OpenFlow - · PDF fileOpen Networking Foundation,‘OpenFlow Switch Specification Version 1.5.1’,
Introduction of ProgrammableFlowdocs.media.bitpipe.com/io_10x/io_104215/item_521233/P... · 2012....
Transcript of Introduction of ProgrammableFlowdocs.media.bitpipe.com/io_10x/io_104215/item_521233/P... · 2012....
-
Introduction of Introduction of ProgrammableFlowProgrammableFlow
December 2011NEC Corporation
-
NEC Confidential
CONTENTSCONTENTS
2. The new paradigm shift 2. The new paradigm shift ““OpenFlowOpenFlow””
3. What is 3. What is ProgrammableFlowProgrammableFlow??
4. Solution models realized by 4. Solution models realized by ProgrammableFlowProgrammableFlow
5. Actual case5. Actual case
6. Product information and distributions6. Product information and distributions
1. Current issues of data center network and the solutions1. Current issues of data center network and the solutions
-
NEC Confidential
Current issues of data center network and the solutions
Page 3
-
NEC Confidential
Existing network configuration
Bandwidth controller
Bandwidth controller
Bandwidth controller
BandwidthcontrolFirewall
Virus checkInvasion detection
User authentication
Load balancer
Current issues in the data center and network
Various applications
インターネット/VPN
Increase in network device cost (silo type)- All devices are overdesigned, allowing for the possibility of future load increase.- Appliances are required in each tenant.
Various networkappliance devices
CacheCache server
Cache
VMVM VM VM VM VM VM VM VM VM VM VM
・・・・
Increase in operational cost due to network complication- Enormous configuration design/settings/control are required foreach device.- Network control for each tenant needs laborious operation.
It takes time for the network to recover from failures.- It is difficult to locate the failure point.- The operator has to gather all the logs involved for analysis.
Network can’t keep up with server virtualization-There are so much restriction on VM migration (it has to stay within VLAN)- It’s a lot of work to change network when adding/changing VM
Data centers have a vertically divided network device configuration on a company, division, or system basis (silo approach), which causes huge device and operational costs.
Internet etc
Page 4
Bandwidthcontroller
Router Router・・・
RouterRouter
FWFW
L2SW
LB
L2SW
LB
L3SWL3SW
L2SW L2SW L2SW
L2SWL2SW
-
NEC Confidential
Example of ProgrammableFlow network configuration
Solutions using ProgrammableFlow
CentralcontrolProgrammableFlow
Switches
ProgrammableFlow ProgrammableFlow ControllerController
Virtual servers
VM VM VM VM
Internet etc
Various networkappliance devices
Reduction in device cost by network virtualization- Start small and scale to the optimal size.- Sharing and scale out of various appliance devices.
Reduction in operational cost by network simplification-Configuration design/settings/control for each device are not required anymore.- It is easy to manage by using the virtual tenant network.
Rapid failure recovery by network visualization- The data flow and static information are shown visually on GUI.- It is possible to control SLA by setting the source as a key.
Best suitable network for server virtualization- Network is changed automatically without any constraint on VM migration. - The operation for changing network is simplified when adding/changing VM.
Central control of communication traffic and network virtualization enables drastic reduction in device and operational costs, and flexible operation of virtual servers.
VM VM
FirewallVirus check
Invasion detection
User authentication
BandwidthcontrolLoad
balancer
Cache server
Page 5
Router Router・・・
RouterRouter
-
NEC Confidential
The new paradigm shift “OpenFlow”
Page 6
-
NEC Confidential
▐ Standard spec. is defined in OpenFlow Consortium. http://www.OpenFlowswitch.org/ Proposed by Prof. Nick McKeown at Stanford University. OpenFlow protocol standard spec “OpenFlow Switch Specification” is defined.
Ver. 1.0 was released in Dec. 2009. Member:
• NEC, HP, Juniper, Cisco, Arista, Nicira, Ericsson, Broadcom, DellGoogle, DT Lab, NTT DoCoMo lab and others.
NEC leads the specification definition and trial development of OpenFlow.
Page 7
Development of the next-generation network technology (OpenFlow) and its standardization trend
▐ Background The limitation of one fits all IP- based network.
• The network system itself is overcomplicated due to the diversification of NW usage.
