OpenFlowでの サービスチェイニングによる

SDNの実現

MPLS Japan 2013

株式会社エーアイコーポレーション

岩下 雅幸 / 溝口 茂

http://www.aicp.co.jp/

アジェンダ

• Service Chaining とは？

• Service Chainingで要求されること

• Service Chainingのモデル化

• デモ

• 標準技術による汎用化

2013/10/30 2

Service Chaining とは？

Customer

C

Customer

B

Customer

C

FW

IDS

WAN ACCEL

APP FILTER

Customer

A Service Provider

2013/10/30 3

Service Chaining のイメージ

Traffic Shaper IPS/IDS

Content Filtering

WAN acceleration Firewall

A

B

A

B

2013/10/30 4

Traffic Shaper

既存の手法でのService Chaining

IPS/IDS Content Filtering

WAN acceleration Firewall

Network Engineers

2013/10/30 5

A

B

A

B

A

B

A

B

Traffic Shaper

ダイナミックな Service Chaining

IPS/IDS Content Filtering

WAN acceleration Firewall

Networking Applications

Network Engineer

Programmed by Software

2013/10/30 6

A

B

A

B

Traffic Shaper

Service Chainingで要求されること

IPS/IDS Content Filtering

WAN acceleration Firewall

Networking Applications

Network Engineer

3

1

2

2013/10/30 7

A

B

A

B

Traffic Shaper

１への対応：OpenFlowの導入

IPS/IDS Content Filtering

WAN acceleration Firewall

1

2013/10/30 8

Openflowを組み合わせた構成

2013/10/30 9

A

B

A

B

Traffic Shaper

OpenFlowでのService Chaining

IPS/IDS Content Filtering

WAN acceleration Firewall

Networking Applications

Network Engineer

3？

1

2？

2013/10/30 10

2？

SDN Architecture

www.slideshare.net/martin_casado/sdn-abstractions

“The Future of Networking, and the Past of Protocols”

Service Chainingのモデル化

2013/10/30 12

A

B

A

B

Traffic Shaper IPS/IDS

Content Filtering

WAN acceleration Firewall

“Abstract Network View”

2013/10/30 13

A

B

A

B

Traffic Shaper IPS/IDS

Content Filtering

WAN acceleration Firewall

モデル間のマッピング

Traffic Steering Device Model

Port: unique integer 0..47

Src: IP-address/mask

Dst: IP-address/mask

Action: drop | output(N) | …

Firewall Device Model

Src: IP-address/mask

Dst: IP-address/mask

Port: integer 1..65535

Action: drop | allow

Service Application

VPN Service Model

Flow Profile Name: unique string

From Networks: [ IP-address/mask ]

To Networks: [ IP-address/mask ]

Reserved bandwidth: integer > 0

2013/10/30 14

Service Application

Network-wide Transaction

In Out

1 6 2 7 3 8 4 9 5 10

ネットワーク全体への適用

Rule #117: Src=*, Dst=116.54.16.128/26, Port=80, Action=allow

Rule #118: Src=*, Dst=116.54.16.128/26, Port=*, Action=drop

Rule #46: Port=1, Src=*, Dst=116.54.16.128/26, Action=output(6)

Rule #47: Port=7, Src=*, Dst=116.54.16.128/26, Action=output(8)

Demo

A

B

A

B

Traffic Shaper IPS/IDS

Content Filtering

WAN acceleration Firewall 3

1

2 2

モデルベースでのService Chaning

2013/10/30 17

- - - - - - - - - - - - - - - - - - NETCONF(RFC 6241) - - - - - - - - - - - - - - - - -

標準技術による汎用化

2013/10/30 18

A

B

A

B

Traffic Shaper IPS/IDS

Content Filtering

WAN acceleration Firewall

YANG (RFC6020)

ドイツテレコムの実績 • “A Realtime OSS-based SDN Approach”

• Deutsche Telekom: A Software-Defined Operator – http://www.lightreading.com/ethernet-ip/routers/deutsche-telekom-a-software-defined-

operator/d/d-id/706099

2013/10/30 19

ベンダー様でのNETCONF採用状況

2013/10/30 20

– Alaxala • Ethernet switches

– BATM/Telco Systems • T-Metro 7224

– BigBand • MSP2800

– Brocade • NetIron XMR, CES, and CER • MLX Series • VDX

– Cisco • IOS 12.4(9)T and later • IOS XE 2.1 and later

– Edgeware • WTV-2X

– Ericsson • SEA 20

– H3C • S9500E Series Routing Switches

– Huawei • AR3200/2200 Enterprise Routers

– Juniper Networks • JUNOS 7.5 and later

– Nexor • Messaging Gateways

– RuggedCom • RX5000 and MX5000

– Sonus • NBS5200 Session Border Controller

– Taseon • TN 320

– Verivue • MDX 9020

Please Note that this list is work in progress and feedback on accuracy and completeness is strongly encouraged

標準化動向

- NETCONF WG

- NETMOD(YANG) WG

- OF-CONFIG YANG Modules

- YANG models for Service OAM PM and FM

- YANG module for CCAP: next generation cable head-end systems

- OpenStack Plugin http://blog.ipspace.net/2013/10/openstack-

quantum-neutron-plug-in-there.html

2013/10/30 21

Please Note that this list is work in progress and feedback on accuracy and completeness is strongly encouraged

2013/10/30 22

Service Chainingで迅速なサービス実現、

そして さらなる付加価値を！ Network Engineers

Networking Applications

Network Engineer

Perl Scripts

Standards-Based Abstraction and

Automation

Tomorrow Today

Various CLIs Various APIs Manual Activities Tedious Script Maintenance