Software Defined Network(SDN)

Workshop + Hackathon
軟體定義網路中之 虛擬網路設計

陳俊良
台灣科技大學電機系

Date: 2015/7/27
Outline

1. Introduction to Network Virtualization

2. Example of Network Virtualization Application

3. Example of Virtual Tenant Network Application

4. Discussion and Summary

2
Outline

1. Introduction to Network Virtualization

2. Example of Network Virtualization Application

3. Example of Virtual Tenant Network Application

4. Discussion and Summary

3
Two virtualization technologies will be discussed…
Network Virtualization- FlowVisor Layer
• An experimental software-defined networking controller that enables network
virtualization by slicing a physical network into multiple logical networks.

Virtual Tenant Network (VTN)

• An application that provides multi-tenant virtual network on an SDN controller.

4
Network Virtualization – FlowVisor Layer

oftrace oflops openseer ofmonitor

Monitoring/
Debugging Tools

ENVI (GUI) LAVI n-Casting Aggregation

Applications

NOX Beacon Trema BigSwitch Opendaylight Controller

As Transparent proxy
Expedient/
FlowVisor Slicing Software
Opt-in Mgr
Partition bandwidth and flow table resources Create slices
Hardware/Commercial Switches Software/Test switches
Software
HP, NEC, Pronto, NetFPGA OpenWRT
Ref. Switch OpenFlow
Juniper.. and many
more PCEngine
OpenvSwitch
Switches
WiFi AP
5
Network Virtualization－FlowVisor Layer

Network Virtualization
Platform
Bandwidth Network Virtualization
Slice
Service 1
FlowSpace
Slice 1
SDN Controller Isolation
Slice 2 Service 2

…
Slice N Service N
FlowVisor

SDN Networking

Virtualize the Network

6
 Introduction
Virtual Tenant Network (VTN)

7
 Virtual Tenant Network (VTN)
Network Applications
Orchestrations & Services

Controller
Platform
Abstraction models enable
the separation of logical
plane from physical plane

Southbound Interface
& Protocol Plugins

Data Plane Elements

Source from https://wiki.opendaylight.org/view/Release/Helium/VTN/Developer_Guide

8
Virtual Tenant Network (VTN)

Create VTN in ODC;

Provide APIs for northbound VTN
Northbound API Applications;
Support virtual networks spanning
across multiple controllers

Multiple Controllers

9
 Virtual Tenant Network (VTN)
Offer virtual node features (such as virtual vBridge
mapping to real switch port)
End-to-end dynamic path control per VTN

Virtual Tenant Network

VTN Manager Service 1
Network
Policy
VTN 1

Isolation
VTN 2 Service 2

…
VTNN Service N

SDN Controller

SDN Networking

The physical topology is not directly virtualized. VTN Manager creates the VTNs.
10
 FlowVisor vs. VTN
VTN 1

OpenFlow
Controller
VTN Manager

OpenFlow Controller FlowVisor 1

Resource Allocation Policy

Translation Unit Slicing Policy 1

2 2
Slicing Policy 2

…
Forwarding Unit
3 Slicing Policy N

OpenFlow OpenFlow
Switch Switch

1 VTN Manager creates the VTN networks 1 Intercept the OpenFlow messages from controller
2 Mapping the virtual interfaces to the physical
Use the slicing policy 3 Rewrite the Flow Entry
interfaces (methods: VLAN/Port/ MAC Mapping) 2
11
Outline

1. Introduction to Network Virtualization

2. Example of Network Virtualization Application

Based on FlowVisor technique and operations, an application
called as EnterpriseVisor is designed.

3. Example of Virtual Tenant Network Application

4. Discussion and Summary

12
 Dynamically allocate bandwidth to different slices
Guarantee Quality-of-Service
Users Requirements Limitation
Slice 3

15 Mbps

40 Mbps 20 Mbps

Slice 2

20 Mbps

55 Mbps
Slice 1 30 Mbps 60 Mbps

10 Mbps

30 Mbps 20 Mbps

Assumptions:
• Maximal network capacity C=100M
13
 Network Virtualization
Slice 1 Service 1 Slice 1

Isolation Slice 2 Service 2 Slice 2

…
Slice N Service N Slice N

Network Virtualization Platform

Communicate with FlowVisor
Configure Configure enterprise networks
SDN Controller
FlowVisor EnterpriseVisor
Monitor
OFPMP_PORT_STATS_Request

SDN Networking OFPMP_PORT_DESCRIPTION_Request

OFPT_FEATURES_REQUEST

Virtualize the Network

14
Network Virtualization Platform

OpenFlow Controller

Network Virtualization Layer

EnterpriseVisor
FlowVisor
Policy Agent

Translation Unit
Resource Config
Deployment Analysis
Allocation Database
Policy
Forwarding Unit
Network Monitor

15
 Designed Resource Scheduling:
Slice 1 Linear Programming Scheme
Controller：OpenDaylight Hydrogen Base 1.0
Mininet：Mininet 2.1.0, OpenvSwitch 2.1.2

The operation of each slice

Slice 2

Slice 3

Four states are defined here.

