Download 20110201-schmiedt_wang-openflow

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
Document related concepts

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Wireless security wikipedia , lookup

Net bias wikipedia , lookup

Computer network wikipedia , lookup

Deep packet inspection wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Distributed firewall wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Airborne Networking wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Network tap wikipedia , lookup

Transcript 
Putting OpenFlow to
Work in a Production
Network
Dan Schmiedt
Executive Director, Network Services
and Telecommunications
Kuang-Ching “KC” Wang
Associate Professor, Department of
Electrical & Computer Engineering
Fan Yang, Aaron Rosen
Graduate Students, Department of
Electrical & Computer Engineering
The big picture from a Technology point of view …
• OpenFlow is part of an answer to the “ossification”
problem we see in networking: it provides a platform
for innovation and rapid deployment of new
protocols in real networks.
• OpenFlow can represent a major shift in the way we
think of and operate networks: software defined,
controller-based networking.
– Network devices can be just interface-containing boxes.
– Imagine, for example, how this could change the need for
routing protocols; the controllers already know everything!
Clemson University
2
The big picture from a University point of view…
• OpenFlow provides a mechanism for the
engagement of IT Staff with Academic faculty and
students.
• On the IT side we’re very busy and have to deal with
operational realities. Our eyes are close to the
grindstone and it’s often hard to think “out of the
box”. (We know that box very well, thank you!)
• On the Academic side, students and faculty are eager
to solve real problems and are not jaded by the
realities of running a production network.
• So, what could happen if we combined them?
Clemson University
3
A Positive Feedback Loop
• To facilitate sustained growth and leverage the power of a
University to stay creative, we need a new model.
– Students
• IT funded RAs from networking research groups
• University funded undergraduate “Creative Inquiry” team
• Proposed Internal Internship program, supported by the Provost
– Network engineers
• Task assignment/incentive model
• Internal Faculty sabbaticals
Research
Clemson University
IT
Teaching
4
So, we just install the OpenFlow IOS image, give the
students TACACS+ userids and let ‘em rip?
• Ummm…:
– OF is not supported on Cisco hardware
– I’m excited about all this, but not (completely) insane
• We support KC and his students in transporting GENI
OpenFlow VLANs to GENI projects from I2/NLR and
around campus…
• But, we wanted to do something with production
network applications
• KC and students brainstormed with network
engineers to find more use cases…
Clemson University
5
OpenFlow use cases in the production net
• Idea: think of ways we can leverage OpenFlow with
minimal risk to the production network.
• The sky is the limit: simple python code and the NOX
OpenFlow controller can tell the switch how to
forward traffic in whatever ways we want…
• Some ideas:
– Data Analysis Network, “DAN”
– Tracking of stolen laptops
Clemson University
6
OpenFlow use cases in the production net
• Data Analysis Network, “DAN”
– We are accumulating a plethora of devices that
need to see aggregate network traffic at arbitrary
points on the network. E.g., Coradiant, MARS,
FireEye, sniffers, etc.
• “You know, just have your network people send the
appropriate traffic to our magical device…”
– An OpenFlow DAN would behave like a bunch of
Gigamon boxes and forward traffic from SPANs or
VACLs to monitoring devices.
Clemson University
7
Proposed DAN implementation
Some noodling on the whiteboard…
Clemson University
8
OpenFlow – A One Slide Overview
• A software defined networking paradigm
• OpenFlow-enabled commercial switches allow open access to
their flow tables by authorized software OpenFlow controllers
• Centralized, virtualized control and monitoring of network
Application Servers
Network of
Various Scales
End Users
OpenFlow Controllers
OpenFlow-enabled
Commercial Switch
Normal
Software
Normal
Datapath
Clemson University
Secure
Channel
Flow
Table
9
OpenFlow use cases in the production net
