軟體定義網路對校園網路之影響許郡泓個人背景  網路測試中心執行主任  中興大學應用數學系  雲科大資訊工程所  開放式網路基金會 TLC(Test Leadership Council) 成員 chhsu@nbl org tw (03) 5736727 ext [email protected], ext. 284 NBL背景  交大網路測試中心 Network Benchmarkingg Lab  第三方公正單位  ONF Approved Lab (全世界目前六個) 2004 Wireless LAN SOHO路由器 VoIP產品 2005 VoIP互通性插拔大會網路/內容安全產品 2010 Network Anti‐botnet Solution Benchmarking 2002 電子商務網站無線區域網路產品網路安全閘道器 Internet內容遞送 2006 入侵防禦系統 10GbE Ethernet Switch VoWLAN 產品的語音品質 2013 International SDN Symposium Taiwan 2001 網路安全閘道器網路頻寬管理器網頁交換器網路服務品質 2007 P2P Friendly Properties of NAT P2P Friendly Properties of NAT Wireless SIP Residential Gateways 2009 SOHO NAT於真實網路流於真實網路流量下的穩定性表現大綱  軟體定義網路簡介  實現軟體定義網路之方法  從網管看軟體定義網路  從教學研究看軟體定義網路  從使用者看軟體定義網路  軟體定義網路之實例介紹  結論與建議 Q &A 網路出了什麼問題? 在虛擬化架構之下，你可以在60秒內產生一個具備1TB容量的虛擬機，在虛擬化架構之下你可以在60秒內產生一個具備1TB容量的虛擬機但是你卻得等網管24小時幫你設定好網路…. 網路出了什麼問題? (cont.) (cont ) 現在的網路有什麼? L3 Core L2 Domain L2 Domain L3 Core L2 Domain • 傳統L2/L3架構已經無法供應彈性 • 複雜的L2/L3架構要耗廢的人力成本太高 PC市場 Storage市場網路也可以?! 軟體定義網路簡介 What SDN really is …?? What is Software Defined Networkingg ((SDN)? ) • SDN 的特色是修改了傳統網路架構的控制模式，將網路分為控制層 (Control Plane) 與資料層 (Data Plane)，將網路的管理權限交由控制層的控制器 (Controller) 軟體負責，採用集中控管的方式。軟體負責採用集中控管的方式 • 網管人員只需在控制器上下達指令就可以進行自動化的設定，無須逐一登入網路設備進行各別的設定，節省人力成本也降低了人為部署發生疏失的可能性。簡單化SDN 簡單化SDN (cont.) (cont ) 實現軟體定義網路之方法 OpenFlow How Does OpenFlow Work? (1/2)  An OpenFlow switch separates these two functions. • The The data path portion still resides on the switch, while high‐level routing decisions are moved to a separate data path portion still resides on the switch while high level routing decisions are moved to a separate controller, typically a standard server. • The OpenFlow switch and Controller communicate via the OpenFlow protocol  Defines messages, such as packet‐in, packet‐out, modify forwarding table and get status. 16 How Does OpenFlow Work? (2/2) 17 Flow Table Abstraction (1/2)  The data path of an OpenFlow switch presents a clean flow table abstraction • Each flow table entry contains a set of packet fields to match, and an action (such as send‐out‐port, modify‐field, or drop). 18 Flow Table Abstraction (2/2) 19 Software-Defined Network (1/2) 20 Software Defined Network (2/2) Software-Defined 21 SDN 相關國際組織 Open p networkingg foundation (ONF) ( ) • ONF為非營利組織，致力於發展基於 OpenFlow 的 SDN 新網路模式架構。 • 2012/9 ONF release Openflow Switch V1.3 ，主要制定 OpenFlow Switch 規格規格。 • OpenFlow Switch 及Controller 間之溝通協議採用 OpenFlow Protocol，透過Southbound API與Controller介接。 O Open D Daylight li h • 在非營利組織 Linux Foundation 協助下，Cisco、IBM及Microsoft在內等 p y g Project。 j 18家國際大廠於2013年4月8日成立OpenDaylight • 主要制定Open Source Controller Framework (含：Northbound API)，旨在讓不同廠商的產品能相互兼容，最終建構具共通性且強健的軟體技術平台，加速推動創新的SDN 產品採用及大量商業化。 • 隱憂：OpenDaylight 的起始成員以市場獲利網通大廠為主，起始點可能不如ONF單純，為保有既有市場優勢，是否能無私為一大隱憂。 SDN 相關國際組織 (cont.) ( ) Network Functions Virtualization (NFV) ( ) • Purpose: Move Packet processing from specialize hardware to IT servers, Switches and storage. • Formed d under d ETSI ((First i meeting i in i 2013/2) / ) • 13 Founding Carrier members(AT&T, BT, CenturyLink, China Mobile, Colt, DT,, KDDI,, NTT,, Orange, g , TI,, Telefonica,, Telstra,, Verizon)) ONF: SDN World Leadership ONF Members Process of Certification Approved Labs 從網管看軟體定義網路如何解決問題? 複雜的網路架構與操作系統 SDN對網管的助益預知?! 體感管網路?! 從教學研究看軟體定義網路軟體定義網路之實例介紹 SDN Enabled Wi-Fi Wi Fi Solution Outlines  System y Architecture  Topology Example  Environment Description  Features vs. Components  Vendor-Defined Feature Specification  Feature: F t Auto A t Provision P i i Function F ti  Feature: Authentication Portal Function  Feature: Channel Non-overlapping Function 38 System Architecture System Architecture 39 Topology Example Topology Example 40 Environment Description (1/3) Environment Description (1/3)  SDN Controller • Ryu SDN Framework 3.8 • OS: Ubuntu 12.04  SDN Access Point • Device: TPLink TL-WR1043ND V2, AP222, … • OS: OpenWRT trunk • Patch: ofsoftswitch13  SDN