Slice 4 S2: Resource Requester ->
if (NU Low & SU High)
S3: Resource Provider ->
If(NU High & SU Low)
16
 Network SU_High:
Utilization
>80%
SU_low
<60%
Slice
Utilization

Resource
Resource
Requester
Provider

S1 S2 S3 S4 S3

 S1: Don't change.

 S2: Request for the resource from other slice.
 S3: Provide the resource to other slice.
 S4: Don't change until. 17
 Provider Provider
Requester
S1 S2 S3 S4 S3 S2 S3 S4 S2

Provider

S1 S3 S2 S4 S2 S1 S3 S2S3 S4 S2, deny

 S1: Don't change. S2: Request for the resource from other slice. Resource Is not enough to provide service
 S3: Provide the resource to other slice. S4: Don't change until. 18
 High Utilization Low Utilization
(Requester) (Provider)

slice2 slice1 slice4 slice2,3

slice2,3 slice2 slice4

slice4

higher network utilization with only a minor sacrifice of control message latency (0.71ms).

19
 FlowVisor API
Slice 3
Add-slice

Slice name
Slice 2
Controller id

Rate
Slice 1

Bandwidth control

Controller：OpenDaylight Hydrogen Base 1.0

Mininet：Mininet 2.1.0, OpenvSwitch 2.1.2

20
Slice 3 FlowVisor API

Update-slice

Slice 2 Slice name

Rate
Slice 1

Update bandwidth rate

Controller：OpenDaylight Hydrogen Base 1.0

Mininet：Mininet 2.1.0, OpenvSwitch 2.1.2

21
 Network Virtualization
Slice 1 Service 1 Slice 1

Isolation Slice 2 Service 2 Slice 2

…
Slice N Service N Slice N

Add-slice
Network Virtualization Platform

Configure Update-slice
SDN Controller
FlowVisor EnterpriseVisor
Monitor

SDN Networking

Virtualize the Network

22
Outline

1. Introduction to Network Virtualization

2. Example of Network Virtualization Application

3. Example of Virtual Tenant Network Application

Based on VTN technique, an application to achieve the network
congestion control is designed..(This is an on-going project)

4. Discussion and Summary

23
VTN Manager

Offer virtual node features

Provide End-to-end path control

24
 Delay : 1ms Congestion Control
SLA Commitment
OFS • 𝐴𝑖 ：𝑇ℎ𝑒 𝑎𝑙𝑙𝑜𝑐𝑎𝑡𝑒𝑑 𝑟𝑒𝑠𝑜𝑢𝑟𝑐𝑒 of 𝑖𝑡ℎ routing path
BW : 100 Mbps Delay : 10ms
Link • 𝑈𝑖 ：The utilization rate of 𝑖𝑡ℎ routing path.
• 𝑇𝑖 ：The total traffic of 𝑖𝑡ℎ routing path.
𝑆𝐿𝐴3
SLA Bandwidth Delay

𝑆𝐿𝐴2 𝑆𝐿𝐴1 70 Mbps 15 ms

𝑆𝐿𝐴1
𝑆𝐿𝐴2 50 Mbps 30 ms

𝑆𝐿𝐴3 40 Mbps 40 ms

Before policy: After policy:

𝑇𝑖 𝑇𝑖
𝑃𝑎𝑡ℎ 𝑖 = 𝑈𝑖 = 𝑃𝑎𝑡ℎ 𝑖 = 𝑈𝑖 =
𝐴𝑖 𝐴𝑖
70+50+40 70
P1： 𝑈1 = P1： 𝑈1 = 100 = 70%
VTN1 VTN2 VTN3 100
= 160% 50
P2：𝑈2 = 100 = 50%
0
P2：𝑈2 = 100 = 0% 40
P3：𝑈3 = 100 = 40%
0
P3：𝑈3 = 100 = 0%
Path1 Path2 Path3 25
 Virtual Tenant Network
SDN Controller

VTN Manager
SLA information
collector
Collect the SLA information of
each VTN
Network
Reroute according to the
routing schedule (Path Policy
Mapping)

