openflow : enabling innovation in campus networks
DESCRIPTION
OpenFlow : Enabling Innovation in Campus Networks. ACM SIGCOMM Computer Communication Review 2008. 101064541 葉幸宜. Outlines. Introduction and Motivation OpenFlow Goal Concepts Network Architecture Flow Table Structure Controller More Examples Conclusion. Introduction and Motivation. - PowerPoint PPT PresentationTRANSCRIPT
OpenFlow:Enabling Innovation in Campus Networks
101064541 葉幸宜
Nick McKeown Tom Anderson Hari Balakrishnan Stanford University University of Washington MIT
Guru Parulkar Larry Peterson Jennifer RexfordStanford University Princeton University Princeton University
Scott Shenker Jonathan Turner University of California, Berkeley Washington University in St. Louis
ACM SIGCOMM Computer Communication Review 2008
2013/5/30
Outlines
• Introduction and Motivation• OpenFlow– Goal– Concepts– Network Architecture– Flow Table Structure– Controller– More Examples
• Conclusion2013/5/30 1/14
Introduction and Motivation
• Experiments we’d like to do– Mobility Management– New Naming/Addressing Schemes– Network Access Control
• If we design our own prototypes …– Closed network– No way to test the prototypes
2013/5/30 2/14
Introduction and Motivation
• Why Internet is closed for innovations?– Commercial vendor won’t open software and
hardware development environment• Complexity to support• Market protection & Barrier-to-entry for competitors
• Existing Solutions– Software only• Performance is not good
– Hardware/Software• Fanout too small
2013/5/30 3/14
OpenFlow
• Goal– Open Platform• For researchers to test new ideas at scale production
networks• Without requiring vendors to expose internal workings
– Bring future Internet to legacy Internet
2013/5/30 4/14
OpenFlow’s Concept
2013/5/30 5/14
Ethernet Switch
OpenFlow Protocol (SSL)
Software Control Plane
Hardware Data Plane
Control Plane
Hardware Data Plane
OpenFlow
OpenFlow Controller
OpenFlow Network Architecture
2013/5/30 6/14
OpenFlowController
OpenFlow-enableCommercial Switch
FlowTableFlowTable
SecureChannelSecure
Channel
PCOpenFlow
Protocol
SSL
HW
SW
OpenFlow Switch specification
NormalSoftwareNormal
Software
NormalDatapathNormal
Datapath
OpenFlow Flow Table Structure
2013/5/30 7/14
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
Rule Action Statistics
1. Forward packet to port(s)2. Encapsulate and forward to controller3. Drop packet4. Send to normal processing pipeline
Packet + byte counters
OpenFlow Switch
HW
SWNormal
SoftwareNormal
SoftwareSecure
ChannelSecure
Channel
NormalDatapathNormal
DatapathFlowTableFlowTable
OpenFlow Flow Table Structure
2013/5/30 7/14
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
Rule Action Statistics
1. Forward packet to port(s)2. Encapsulate and forward to controller3. Drop packet4. Send to normal processing pipeline
Packet + byte counters
OpenFlow Switch
HW
SWNormal
SoftwareNormal
SoftwareSecure
ChannelSecure
Channel
NormalDatapathNormal
DatapathFlowTableFlowTable
OpenFlow Flow Table Example
• Ethernet Switching
• IP Routing
• Application Firewall
2013/5/30 8/14
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
* * 00:2D.. * * * * * * * Port5
Action
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * * * * * * 22 Drop
* * * * * * 140.114.. * * * Port3
OpenFlow Controller
• Centralized intelligential agency– Allow multiple researchers create their accounts
to control the flows independently– Add or remove flow-entries
• NOX is an open-source OpenFlow Controller
2013/5/30 9/14OpenFlow SwitchOpenFlow Switch OpenFlow Switch
NOX Controller
Secure Channel
• SSL Connection• Controller discovery protocol• Encapsulate packets for controller• Send link/port state to controller
2013/5/30 10/14
OpenFlow Operation Example
2013/5/30 11/14
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
Amy Access Control
Scheme!
FlowTable
FlowTable
FlowTable
FlowTable
RulesRulesRulesRules
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Amy
Amy Access Control
Scheme!
11/14
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Amy
Amy Access Control
Scheme!
11/14
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Amy
Amy Access Control
Scheme!
11/14
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Amy
Amy Access Control
Scheme!
11/14
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Amy
Amy Access Control
Scheme!
11/14
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Amy
Amy Access Control
Scheme!
11/14
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
Bob
Amy Access Control
Scheme!
11/14
OpenFlow Operation Example
2013/5/30
Controller
PC
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
OpenFlowSwitch
If Rule = x, send to port 4If Rule = y, drop itIf Rule = ?, send to controllerElse, send to normal pipeline
FlowTable
FlowTable
FlowTable
FlowTable
O-FlowTable
Bob
Amy Access Control
Scheme!
11/14
More Examples for OpenFlow
• Network Management and Access Control– Ex: Phones can only use HTTP service
• VLANs• Mobile wireless VoIP clients– Allowing seamless handover
• Non-IP network– OpenFlow packets could be any kinds of formats
• Processing packets rather than flows2013/5/30 12/14
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
23
OpenFlow Products
2013/5/30
• NEC
• HP
• Pronto
13/14
Conclusion
• OpenFlow– Standard way to control flow-tables in commercial
switches and routers– An open development environment for all
researchers– Real environment for Future Internet Technologies
2013/5/30 14/14