floodlight tutorial - clemson / georgia tech
DESCRIPTION
An overview of SDN, OpenFlow and Floodlight given by Mike Cohen and Alex Reimers.TRANSCRIPT
![Page 1: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/1.jpg)
OpenFlow Controller
http://floodlight.openflowhub.org
![Page 2: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/2.jpg)
©2012 – Big Switch Networks Inc. 2
About Us
Big Switch Networks builds and promotes Open Software Defined Networking Solutions
We use and help support Floodlight and a number of other OpenFlow tools
Yes, you can contact us about jobs and internships at [email protected]
Big Switch Networks
![Page 3: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/3.jpg)
©2012 – Big Switch Networks Inc. 3
Introduction
SDN and OpenFlow
Real world use cases
Floodlight
Demo! (if time allows)
![Page 4: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/4.jpg)
4
Limitations in Modern Networking
Hardware focus
Hard to innovate, update software
Vendor specific components
An Slowly Evolving Environment
Operating System / Firmware
Hardware / ASICs
Fully distributed protocols
Independent components
Interoperability and design challenges
©2012 – Big Switch Networks Inc.
![Page 5: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/5.jpg)
5
Introduction to SDNSoftware-defined Networking
OF Switch
OF Switch
OF Switch
OF Switch
OF Switch
SDN Controller
App
licatio
n
App
licatio
n
App
licatio
n
App
licatio
n
Application tier
Controller tier
Data plane tier
App
licatio
n
Software Defined Networking decouples data, control, and application planes, creating a programmable network
©2012 – Big Switch Networks Inc.
![Page 6: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/6.jpg)
6
OpenFlow and SDNA southbound SDN protocol
OpenFlow-based SDN Controller
App
licatio
n
App
licatio
n
App
licatio
n
App
licatio
n
Northbound API
Southbound API - OpenFlow
App
licatio
n
OF Switch
OF Switch
OF Switch
OF Switch
OF Switch
©2012 – Big Switch Networks Inc.
![Page 7: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/7.jpg)
7
Advantages of SDN
Innovation and speed to marketAn “app store” for network programming
Decoupled software and hardware developmentSupport for multi-vendor environmentsSeparate upgrade cycles, etc.
Simplified network management / automation
©2012 – Big Switch Networks Inc.
![Page 8: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/8.jpg)
Real World Examples
8
FlowVisor
Alice Bob Cathy
IsolationPolicy
1
Scalable isolation domains and network slicing.
Example: Flowvisor
Network Virtualization
2
Inserting and managing network services such as load balancing, firewall, IDS/IPS, QoS, etc.
Example: FlowScale
Platform for Network Services
3
Flexible mobility of virtual machines
Example: Stanford WAN VM Migration
Virtual Machine Management
4
CLOS Fabrics
Lower cost, high performance networks
Example: non-blocking CLOS architectures
5
Simplified data vibility and traffic monitoring
Example: TBD
Data analysis / monitoring
6
Hybrid clouds
Networks spanning public / private DC’s
Example: Amazon VPC
![Page 9: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/9.jpg)
OpenFlow
![Page 10: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/10.jpg)
10
Introduction to OpenFlow
TCP / SSL
Controller <-> Switch communication
OpenFlow-based SDN Controller
OpenFlow Client
**5.6.7.8*** port 1
Non-OF Control Path
ActionMAC src
MAC dst
IP Src
IP Dst
TCP sport
TCP dport
Flow table
x86 style instruction set
Based on Ethernet Switch with: OF software client
Hardware flow table
Control channel between switch and controller
©2012 – Big Switch Networks Inc.
![Page 11: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/11.jpg)
11
OpenFlow in Action
SDN ControllerA
pplica
tion
App
licatio
n
App
licatio
n
App
licatio
n
App
licatio
n
OF Switch
Rule Action Stats
OF Switch
OF Switch
Rule Action Stats Rule Action Stats
0101001010
©2012 – Big Switch Networks Inc.
![Page 12: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/12.jpg)
12
Why OpenFlow?
‘XXX’ = LISP, MPLS-TE, policy routing, etc.
Broad answer:OpenFlow is a very-low level abstraction/APICould probably implement XXX using OpenFlowCould not implement OpenFlow using XXX
If XXX meets my needs, why use OpenFlow?More holistic network viewReduced complexity from feature interaction
Isn’t OpenFlow the same as XXX?
©2012 – Big Switch Networks Inc.
![Page 13: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/13.jpg)
13
OpenFlow Standards
OF v1.0 (most popular), Dec 2009 Initial OpenFlow specificationmatch on 12-tuple
OF v1a.1: Extensions for WAN, late 2010multiple tables: dodge state space explosion fast failover, interface bonding
OF v1.2 : IPv6 support, generalized match, vendor extensions
©2012 – Big Switch Networks Inc.