OAM Server / SDN Portal Server • PHP 5.5 • Apache 2.4.10  SDN Database Server • MySQL 5.5 Environment Description (2/3) Environment Description (2/3)  Ryu y SDN Framework • Python-based Project Written in Python language • Environment OS: Ubuntu 10.04 or higher Network simulation tool: Mininet • Features provided p Component-based SDN framework Support OpenFlow v1.0, v1.2, v1.3, v1.4 Support various protocols for managing network devices, devices such as OpenFlow, OpenFlow Netconf, OF-config, etc. Provide REpresentational State Transfer (REST) service 42 Environment Description (3/3) Environment Description (3/3) REpresentational State Transfer (REST) Service State Transfer (REST) Service curl HTTP request REST API PHP O OAM Web b UI Operations via HTTP request with URL request with URL. • GET • POST • DELETE • PUT Mininet Controller data in JSON f format t Ryu App ((Simulated network)) OpenFlow Switch (e.g., Access Point) HTTP request HTTP request 43 Features vs Components Features vs. Components SDN Controller App SDN Access Point OAM Web System System Management Generic Wireless Control Auto Provision Function Authentication Portal Function Device Information Management Channel Non‐overlapping Quality of Service R Roaming i 44 Vendor Defined Feature Specification (1/2) Vendor‐Defined Feature Specification (1/2)  Vendor-defined features • Implemented with “Experimenter Messages” • Experimenter Message  An optional field (padding) in OpenFlow protocol  Provide SDN vendors to developp self-defined functions and services  Experimenter Message Format Header: EXPERIMENTER_ID EXP_TYPE (8 bytes) (8 bytes) Data: • • EXP_SUBTYPE PAYLOAD (1 byte) (255 bytes) The format should be defined in both controller and access points. Corresponding handler function will be triggered according to the EXP TYPE and EXP SUBTYPE. Corresponding handler function will be triggered according to the EXP_TYPE and EXP_SUBTYPE. 45 Vendor Defined Feature Specification (2/2) Vendor‐Defined Feature Specification (2/2) Experimenter Message Type and Subtype List Example 46 Feature: Auto Provision Function (1/3) Feature: Auto Provision Function (1/3) System Scenario 47 Feature: Auto Provision Function (2/3) Feature: Auto Provision Function (2/3) Trigger Proxy Mode of Configured AP Automatically Trigger/Close Proxy Mode of Configured AP Manually by Administrator 48 Feature: Auto Provision Function (3/3) Feature: Auto Provision Function (3/3) Relay the Configuration Request from Unconfigured AP and Response 49 Feature: Authentication Portal Function (1/3) Feature: Authentication Portal Function (1/3) Topology Example 50 Feature: Authentication Portal Function (2/3) Feature: Authentication Portal Function (2/3) Message Flow 51 Feature: Authentication Portal Function (3/3) Feature: Authentication Portal Function (3/3) Demo Portal Webpage 52 Feature: Channel Non overlapping Function (1/4) Feature: Channel Non‐overlapping Function (1/4) System Scenario 53 Feature: Channel Non overlapping Function (2/4) Feature: Channel Non‐overlapping Function (2/4) Scan the information of other APs with identical channel and SSID and then return to controller d th t t t ll 54 Feature: Channel Non overlapping Function (3/4) Feature: Channel Non‐overlapping Function (3/4) Scan the information of other APs with identical channel and SSID and then return to controller (cont.) d th t t t ll ( t ) 55 Feature: Channel Non overlapping Function (4/4) Feature: Channel Non‐overlapping Function (4/4) Controller performs the channel non‐overlapping algorithm and thus sends new channel assignments to those APs d th d h l i t t th AP 56 SDN OAM Web System Outlines OAM Web System y Functions Summaryy Login the OAM Web System Status and Control Dashboard Devices Hosts SSIDs S h d l Schedules QoS System Management Users OAM Web Log g System Configuration 58 OAM System Functions Summary (1/2) OAM System Functions Summary (1/2) Status and Control A. Dashboard  The summary y of SDN device and SSID information B. Devices  The SDN device list, detail information and control functions C. Hosts  The host information related to SDN devices D SSIDs D. SSID  The SSID list information and control management E Schedules E.  