Transcription
Software-definedNetworkingInfocom, April 2009Nick McKeownnickm@stanford.edu
Part 1: Inside the boxSwitch and Router DesignPart 2: Outside the boxSoftware-defined networking
RouterSoftwareControlManagement: CLI, SNMPRouting Protocols: OSPF, ISIS, BGPHardwareDatapathPer-packet: Lookup, switch, buffer
How big should buffers be? [1/ N]How to build really fast buffers? [Nemo]How to lookup quickly in hardware? [24-8]Heuristic classification algorithms [HiCuts]IP Address Lookup& ClassificationCrossbarSchedulerWhich schedulers give 100% throughput? [MWM]Which schedulers are practical in hardware? [iSLIP]How to emulate an output queued switch? [MUCFA]How to schedule multicast? [ESLIP]How to run the scheduler slower? [PPS]How to avoid scheduling altogether? [VLB]
Three Open Topics1. There’s something special about“2x speedup”2. Deterministic (instead of probabilistic)switch design3. Making routers simpler
Three Open Topics1. There’s something special about“2x speedup”A maximal match crossbar scheduler gives100% throughput [Dai&Prabhakar]Makes a Clos network strictly non-blocking[Clos]Allows a CIOQ switch to precisely emulate anoutput-queued switch [Chuang]
Three Open Topics1. There’s something special about“2x speedup” (contd.)Allows a parallel stack of small switches toprecisely emulate one big switch [Iyer]Valiant Load-Balanced switch (or network)can give 100% throughput [Valiant]
Related observations“2x speedup” is key for both deterministic &probabilistic systemsA maximum size bipartite match is at mosttwice the size of a maximal matchA switch has two simultaneous constraints:input and outputLocal “selfish” routing decisions cost twice asmuch as “global” ones [Roughgarden]
Three Open Topics1. There’s something special about“2x speedup”2. Deterministic (instead of probabilistic)switch designWe need more analytical tools for “mimicking”Generalized pigeon-hole principles3. Making routers simpler
Three Open Topics1. There’s something special about“2x speedup”2. Deterministic (instead of probabilistic)switch design1. Making routers simpler
We have lost our wayRouterSoftwareControlHardwareDatapathMillion of lines 5389 RFCs Barrier to entryof source code500M gatesBloated10Gbytes RAMPower HungryMany complex functions baked into the infrastructureOSPF, BGP, multicast, differentiated services,Traffic Engineering, NAT, firewalls, MPLS, redundant layers,
Process of innovationDeploymentIdeaStandardizeWait 10 yearsAlmost no technology transferfrom academia
Personal regretI wish I had said it sooner and louderOur “dumb, minimal”datapath turned into abloated 1960s mainframe!
The essence of my talk (1 of 2)Hardware SubstrateThe PC industry found a simple, common,hardware substrate (x86 instruction set)Software-definitionInnovation exploded on top (applications) andin the infrastructure itself (operating systems,virtualization)Open-source100,000s of developers blew apart thestandards process, accelerated innovation
The essence of my talk (2 of 2)HardwareSubstrateSoftware-DefinedNetworkOpen SourceCultureIt is up to us to make it happen.Until we (someone) does, it remains ossified.Let’s define the substrate.
Part 1: Inside the boxPart 2: Outside the boxThe need for a substrateThe inevitability of software-definednetworking
rOS abstracts hardware substrate Innovation in applications
icationWindows(OS)Applicationor Linuxorx86(Computer)Simple, common, stable, hardware substrate below Programmability Competition Innovation in OS and applicationsMacOS
ApplicationWindows(OS)Applicationor tualizationx86(Computer)Simple, common, stable, hardware substrate below Programmability Strong isolation model Competition above Innovation in infrastructure
A simple stable common substrate1.Allows applications to flourishInternet: Stable IPv4 lead to the web2.Allows the infrastructure on top to bedefined in softwareInternet: Routing protocols, management, 3.Rapid innovation of the infrastructure itselfInternet: er.? What’s missing? What is thesubstrate ?
