Open Flow

OpenFlow lecture
Takahiro Miyamoto
KDDI R&D Laboratories Inc.
Agenda
What is OpenFlow
Practices
OpenFlow overview
OpenFlow protocol in details
Environment
Practice 1: Configure OpenFlow switches
Practice 2: Use mininet
Practice 3: Use OpenFlow controller
Practice 4: Understand controller behavior
Practice 5: Allow ping traffic
Practice 6: Allow ping between a pair
Practice 7: Control packet by packet
8 August 2012
What is OpenFlow
Separate intelligence function from forwarding

function on network equipment
OpenFlow is a protocol between two functions.

Intelligence function
(routing, protection, redundancy)
Forwarding function
on per-flow basis
OpenFlow switch
Send routing entry

Rule
Rule
Action Statistics
Rule
Action Statistics
Rule
Action Statistics
OpenFlow controller
Action Statistics
packet
Flow table
Packet forwarding according OpenFlow switch

to flow table consisting of
rule and action
OpenFlow switch
3
Forward unkown Packet
8 August 2012
Features of OpenFlow
Packet forwarding on per-flow basis
Re-writing of packet headers
Separation of intelligence and forwarding

functions
8 August 2012

Traditional packet forwarding
Decide forwarding destination based on a header of a specific layer.
L2 (switch)
L3 (router)
In
Src Dst Ether VLAN VLAN Src
port MAC MAC Type ID priority IP
L4 (firewall)
Dst IP
IP Src Dst
IP proto ToS Port Port
Payload

Decide forwarding destination based on headers of arbitrary layers.
8 August 2012
Re-writing of packet header
Enable to change a header value on an arbitrary layer.
E.g. NAT
Src IP address
Dst IP address
Src port
Dst port
192.168.1.45
192.168.1.45
2222
4325
Rule: If dst port is equal to 4325,

Action: Set dst IP address to 10.1.1.45
Set dst port to 80
Src IP address
Dst IP address
Src port
Dst port
192.168.1.45
10.1.1.45
2222
80
E.g. MAC translation

Src MAC address
Dst MAC address
Src IP address
Dst IP address
02:11:99:00:00:01
02:11:99:00:00:02
192.168.1.1
192.168.1.25
Rule:
If dst IP address is equal to 192.168.1.25
Action: Set dst MAC address to 00:12:34:56:78:90
Src MAC address
Dst MAC address
Src IP address
Dst IP address
02:11:99:00:00:01
00:12:34:56:78:90
192.168.1.1
192.168.1.25
8 August 2012
Separation of intelligence and forwarding

functions
OpenFlow controller
(routing intelligence)
Common OpenFlow protocol
Open vSwitch
OpenFlow switch
OpenFlow switch
OpenFlow switch
Avoid vendor lock-in

7
8 August 2012
Statuses of OpenFlow switch products

2010
2011
2012
2013
Hardware switch
Open vSwitch 2010.5
Software switch
Pica8 2010.7
NEC 2011.3
IBM (Blade Networks) 2011.11
Juniper 2012.2
hp 2012.2
LINC 2012.6
Arista
Brocade
Cisco
Ericsson
Extreme
Force10
Under development
gnodal
Today
LineRate
MetaSwitch
stratosphere
8 August 2012
Statuses of OpenFlow controller products

2010
2011
2012
2013
Product
NOX 2008.11
Open Source
NEC 2011.3
Trema 2011.7
Beacon 2011.9
Wakame 2011.12
FloodLight 2012.1
Nicira 2012.2
IXIA 2012.7
Spirent 2012.10
BigSwitch
Midokura
Under development
Stratosphere
Today
8 August 2012
Open Networking Foundation
Standards organization related to SDN/OpenFlow
10
Define OpenFlow protocol

Share patents related to OpenFlow implementation
8 August 2012
Agenda
What is OpenFlow
Practices
11
OpenFlow overview
Environment
8 August 2012
Definition categories of OpenFlow protocol
Protocol message
Rule (match condition)
Trigger to execute action
Action
12
Message format sent between switch and

controller
Behavior to handle packet
8 August 2012
Protocol messages (1)

Type
Description
HELLO
CS
Include only OpenFlow header to confirm version.
ERROR
CS
Send error information
ECHO_REQUEST
CS
Sent for heartbeat
ECHO_REPLY
CS
Sent for heartbeat
FEATURES_REQUEST
CS
Obtain switch information.
FEATURES_REPLY
SC
Reply supported statistics, action and media.
SET_CONFIG
CS
Set maximum bytes of new flow that switch

should send to the controller
GET_CONFIG_REQUEST
CS
Query for maximum bytes of new flow
GET_CONFIG_REPLY
SC
Reply maximum bytes of new flow
13
8 August 2012

Type
Description
FLOW_MOD
CS
Send a flow entry consisting of rule and action.