• Case study 1: Data Analysis Network
• Case study 2: Tracking Stolen Laptops
• Both cases are implemented with simple OpenFlow controller
(OFC) code, coexisting with a production OFC (POFC)
– OFC coexistence made possible by FlowVisor software
Clemson Campus Network
Core
...
Distribution
Access
POFC
OFC1
FlowVisor
Clemson University
OFC2
IT server
e.g., security/app
monitor
Host 2, e.g.,
app server
Host 1, e.g.,
user desktop
10
OpenFlow Data Analysis Network
• The problem: Packet grabbing appliances (Cisco MARS,
Coradiant, sniffers) need us to send traffic of interest to them.
• The need: a separate Data Analysis Network (DAN) to mirror
traffic from arbitrary location. Like Gigamon, etc.
• The proposed solution: Use OF to duplicate traffic from
User
anywhere to designated analysis servers
traffic
Monitored
traffic
Clemson Campus Network
Core
...
Distribution
Access
POFC
OFC1
FlowVisor
Clemson University
OFC2
IT server
e.g., security/app
monitor
Host 2, e.g.,
app server
Host 1, e.g.,
user desktop
11
OK, so how do you DO this?
Starting with a simple example, we would turn on an OFcapable switch, enable OF for a VLAN, point it at a NOX
controller, and write some simple python code.
This code makes a simple hub:
When a packet comes into the
controller the controller floods the
packet out all ports on the switch.
Clemson University
12
Kick it up one more notch and make a learning switch…
Learn which ports the source
MAC address is attached to.
Then, check if we know where the
port the destination MAC address is.
Installs rule to switch to send
packets to that port matching
the Destination MAC address.
Clemson University
13
…and add just a little more to that …
• 7 added lines of python code to default switch controller
OF command #1:
install rule to
duplicate packets
to mirror port from
another port on the
same switch
OF command #2:
controller sends a
duplicate packet to mirror
port, in addition to original
forwarding action
Clemson University
14
Use case #2: OpenFlow Computer Tracking
• The problem: Large number of student laptops reported
stolen every year
• The need: In some past cases, stolen laptops remained on
campus and were accessing campus network
• The proposed solution: Leverage OF controller to detect and
track lost laptops’ location upon network access
Clemson Campus Network
Core
...
Distribution
Lost
laptop
DB
Access
Campus
switch
location
DB
Clemson University
OFC2
FlowVisor
Reported stolen
laptop
15
OpenFlow controller code for computer tracker
• Two database queries added to a standard controller template
Database query #1:
check MAC
address with stolen
laptop database
Database query #2:
upload switch/port ID to
stolen laptop database
Clemson University
16
Web Display Snapshot
Clemson University
17
Google Map Snapshot
Clemson University
18
Summary and outlook
• We believe that OpenFlow will drive a paradigm shift
in networking.
• Universities can be most effective when they
leverage the depth of their faculty, the creativity of
their students, and the expertise of their staff.
• Relax! This stuff is fun, and you’ll get smarter.
• Build a partnership with an academic part of your
University.
• Commercial support is a chicken-and-egg problem,
let’s break that cycle.
Clemson University
19
Openflow: http://openflowswitch.org
GENI: http://geni.net
FURTHER QUESTIONS
CONTACT:
DAN – [email protected]
KC – [email protected]
Clemson University
20
Related documents
Data Management Plan Section I. Types of Data Data produced as a
Data Management Plan Section I. Types of Data Data produced as a
Global Engagement of People Networks: Building e
Global Engagement of People Networks: Building e
Estinet open flow network simulator and emulator.
Estinet open flow network simulator and emulator.
refine and evaluate marketing actions (PROBLEM SOLVING)
refine and evaluate marketing actions (PROBLEM SOLVING)
Load Distribution of an OpenFlow Controller for Role
Load Distribution of an OpenFlow Controller for Role
Operation - Clemson University
Operation - Clemson University
LINEAR INDEPENDENCE IN A RANDOM BINARY VECTOR
LINEAR INDEPENDENCE IN A RANDOM BINARY VECTOR
slides
slides
Clean Slate Design for the Internet
Clean Slate Design for the Internet
Grid and DG connected mode
Grid and DG connected mode
Collaborative reasoning - School of Computing
Collaborative reasoning - School of Computing