SDN-OpenFlow原版完整课件

OpenFlow:EnablingInnovationinCampusNetworksNickMcKeown,TomAnderson,HariBalakrishnan,GuruParulkar,LarryPeterson,JenniferRexford,ScottShenker,JonathanTurner,SIGCOMMCCR,2008PresentedbyYeTianforCourseCS05112AboutOpenFlowOpenFlow

aprotocolthatstructurescommunicationbetweenthecontrolanddataplanesunderthecontextofsoftwaredefinednetwork.AspecificationforaswitchthatcanfunctionasanOpenFlowswitch.ProposedbyOpenNetworkingFoundation(ONF)Whitepaper:Software-DefinedNetworking:TheNewNormforNetworksCurrentversion:OpenFlow1.6OverviewBackgroundSoftwareDefinedNetworkingTheOpenFlowProtocolUsingOpenFlowReviewNewComputingTrendsChangingtrafficpatterns:Aflurryof“east-west”machine-to-machinetrafficbeforereturningdatatotheenduserdeviceintheclassic“north-south”trafficpattern.Private/publiccloud,resultinginadditionaltrafficacrossthewideareanetwork.The“consumerizationofIT”:ITneedstoaccommodatevariouspersonaldeviceswhileprotectingcorporatedataandintellectualpropertyandmeetingcompliancemandates.NewComputingTrendsTheriseofcloudservices:Elasticscalingofcomputing,storage,andnetworkresources,ideallyfromacommonviewpointandwithacommonsuiteoftools.“Bigdata”meansmorebandwidth:Theriseofmegadatasetsisfuelingaconstantdemandforadditionalnetworkcapacityinthedatacenter.TheConventionalNetworkHierarchical

withtiresof

Ethernet

switchesTreestructureLimitationsofCurrentNetworkingTechnologiesComplexitythatleadstostasisProtocolstendtobedefinedinisolation,witheachsolvingaspecificproblemandwithoutthebenefitofanyfundamentalabstractions.Thishasresultedinoneoftheprimarylimitationsoftoday’snetworks:complexity.Thestaticnatureofnetworksisinstarkcontrasttothedynamicnatureoftoday’sserverenvironment.ApplicationsaredistributedacrossVMs.ManyoperateanIPconvergednetworkforvoice,data,andvideotraffic.WhileexistingnetworkscanprovidedifferentiatedQoSlevelsfordifferentapplications,theprovisioningofthoseresourcesishighlymanual.LimitationsofCurrentNetworkingTechnologiesInconsistentpolicies:Toimplementanetwork-widepolicy,ITmayhavetoconfigurethousandsofdevicesandmechanisms.Takehours.Difficulttoapplyaconsistentsetofpoliciesduetocomplexity.LimitationsofCurrentNetworkingTechnologiesInabilitytoscale:Thenetworkbecomesvastlymorecomplexwiththeadditionofhundredsorthousandsofnetworkdevicesthatmustbeconfiguredandmanaged.Mega-operators,suchasGoogle,Yahoo!,andFacebook,needso-calledhyperscalenetworksthatcanprovidehigh-performance,low-costconnectivityamonghundredsofthousands—potentiallymillions—ofphysicalservers.SuchscalingCANNOTbedonewithmanualconfiguration.LimitationsofCurrentNetworkingTechnologiesVendordependence:Carriersandenterprisesseektodeploynewcapabilitiesandservicesinrapidresponsetochangingbusinessneedsoruserdemands.Vendors’equipmentproductcycle:3ormoreyears.Lackofstandard,openinterfaceslimitstheabilityofnetworkoperatorstotailorthenetworktotheirindividualenvironments.OverviewBackgroundSoftwareDefinedNetworkingTheOpenFlowProtocolUsingOpenFlowReviewSoftwareDefinedNetworkingNetworkcontrolisdecoupledfromforwardingandisdirectlyprogrammable.ControlplaneDataplaneSoftwareDefinedNetworkingNetworkoperatorsandadministratorscanprogrammaticallyconfigurethissimplifiednetworkabstraction.Theycanwritetheseprogramsthemselvesandnotwaitforfeaturestobeembeddedinvendors’proprietaryandclosedsoftwareenvironments.SDNarchitecturessupportasetofAPIsthatmakeitpossibletoimplementcommonnetworkservices,Routing,multicast,security,accesscontrol,bandwidthmanagement,trafficengineering,qualityofservice,…,customtailoredtomeetbusinessobjectives.OverviewBackgroundSoftwareDefinedNetworkingTheOpenFlowProtocolUsingOpenFlowReviewOpenFlowSwitchesOpenFlowprovidesanopenprotocoltoprogramtheflowtableindifferentswitchesandrouters.AnOpenFlowSwitchconsistsofatleastthreepartsAFlowTable,withanactionassociatedwitheachflowentry,totelltheswitchhowtoprocesstheflow,ASecureChannelthatconnectstheswitchtoaremotecontrolprocess(calledtheController),allowingcommandsandpacketstobesentbetweenacontrollerandtheswitchusingTheOpenFlowProtocol,whichprovidesanopenandstandardwayforacontrollertocommunicatewithaswitch.OpenFlowSwitchesWhatisaflow?AflowcouldbeaTCPconnection,orallpacketsfromaparticularMACorIPaddress,orallpacketswiththesameVLANtag,orallpacketsfromthesameswitchport.Eachflow-entryhasasimpleactionassociatedwithit.

