OpenFlow Switch

Control and Data Plane

OpenFlow Example
SDN Example

Flow
management
module
Path selection
Data module
Flow
Control
B
Flow Host
B
E

Host
A
 Introduction Mininet
 Mininet is a network emulator which creates a
network of virtual hosts, switches, controllers, and
links.
 Mininet hosts run standard Linux network software,
and its switches support OpenFlow for highly flexible
custom routing and Software-Defined Networking.
 Its Installation is very easy.
 A prepackaged VM is available that runs on VMware
or VirtualBox for Mac/Win/Linux with OpenFlow v1.0
tools already installed.
Topology example in Mininet
 Why Mininet ?
1. It provides a simple and inexpensive network
testbed for developing OpenFlow applications.
2. Enables complex topology testing
3. Includes a CLI that is topology-aware and
OpenFlow-aware, for debugging or running
network-wide tests
Note: One can do certifications from Vmware.
VMware ESXi (formerly ESX) is an enterprise-class,
type-1 hypervisor developed by VMware for deploying
and serving virtual computers.
Network Connections of VMs
Routing between IP Networks
 Flow Table Modifications

Flow entry example here
specifies that all Ethernet
frames entering the switch
on input port K with a
destination Ethernet
address of
0x000CF15698AD should
be output on output port N.

All other match fields have
been wildcarded, indicated
by the asterisks in their
respective match fields.
 Controller programming flow entries
in V.1.0

At time ta, the controller sends a
FLOW_MOD(ADD) command to the switch.
OFPT_FLOW_MOD(ADD):
*,*,*,*,*,*,*,*,192.168.1.1,209.1.2.1,20,
20,OFPT_ADD, PORT:P

The command adds a flow for packets entering
the switch on any port, with source IP
addresses 192.168.1.1 and destination IP
address 209.1.2.1, source TCP port 20 and
destination port 20.

All other match fields have been wildcarded.

The outport port is specified as P.
 Flow Table Modifications ...

After this controller
command is received
and processed by the
switch, the flow table
contains a new flow
entry F corresponding to
that ADD message.
 SDN Meters

OpenFlow protocol provided the ability to
implement a simple QoS by using the
concept of “meters.”

Meters can be defined on a per flow basis.

OpenFlow 1.3 introduces meters to the
OpenFlow protocol.

The OpenFlow protocol specification does not
contain any required meter band types.
 SDN Meters ...
• Meters complement the queue framework
already in place in OpenFlow by allowing for
the rate-monitoring of traffic prior to output.
• With meters, switch can monitor the ingress
rate of traffic as defined by a flow.
• Flows can direct packets to a meter using the
goto-meter OpenFlow instruction, where
the meter can then perform some operation
based on the rate it receives packets.
 Meter Table
• A meter table consists of meter entries,
defining per-flow meters.
• Per-flow meters enable OpenFlow to
implement various simple QoS operations,
such as rate-limiting, and can be combined
with per-port queues to implement complex
QoS frameworks, such as DiffServ.
 Meter Table
• A meter measures the rate of packets
assigned to it and enables controlling the
rate of those packets.
• Meters are attached directly to flow entries
• (Note: queues are attached to ports).
• Any flow entry can specify a meter
 OpenFlow Counters

To implement the metered QoS features, the
OpenFlow switch must first provide counters so that
the rate of packets can be counted and measured.

As we have seen earlier, eight types of counters are
maintained.

Counters are maintained for the following
components:
Each flow table Each flow entry
Each port Each queue
Each group Each group bucket
Each meter Each meter band
 Counter

An OpenFlow switch is not required to
support all possible counters.

For each counter, the duration refers to the
amount of time that a flow entry, a port, a
group, a queue, or a meter has been installed
in the OpenFlow switch.

Each counter must be tracked with per
second precision.
 Counter ...

Each counter is unsigned and will wrap
around with no indication that this has
happened if its maximum value is
exceeded.

There could be optional counters that an
OpenFlow switch can support.
 Instructions

For a packet in SDN to get from its source to its
destination, it will need to have its header
modified by the OpenFlow switches through
which it passes.