Mid-1990s:“To enable innovation in thenetwork, we need to program ontop of a simple hardwaredatapath”Active networkingProblems: isolation, performance,complexity
Late-1990s:“To enable innovation in thenetwork, we need the datapathsubstrate to be programmable”Network processorsProblem: Accelerated complexityof the datapath substrate
(Statement of the obvious)In networking, despite several attempts We’ve never agreed upon a clean separationbetween:1. A simple common hardware substrate2. And an open programming environment on topBut things are changing fast indata centers and service provider networks.
ObservationsPrior attempts have generally1. Assumed the current IP routing substrateis fixed, and tried to program it externallyIncluding the routing protocols2. Definedthe programming and controlmodel up-frontBut to pick the right x86 instruction set, Inteldidn’t define Windows XP, Linux or VMware
We need 1.2.3.4.A clean separation between the substrateand an open programming environmentA simple hardware substrate thatgeneralizes, subsumes and simplifies thecurrent substrateVery few preconceived ideas about howthe substrate will be programmedStrong isolation
Step 1:Separate intelligence from datapathOperators, users, 3rd party developers, researchers, New function!
We need 1.2.3.4.A clean separation between the substrateand an open programming environmentA simple hardware substrate thatgeneralizes, subsumes and simplifies thecurrent substrateVery few preconceived ideas about howthe substrate will be programmedStrong isolation
Step 2: Cache decisions in minimalflow-based datapath“If header x, send to port 4”“If header y, overwrite header with z, send to ports 5,6”“If header ?, send to me”FlowTable
Unicast1.Multicast2.
Multipath3. Load-balancing RedundancyWaypoints4. Middleware Intrusion detection
What is a flow?Types of action Application flow All http Jim’s traffic All packets to Canada Allow/deny flow Route & re-route flow Isolate flow Make flow private Remove flow
Packet-switching substrateEthernetDA, SA, etcIPDA, SA, etcTCPDP, SP, etcCollection of bits to plumb flows(of different granularities)between end pointsPayload
Properties of a flow-basedsubstrateWe need flexible definitions of a flowUnicast, multicast, waypoints, load-balancingDifferent aggregationsWe need direct control over flowsFlow as an entity we program: To route, tomake private, to move, Exploit the benefits of packet switchingIt works and is universally deployedIt’s efficient (when kept simple)
Substrate: “Flowspace”EthernetDA, SA, etcIPDA, SA, etcTCPDP, SP, etcPayloadCollection of bits to plumb flows(of different granularities)between end pointsHeaderUser-defined flowspacePayload
Flowspace: Simple exampleAll flows from ASingle flowAll flowsbetween twosubnetsIP DAAIP SA
Flowspace: GeneralizationSingle flowSet of flowsField 1Field 2Field n
Properties of FlowspaceBackwards compatibleCurrent layers are a special caseNo end points need to changeEasily implemented in hardwaree.g. TCAM flow-table in each switchStrong isolation of flowsSimple geometric constructionCan prove which flows can/cannotcommunicate
A substrateFlow-basedSmall number of actions for each flowPlumbing: Forward to port(s)Control: Forward to controllerRouting between flow-spaces: RewriteheaderBandwidth isolation: Min/max rateExternal open API to flow-table
OpenFlow as a strawmanflow-based substrate
Our Approach1. Define the substrateOpenFlow is an open external API to a flow-tableVersion 1.0Defined to be easy to add to existing hardwareswitches, routers, APs, Timeframe: NowVersion 2.0OpenFlow-optimized hardwareGeneral “flowspace”Timeframe: 2011
Our Approach2. DeployDeploy on college campusesDeploy in national research backbonenetworksEnable researchers to freely innovate on top
OpenFlow HardwareJuniper MX-seriesNEC IP8800HP Procurve5400Cisco Catalyst6kQuanta LB4GWiMax (NEC)PC EnginesMore coming soon.