Then, a switch stores it on a flow table.
FLOW_REMOVED
SC
Notify of a flow entry removal due to timeout.
PACKET_IN
SC
Forward a packet to a controller.
PACKET_OUT
CS
Forward a packet from a controller to a switch to

send the packet from the switch.
PORT_STATUS
SC
Notify of changing port status (up, down and

modify)
PORT_MOD
CS
Change port status.
14
8 August 2012

Type
Description
STATS_REQUEST
CS
Obtain statistics per flow, port or queue.
STATS_REPLY
SC
Reply statistics per flow, port or queue.
BARRIER_REQUEST
CS
If a switch receives this message, the switch

must finish all previous received messages.
BARRIER_REPLY
SC
Send if the switch completes all previous received

messages.
QUEUE_GET_CONFIG_REQUEST
CS
Obtain queue (QoS) on a switch.
QUEUE_GET_CONFIG_REPLY
SC
Reply queue (QoS) on the switch.
VENDOR
CS
For vendor extension
15
8 August 2012
Initial sequence between switch and controller

OpenFlow
switch
Establish TCP
OpenFlow
controller
HELLO
Check version
HELLO
FEATURES_REQUEST
FEATURES_REPLY
Handshake
SET_CONFIG
ECHO_REQUEST
ECHO_REPLY
16
Keep alive
8 August 2012
Rule (match condition)
Trigger to execute action

Match
In-port
Src MAC address
Dst MAC address
VLAN ID
VLAN priority
IP ToS
IP protocol number
Src IP address / subnet
Dst IP address / subnet
Src TCP/UDP port
Dst TCP/UDP port
17
8 August 2012
Action
Behavior to handle packet
18
Multiple actions are able to be specified to a rule.

Type
Description
OUTPUT
Send from the port
SET_VLAN_VID
Set VLAN ID
SET_VLAN_PCP
Set VLAN priority
STRIP_VLAN
Remove VLAN ID
SET_DL_SRC
Change src MAC address
SET_DL_DST
Change dst MAC address
SET_NW_SRC
Change src IP address
SET_NW_DST
Change dst IP address
SET_NW_TOS
Change ToS (DSCP)
SET_TP_SRC
Change src TCP/UDP port
SET_TP_DST
Change dst TCP/UDP port
ENQUEUE
Set queue (QoS) which is supported by the switch

8 August 2012
Port actions
Constants for built-in port

Type
Description
IN_PORT
Send from incoming port.
TABLE
Only for PACKET_OUT.

Handle with flow table.
NORMAL
Conventional L2/L3 forwarding
FLOOD
Send from ports except incoming and blocked ports

by STP.
ALL
Send from all ports.
CONTROLLER
Forward to a controller.
DROP port or action is not defined on OpenFlow specification.

DROP behavior depends on switch implementations.
E.g. A switch drops packets when outport is 0.
Another switch drops packets when no action is specified.
19
8 August 2012
Packet forwarding sequence

1. Triggered by packet incoming.
host
OpenFlow
switch
host
OpenFlow
controller
send a packet
Check flow table
PACKET_IN
Decide packet behavior
FLOW_MOD
Update flow table
Forward packet
send a packet
20
It depends on switch implementation

to keep a packet during
communicating with a controller.
8 August 2012
Packet forwarding sequence

2. Configure in advance.
host
OpenFlow
switch
host
OpenFlow
controller
Decide packet behavior
FLOW_MOD
send a packet
Update flow table
Forward packet
send a packet
21
8 August 2012
Agenda
What is OpenFlow
Practices
22
OpenFlow overview
Environment
8 August 2012
Environment
OpenFlow switch
OpenFlow controller
23
mininet
Original based on FloodLight
8 August 2012
Mininet
Emulate OpenFlow switches and hosts on a

server
24
OpenFlow switch: Open vSwitch
8 August 2012
Setup mininet for this lecture
(The setup is already done on your PC.)
Download mininet VM.
Convert VM image format from VMDK to Qcow2.
25
$
$
$
$
sudo
sudo
sudo
sudo
tunctl t tap0
brctl addbr br0
brctl addif br0 tap0
ifconfig br0 10.0.0.1
Start mininet VM.
$ qemu-img convert Mininet-VM.vmdk O qcow2 Mininet-VM.qcow2
Setup network interface
$ wget https://github.com/downloads/mininet/mininet/mininet-vmubuntu11.10-052312.vmware.zip
$ unzip mininet-vm-ubuntu11.10-052312.vmware.zip
$ sh Mininet-VM.sh
Login with username openflow and password openflow.

