Scribd
Upload
3 views

Ch3 Openflow

Uploaded by

valderamadurkheim
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
3 views

Ch3 Openflow

Uploaded by

valderamadurkheim
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 42

4 IoSys

4 WIN
Network-IT-zation

Chapter 3:

OpenFlow Protocol

1
Chapter Content

▪ Sec 1: What is OpenFlow ?

▪ Sec 2: OpenFlow components

▪ Sec 3: OpenFlow messages

▪ Sec 4: OpenFlow Pipeline

2
Sec 1: What is OpenFlow ?
3
Introduction
▪ OpenFlow introduced by the McKeown group at Stanford University
(2008)

▪ Clean Slate research program


▪ OpenFlow enables SDN by specifying a communication protocol
between the data plane of a networking element and a remote control
plane
▪ Since version 1.2 the standardization body for OpenFlow is the Open
Networking Foundation (ONF)

4
What is OpenFlow?
▪ The OpenFlow protocol defines
▪ A standardized API and communication method between the external controller
and OpenFlow process on the networking device
▪ The use of ‘Flow-tables’ held on the networking device which are populated by
the external controller which are used for matching and forwarding packets

▪ OpenFlow Flow-tables contain


▪ Header Fields – fields against which a packet can be matched
▪ Counters – statistics reporting capabilities
▪ Actions – defining how the packet should be treated (forward, drop, modify)
5
OpenFlow protocol

▪ Two components :
▪ OpenFlow controller
▪ Controls one or more switches
▪ Computes paths, maintains state, formulates flows and programs
OpenFlow Switches

▪ OpenFlow Switch
▪ Receives commands (flow entries, queries) from the OpenFlow
controller in order to populate entries in the flow-table
▪ Holds the flow-table in volatile memory

6
OpenFlow components

7
OpenFlow deployment models

8
OpenFlow deployment models (..)

Flow-Based Aggregated
• Every flow is individually set • One flow entry covers large
up by controller groups of flows
• Exact-match flow entries • Wildcard flow entries
• Flow table contains one • Flow table contains one entry
entry per flow per category of flows
• Good for fine grain control, • Good for large number of
e.g. campus networks flows, e.g. backbone

9
OpenFlow deployment models (..)

Reactive Proactive

• First packet of flow triggers • Controller pre-populates flow


controller to insert flow table in switch
entries • Zero additional flow setup time
• Efficient use of flow table • Loss of control connection
• Every flow incurs small does not disrupt traffic
additional flow setup time • Essentially requires
• If control connection lost, aggregated (wildcard) rules
switch has limited utility

10
Sec 2: OpenFlow components
11
OpenFlow switch
▪ It consists of one or more flow tables and a group table, which perform
packet lookups and forwarding, and one or more OpenFlow channels to an
external controller.
▪ Using the OpenFlow switch protocol, the controller can add, update, and delete
flow entries in flow tables.
▪ Matching starts at the first flow table and may
continue to additional flow tables of the pipeline.
▪ If no match is found in a flow table, the outcome
depends on configuration of the table-miss flow
entry.

12
OpenFlow controller

▪ Manages one or more switch via OpenFlow channels.


▪ Uses OpenFlow protocol to communicate with a OpenFlow aware switch.
▪ Acts similar to control plane of traditional switch.
▪ Provides a network wide abstraction for the applications on north bound.
▪ Responsible for programming various tables in the OpenFlow Switch.
▪ Single switch can be managed by more than one controller for load
balancing or redundancy purpose. In this case the controller can take any
one of the following roles.
▪ Master.
▪ Slave.
▪ Equal.
13
OpenFlow controller (..)
▪ OpenSource
▪ OpenDayLight
▪ Floodlight
▪ RYU
▪ NOX/POX
▪ ONOS
▪ Commercial Controllers
▪ Cisco APIC
▪ VMware NSX Controller
▪ HP VAN SDN Controller
▪ NEC ProgrammableFlow PF6800 Controller
▪ Nuage Networks Virtualized Services Controller (VSC) 14
OpenFlow Channel

▪ Used to exchange OpenFlow message between switch and


controller.
▪ Switch can establish single or multiple connections to same or
different controllers (auxiliary connections).
▪ A controller configures and manages the switch, receives events
from the switch, and send packets out the switch via this interface
▪ The SC connection is a TLS/TCP connection. Switch and controller
mutually authenticate by exchanging certificates signed by a site-
specific private key.

15
OpenFlow flow table

16
Flow entry

17
Flow entry components
▪ Match fields: to match against packets. These consist of the ingress port
and packet headers, and optionally metadata specified by a previous table.
▪ Priority : matching precedence of the flow entry.
▪ Counters: updated when packets are matched.
▪ Instructions: to modify the action set or pipeline processing.
▪ Timeouts : maximum amount of time or idle time before flow is expired by
the switch.
▪ Cookies : opaque data value chosen by the controller. May be used by the
controller to filter flow statistics, flow modification and flow deletion. Not
used when processing packets.

18
Example flow entries
Switching

Switch MAC MAC Eth VLAN IP IP IP TCP TCP


Action
Port src dst type ID Src Dst Prot sport dport

* * 00:1f:.. * * * * * * * port6

Flow Switching

Switch MAC MAC Eth VLAN IP IP IP TCP TCP


Action
Port src dst type ID Src Dst Prot sport dport

port3 00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6

Firewall

Switch MAC MAC Eth VLAN IP IP IP TCP TCP


Action
Port src dst type ID Src Dst Prot sport dport

* * * * * * * * * 22 drop
19
Example flow entries (..)