The way that an OpenFlow switch determines
how to modify a packet is based on the
instructions that it executes against the packet.

The collection of instructions that are executed
will be based on matching the packet’s header
field to instructions that are contained in the
flow table entry.
 Nested Flows

• Aggregated Flows
 Group Table
• In the course of pipeline processing, a flow
table may direct a flow of packets to the
group table rather than another flow table.
• The group table and group actions enable
OpenFlow to represent a set of ports as a
single entity for forwarding packets.
• Different types of groups are provided to
represent different forwarding abstractions,
such as multicasting and broadcasting.
 FIGURE 4.5 OpenFlow Table Entry Formats
From Foundations of Modern Networking: SDN, NFV, QoE, IoT, and Cloud by William Stallings (0134175395)
Copyright © 2016 Pearson Education, Inc. All rights reserved.
 Groups
• Each group includes a set of one or more
action buckets.
• Each bucket contains a list of actions.
 FIGURE 4.10 Group Types
From Foundations of Modern Networking: SDN, NFV, QoE, IoT, and Cloud by William Stallings (0134175395)
Copyright © 2016 Pearson Education, Inc. All rights reserved.
 Actions

In addition to the instructions that are
contained in the flow table entries, each
packet in an OpenFlow switch has an action
set associated with it.

Depending on a match that is made with a
packet, the corresponding flow entry can
modify the packet’s action set.

The packet’s action set travels with it as it
moves between flow tables.
 Actions

The actions in the packet’s action set will be
executed when the instruction set of a flow
entry does not contain an instruction that
points to the next flow table and the pipeline
processing of the packet has stopped.