8 August 2012
FloodLight
Open source OpenFlow controller
Based on module architecture
26
Implemented by BigSwitch Inc.

Written on Java
Multiple modules (e.g. hub) are able to run in
parallel.
8 August 2012
OpenFlow controller for this lecture
Based on FloodLight
27
To understand OpenFlow behavior, I simplified

FloodLight controller.
Fundamental architecture and methods are the
same as FloodLight.
8 August 2012
Configuration
PC
Mininet-VM
h3
s1
h2
h4
10.0.0.2/24
10.0.0.1/24
28
FloodLight
Internet
8 August 2012
Agenda
What is OpenFlow
Practices
29
OpenFlow overview
Environment
8 August 2012
Practice 1
Configure OpenFlow switch

[Open vSwitch]
# ovs-vsctl list-br
Show prepared L2 bridges
# ovs-vsctl set-controller BRIDGE tcp:IPADDRESS Connect to controller
# ovs-vsctl del-controller BRIDGE Disconnect from controller
You can find logs at /var/log/openvswitch/ovs-vswitchd.log
30
8 August 2012
Practice 1

[LINC]
# vi rel/openflow/releases/0.1/sys.config
# rel/openflow/bin/openflow console
Configure below file
{of_switch, [
{controllers, [
{localhost, 6633}
Controller address
]},
{ports, [
Logical ports
[{ofs_port_no, 1},
{interface, "eth0"},
{queues, [{0, [{ofp_queue_prop_min_rate, 0},
{ofp_queue_prop_max_rate, 1000}]}]},
{rate, {1, gibps}}],
[{ofs_port_no, 2},
{interface, "eth1"},
{queues, [{0, [{ofp_queue_prop_min_rate, 0},
{ofp_queue_prop_max_rate, 1000}]}]},
{rate, {1, gibps}}]
]}
]}.
31
8 August 2012
Practice 1

[NEC Programmable Flow switch]
Under RSI mode (which enables to control VLAN)
# openflow-interface add <interface id list>
# openflow openflow-id 1 real-switch
# controller controller-name <controller name> <priority> <ipaddress> port <port>
# enable
32
8 August 2012
Practice 2
Use mininet
Launch mininet with following command.
sudo mn --topo=single,3 --switch=ovsk
Use Open vSwitch

Specify topology.
This argument means that a topology consists of a switch and three hosts.
33
Input quit to exit.

8 August 2012
Practice 2
Use mininet
34
8 August 2012
Practice 2
Use mininet
- h* : host
- s* : OpenFlow switch
- c* : OpenFlow controller
35
8 August 2012
Practice 3
Launch OpenFlow controller

Decompressed a file
$ tar zxf lecture.tar.gz
$
$
$
$
$
$
$
$
$
$
$
36
Compile required packages

cd openflowj
mvn install
cd ../floodlight-simple
mvn install
mkdir module
cd ../floodlight-handshakemodule
mvn package
cp target/com.kddi.sdn.floodlight.module.handshake-0.0.1.jar ../floodlight-simple/module
cd ../floodlight-lecture
mvn package
cp target/com.kddi.sdn.floodlight.module.lecture-0.0.1.jar ../floodlight-simple/module
8 August 2012
Practice 3
Create configuration file.
$ cd floodlight-simple
$ mkdir conf
$ vi conf/floodlight.properties
floodlight.properties
net.floodlightcontroller.core.FloodlightProvider.openflowport = 6633
floodlight.modules =
com.kddi.sdn.floodlight.module.handshake.HandshakeModule,
com.kddi.sdn.floodlight.module.keepalive.KeepaliveModule
37
8 August 2012
Practice 3
Launch FloodLight.
$ cp target/com.kddi.sdn.floodlight.simple-0.0.1.jar .
$ java -jar com.kddi.sdn.floodlight.simple-0.0.1.jar
(Ctrl+C to exit)
Launch mininet.
sudo mn --topo=single,3 --switch=ovsk --controller=remote --ip=192.168.5.54 --port=6633
Controller information
When a following message is shown on console of

FloodLight
[Handshake] Switch handshake successful
38
Then, the connection is established.

