Upload File

flowspace revisited openflow basics flow table entries switch port mac src mac dst eth type vlan id...

  • Home
  • Documents
  • Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action
21

Upload: hilary-walton

Post on 18-Dec-2015

221 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action
Page 2: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Flowspace revisited

Page 3: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

OpenFlow Basics Flow Table Entries

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

L4sport

L4dport

Rule Action Stats

1. Forward packet to zero or more ports2. Encapsulate and forward to controller3. Send to normal processing pipeline4. Modify Fields5. Any extensions you add!

+ mask what fields to match

Packet + byte counters

3

VLANpcp

IPToS

Page 4: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

ExamplesSwitching

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* 00:1f:.. * * * * * * * port6

Flow Switching

port3

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport

Action

00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6

Firewall

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* * * * * * * * 22 drop

4

Page 5: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

ExamplesRouting

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* * * * * 5.6.7.8 * * * port6

VLAN Switching

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport

Action

* * vlan1 * * * * *

port6, port7,port9

00:1f..

5

Page 6: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Types of action

Allow/deny flow Route & re-route flow Isolate flow Remove flow

What is a flow?

Application flow All http Jim’s traffic All packets to Canada …

6

Page 7: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Properties of a Flow-based Substrate

We need flexible definitions of a flowUnicast, multicast, waypointsDifferent aggregations

We need direct control over flowsFlow as an entity we program: To route,

to move, …

Exploit the benefits of packet switchingIt works and is universally deployedIt is efficient (when kept simple)

7

Page 8: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Substrate: “Flowspace”

Collection of bits to plumb flows (of different granularities)

between end points

8

Page 9: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Flowspace: Simple Example

IP SA

IP DA

Single flow All flows from A

A

All flows between two

subnets

9

Page 10: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Flowspace: Generalization

Field 2

Field 1

Single flowSet of flows

Field n

10

Page 11: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

FlowSpace: Maps Packets to Slices

Page 12: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Properties of Flowspace

Backwards compatibleCurrent layers are a special caseNo end points need to change

Easily implemented in hardwaree.g. TCAM flow-table in each switch

Strong isolation of flowsSimple geometric constructionCan prove which flows can/cannot

communicate

12

Page 13: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Suggested Projects

13

Page 14: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Route around outages

• Route around failures– Implement algorithm to compute shortest paths

and install appropriate rules in a network– Upon receiving a notification for a broken link

recompute shortest paths and update rules

14

Page 15: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Rule management tools

• Implement and evaluate rule management tools.– Periodically check switches in a network (garbage

collection).– Defragmentation: Merge rules when possible– Clean up: Remove unused rules– Compress: Create aggregate more compact rules– Other sanity checks

15

Page 16: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Monitoring Radar

• Implement a monitoring radar– Use OpenFlow for measurements– Scan the flow space over time: Dynamically

change the rules you have over time to do finer granularity measurements to specific areas.

– Take live traffic into account to avoiding spending too much time in inactive regions.

16

Page 17: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Inter-controller Access Control Signaling• Denial o Service attack mitigation

mechanisms– Assume two domains with separate controllers– Establish a connection between the controllers

and write a simple protocol to notify the remote controller about blocking traffic from specific sources.

17

Page 18: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Elastic SDN controller

• Elastically scale SDN controller:– Monitor load to controller and when it exceeds a

threshold span an additional controller and reconfigure switches to balance load.

– Monitor demand and when it goes bellow a threshold switch back to single controller.

18

Page 19: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Next Steps: Draft Proposal

• Draft proposal (1 page) Due: Thu. 4th of Apr– Objectives, Work packages, Deliverables

• Meet with the instructor and discuss proposal: Fri. 5th of Apr

• Incorporate feedback and submit final proposal (2 pages max) Due: Wed. 10th of Apr

19

Page 20: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

This talk wouldn’t be possible without:

Past slides from:Brandon HellerYashar Ganjali (CSC2203 Course)Rob Sherwoodothers

Page 21: Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action

Further Project Ideas

http://www.cs.toronto.edu/~yganjali/courses/csc2203/page27/#suggested-topics

21

http://www.cs.toronto.edu/~yganjali/courses/csc2203/page27/#suggested-topics
http://www.cs.toronto.edu/~yganjali/courses/csc2203/page27/#suggested-topics
http://www.cs.toronto.edu/~yganjali/courses/csc2203/page27/#suggested-topics

Povezivanje mreža korištenjem TCP/IP-a · TCP/IP TCP –Transmission Control Protocol L4 protokol end-to-end protokol IP –Internet Protocol L3 protokol routed protokol razlika

