Advanced Computer

Networks (CS ZG525)

BITS Pilani
Pilani Campus

Virendra S Shekhawat
Department of Computer Science and Information Systems

BITS Pilani
Pilani Campus

First Semester 2015-2016

Lecture-12 [03rd Oct 2015]

Agenda
Centralized and Distributed Control and Data Planes , SDN
Architecture
[CH-21]
Reading
Software-Defined Networking: The New Norm for Networks, ONF White
Paper, 2012
https://www.opennetworking.org/images/stories/downloads/sdnresources/white-papers/wp-sdn-newnorm.pdf

OpenFlow: Protocol to Program the Networks

[CH-22]

Reading
OpenFlow: Enabling Innovation in Campus Networks, Nick McKeown, 2008
http://archive.openflow.org/documents/openflow-wp-latest.pdf
Web Reference: https://www.opennetworking.org/
3
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Topics
Software Defined Networking (SDN)
Motivation
Architecture
OpenFlow Protocol

4
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

What is SDN.??????

5
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Existing/Current Networks

6
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Existing Networks
Feature

Feature

Million of lines
of source code

Operating
System

Specialized Packet
Forwarding Hardware

Many complex functions

baked into infrastructure

Billions of gates

OSPF, BGP, multicast,

differentiated services,
Traffic Engineering, NAT,
firewalls,

7
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Limitations of Existing Networks [1]

Research stagnation
Difficult to perform real world experiments on large scale
production networks

Rate of innovation in networks is slower

Due to lack of high level abstraction

Closed Systems
Stuck with interfaces
Hard to collaborate meaningfully
Vendors starting to open-up but not meaningfully!
8
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Limitations of Existing Networks [2]

Network Equipments in recent decades
Hardware centric usage of custom ASICs
Why?
Growth in network capacity
Faster packet switching capability

Impact
Slower Innovation
Reduced flexibility once chips are fabricated
Firmware provides some programmability!
First Sem 2015-16

Advanced Computer Networks CS G525

9
BITS Pilani, Pilani Campus

Limitations of Existing Networks [3]

Vendor specific software
Why?
IPR generation, increased competition
Custom built Efficient

Impact
Closed software
Non-standard interfaces to H/W

Proprietary networking devices with proprietary

software and hardware
Innovation is limited to vendor/ vendor partners
Huge barriers for new ideas in networking
10
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Limitations of Existing Networks [4]

No control plane abstraction for the whole
network!
Packets travel inside the network
Switches pass them along
But the decisions are made individually by the
switches.. such as where to pass them
Nobody is dynamically controlling the network
flow!

11
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Idea: An OS for Networks

Closed
App

App

App

Operating
System
App

Specialized Packet
Forwarding Hardware

App

App

App

App

Operating
System
Specialized Packet
Forwarding Hardware

App

Operating
System
App

Specialized Packet
Forwarding Hardware

App

App

Operating
System

App

App

App

Specialized Packet
Forwarding Hardware

Operating
System

Specialized Packet
Forwarding Hardware

12
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

Idea: An OS for Networks

Control Programs
Network Operating System

App

App

App

Operating
System
App

Specialized Packet
Forwarding Hardware

App

App

App

App

Operating
System
Specialized Packet
Forwarding Hardware

App

Operating
System
App

Specialized Packet
Forwarding Hardware

App

App

Operating
System

App

App

App

Specialized Packet
Forwarding Hardware

Operating
System
Specialized Packet
Forwarding Hardware

13
First Sem 2015-16

Advanced Computer Networks CS G525

BITS Pilani, Pilani Campus

An OS for Networks
Control Programs
Network Operating System

Simple Packet
Forwarding
Hardware

Simple Packet
Forwarding
Hardware
Simple Packet
Forwarding
Hardware

Simple Packet
Forwarding
Hardware

A whole network is like a big machine

Simple Packet
Forwarding
Hardware
First Sem 2015-16

Advanced Computer Networks CS ZG525

14
BITS Pilani, Pilani Campus

An OS for Networks
NOX: Towards an Operating System for
Networks

Software-Defined Networking (SDN)

Control Programs
Global Network View
Network Operating System

Control via
forwarding
interface

Protocols

Protocols
15

First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

What is SDN ...?