Routing

Switch MAC MAC Eth VLAN IP IP IP TCP TCP


Action
Port src dst type ID Src Dst Prot sport dport

* * * * * * 5.6.7.8 * * * port6

VLAN Switching

Switch MAC MAC Eth VLAN IP IP IP TCP TCP


Action
Port src dst type ID Src Dst Prot sport dport
port6,
* * 00:1f.. * vlan1 * * * * * port7,
port9

20
Example of communication OpenFlow

21
Example of communication OpenFlow (..)

22
OpenFlow Group Table
▪ A group table consists of group entries. The ability for a flow entry to point to a
group enables OpenFlow to represent additional methods of forwarding

▪ Each group entry is identified by its group identifier and contains:


▪ Group identifier: a 32 bit unsigned integer uniquely identifying the group
▪ Group type: to determine group semantics
▪ Counters: updated when packets are processed by a group
▪ Action buckets: an ordered list of action buckets, where each action bucket
contains a set of actions to execute and associated parameters
23
Sec 3: OpenFlow messages
24
OpenFlow messages types

▪ Controller to Switch :
▪ Controller/switch messages are initiated by the controller and may or may
not require a response from the switch
▪ Asynchronous
▪ Asynchronous messages are sent without a controller soliciting them from
a switch. Switches send asynchronous messages to controllers to denote
a packet arrival, switch state change, or error.
▪ Symmetric
▪ Symmetric messages are sent without solicitation, in either direction

25
OF Messages: Controller to Switch
▪ Features : performed upon establishment of the OpenFlow channel
▪ Configuration : used to set and query configuration parameters in the switch
▪ Modify-state : used to add, delete and modify flow/group entries in the OpenFlow
tables and to set switch port properties
▪ Read-state : used to collect various information from the switch, such as current
configuration, statistics and capabilities.
▪ Packet-out : must contain a full packet or a buffer ID referencing a packet stored in
the switch.
▪ Barrier : used to ensure message dependencies have been met.
▪ Role-request : used to set the role of its OpenFlow channel, or query that role.
▪ Asynchronous-configuration : used to set an additional filter on the asynchronous
messages that it wants to receive on its OpenFlow channel, or to query that filter 26
OF Messages: Asynchronous

▪ Packet-in : Transfer the control of a packet to the controller. Procesing of


buffered packets from a controller using Packet-out, or automatically expired
after some time.
▪ Flow-removed : Inform the controller about the removal of a flow entry from
a flow table
▪ Port-status : Inform the controller of a change on a port. The switch is
expected to send port-status messages to controllers as port configuration or
port state changes
▪ Error : The switch is able to notify controllers of problems using error
messages

27
OF Messages: Symmetric

▪ Hello : Hello messages are exchanged between the switch and controller
upon connection startup

▪ Echo : can be sent from either the switch or the controller, and must return an
echo reply. They are mainly used to verify the liveness of a controller-switch
connection, and may as well be used to measure its latency or bandwidth

▪ Experimenter : provide a standard way for OpenFlow switches to offer


additional functionality within the OpenFlow message type space

28
OF Messages (cont.)

29
Sec 4: OpenFlow Pipeline
30
Pipeline processing

▪ OpenFlow-compliant switches come in two types:


▪ OpenFlow-only,
▪ OpenFlow-hybrid.
▪ OpenFlow only switches support only OpenFlow operation, in those switches all
packets are processed by the OpenFlow pipeline, and can not be processed
otherwise.
▪ OpenFlow-hybrid switches support both OpenFlow operation and normal Ethernet
switching operation
▪ Those switches must provide a classification mechanism outside of OpenFlow
that routes traffic to either the OpenFlow pipeline or the normal pipeline

31
Pipeline processing
▪ The OpenFlow pipeline of every OpenFlow switch contains multiple flow tables,
each flow table containing multiple flow entries.
▪ The OpenFlow pipeline processing defines how packets interact with those flow
tables.

32
Pipeline processing (..)
▪ Pipeline processing always starts at the first flow table
▪ The packet is first matched against flow entries of flow table 0
▪ If a flow entry is found, the instruction set included in that flow entry is executed.
▪ Instructions may direct the packet to another flow table (Goto instructions)
▪ If a packet does not match a flow entry in a flow table, this is a table miss.
▪ The behavior on a table miss depends on the table configuration :
▪ Drop
▪ Pass to another table
▪ Send to controller (packet_in message)

33
OpenFlow switch : Packet matching

34
For more details

▪ OpenFlow switch specifications :

https://www.opennetworking.org/wp-content/uploads/2014/10/openflo
-v1.3.2.pdf

35
It’s your turn !!
36
What is given ?

▪ VM called “OpenFlow” that contains Ubuntu 16.04 with JAVA


environment set up.
▪ ODL.tar.gz folder that contains OpenDaylight

37
What you should do ?

Prepare the environment


▪ Install ODL
▪ Install features : MDSAL, VTN and DLUX
▪ Configure the VM to have 2 network adapters : NAT and HostOnly

38
What you should do ?

Prepare Mininet
▪ Create a linear topology with :
▪ 4 switches and 2 hosts /switch
▪ Remote controller
▪ Des switch de type : OpenVswitchs
▪ Specify the protocol : OpenFlow
▪ And attribute MAC addresses for the hosts

39
What you should do ?

Prepare Mininet (cont.)

sudo mn --topo linear,3 --mac --controller=remote,ip=192.168.133.233,


port=6653 --switch=ovsk, protocols=OpenFlow13

40
What you should do ?

Use OpenDaylight to
▪ Scenario 1: create a blocking flow using MAC address
▪ Scenario 2: create a blocking flow using IP address
▪ Scenario 3: create a blocking flow using multiple criteria
▪ Scenario 4: create a VLAN based flow

41
42

You might also like