ControllerAn OpenFlow Controller“Nicira” created NOX controllerAvailable at http://NOXrepo.orgMartinCasadoScottShenker
OpenFlow Basics
Ethernet Switch
Control Path (Software)Data Path (Hardware)
OpenFlow ControllerOpenFlow Protocol (SSL)Control Path OpenFlowData Path (Hardware)
OpenFlow Basics (1)Exploit the flow table in switches, routers, and chipsetsFlow 1.Rule(exact & wildcard)ActionStatisticsFlow 2.Rule(exact & wildcard)ActionStatisticsFlow 3.Rule(exact & wildcard)ActionStatisticsFlow N.Rule(exact & wildcard)Default ActionStatistics
Flow Table EntryOpenFlow Protocol Version 1.0RuleActionStatsPacket byte counters1.2.3.4.Forward packet to port(s)Encapsulate and forward to controllerDrop packetSend to normal processing pipelineSwitch MAC MAC EthPortsrcdsttype mask what fields to matchVLANIDIPSrcIPDstIPProtTCPsportTCPdport
ExamplesSwitchingSwitch MACPort src**MAC Ethdsttype00:1f:.VLAN IPIDSrc**IPDst**VLAN rt*Actionport6Flow SwitchingSwitch MACPort srcport3MAC Ethdsttype00:2e. 00:1f. 0800vlan1IPProt1.2.3.4 5.6.7.8 417264 80Actionport6FirewallSwitch MACPort src***MAC Ethdsttype*VLAN op
ExamplesRoutingSwitch MAC MAC EthPort srcdsttypeVLAN IPIDSrc******IPIPDstProt5.6.7.*8TCP TCPActionsport dport**port6VLANSwitch MAC MAC EthPort srcdsttypeVLAN IPIDSrcIPDstIPProt*vlan1 ******TCP TCPActionsport dportport6,port7,**port9
OpenFlow UsageDedicated OpenFlow NetworkControllerPeter’s codeOpenFlowRule ActionSwitchRulePeterStatistics
Usage examplesPeter’s code:Static “VLANs”His own new routing protocol: unicast, multicast, multipath, loadbalancingNetwork access controlHome network managerMobility managerEnergy managerPacket processor (in controller)IPvPeterNetwork measurement and visualization
Separate VLANs for Productionand Research TrafficControllerResearch VLANsFlow TableProduction VLANsNormal L2/L3 Processing
Virtualize OpenFlow SwitchController AController BResearcher A VLANsFlow TableResearcher B VLANsController CFlow TableResearcher C VLANsFlow TableProduction VLANsNormal L2/L3 Processing
Virtualizing low FlowVisor& Policy h
Virtualizing wProtocolOpenFlowSwitchOpenFlowFlowVisor & Policy h
rControllerController222Virtualization (FlowVisor)OpenFlowSimple, common, stable, hardware substrate below Programmability Strong isolation model Competition above Faster innovation
OpenFlow Deployment
OpenFlow DeploymentsStanford DeploymentsWired: CS Gates building, EE CIS building,EE Packard buildingWiFi: 100 OpenFlow APs across SoEWiMAX: OpenFlow service in SoEOther deploymentsInternet2 (NetFPGA switches)JGN2plus, Japan (NEC switches)10-15 research groups have switches
OpenFlow DeploymentsPlans in 2009-10Campus deploymentsLab production use“Enterprise GENI” (NSF/GPO)Backbone deploymentsNational research backbonesResearch Production use
How to get involved (1)Visit http://OpenFlowSwitch.orgExperiment with reference switchesLinux soft switchNetFPGA hardware switchExplore with your network administrator/CIOabout trial production deploymentLook at prototype commercial hardware
How to get involved (2)Experiment with controllersSimple test controllersNOX: http://NOXrepo.orgAdd a new experiment/featureRun a class
Thank You!
Open-source 100,000s of developers blew apart the standards process, accelerated innovation. . Application Application Windows (OS) Windows (OS) Linux Mac OS x86 (Computer) Windows (OS) App App Linux Linux Mac OS Mac OS . Firewall * Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Forward