The control scheduling to SDN devices F. QoS Q  The meter setting to SDN devices for quality of service 59 OAM System Function Summary (2/2) OAM System Function Summary (2/2)  System y Management g A. Users  B. OAM Web Log  C. The login user management and detailed information The record of SDN OAM Web System access System Configuration  The configuration setting for database, controller and portal 60 Login the OAM Web System Login the OAM Web System [Demo URL] http://140.113.243.175/login.php 61 Status and Control Dashboard Status and Control ‐ 62 Status and Control Devices Status and Control ‐  Device List and Summary  Detailed il d Information f i andd System Controll  Quick Action of Multiple or Dedicated Devices  Wireless Control and SSID  Device Flow Information  Access Control List  Diagnostics  Backup & Restore Configuration Files  Firmware Initialization  System Log 63 Status and Control Devices Status and Control ‐  Device List and Summary 64 Status and Control Devices Status and Control ‐  Detailed Information and System Control – Description 65 Status and Control Devices Status and Control ‐  Detailed Information and System Control – Port Structure 66 Status and Control Devices Status and Control ‐  Detailed Information and System Control – Patch Upgrade 67 Status and Control Devices Status and Control ‐ Detailed Information and System Control – Firmware Upgrade 68 Status and Control Devices Status and Control ‐  Quick Action of Multiple or Dedicated Devices Quick Action of multiple devices simultaneously Quick Action of dedicated device 69 Status and Control Devices Status and Control ‐  Wireless Control and SSID – SSID List and Wireless Setting 70 Status and Control Devices Status and Control ‐  Wireless Control and SSID – MAC Filter Setting 71 Status and Control Devices Status and Control ‐  Device Flow Information 72 Status and Control Devices Status and Control ‐  Access Control List (1/2) 73 Status and Control Devices Status and Control ‐  Access Control List (2/2) 74 Status and Control Devices Status and Control ‐  Diagnostics / Backup & Restore Configuration Files 75 Status and Control Devices Status and Control ‐  System Log 76 Status and Control Devices Status and Control ‐  Firmware Initialization 77 Status and Control Hosts Status and Control ‐ 78 Status and Control SSIDs Status and Control ‐ 79 Status and Control Schedules Status and Control ‐ 80 Status and Control QoS Status and Control ‐ 81 Status and Control QoS Status and Control ‐ 82 System Management Users System Management ‐  User List Information  Activity i i log l  Permission Setting  Profile Setting 83 System Management Users System Management ‐  User List Information 84 System Management Users System Management ‐  Activity log 85 System Management Users System Management ‐  Permission Setting 86 System Management Users System Management ‐  Profile Setting 87 System Management OAM Web Log System Management – OAM Web Log 88 System Management System Configuration System Management – System Configuration  Database Server Setting  Controller ll Setting i  Portal Server Setting  Auto Update Server Setting 89 System Management System Configuration System Management – System Configuration  Database Server Setting 90 System Management System Configuration System Management – System Configuration  Controller Setting 91 System Management System Configuration System Management – System Configuration  Portal Server Setting 92 System Management System Configuration System Management – System Configuration  Auto Update Server Setting 93 結論與建議 Q & A