The list of actions contained in a packet’s
action set is called an action list.
 FIGURE 3.3 Software-Defined Architecture
From Foundations of Modern Networking: SDN, NFV, QoE, IoT, and Cloud by William Stallings (0134175395)
Copyright © 2016 Pearson Education, Inc. All rights reserved.
 Small Quiz
1. ______ protocol describes ______ that take
place between an _______controller and an
_______switch
2. Packet_in message is of ______ type and is
used to transfer packet to controller
3. SDN data plane is the _______ layer
4. What are proactive and reactive routing
protocols?
5. Virtual switches will not have hardware
elements: True / False
6. _____enable OpenFlow to implement various
simple QoS operations, such as rate-limiting
 SDN Control Plane Architecture
• SDN control layer
1. Maps application layer service requests
into specific commands and directives to
data plane switches, and
2. Supplies applications with information
about data plane topology and activity.
• The control layer is implemented as a server
or cooperating set of servers known as SDN
controllers.
 FIGURE 5.2 SDN Control Plane Functions and Interfaces
From Foundations of Modern Networking: SDN, NFV, QoE, IoT, and Cloud by William Stallings (0134175395)
Copyright © 2016 Pearson Education, Inc. All rights reserved.
 Control Plane Functions
• Shortest path forwarding: Uses routing
information collected from switches to
establish preferred routes.
• Notification manager: Receives, processes,
and forwards to an application events, such
as alarm notifications, security alarms, and
state changes.
• Security mechanisms: Provides isolation
and security enforcement between
applications and services.
 Control Plane Functions
• Topology manager: Builds and maintains
switch interconnection topology information.
• Statistics manager: Collects data on traffic
through the switches.
• Device manager: Configures switch
parameters and attributes and manages flow
tables.
SDN Control Plane Functions and
Interfaces
 SDN Controller
• The functionality provided by the SDN
controller is viewed as a NOS
• Provides essential services, common
application programming interfaces (APIs),
and an abstraction of lower-layer elements
to developers.
• Functions of an SDN NOS enable
developers to define network policies and
manage networks without concern for the
details of the network device characteristics,
which may be heterogeneous and dynamic.
SDN Controller Interfaces
 Northbound Interface
• External management systems or network
applications (Net Apps) may wish to extract
information about the underlying network or
control an aspect of the network behavior or
policy.
• Additionally, controllers may find it necessary
to communicate with each other for reserving
resources across multiple domains of control
or sharing policy information with a backup
controller.
 Northbound Interface
• Provides a uniform means for developers,
network managers to access SDN service
or perform network management tasks.
• Is defined entirely in software
• Enables applications to access control
plane functions and services without
needing to know the details of the
underlying network switches
• No Standard yet
 Northbound Interface
• A number of unique APIs have been
developed for various controllers
• Open Networking Foundation formed the
Northbound Interface Working Group (NBI-
WG)
Northbound Interfaces
 FIGURE 5.5 SDN Controller APIs
From Foundations of Modern Networking: SDN, NFV, QoE, IoT, and Cloud by William Stallings (0134175395)
Copyright © 2016 Pearson Education, Inc. All rights reserved.
 SDN Controllers
• OpenFlow controller provides a
programmatic interface to the OpenFlow
switches.
• Using this programmatic interface, network
applications, referred to as Net Apps, can be
written to perform control and management
tasks and offer new functionalities.
• The control plane in SDN / OpenFlow is
logically centralized and Net Apps are
written as if the network is a single system.
 SDN Controllers
The three concepts:
• Programmability
• Separation of the control and data planes
• Management of ephemeral network state in a
centralized control plane, regardless of the
degree of centralization
“A software system or collection of
systems that together provides above
ideal concepts”
 SDN Controllers
• OpenDaylight (In Java by IBM, Cisco)
• ONOS (AT&T, NTT)
• Beacon (In Java by Stanford)
• Floodlight
• Ryu (In Python by NTT Labs)
• Onix (Commercial by Google, VMware, NTT)
• NOX (Originally in C++ with Python API, Nicira,
ICSI, Stanford)
• POX (NOX in Python) – Repository managed in
Git at Github (Version control Web based GUI)
 Southbound Interface
• Provides the logical connection between the
SDN controller and the data plane switches
• Use a southbound abstraction layer that
provides a common interface for the control
plane functions
• Support multiple southbound APIs
• Most commonly implemented southbound
API is OpenFlow
 Other Southbound Interfaces
• Open vSwitch (OVS) software project based
Open vSwitch Database Management
Protocol (OVSDB) protocol used to manage
and configure OVS instances
• Forwarding and Control Element
Separation (ForCES) by IETF
• Protocol Oblivious Forwarding (POF) –
PDU format independent extension of
Openflow
 OpenDaylight
• OpenDaylight is a Linux Foundation
Collaborative project in which a community
has come together to fill the need for an
open and reference framework for
programmability and control through an
open source SDN solution.
 FIGURE 5.7 OpenDaylight Architecture
From Foundations of Modern Networking: SDN, NFV, QoE, IoT, and Cloud by William Stallings (0134175395)
Copyright © 2016 Pearson Education, Inc. All rights reserved.
 OpenDaylight Architecture
• Five Logical Layers
• Encompasses both control plane and
application plane functionality
1.Network applications, orchestration, and
services:
• Use controller to gather network
intelligence, run algorithms to perform
analytics, and then use the controller to
orchestrate the new rules, if any,
throughout the network.
 OpenDaylight APIs
• Supports the Open Service Gateway
Initiative (OSGi) framework and
bidirectional REST for the northbound API.
• The OSGi framework is used for
applications that will run in the same
address space as the controller, while the
REST (web-based) API is used for
applications that do not run in the same
address space as the controller.
 OpenDaylight other layers
• Controller functions and services: SDN
control plane functions and services.
• Service abstraction layer (SAL): Provides a
uniform view of data plane resources, so that
control plane functions can be implemented
independent of the specific southbound interface
and protocol.
• Southbound interfaces and protocols:
Supports OpenFlow, other standard southbound
protocols, and vendor-specific interfaces.
 FIGURE 5.8 Service Abstraction Layer Model
From Foundations of Modern Networking: SDN, NFV, QoE, IoT, and Cloud by William Stallings (0134175395)
Copyright © 2016 Pearson Education, Inc. All rights reserved.