AtleastthreebasicactionsForward:sendthisflow’spacketsouttoagivenport(orports).Packet-In:Reportthisflow’spacketstoacontroller.Drop:dropthisflow’spackets.OpenFlowSwitchesAnentryintheFlow-Tablehasthreefields:Apacketheaderthatdefinestheflow,Theaction,whichdefineshowthepacketsshouldbeprocessed,Statistics,whichkeepthenumberofpacketsandbytesforeachflow,andthetimesincethelastpacketmatchA10-tuplepacketheaderOpenFlowControllerAddsandremovesflow-entriesfromtheFlowTableonbehalfofapplication.BenefitofOpenflow-basedSDNCentralizedcontrolofmulti-vendorenvironmentsNoneedCiscocertificationReducedcomplexitythroughautomationHigherrateofinnovationIncreasednetworkreliabilityandsecurityCanensurethataccesscontrol,trafficengineering,qualityofservice,security,andotherpoliciesareenforcedconsistentlyacrossthewiredandwirelessnetworkinfrastructures,MoregranularnetworkcontrolPeraddressblockperflowBetteruserexperienceForexample,automaticvideoresolutionadaptionOverviewBackgroundSoftwareDefinedNetworkingTheOpenFlowProtocolUsingOpenFlowReviewUsingOpenFlowExample1:NetworkManagementandAccessControlEthane:Thebasicideaistoallownetworkmanagerstodefineanetwork-widepolicyinthecentralcontroller,whichisenforceddirectlybymakingadmissioncontroldecisionsforeachnewflow.Acontrollerassociatespacketswiththeirsendersbymanagingallthebindingsbetweennamesandaddresses—itessentiallytakesoverDNS,DHCPandauthenticatesalluserswhentheyjoin,keepingtrackofwhichswitchport(oraccesspoint)theyareconnectedto.UsingOpenFlowExample2:VLANsThesimplestapproachistostaticallydeclareasetofflowswhichspecifytheportsaccessiblebytrafficonagivenVLANID.Amoredynamic

approachmight

useacontroller

tomanage

authenticationof

usersandusethe

knowledgeofthe

users’locationsfor

taggingtrafficat

runtime.VLANUsingOpenFlowMobilewirelessVoIPclients.Supportcall-handoffmechanismforWiFi-enabledphones.Acontrollerisimplementedtotrackthelocationofclients