Separation of Control Plane and Data Plane,
implementation of complex networking apps on the top
Promotes innovation at both levels Each being independent of each other

Global monitoring of the network devices, network stats

now possible
Easy interface to the user to manipulate the network.
An architecture to control not just a networking device
but an entire network!!!
16
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

SDN Layers
Infrastructure Layer
Also called the data plane, comprises the forwarding network
elements.
Does Data forwarding, as well as monitoring local
information and gathering statistics

Control Layer
Also called the control plane, responsible for managing and
programming the forwarding plane, by using information by
the data plane.
Has software controllers that have a standardized interface
(south-bound) to the forwarding plane. E.g. OPENFLOW.

Application Layer
Contains apps that can introduce new network features like
security, management, forwarding schemes, network
policies etc.
Can be used to have an abstracted, global view of the
network.
Interface called as north-bound interface.

17
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Functional Architecture of SDN

18
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Southbound Interface Popular

Protocols
ForCES (Forwarding and Control Elements
Separation): Forwarding devices are modeled using logical
function blocks (LFB) that can be composed in a modular way to
form complex forwarding mechanisms. The LFBs model a
forwarding device and cooperate to form even more complex
network devices.
ForCES CE mainly connects several LFBs to create a packet flow (topology)
to achieve the needed functionality

OpenFlow : Describes the interaction of one or more control

servers with OpenFlow-compliant switches. An OpenFlow
controller installs flow table entries in switches.
19
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

How OpenFlow Works?

OpenFlow is an open API that provides a standard interface

for programming the data plane switches
First Sem 2015-16

Advanced Computer Networks CS ZG525

20

BITS Pilani, Pilani Campus

Open Flow

Control Path (Software)

Data Path (Hardware)
21
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

OpenFlow

OpenFlow Controller
OpenFlow Protocol (SSL/TCP)

Control Path

OpenFlow

Data Path (Hardware)

22
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Open Flow Protocol: Two Parts

Wire Protocol
To establish a control session
Define a message structure for exchanging flow
modifications and collecting statistics
Define fundamental structure of a switch (i.e. ports
and tables)

Configuration and Management Protocol

To allocate physical switch ports to a particular
controller
Define high availability (active/standby)
First Sem 2015-16

Advanced Computer Networks CS ZG525

23

BITS Pilani, Pilani Campus

OpenFlow Protocol
OpenFlow Switches have flow tables, and forward elements
based on its entries also known as flow-rules.
Header fields allow mapping of entries to packets. For fast
searching, TCAM (Ternary Content Addressable Memory) is
required for lookup of wildcard matches.
Counters store network statistics no of packets/bytes, duration
of flow etc.
Actions specify how packets are handled (modify, drop, forward
etc.)
HEADER

COUNTER

ACTION

A typical flow entry

24
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Classes of Communications in
OpenFlow Control
Controller to Switch (Asynchronous)
Feature Detection/Information Retrieval
Programming and Configuration of Switch

Switch to Controller (Asynchronous)

Initiated by switch to controller, informs about packet arrivals,
state changes at switch or error
Symmetric
Hello and Echo messages, doesnt require solicitation from
either side.
First Sem 2015-16

Advanced Computer Networks CS ZG525

25

BITS Pilani, Pilani Campus

Example: OpenFlow Switching

Software
Layer

Controller
PC

OpenFlow Client
OpenFlow Table

Hardware
Layer

MAC
src

MAC
dst

port 1

5.6.7.8

IP
Src
*

IP
Dst

TCP
TCP
sport dport

5.6.7.8

port 2

Action
port 1

port 3

Source: The Stanford Clean Slate Program, http://cleanslate.stanford.edu

First Sem 2015-16

Advanced Computer Networks CS ZG525

port 4

1.2.3.4

26
BITS Pilani, Pilani Campus

OpenFlow Basics
Flow Table Entries
Rule

Action

Stats

Packet + byte counters

1.
2.
3.
4.
5.
Switch VLAN
Port
ID

Forward packet to port(s)