DST Brochure

Next Generation Computer Networking using programmable ASICS · Switch. Port. MAC. src. MAC. dst. Eth. type. VLAN. ID. IP. Src. IP. Dst. IP. Prot. TCP. sport. TCP. dport. Forward

Dst Format

thiszineismadewithhanddrawn TUNNELESP TRAILER: PADDING (varies) pad len, next=IP AUTHENTICATION (optional) v er ,h nto spk f ag ID, TTL,proto=TCP header cksum SRC IP ADDRESS DST IP

NPL ANNUAL REPORT 1999-2000 · 7.200 I .500 2.000 0.000 2.200 1.300 Continuing Projects DST DST Indo-US DST DST NIST (USA) DST INDO/UK Fund ... Non-linear dynamics and vertex flows

Dst Annual

Dst Manual

IOS15.0(2)SE TDM - Cisco...permit tcp dst eq 3389 permit tcp dst eq 135 deny ip IT&Maintenance&ACL& All&specificaons&subjectto&change&&withoutno+ce& 8 Frame&is&always&tagged&atingress&portof&SGT&capable&device&

OpenFlow)BoF) - Internet22011/01/31  · OpenFlow 1.0 Switch Switch) Port MAC) src MAC) dst Eth) type) VLAN) ID) IP) Src) IP) Dst IP) Prot TCP) sport TCP) dport Rule) Acon) Stats)

cedric.foll@(education.gouv.fr|laposte.net) Ministère de l ...ws.edu.isoc.org/data/2007/56684660147d8ed294aaf5/Firewall-infra.pdf · Comment est caractérisé le paquet (ip src/dst,

Dst Concept

Nighthawk DST—AC1900 DST Router & DST Adapter Data Sheet ... · DST technology from the Nighthawk R7300 DST WiFi Router. Additional add-on adapters are sold separately to eliminate

Requires Nighthawk R7300 DST Router - Netgear · Add-on DST Adapter Requires Nighthawk R7300 DST Router Model DST6501

VIPRION 2400VIPRION 2400 vCMPのの紹介紹介 - F5BIG-IP 6900 1.9M L7 RPS 800K L4 CPS 最大20G TPUT 2.5M L7 RPS 1M L4 CPS 最大42G TPUT 175K L4 CPS 4G L7/L4 TPUT 220K L4 CPS 6G

Dst marblenatural

Dst Guidelines

Cisco Nexus 9000 Series NX-OS IP Fabric for Media Solution ......NBM Active flow(s) Start-Time Src-Port Mcast-Group Src-IP L4-S L4-D 06/17 01:27:11. 53 Eth1/2 225.0.0.9 192.168.102.2

Understanding the Efficacy of Deployed Internet …...The src ip and dst ip fields specify re-spectively the source and destination IP address to use for the probe. The source addresses

IP-L4 - 2010-Part2-Neighb

DST Collection

Dst storyboard1

DST-24B/PCI DST-24B/PCI+ DST-24B/PCI(2.0) DST-24B ... - … · Synway DST Series DST-24B/PCI ... DST-24B/PCIe(2.0) DST-24B/PCIe+(2.0) Digital Station Tap Board Synway Information

DST Directory

L4 CLL, L4 CLLP

DST Carriers

Diagnostic Scan Tool (DST) Instruction Manual IV Instructions… · Diagnostic Scan Tool (DST) Instruction Manual June, 2013. DST Software Installation Instructions DST INSTALLATION

Dst july2014

Retos y soluciones para Interfaces de UHD · IP SRC IP DST RTP Header Video Payload RFC 4175 IP SRC IP DST RTP Header Audio Payload AES 67 IP SRC IP DST RTP Header Metadata Payload

IDST 3103 N3 Home: Syllabus - Acadia U ~ Online...DST 3103 N3: Environmental Dashboard / Courses / 'DST 3103 N3 Home / 'DST 3103 / Syllabus Syllabus Instructor Law Welcome to DST 3103!

Security Architecture for IP (IPsec) - TU Wien · ESP IP (A,B) Data Header ESP Trailer ESP Auth IP (FW1,FW2) Tunnel Mode and Transport Mode (ESP only) A FW1 FW2 B ESP L4 Header ESP

Pneumothorax - DST

Query-IP path For Office(V3)(UMTS)_20150602152431(GMT+03_30 DST+01_00)

Clean Slate Design for the Internet - Computer Sciencebadri/552dir/papers/intro/nick09.pdfFirewall * Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP

1430 L1-L4 Technical Specifications · Section - 1 2 1430 L1-L4 Technical Specifications. 1430 L1-L4 - Manual # 99906367. 1430 L1-L4, Specifications. Performance. Unit. L1 L2 L3 L4