melanie palmer, rob sullivan, john bilberry · 2019-11-07 · melanie palmer, rob sullivan, john...
TRANSCRIPT
Melanie Palmer, Rob Sullivan, John Bilberry
LA-UR-13-25961
Overview
� Introduction � Test Method and Materials � Results � Conclusion � Future Work � Questions
LA-UR-13-25961
Software Defined Networking
� Separate the data plane and the control plane
� Software layer between hardware and admin
� Virtual networks within a physical network
LA-UR-13-25961
OpenFlow
� Open source SDN � Hardware management on a single
platform � Exploits a common set of functions
found on most switches � OpenFlow Protocol
� Flow table � Actions
LA-UR-13-25961
Controller
� Management software for network � Communicates via a secure channel � Push and remove flows � Determine actions for undefined flows
LA-UR-13-25961
Networks for Security
User
Switch Network 2
Network 1
• User job in Node 1 • If User accesses Node 2
• Redirect to Security Node
Security Node
Controller
Rule 1 Allow access to Network 1
Rule 2 Redirect to Security Node if access to Network 2 is attempted
LA-UR-13-25961
Networks for Security
User
Network 2
Network 1
Rule 1 Allow access to Network 1
Rule 2 Redirect to Security Node if access to Network 2 is attempted
Security Node
Controller
Switch
LA-UR-13-25961
Melanie Palmer
LA-UR-13-25961
Objective
� Performance � Reliability � Scalability
LA-UR-13-25961
Materials � Our Cluster
� Seven node � CentOS 6.4
� Arista 7050S � OpenFlow 1.0 � EOS 4.10.4
� Floodlight 0.9 � Open source � Widely used in
industry � Java based
LA-UR-13-25961
Test Suite
� Load Test � Performance � Reliability
Start Test
TCP-Dump to a File
Start Section Tests
Increment the Pings per Second
Increment Test Number
Start Section Test
Start Pinging Both Nodes
Change Flows as Specified
Increment the Flows per Second
Increment the Section Number
Load Test
Tests
Sections
Start Test
TCP-Dump to a File
Start Section Tests
Increment the Pings per Second
Increment Test Number
Start Section Test
Start Pinging Both Nodes
Change Flows as Specified
Increment the Flows per Second
Increment the Section Number
Load Test
Tests
Sections
LA-UR-13-25961
Test Suite
� Load Test
Start Test
TCP-Dump to a File
Start Section Tests
Increment the Pings per Second
Increment Test Number
Start Section Test
Start Pinging Both Nodes
Change Flows as Specified
Increment the Flows per Second
Increment the Section Number
Load Test
Tests
Sections
Start Test
TCP-Dump to a File
Start Section Tests
Increment the Pings per Second
Increment Test Number
Start Section Test
Start Pinging Both Nodes
Change Flows as Specified
Increment the Flows per Second
Increment the Section Number
Load Test
Tests
Sections
Start Test
TCPDump
Start 10 Sections
Increment Pings/Sec
Finish Start
Traffic
Change Flows
Increment Flows/Sec Finish
Start Tests
Sections
Timing Limit
Traffic Limit
LA-UR-13-25961
Load Test
Controller
Node C
Node B
Node A
Rule 1: Connect A and B Rule 2: Drop Anything to C
Switch
LA-UR-13-25961
Load Test
Controller
Node C
Node B
Node A
Rule 1: Connect A and C Rule 2: Drop Anything to B
Switch
LA-UR-13-25961
Test Suite
� Load Test � Speed Test
� Scalability � Performance
Start Test
TCP-Dump to a File
Start Section Tests
Increment the Pings per Second
Increment Test Number
Start Section Test
Start Pinging Both Nodes
Change Flows as Specified
Increment the Flows per Second
Increment the Section Number
Load Test
Tests
Sections
Start Test
TCP-Dump to a File
Start Section Tests
Increment the Pings per Second
Increment Test Number
Start Section Test
Start Pinging Both Nodes
Change Flows as Specified
Increment the Flows per Second
Increment the Section Number
Load Test
Tests
Sections
LA-UR-13-25961
Test Suite
� Load Test � Speed Test
Start Test
TCP-Dump to a File
Start Section Tests
Increment the Pings per Second
Increment Test Number
Start Section Test
Start Pinging Both Nodes
Change Flows as Specified
Increment the Flows per Second
Increment the Section Number
Load Test
Tests
Sections
Start Section Test
Start Pinging Both Nodes
Change Flows as Specified
Increment the Flows per Second
Increment the Section Number
Load Test
Tests
Sections
Start Test TCPDump to File
Send Traffic to Node C
Change Flow
LA-UR-13-25961
Speed Test
Controller
Node C
Node A
Rule 1: Connect A and C
Switch
LA-UR-13-25961
Speed Test
Controller
Node C
Node A
Rule 1: Drop Node C
Switch
LA-UR-13-25961
Test Suite
� Load Test � Speed Test � Analysis Program
Failure!
Expected Behavior
LA-UR-13-25961
Test Suite
� Load Test � Speed Test � Analysis Program
� Stage 1 - Extracts ○ Error rate ○ Flow change speed
� Stage 2 - Analyzes ○ Averages data ○ Standard deviations
Failure!
LA-UR-13-25961
Rob Sullivan
LA-UR-13-25961
Load Test Results
0
2
4
6
8
10
12
14
16
0.1 0.2 0.3 0.6 1.2 2.3 4.3 7.9 13.9 21.9 31.4 40.0 45.8 51.2 53.5
Erro
r (%
)
Flows per Second
Flow Push Error Rate
250 500 750
Pings/Second
LA-UR-13-25961
Speed Test Results
0
2
4
6
8
10
12
14
16
100 pings/s
Mill
isec
onds
200 pings/s 300 pings/s 400 pings/s 600 pings/s 700 pings/s 800 pings/s 900 pings/s 1000 pings/s 500 pings/s
LA-UR-13-25961
Problems
� OpenFlow 1.0 � Volume and nature of
data � Human error
� Imprecision of some test methods
� Meaningful packet redirection
LA-UR-13-25961
LA-UR-13-25961
Will OpenFlow Work?
� Allows software reconfiguration of networks
� Easy administration � Flows can be reliably
pushed up to a measurable rate
� Flow push failure is low even at high push rates
� OpenFlow v. 1.0 inadequacies
� Hardware specific limits
� Potential security issues
� Controller can get overwhelmed
LA-UR-13-25961
Future Work
� OpenFlow 1.1 � Security � Controllers and hardware � Scale
LA-UR-13-25961
Acknowledgements Instructors – Dane Gardner and Matthew Broomfield (T.A.) Mentors – Kyle Lamb (HPC-3) and Ben McClelland (HPC-5) Special Thanks: Los Alamos National Laboratory – Gary Grider, Josephine Olivas,
Carolyn Connor, Scott Robbins and Carol Hogsett New Mexico Consortium – Ann Kuiper PRObE – Andree Jacobson Our Schools: University of Texas at El Paso New Mexico Institute of Mining and Technology Michigan Technological University
LA-UR-13-25961
Your turn!
LA-UR-13-25961