Encapsulate and forward to controller
Drop packet
Send to normal processing pipeline
Modify Fields
MAC
src

MAC
dst

Eth
type

IP
Src

IP
Dst

IP
Prot

TCP
sport

TCP
dport

+ mask what fields to match

27
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Examples
Switching
Switch MAC
Port src
*

MAC Eth
dst
type
00:1f:.. *

VLAN IP
ID
Src

IP
Dst

IP
Prot

TCP
TCP
Action
sport dport

IP
Dst

IP
Prot

TCP
TCP
Action
sport dport

port6

Flow Switching
Switch MAC
Port src

MAC Eth
dst
type

port3 00:20.. 00:1f.. 0800

VLAN IP
ID
Src

vlan1 1.2.3.4 5.6.7.8

17264 80

port6

Firewall
Switch MAC
Port src
*

MAC Eth
dst
type
*

VLAN IP
ID
Src

IP
Dst

IP
Prot

TCP
TCP
Forward
sport dport

22

drop
28

First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Examples
Routing
Switch MAC
Port src
*

MAC Eth
dst
type
*

VLAN IP
ID
Src

IP
Dst

5.6.7.8 *

VLAN IP
ID
Src

IP
Dst

IP
Prot

vlan1 *

TCP
TCP
Action
sport dport
port6,
port7,
*
*
port9

IP
Prot

TCP
TCP
Action
sport dport
*

port6

VLAN Switching
Switch MAC
Port src
*

MAC Eth
dst
type
00:1f.. *

29
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

The Basic Mechanism

Packet Arrives

Parse Header
Fields

Match Against
Flow Tables

Perform Actions
corresponding
to the flow
entry

30
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

OpenFlow Specifications [1]

OpenFlow 1.0 (Dec 2009)
Single table

OpenFlow 1.1 (Feb 2011)

Pipelines of flow tables and group tables

The result of pipeline are list of actions accumulated during

the pipeline execution and are applied to packet at the end of
execution.
Flow table entries are instructions instead of actions.
Groups, VLAN and MPLS Support

OpenFlow 1.2 (Dec 2011)

First ONF release
IPV6 support
31
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

OpenFlow Specifications [2]

OpenFlow 1.3 (Apr 2012)
Long Term Release
New features for monitoring, operations and management.
Metering (i.e. measuring rate of packets)

Open Flow 1.4 (Aug 2013)

Optical ports supports
Flow monitoring
Bundles of command and execute the bundle as an
atomic

OpenFlow 1.5 (Dec 2014)

Egress port tables introduced
32
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

OpenFlow Ports
OpenFlow ports are the network interfaces for passing
packets between OpenFlow processing and the rest of
the network
OpenFlow switches connect logically to each other via
their OpenFlow ports
The set of OpenFlow ports may not be identical to the
set of network interfaces provided by the switch
hardware
Some network interfaces may be disabled for OpenFlow,
OpenFlow switch may define additional OpenFlow ports
33
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

OpenFlow Port Types

Physical Ports
Switch defined ports correspond to a hardware interface of the
switch

Logical Ports
Higher level abstractions and dont correspond directly to a
hardware interface of the switch
Logical port may have an extra metadata field called Tunnel-ID
associated with it
e.g. link aggregation groups, tunnels, loopback interfaces

Reserved Ports
Specify generic forwarding actions such as sending to the controller,
flooding, or forwarding using non-OpenFlow methods, such as
normal switch processing.
34
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

OpenFlow Reserved Ports

ALL
Represents all ports the switch can use for forwarding a specific
packet

CONTROLLER
Represents the control channel with the OpenFlow controller

TABLE
Represents starts of the OpenFlow pipeline

ANY
Special value used in some OpenFlow commands when no port is
specified (wild card)