Realization of the infrastructure having programmability and virtualization at the same time
http://www.OpenFlowswitch.org/
-
NEC Confidential
▐ Open Networking Foundation (ONF): 2011/3/21 http://www.opennetworkingfoundation.org/
▐ Purpose: Standardization and promotion of Software-Defined Networking
(SDN) (OpenFlow)
▐ Members (As of May. 2011) Board of Directors:
• Deutsche Telekom, Verizon, Google, Facebook, Yahoo, Microsoft Member:
• Big Switch Networks、Brocade、Ciena、Cisco、Dell、Ericsson、Extreme Networks、 Force10 Networks、HP、IBM、IP Infusion、 Juniper Networks、NEC、Netgear、Netronome、Nicira、Nokia Siemens、Plexxi、Riverbed、Vello System
OpenFlow Standardization
Page 8 Copyright (c) NEC Corporation 2011. All rights reserved
http://www.opennetworkingfoundation.org/
-
NEC Confidential
Rule Action StatisticsRule Action Statistics
Page 9
Central control by OpenFlow technology
▐ Packet transferring and routing control functions are separated by the flow control protocol.
▐ By controlling traffic on a per-flow basis, advancement in routing control, network virtualization, and visualization can be realized.
OpenFlow Controller
Server
OpenFlow
Protocol
■If a switch receives a flow which is not shown in the flow table, the switch inquires of the controller about the flow.■The controller calculates the optimal path
to the address and registers the flow table based on the calculation result in each switch involved.
ActionStatistic
s
Rule
Flow Table
PacketPac
ket
Per-flow packet transfer function
OpenFlow Switch
Routing control function(fault recovery, load distribution,
optimization)
-
NEC ConfidentialPage 10
“Flow”= Switching/routing are performed by identifying a specific communication traffic based on the combination of arbitrary addresses/identifications in the layers L1 (physical port, etc.) , L2 (MAC), L3 (IP) and L4 (port No.) and selecting the optimum route according to the handling policy of the traffic.
【What is flow switching?】
What is flow switching?
In flow switching, data is transferred based on the “flow”, unlike the existing network devices.
L1 L2 L3 L4
DataSrcMACVLAN
PrioritySrcIP
TCP/UDPSrc Port
TCP/UDPDst Port
DstMAC
DstIP
IngressPort
EtherType
VLANid
IPToS
IPProto
【Existing network devices】
L2 (MAC) switching L3 (IP) routing
Switching/routing according to destination addresses in L2/L3 layers.
(Firewall etc)
-
NEC Confidential
Definition of flexible flow filteringPort, VLAN ID,
(i.e.)L2, L3, L4, …
Actions for flow(i.e.)
Unicast and Multicast
Flow statistic information(i.e.)The number of packet and
byte, connection time
Example of actions using OpenFlow
Definition of flow and flexible processDefinition of the flow
Page 11
Example of extend actions using NEC ProgrammableFlow
1.
Unicast
2.
Multicast
4.
Waypoints
3.
Multipath
Flow 1.
Flow N.
Rule(exact & wildcard) Action Statistics
Rule(exact & wildcard) Default Action Statistics
Example of actions
-
NEC Confidential
FirewallLoad balancer
(3)
Advancement in the route control using flow switching
Server
Flow 1Flow 2
Application 1 Application 2
Switch
Controller
Application 1Application 2(2) One sided flow
(1)
(1)
(2) Capable of maintenance
Page 12
■ Route control by OpenFlow(1) Efficient use of the network band by the route control on a per-flow basis.(2) Improvement in the ease of maintenance of network devices by one-sided flow.
■ The function that becomes available through the use of ProgrammableFlow(3) It is possible to specify which device (such as LB and FW) the packet go through.
FW LB
-
NEC Confidential
What is ProgrammableFlow?
Page 13
-
NEC ConfidentialPage 14
Goals of ProgrammableFlow
ProgrammableFlow controller
Virtualization can simply build a structure in which a group of physical network devices is shared by multiple systems. It is becoming almost impossible to configure complicated settings (such as settings in existing routing and VLAN) to all devices.
1. Network virtualization
The existing IP network cannot follow the dynamic behavior of the virtual machines flexibly.
To use the best of virtual machines, it is necessary to fundamentally change the network design concept.
2. Dealing with server virtualization
▐ ProgrammableFlow provides a new network solution by using the next-generation network technology “OpenFlow”.
ProgrammableFlow = OpenFlow + NW simplification + NW virtualization+ NW visualization
“ProgrammableFlow” Keywords are two “virtualization”
Network resourceComputer resource Sensor resource
Virtual machine
Dynamically changeablenetworkDynamically movable
virtual computer
Virtual Infrastructure A
Virtual Infrastructure B
Open Interface (OpenFlow)
Infrastructure virtualization/optimization of each user and service
ProgrammableFlow switch
-
NEC Confidential
Easy to define virtual networks (segments) independent of physical topology.Network can be free from VLAN complexity and simplified!