![Page 14: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/14.jpg)
Floodlight©2012 – Big Switch Networks Inc. – Confidential and Proprietary 14
![Page 15: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/15.jpg)
15
Floodlight Overview
Floodlight is a completely open, free, Apache-licensed Java-based OpenFlow controller.
©2012 – Big Switch Networks Inc.
![Page 16: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/16.jpg)
16
Floodlight Controller
Research and commercial friendly
A great platform for OpenFlow
Easy to build, run, and develop
Rich set of build and debugging tools
Community of OpenFlow experts, access to commercial upgrades, and frequent testing
Toolchain
©2012 – Big Switch Networks Inc.
![Page 17: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/17.jpg)
17
Building Floodlight
$ git clone git://github.com/floodlight/floodlight.git
$ sudo apt-get install build-essential default-jdk ant python-dev
$ cd floodlight; ant
$ java –jar target/floodlight.jar
Fast…an easy…
Download from Github
$ wget http://floodlight.openflowhub.org/files/floodlight-vm.zip
(login as “floodlight” user, no password)
Get the VM (including mininet)
©2012 – Big Switch Networks Inc.
![Page 18: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/18.jpg)
Internals
![Page 19: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/19.jpg)
19
Floodlight Architecture
DeviceManager
FloodlightProvider
©2012 – Big Switch Networks Inc.
TopologyManager
RestServer
StorageSource
Forwarding
StaticFlowPusher
Modules exporting “services”
All modules in Java, support for Jython as well
Main module is FloodlightProvider Manages I/O to switches Translates OF messages to
Floodlight events Multi-threaded via Netty library (all
modules must be thread-safe)
Rich, extensible REST API
LinkDiscovery
![Page 20: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/20.jpg)
20
Module Descriptions
FloodlightProvider
©2012 – Big Switch Networks Inc.
Computes shortest path using Dijsktra Keeps switch to cluster mappings
Installs flow mods for end-to-end routing
Handles island routing
Tracks hosts on the network
MAC -> switch,port, MAC->IP, IP->MAC
Implements via Restlets (restlet.org)
Modules must implement RestletRoutable
Supports the insertion and removal of static flows
REST-based API
DeviceManager
TopologyManager
RestServer
StorageSource
Forwarding
StaticFlowPusher
LinkDiscovery Maintains state of links in network
Sends out LLDPs
DB style storage (queries, etc)
Modules can access all data and subscribe to changes
![Page 21: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/21.jpg)
Other Tools
![Page 22: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/22.jpg)
22
OpenFlow Controllers
Beacon: beaconcontroller.net (Java)
NOX: noxrepo.org (C++ and Python)
Trema: trema.github.com/trema/ (Ruby and C)
Reference controller (C)
Options Beyond Floodlight
©2012 – Big Switch Networks Inc.
![Page 23: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/23.jpg)
23
Mininet
Emulate OpenFlow network in a box
Uses Linux Containers and IP namespace
Runs your choice of software switchStanford’s reference OpenFlow switchOpenVSwitch
CLI allows interactive management of emulated virtual hosts
Packaged in the Floodlight VM at:http://floodlight.openflowhub.org/download
OpenFlow network simulator
©2012 – Big Switch Networks Inc.
![Page 24: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/24.jpg)
Switch Options
![Page 25: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/25.jpg)
Controller Platform
Switch EcosystemMajor vendors have upcoming products
Southbound APIsVirtual Switches Physical Switches
Stanford Reference Switch
©2012 – Big Switch Networks Inc.
Available
Announced
* Supported platforms: Pronto w/ indigo – 3240/3290, HP: 3500, 5400, 8200 (procurves), IBM 8264, NEC PF 5820 / 5240, Extreme – Summit series
![Page 26: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/26.jpg)
Demo
![Page 27: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/27.jpg)
Submit a project
Write a blog post
http://www.openflowhub.org
Contact: [email protected]
Getting Involved - OpenFlowHub
1. A community of open source OpenFlow developers
2. An OpenFlow Blog (available for guest authors)
3. Free hosting, tools, and marketing for open source projects
Wiki, forums, bug tracking tools, logos, etc.
A community of open source OpenFlow developers
©2012 – Big Switch Networks Inc.
What it is: Get involved:
Projects:
![Page 28: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/28.jpg)
Interested in Learning More?
Check out the websitehttp://floodlight.openflowhub.org
Join the mailing list:http://groups.google.com/a/openflowhub.org/group/floodli
ght-dev/topicsOr just email [email protected]
Get the code:http://floodlight.openflowhub.org/download
©2012 – Big Switch Networks Inc.