Resource
Scheduler

Network
Monitor
Server User
Physical Network
Monitor the network and service status
Designed Scheduling Scheme:
Adjust the PATH resource to avoid the overloading
Linear Programming Scheme 26
Administrator Virtual Tenant Network
1 VTN SLA information
(Bandwidth, Delay…)
Controller
VTN Manger
SLA
Collector
2 Schedule event
Network 3 Plan assign
Policy
5 Plan assign
4 Reschedule event Physical Network
Resource
Scheduler
3 Network Schedule
1 Request message
Network
Monitor
Message response
2 (Bandwidth, Utilization,…)

27
Basic operation

SLA mechanism
Without SLA mechanism and network policy &
Network policy

SLA
Commitment

With SLA mechanism and network policy

28
 Two policy models on VTN network: Flow Filter Model and Path Mapping Model
Create policy table Create different
Flow Filter
Combine
sets of traffic
+type = {in|out}
+location Policy Target
One of: vtn | vBridge | vNode_name+IF
+statistics 1
Flow List
General per IF and FFEntry and per flow
1 +name: String
+flowfilterentries: Flow Filter Entry +flowlistentries: Flow List Entry 1

Select policy table entry *

Flow Filter Entry
+flowlists: Flow List 1
+sequence number
*
+action_type = {pass, drop, redirect,
priority, bandwidth, statistics} Flow List Entry
+redirect_destination: redir_dst +match
+set = {priority|dscp} Similar to OF match
Mark packets on the wire +sequence number

1
redir_dst
Action
+vNode_name
+interface_name
+new dst MAC Match Select traffic to
+new src MAC apply marking
+direction

29
Provides more matching conditions for your applications
Command Number Description
mac-destination-address <mac-address> 1 Destination Mac Address
mac-source-address <mac-address> 2 Source Mac Address
mac-ether-type <ether-type-number> 3 Ether type
mac-vlan-priority <vlan-priority-number> 4 VLAN Priority
ip-destination-address <ip-address>/<prefix- 5 Destination IP Address
length>
ip-source-address <ip-address>/<prefix-length> 6 Source IP Address
ip-protocol <protocol-number> 7 Protocol Type
ip-dscp <dscp-number> 8 DSCP (Differentiated Services Code Point)
l4-destination-port <port-number> [ to <end- 9 Destination Port
port> ]
l4-source-port <port-number> [ to <end-port> ] 10 Source Port

30
 Provides 6 Actions for your applications
Intent Description Behavior

Pass Pass packets Pass

FlowFilter pass
Drop Drop packets Drop
FlowFilter drop
Redirect Redirect packets to a
specified point
FlowFilter redirect
Redirect
Priority Set a priority of Priority
packets
FlowFilter priority

Bandwidth Set policing

FlowFilter pass
Statistics Collect statistics
information
FlowFilter statistics Collect Statistics

31
 Traffic In

VTN 1
vBridge vBridge

Host vRouter Server

Set Policy
CIR：256000 bps

Action：Bandwidth
｛ PIR：512000 bps
CBS：48128 bytes

• CIR：Committed information Rate PBS：64000 bytes

• PIR：Peak Information Rate
• CBS：Committed burst size
• PBS：Peak burst size
32
• Path map consists of:
– Flow condition --- equivalent to flow list in flow filter model
– Path policy --- defines associated cost for network path
– Path map --- correlates flow condition to path policy

Path policy Path Map

1000 Path1
SW SW
EP1 SW SW EP2
Path2
1000 1000
SW Path3

1000000
SW SW Match1 = Path1
Match2 = Path2
Match3 = Path3

1000 SW 1000
33
Policy of one VTN does not affect other VTNs

Policy 2

Policy 1 Policy 3

34
Outline

1. Introduction to Network Virtualization

2. Example of Network Virtualization Application

3. Example of Virtual Tenant Network Application

4. Discussion and Summary

35
 FlowVisor Method VTN Method

Openflow Protocol support uncompleted support

support openflow 1.2 protocol openflow 1.3 protocol

• multi-tenant virtual
• bandwidth Isolation
network
Characteristic • topology Isolation
• virtual network isolation
• flowspace Isolation
• network policy isolation

• functional insufficient • functional sufficient

Others • instability • stability
• suspend updated • have release plan (2015)

36
 •
Network virtualization
Decouple the physical network from the virtual network.
• Enable multi-tenancy services
• Allow multiple tenants to occupy the same network infrastructure.
• Allow isolation of the users’ traffic.

FlowVisor VTN

Network Create Flow-based

Bandwidth Topology FlowSpace
Policy Virtual Traffic
Isolation Virtualization Isolation
Isolation Network Control
Thank You

ありがとう

謝謝

38