▐ Management of tenants by VLAN on each NW equipment (segmentation) is getting more and more complicated.
▐ ”Virtual Tenant Network” can segment network virtually, namely, network virtualization.
1. Network virtualization
ProgrammableFlow network
VLAN VLAN VLAN VLAN
Legacy network structure
VLAN: considering physical topology VTN: independent from physical topology
AccessSW
CoreSW
Distribution SW
Page 15
VTN2
controlManaging multipleswitches as if onevirtual big switch
VTN1
Server pool
ProgrammableFlowController
Virtual Tenant Network
Mapping physicalentities
ProgrammableFlow Switches
© NEC Corporation 2011
-
NEC Confidential
▐ Since ProgrammableFlow is a location-free network, it is easy to change settings when VM is migrated or added. It’s also easy to migrate VM from one VLAN to another (such as V-Motion).
It is necessary to consider the VLAN design of whole NW network according to the network VM has been migrated to. Thus settings must be made on each switch affected.
Since the virtual network cancels the effect of VM migration, the whole network setting change is not necessary. User-friendliness is also improved as a user can handle the operation by only using the controller.
ProgrammableFlow switchProgrammableFlow switch(physical NW)(physical NW)
No need to change v network
Existing VLAN network ProgrammableFlow network
Segment migration
VLAN 1 VLAN 2
affected area
VLAN 1
Change fromVLAN 2 to1
VM
*affected areaCorrespondence between the physical port of PFS connected to VM host and the virtual network is set. If it is already registered in the virtual network VM has been migrated to, it is possible to set up automatically without additional operation.
NW 2NW 1VM
affected area※
NW 1
2. Dealing with server virtualization it is easy to change network accordingto VM migration.
Page 16
L2 SW
Virtual NW
NW 1
vRouter
NW 2
VMVM
ProgrammableFlowProgrammableFlowcontrollercontroller
Router
L2SWVLAN 1invalidation
L2SW
L2SWL2SWL2SWL2SW
-
NEC Confidential
L2SW
L2SW
Router
Router
■■ Existing network Existing network
P-Flow physical network
Virtual tenant network (VTN)
ProgrammableFlow network configuration techniqueAn user only defines the logical connection configuration of the network and set it to the controller. The controller generates the flow table which realizes the configuration of the virtual logical network and develops it on the physical network automatically.
The controller automatically develops thelogical network configuration to the physicalnetwork. The controller also automatically controls the detour of traffic when a failure occurs and distribution of traffic when a switch is added.
Addition
Logical NWdesign only
Existing network design configuration techniqueIP address and VLAN connection are designedconsidering the physical network.The configuration of each physical switch is designed based on the NW configuration info. and then set it to each switch.
1. IP address design
2. VLANdesign
3. Logical config.is designed considering the physical config.
ProgrammableFlow makes network configuration easier!
Page 17
ConfigSw3
ConfigSw2
ConfigSw1
-
NEC Confidential
Existing technology ProgrammableFlow
The form of network
Autonomous, distribution control Central control
Logical separation IP address/MAC address/VLAN Flow basis (from L1 to L4)
Network configuration
(Logical)
IP address centered network configuration
(The physical network and logical network have the same
configuration)
Network can be configured as you wish without considering the
physical configuration.
Configuration Configuration needs to be made on each device (each switch)
Central control by a controller(auto settings)
Dealing with live migration
VLAN setting/design is set on eachdevice manually
The server is registered on the physical plane of the controller.
Automatically followed.
Comparison between existing technology and ProgrammableFlow
Page 18
ProgrammableFlow is best suited for virtual network
-
NEC Confidential
Solution models achieved by ProgrammableFlow
Page 19
-
NEC Confidential
NW visualization
The flow-based traffic volume investigation detects the failure/quality deterioration of the communication route.
Detection of quality deterioration
Visualization of route
NW virtualization Network is virtualized and ease the constraint on physical
configurationReduction in the initial cost due to scale-out Virtual tenant environment is easily realized
without any physical constraints.
ProgrammableFlow enables simplification, virtualization, and visualization of network
Features of ProgrammableFlow
Operational cost can be reduced by centrally control switches from the controller.
Simplification
ProgrammableFlowProgrammableFlowController(PFC)Controller(PFC)
ProgrammableFlowProgrammableFlowSwitch(PFS)Switch(PFS)
Centralcontrol
Page 20
PFSPFS
PFCPFC
VTN4VTN3VTN2VTN1
The virtual network hides physical configuration.