8 August 2012
Practice 4
Understand controller behavior
Lets read source codes.
$ cd floodlight-handshakemodule/src/main/java/com/kddi/sdn/floodlight/module/handshake
$ less HandshakeModule.java
39
8 August 2012
Practice 4
40
8 August 2012
Practice 4
41
8 August 2012
Practice 4
42
8 August 2012
Practice 4
43
8 August 2012
Coffee break
OpenFlow 1.0, 1.1, 1.2, 1.3,
Fundamental message format is same independent

from OpenFlow protocol versions.
Therefore, handshake can finish when version value in

header is changed.
However, FLOW_MOD message format is changed

according to versions.
It is not useful only modifying version value.
OpenFlow1.0
OpenFlow1.1
OpenFlow1.2
OpenFlow1.3
44
:
:
:
:
0x1
0x2
0x3
0x4
8 August 2012
Practice 5
Allow ping traffic
45
8 August 2012
Practice 5
Allow ping traffic
Modify configuration file.
com.kddi.sdn.floodlight.module.keepalive.KeepaliveModule,
com.kddi.sdn.floodlight.module.lecture.ping.PingModule
46
8 August 2012
Practice 5
Allow ping traffic
47
8 August 2012
Practice 5
Allow ping traffic
$ cd floodlight-lecture/src/main/java/com/kddi/sdn/floodlight/module/lecture/ping
$ less PingModule.java
48
8 August 2012
Practice 5
Allow ping traffic
49
8 August 2012
Practice 5
Allow ping traffic

Send packet to all ports.
(broadcast)
Apply this rule from all ports.
50
8 August 2012
Practice 6
Allow ping between a pair
Compile sources
Copy compiled file.
51
$ mvn package
$ copy
target/com.kddi.sdn.floodlight.lecture.jar ../floodli
ght-simple/module
8 August 2012
Practice 7
Control packet by packet
Modify configuration file.
com.kddi.sdn.floodlight.module.keepalive.KeepaliveModule,
com.kddi.sdn.floodlight.module.lecture.lldp.LLDPModule
52
8 August 2012
Practice 7
$ cd floodlight-lecture/src/main/java/com/kddi/sdn/floodlight/module/lecture/lldp
$ less LLDPModule.java
53
8 August 2012
Practice 7

Handle packet with data payload.
54
8 August 2012
Practice 7

Send arbitrary packet from OpenFlow switch.
55
8 August 2012
Takahiro Miyamoto (tk-miyamoto@kddilabs.jp)
Thank you for your attention.
56
8 August 2012

Open Flow

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Open Flow

Uploaded by

Copyright:

Available Formats

OpenFlow lecture

KDDI R&D Laboratories Inc.

Separate intelligence function from forwarding

OpenFlow is a protocol between two functions.

Send routing entry

Packet forwarding according OpenFlow switch

KDDI R&D Laboratories Inc.

Forward unkown Packet

Packet forwarding on per-flow basis

Re-writing of packet headers

Separation of intelligence and forwarding

KDDI R&D Laboratories Inc.

Packet forwarding on per-flow basis

Packet forwarding on per-flow basis

KDDI R&D Laboratories Inc.

Re-writing of packet header

Enable to change a header value on an arbitrary layer.

Rule: If dst port is equal to 4325,

E.g. MAC translation

Dst MAC address

Src MAC address

Dst MAC address

KDDI R&D Laboratories Inc.

Separation of intelligence and forwarding

Common OpenFlow protocol

Avoid vendor lock-in

KDDI R&D Laboratories Inc.

Statuses of OpenFlow switch products

Open vSwitch 2010.5

KDDI R&D Laboratories Inc.

Statuses of OpenFlow controller products

KDDI R&D Laboratories Inc.

Open Networking Foundation

Standards organization related to SDN/OpenFlow

Define OpenFlow protocol

KDDI R&D Laboratories Inc.

Definition categories of OpenFlow protocol

Rule (match condition)

Trigger to execute action

Message format sent between switch and

Behavior to handle packet

KDDI R&D Laboratories Inc.

Protocol messages (1)

Include only OpenFlow header to confirm version.

Send error information

Sent for heartbeat

Sent for heartbeat

Obtain switch information.

Reply supported statistics, action and media.

Set maximum bytes of new flow that switch

Query for maximum bytes of new flow

Reply maximum bytes of new flow

KDDI R&D Laboratories Inc.

Protocol messages (2)

Send a flow entry consisting of rule and action.

Notify of a flow entry removal due to timeout.

Forward a packet to a controller.

Forward a packet from a controller to a switch to

Notify of changing port status (up, down and

Change port status.

KDDI R&D Laboratories Inc.

Protocol messages (3)

Obtain statistics per flow, port or queue.