlPlane
SpecializedHardware
SpecializedFeatures
Apps
SpecializedControlPlane
SpecializedHardware
Apps
Network OS
SimplerHardware