Centralcontrol
-
NEC Confidential
Load Balancer Fire Wall
The complicated data center configuration is simplified by the combination of virtual servers (VM), virtual switches (VS) and virtual NW appliances. Also dynamic resource operation can be possible.
Virtual MachineVirtual MachineVirtual MachineVirtual Machine
OpenFlow network configuration
ProgrammableFlowswitch
Load Balancer Fire Wall
Internet/VPN
OS
Application
OS
Application
L2,L3, L4LB&FW
LB FW
ProgrammableFlowController
Web-AP Application APL
Network pool
1. Features of ProgrammableFlow Simplification and resource optimization
Page 21
OS
Application
OS
ApplicationServer poolAppliance pool
・・・
Existing network configuration
Server additionERP ASP Custom AP
Bandwidth controller
Bandwidth controller
Bandwidth controller
インターネット/VPNInternet etc
Bandwidthcontroller
Router Router・・・
RouterRouter
FWFWL2SW
LB
L2SW
LBL3SWL3SW
L2SW L2SW
L2SWL2SWIndividual settingusing a different
tool for eachequipment type
complicationHigh administration
cost
-
NEC Confidential
2. Features of ProgrammableFlow Network scale out
Initial cost is reduced and scale-out can be realized.Existing network
Virtualization
High initial cost
Large network devices are introduced allowing for
future load increase.
ProgrammableFlow network
Scale-out of the network is realized
A small start can reduce the initial cost
Flex scalability dueto scale-out
Page 22
-
NEC Confidential
Network virtualization can solve the problem quicker
Since the data flow of overall network cannot be grasped, it takes timeto analyze logs when a failure occurs.
Existing network
Log
Log
Log
Log
ProgrammableFlow network
In autonomous and distributed network, it is necessary to gather
information for failure investigation.It takes time to locate the cause of
the problem.
Virtual and physical topologies arevisually grasped.
Data flow can be checked on GUI.Rapid failure discovery is
achieved.
3. Features of ProgrammableFlow network visualization
Page 23
-
NEC Confidential
Actual case
Page 24
-
Page 25
Request from customer: Reduction in operational cost(1) Changing the culture of network operation.(2) Reducing the operational/maintenance cost caused by
migration.
Request from customer: Reduction in operational cost(1) Changing the culture of network operation.(2) Reducing the operational/maintenance cost caused by
migration.
The World’s First Introduction to Business System: Nippon Express Co., LTD ▐ Background of the introduction
The common infrastructure of platform was prepared by gathering all the servers in order to achieve ICT resource efficiency and enhancement of governance.
Additional virtual servers are required after the server integration. In addition, network needs to be redesigned and reconfigured after each migration. Therefore, the operational cost of network has increased.
Customer’s aim of introduction
Significantly reduce the load of operation by simplifying network throughcentralized control. Realize the multi-tenant network virtualization environment easily without
physical restriction. The cause of failures in communication path and quality deterioration are visually
found instantly through network visualization.
Significantly reduce the load of operation by simplifying network throughcentralized control. Realize the multi-tenant network virtualization environment easily without
physical restriction. The cause of failures in communication path and quality deterioration are visually
found instantly through network visualization.
Suggesting new approachSuggesting new approach
-
NEC Confidential
System configuration for NIPPON EXPRESS CO., LTD.
Page 26
2 ProgrammableFlow controllers2 ProgrammableFlow controllers
・・・・
- Network is centrally controlled from a controller.- Cluster configuration is used to secure reliability.
About 200 IA serversAbout 200 IA servers
They can be mapped freely on the virtual network without any restraints on the accommodated location of the server ports.
8 ProgrammableFlow switches8 ProgrammableFlow switches
OpenFlow
Scalable network configurationenabled by hyper cube
-
NEC Confidential
Product information and distribution
Page 27
-
NEC Confidential
Products for Japanese Market
▐ UNIVERGE PF series (ProgrammableFlow)
UNIVERGE PF6800
Product code: BT0201-00002Shipment starting date: May 2011
Product code: BT0201-00002Shipment starting date: May 2011
Product code: B02035-xxxxxShipment starting date: May 2011
Product code: B02035-xxxxxShipment starting date: May 2011
ProgrammableFlow Controller (PFC) ProgrammableFlow Switch (PFS)
OFS Control license (+10)(Initial license)
UNIVERGE PF5240
ProgrammableFlow Switch Control license
Product code: UL4325-102 Shipment starting date: May 2011
Product code: UL4325-102 Shipment starting date: May 2011
Page 28
NEW
•Option: Either OFS control license for 1 or OFS controllicense for 10 needs to be purchased if you have a systemconsisting of 11 or more switches.
10