![Page 29: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/29.jpg)
©2012 – Big Switch Networks Inc. 29
Presenters
Mike Cohen
Product Manager
Alex Reimers
Member of Technical Staff
![Page 30: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/30.jpg)
End
![Page 31: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/31.jpg)
Operational Considerations
![Page 32: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/32.jpg)
©2012 – Big Switch Networks Inc. 32
Network considerations
Why OpenFlow? Lots of reasons we talked about already... Simplest is network monitoring from a single location – packetin, flow modes, cpu
usage, throughput, devices connected, etc.
Control / Data networks Offer critical services on non-OF network (ie. Voip) Control / data path separation – vlans in most cases Deploy OF from edge to core. Gain increased visibility over time. Measure traffic patterns and make sure your switch hardware can support it.
Some have limited control traffic throughput (flow set up rate, etc.).
Security considerations Do you need to protect against controller DoS attacks? Do you want encrypted control traffic?
Gotchas Physical loops into the OpenFlow network Wifi mesh networks
![Page 33: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/33.jpg)
Backup
![Page 34: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/34.jpg)
34
Network Virtualization: FlowvisorVirtualized Control Plane
OpenFlow Datapath
OpenFlow Datapath
OpenFlow Datapath
OpenFlowProtocol FlowVisor
Customer Alice Customer Bob
OpenFlowProtocol
Customer Cathy
IsolationPolicy
FlowVisor slices OpenFlow networks,
creating multiple isolated and
programmable logical networks on the same
physical topology.
Each use case/demo presented here runs in an isolated slice of Stanford’s production network.
©2012 – Big Switch Networks Inc.
![Page 35: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/35.jpg)
35
Load balancing
Traffic load balancer using OpenFlow
Implemented in OF ToR switches
Deployed in IU IDS
FlowScale: Load balancing using Layer 2 OF switches
©2012 – Big Switch Networks Inc.
![Page 36: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/36.jpg)
36
VM Management: WAN Migration
Moved a VM from Stanford to Japan without changing its IP.
VM hosted a video game server with active network connections. ©2012 – Big Switch Networks Inc.
![Page 37: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/37.jpg)
37
OpenFlow Protocol (1)
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
L4sport
L4dport
Match Fields Action(s) Stats
1. Forward packet to zero or more ports2. Encapsulate and forward to controller3. Modify Fields4. Vendor specific extensions
+ mask what fields to match
Packet + byte counters
VLANpcp
IPToS
©2012 – Big Switch Networks Inc.
![Page 38: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/38.jpg)
38
OpenFlow Protocol (2)
Switch port
MAC src
MAC dst
Eth type
VLAN ID
IP Src IP Prot TCP sport
TCP dport
Action
Switching * * 00:1f:..
* * * * * * Port6
Flow switching
Port3 00:20..
00:1f..
0800 Vlan1 1.2.3.4 5.6.7.8 4 17264 Port6
Firewall * * * * * * * * 22 Drop
Routing * * * * * * 5.6.7.8 * * Port6
VLAN switching
* * 00:1f..
* Vlan1 * * * * Port6,port7, port8
©2012 – Big Switch Networks Inc.
![Page 39: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/39.jpg)
39
Other Floodlight Highlights
Floodlight Controller
Java A
pp
Jytho
n A
ppOF Switch
OF Switch
Switch
OF Switch
OF Switch
Static Flow
Pusher Active work in
defining standard “Northbound” APIs
REST-based App
1 Java event APIs
REST-based APIs
Ability to push flows
2
Support for integrating with non-OpenFlow networks
3
©2012 – Big Switch Networks Inc.
![Page 40: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/40.jpg)
IFloodlightModule Interface
1. getModuleDependencies() What services does this module require?
2. getModuleServices(), getServiceImpls() Services does this module provide and how?
3. init(FloodlightModuleContext context) Internal, before dependencies have init()’d
4. startup(FloodlightModuleContext context) External, with dependencies initialization
Function Description
getModuleDependencies() What services does this module require?
getModuleServices() Services does this module provide and how?
init(FloodlightModuleContext context) Internal, before dependencies have init()’ed
startup(FloodlightModuleContext context)
External, with dependencies initialization
![Page 41: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/41.jpg)
©2012 – Big Switch Networks Inc. 41
OpenFlow Topologies
Need OpenFlow at last hop in the network
For vms:vswitch
For physical hosts: Tor
Floodlight can manage multiple “islands” of OpenFlow switches
VM VM
VM VM
VM VM
…
VM VM
VM VM
…Physical host
Rack 2Rack 1
Physical host
VM VM
vswitch
Top of rack
Agg / Core
![Page 42: Floodlight tutorial - Clemson / Georgia Tech](https://reader035.vdocuments.pub/reader035/viewer/2022062220/554bcf68b4c9058f6c8b4a70/html5/thumbnails/42.jpg)
©2012 – Big Switch Networks Inc. 42
Demo
Problem:
Track the last N Packet-Ins seen by the controller and expose it via a REST API
What you will see:
1. Adding a new module
2. Creating a REST API
3. Running Floodlight