Realize SFC Using ONOS SDN Controller Mohan Kumar, Senior Software - - PowerPoint PPT Presentation

Realize SFC Using ONOS SDN Controller

Mohan Kumar, Senior Software Engineer, Huawei Indian Cathy Zhang, Principal Architect, Huawei USA

• 1. Understand OpenStack Neutron SFC Feature: Its Flexible

Architecture to Integrate with Multiple SDN Controllers, Its APIs, Its Code Status, Second Phase Roadmap.

• 2. Understand ONOS Controller (Open Network Operating

System) Distributed Architecture For Scalability Support

• 3. Undertand How Openstack Integrates with ONOS SDN

Controller to Realize the SFC Functionality.

OpenStack Service Chain Overview

What is Service Function Chain ?

Service Chain Management and Control Platform

NAT FW IDS LB Video NAT FW LB SF Forwarder (vSwitch) Cache QoS WOC Classifier Traffic Destination Load Balancer IDS FW Traffic Source SF Forwarder (vSwitch)

OpenStack Neutron Service Chain Architecture

ONOS Controller ONOS Service Chain Driver OVS Service Chain Driver

Common Service Chain Driver API (C2) OpenStack API for Service Chain (C1) Service Chain Driver Manager

OpenStack Server

Compute Node

OVS Swtich(Classifier)

Service VM Service VM (LB) Traffic Source Traffic Destination

ODL Controller ODL Service Chain Driver Dragonflow Service Chain Driver OVN Service Chain Driver

Dragonflow Controller

OVSDB ETCD Cassandra RamCloud

ONOS Controller ONOS Service Chain Driver OVS Service Chain Driver

Common Service Chain Driver API (C2) OpenStack API for Service Chain (C1) Service Chain Driver Manager

OpenStack Server

Compute Node

OVS Swtich(Classifier)

Service VM (FW) Service VM (IDS)

Compute Node

OVS Swtich (Classifier)

Service VM (NAT) Service VM(Web) Traffic Source Traffic Destination

ODL Controller ODL Service Chain Driver Dragonflow Service Chain Driver OVN Service Chain Driver

OVN/Dragon flow Controller

OVSDB ETCD Cassandra RamCloud

OVN/Dragonflow Distributed DB

OpenStack Service Chain API Overview

Flow Classifier Destination N-Tuple OpenStack Neutron Service Chain API Source N- Tuple Port Pair for IPS1 Neutron Port for FW1 Neutron Port for Video Optimizer1 Neutron Port for FW2 Neutron Port for FW3 Traffic Destination Video Optimizer FW IPS Traffic Source Port Pair for IPS2 Neutron Port for Video Optimizer2 Port-Pair-Group1 Port-Pair-Group2 Port-Pair-Group3 Flow Classifier Flow Classifier

Networking-sfc Project Information

• First Release in Feb 2016
• Architecture and API Specification Link:
• http://docs.openstack.org/developer/networking-sfc/
• Project Wiki Page:

○ https://wiki.openstack.org/wiki/Neutron/APIForServiceChaining

• Weekly IRC Meeting:

○ Thursday 1700 UTC on #openstack-meeting-4 ○ https://wiki.openstack.org/wiki/Meetings/ServiceFunctionChainin gMeeting

Second Phase Road Map of Networking-SFC

• Add Support for a Chain of SFs Hosted on

Container

• Add Support for a Chain of SFs Hosted on

Physical Device

• Integrate with VNFM Tacker
• Add ODL SFC Driver, OVN SFC Driver, Dragonflow

SFC Driver to Support the Implementation path on these Open Source SDN Controllers.

• Support for IETF NSH Encapsulation
• Support for Symmetric SFC Path

ONOS for Openstack

SDN Archit itectu ture

OpenStack Networking-SFC ONOS Controller vSwitch, Service Function VM/Container/ Physical Device

A new carrier-grade SDN network

• perating system designed for
• high availability
• performance
• scale-out.

Mission: “to produce the Open Source Network Operating System that will enable service providers to build real Software Defined Network”

What is Modular ONOS?

SFC in ONOS Architecture

ONOS Provider

NB API

RESTful

Core SB API

DEV Link

Switches and Service functions on the Network Data Plane Apps

PCEP

Host

ONOS SFC Manager ONOS NBI for SFC functions

Vendor Specific

Northbound Agent

OpenStack Networking-SFC

(ONOS SFC Driver)

APP

Southbound Agent

Flow Net conf

SB API for SFC provisioning on the device

Host Subsystem Flow Subsystem VTN Manager Device Subsystem Config Driver

OVSDB Provider

Demo Topology

VM4 (Destination) VM3 (SF2) VM1 (Source) VM2 (SF1) OVS

ingress egress ingress ingress ingress egress egress egress

P1 P2 P3 P4 P5

Packet path before installing SFC VM1 -> VM4 Packet path after installing SFC VM1 -> VM2 -> VM3 -> VM4

P6

• In our demonstration we have source VM, destination VM and a set of

service functions VM's spawned using openstack network API

• We use ping packet as data transfer between source and destination.
• Before installing SFC, the packet will directly go to the destination
• After installing SFC the packet will take the defined SFC path and is

processed at each service function before reaching destination.