NORMAL
Non OpenFlow mode

FLOOD
To send the packet out all standard ports (except ingress port)
35
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Pipeline Processing

36
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Flow Table
Consists of Flow entries
Flow Table Example:
Match
Fields

Priority

Counters

Instructions

Timeouts

Cookie

The match fields and priority taken together

identify a unique flow entry in the flow table

37
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Group Table
The ability for a flow entry to point to a group, enables
OpenFlow to represent additional methods of
forwarding
Group
Identifiers

Group Type

Counters

Action
Buckets

Group Types
ALL (Executes all buckets in the group) [Required]
Used for multicast or broadcast forwarding
The packet is cloned for each bucket; one packet is processed for each
bucket of the group.

38

First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Example: Group Types

Indirect (Execute the one defined bucket in this group) (Required)
This group supports only a single bucket. Allows multiple flow entries
or groups to point to a common group identifier
e.g. next hops for IP forwarding

Fast-Failover (Execute the First Live Bucket) (Optional)

Each action bucket is associated with a specific port and/or group
that controls its liveness.
The buckets are evaluated in the order defined by the group, and the
first bucket which is associated with a live port/group is selected.
This group type enables the switch to change forwarding without
requiring a round trip to the controller.
39
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Meter Table
A meter table consists of meter entries, defining per-flow meters
Per-flow meters enable OpenFlow to implement various simple
QoS operations:
Such as rate-limiting, and can be combined with per-port queues

Meters are attached directly to flow entries

Multiple meters can be used on the same set of packets by using
them in successive flow tables
Meter identifier

Meter bands

Counters

meter identifier: a 32 bit unsigned integer uniquely identifying the meter

meter bands: an unordered list of meter bands, where each meter band
specifies the rate of the band and the way to process the packet
counters: updated when packets are processed by a meter
40
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Counters
Counters are maintained for each flow table, flow entry,
port, queue, group, group bucket, meter and meter band

41
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Forwarding Abstraction: Open

Flow
Controller talks to OpenFlow switch through a secure channel
Switch contains:
One or more flow tables
A group table

Flow tables:
Contain flow entries
Packets matched against flow entries
Flow entry determines which packet matches and what action will
be taken

Group table
Set of group entries
Each group entry has: identifier, type, counters and action bucket
Allows for additional action to be set on a packet: actions common
for all packets of the same group
42
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Use case: Dynamic Flow Control

Inspect first packet of a connection
Consult the access control policy
Install rules to block or route traffic

43
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Use Case: Seamless

Mobility/Migration

Observe hosts sends traffic from new location

Modify flow tables to re-route the traffic
44
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Use Case: Saving Energy

We can vary link speed, disable switch, move
VMs, disable link

45
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

FlowVisor: Slicing the Network

Divide the physical network into logical slices
Each slice/service controls its own packet forwarding
Give different slices to different application or owners
Enforce strong isolation between slices

A network slice is a collection of sliced

switches/routers
Slicing Policy: specifies resource limits for each
slice
Link Bandwidth
Topology
Maximum number of forwarding rules
46
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

FlowVisor
FlowVisor runs multiple OpenFlow
controller, one for each slice
Talks OpenFlow to the 'Slice Controller

FlowVisor intercepts and re-writes

OpenFlow messages from the 'Slice'
controllers

47
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

OpenFlow Challenges:
Controller Delay and Overhead
Controller is much slower than the switches
Processing packets leads to delay and
overhead
Need to keep most packets in fast path

48
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

OpenFlow Challenges:
Distributed Controller
Controller is single-point of failure and potential
bottleneck
Partition or replicate controller for scalability and
reliability
Problems: keeping state consistent

49
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus

Thank You !

50
First Sem 2015-16

Advanced Computer Networks CS ZG525

BITS Pilani, Pilani Campus