Scenario 1

VM4 (Destination) VM3 (SF2) VM1 (Source) VM2 (SF1) OVS

ingress egress ingress ingress ingress egress egress egress

P1 P2 P3 P4 P5 P6 Test : Ping from VM1 to VM4

Packet path before installing SFC, VM1 -> VM4

20.0.0.3 20.0.0.8

Creating port

• Use neutron networking CLI to create ports on OVS (All ports are

created on the same network)

• neutron port-create --name p1 net1
• neutron port-create --name p2 net1
• neutron port-create --name p3 net1
• neutron port-create --name p4 net1
• neutron port-create --name p5 net1
• neutron port-create --name p6 net1
• neutron port-create --name p7 net1
• neutron port-create --name p8 net1

OVS P1 P2 P3 P4 P5 P6

Spawning VM's

• Spawn the VM's with the created ports
• Use nova CLI to spawn the VM's
• nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.small --nic

port-id=<ingress port> --nic port-id=<egress port> <vm name>

VM4 (Destination) VM3 (SF2) VM1 (Source) VM2 (SF1) OVS

ingress ingress ingress ingress egress egress egress

P1 P2 P3 P4 P5 P 6

egress

Ping from VM1 to VM4 Without SFC

VM4 (Destination) VM3 (SF2) VM1 (Source) VM2 (SF1) OVS

ingress egress ingress ingress ingress egress egress egress

P1 P2 P3 P4 P5 P6

Packet path before installing SFC VM1 -> VM4

20.0.0.3 20.0.0.8

Scenario 2

VM4 (Destination) VM3 (SF2) VM1 (Source) VM2 (SF1) OVS

ingress egress ingress ingress ingress egress egress egress

P1(27) P2(25) P3(26) P4(28) P5(29) P6(30) Test : Ping from VM1 to VM4 20.0.0.3 20.0.0.8

Packet path after installing SFC(Create port chain) VM1 -> VM2 -> VM3 -> VM4

Note: 5, 6, 7, 8.. are the OVS ports on which the VM's tap interfaces are created

Creating SFC Port pair

• Use Networking-SFC CLI to create port pairs
• neutron port-pair-create <port pair name> --ingress <port id> --

egress <port id>

• When a port pair is successfully created, neutron SFC will send a

create request to ONOS rest API.

• ONOS will store the respective port pair details in its DB

Create Port pair PP1 with ports P2 and P3 Create Port pair PP2 with ports P4 and P5 OVS P1 P2 P3 P4 P5 P 6

Creating Port pair group

• Use Networking-SFC CLI to create port pair group
• neutron port-pair-group-create --port-pairs <port pair name> <port

pair group name>

• Once the port pair group is successfully created, neutron will send a

create request to ONOS rest API for port pair group.

• ONOS will store the respective port pair details in its DB

Create port pair group PPG1 with port pair PP1 Create port pair group PPG2 with port pair PP2 Create Port pair PP1 with ports P2 and P3 Create Port pair PP2 with ports P5 and P6 OVS P1 P2 P3 P4 P5 P6

Create flow classifier

• Use Networking-SFC CLI to create flow classifier.
• Classifier rule is used to select traffic that originates from source with

IP prefix 20.0.0.3/32 and goes to destination with IP prefix 20.0.0.8/32 (Source and destination with in the same network), and the chain ingress port is set as the Source VM’s neutron port p1

• neutron flow-classifier-create --source-ip-prefix 20.0.0.3/32 --

destination-ip-prefix 20.0.0.8/32 –logical-source-port p1 FC1

• Once the flow classifier is successfully created, neutron will send a

create request to ONOS rest API

• ONOS will store the respective flow classifier details in its DB

Create Port chain

• Use Networking-SFC CLI to create port chain
• Create port chain with VM2 as SF1 and VM3 as SF2
• neutron port-chain-create --port-pair-group PPG1 --port-pair-

group PPG2 --flow-classifier FC1 <port chain name>

• Once the port chain is successfully created, neutron will send a chain

creation request to ONOS rest API for port chain.

• ONOS will store the respective port chain details in its DB and

initiates event to generate and download required flow rules to the switches for setting up the SFC traffic steering path.

Create Port pair PP1 with ports P2 and P3

Create Port pair PP2 with ports P4 and P5

Create port pair group PPG1 with port pair PP1 Create port pair group PPG2 with port pair PP2 SFC VM3 (SF2) VM2 (SF1)

ingress egress egress

P2 P3 P4 P5 OVS

ingress

• When the ping packet is coming out from VM1, it will meet the

classifier rule and the packet is forwarded to VM2.

• There is a SF1 running in VM2, which will receive the packet,

process it and send it out on the VM2’s egress port

• The packet coming out from the Egress port of VM2 will qualify the

pre-programmed forwarding rule and be forwarded to VM3.

• There is a SF2 running in VM3, which will receive the packet

process it, and send it out on the egress port of VM3

• The packet coming out from Egress port of VM3 will satisfy the

normal forwarding rules to the destination, and forwarded to VM4.

VM4 (Destination) VM3 (SF2) VM1 (Source) VM2 (SF1) OVS

ingress egress ingress ingress ingress egress egress egress

P1(27) P2(25) P3(26) P4(28) P5(29) P6(30)

Ping from VM1 to VM4 With SFC

Thank You