ProgrammableFlow Introduction

Information Technologies Group (ITG) Enterprise Technologies Unit

NEC Corporation

Page 1

Motivation NW IT for Network Virtualization

IP NW IP NW
L3SW
L3SW Firewall Firewall Load Balancer Load Balancer

L2SW L2SW

WEB

Server Server

AP AP AP AP DB DB AP DB AP DB DB AP

WEB WEB WEB DB WEB WEB DB

WEB WEB

AP DB

Page 2

Challenges in Automating the Network

Routers, switches and ports

Performance Scaling

are tightly coupled

Too many complex protocols

requiring end-to-end consistency More Protocols

ECMP, Trill, IS-IS, LAG, MSPT

No aggregate network resource view Difficult to create network-as-a-service:

More design and configuration

automated create/delete

Complexity

Difficult to Automate, Self-service

Page 3

Can we simplify the Network?

Board Members Deutsche Telekom Facebook Google Microsoft Verizon Yahoo!

Members
Big Switch Networks Broadcom Brocade Ciena Cisco Citrix Dell Ericsson Extreme Networks Force10 HP IBM Intel IP Infusion Juniper Networks Marvell NEC Netgear Nokia Siemens Networks NTT Riverbed Technology VMware

Prototype Switches
Blade Networks (IBM) HP Brocade Netgear Dell Extreme

Production Switch

Switch (PFS)

Introducing ProgrammableFlow
The Simple Solution for Complex Networks Deploy, control, monitor, and manage multi-tenant network infrastructure Unlock the power of OpenFlow switching through open interfaces Seamless Integration with VMware Environments
PF series
ProgrammableFlow Controller (PFC)
ProgrammableFlow Switch Family (PFS)

Page 5

Real World Feedback on ProgrammableFlow

What Customers are Saying:
Network complexity has grown to a point beyond reasonable. ProgrammableFlow provides an automated means of network self-repair, and gives us the single pane of management and control we have long sought. Eric Miller, CEO of Genesis Hosting Solutions By adopting ProgrammableFlow, we have significantly reduced our network operational costs. Yuji Noguchi, General Manager, Information Technology

What Analyst Are Saying:

ESG Lab found ProgrammableFlow to be easy to configure and use, while able to dynamically adapt to changing physical topology and logical requirements. Traffic was not able to cross VTNs, making the solution a truly multi-tenant network on top of the same physical network topology.
Page 6

Use Case 1: Multi-Tenant Cloud Services

Network Virtualization reduces complexity and increases flexibility.
Secure Virtual Tenant Network (VTN)

VTN1

VTN2

Physical configuration
PFC

Control

Page 7

Use Case 2: Appliance Pooling

Build cloud networks that scale from single racks to multiple datacenters Scale network capacity non-disruptively by simply adding more OpenFlow Enabled Switches
Existing Network ProgrammableFlow Network

NW appliance pool
PFC

Network switch pool

PFS

Server pool

Network Scale out without network reconfiguration

Page 8

Pools of Capacity

How OpenFlow Works

Packet transferring and routing control functions are separated by the flow control protocol. By controlling traffic on a per-flow basis, advancement in routing control, network virtualization, and visualization can be realized.
Packet Forwarding

Network Control

OpenFlow Switch OpenFlow Controller

Rule Rule

Action Statistics Action Statistics

Server

Flow Table
Flow Setup modes: Proactive Controller pre-populates flow table entries. Reactive - If a switch receives a flow which is not shown in the flow table, the switch inquires of the controller about the flow.

Page Page 9 9

OpenFlow Flow Switching Definition

Legacy L2/L3 switching and routing

Layer 2 (MAC) Switching

Layer 3 (IP) Routing

Ingress Port

Ether Dest

Ether Src

Ether type

VLAN PCP (*6)

VLAN id

IP Src

IP Dst IP proto IP ToS

TCP/UDP src port

TCP/UDP dst port

Flow Switching with any combinations of tuples as a key

Exact Matching Wild Card Matching
Aggregated MAC-subnet: MAC-src: A.*, MAC-dst: B.* Aggregated IP-subnet: IP-src: 205.16.*/24, IP-dst: 206.12.*/24

Page 10

Programmable Flow Network Fabric

Virtual Network
Virtual Networks Network Logic Creates Network Map

Path Control

Allocates Flows based on Policy

Topology Discovery Manages Flow Table Entry

OpenFlow Control

Any interconnection topology

OpenFlow Enabled Switch

Page 11

ProgrammableFlow Controller
ProgrammableFlow Controller Overview
Multitenant Networks on same physical network Network virtualization zero switch configuration, add capacity without changing logical network Location Free Networking place VMs or Network devices anywhere in the network Any topology more throughput, more resilience, more use of network resources Waypoint routing for network appliance integration Flow switching for policy based security and compliance End to End Performance Monitoring and troubleshooting OpenFlow Network Control
Topology Discovery Fault Detection Self Repair

PF6800 ProgrammableFlow Controller Appliance

Fully Redundant Configuration

Page 12

ProgrammableFlow Management Console

PFC automatically discovers, controls and monitors networks of OpenFlow enabled devices Administrators can create and deploy virtual networks centrally

Virtual Network
Page 13

Physical Network

Univerge PF5240 ProgrammableFlow Switch

NEC ProgrammableFlow PF5240 Switch-the first GA OpenFlow switch-provides reliable, high capacity, line-rate Layer 2/3/4 switching, enabling the creation of scalable, feature-rich virtualized Cloud and Enterprise networks.

Features

Page 14

Enterprise class L2/L3 edge switches with 48 10/100/1000 ports + 4 1000/10000 ports in compact 1U form factor NEC OpenFlow capability delivers enterprise class performance with dramatic reductions in network complexity and configuration Best in class OpenFlow capacity - Flow Entries capabilities of 64,000-160,000 ProgrammableFlow OpenFlow technology delivers chassis like capabilities with fixed ports economics High-availability location free networks with hitless fail-over and hot insertion/removal of units L3 capabilities include OSPF,BGP, RIP,VRRP, PIM, MLD L2 capabilities include STP, RSTP, MSTP, PVST, IGMP, Rate limiting, bandwidth control Modular design with internal redundant hotswappable power supplies and fan 176Gbps fully non blocking switching Virtual switch instance for running OpenFlow and distributed protocols on the same equipment 4 sfp+ ports supporting cost effective SFP+ SR

PF5240-48T4XW

Univerge PF5820 - ProgrammableFlow Switch

-OpenFlow based flow handling with hardware at full wire rate(1.28Tbps) -10GbE(SFP/SFP+) x 48 ports + 40GbE(QSFP) x 4 ports -Support Layer 2 (MAC) forwarding table manipulated through OpenFlow - Layer 2 (MAC) Table max 128K flow entries - 12 tuple flow table max 1000 flow entries -Power redundancy supported
Optical module QSFP+ 40GBASE-SR, 1M/3M/5M QSFP+ DAC Breakout Cable, 1M QSFP+ to QSFP+ Cable SFP+, 0.5M/1M/3M/7M DAC SFP+ Cable, 1000BASE-T (RJ-45) SFP, 1000BASE-SX SFP, OpenFlow1.0.0 80K ~ 128K (Layer 2 table for OpneFlow) 500 (12 tupple table) 1 No-legacy protocols runs with OpenFlow telnet, ssh, SNMP, sflow

UNIVERGE PF5820 (Oct 2011)

Forwarding

Number of ports

Model Dimensions Weight Power/Consumption Temperature Humidity Altitude MTBF

Delay less than 1us 1.28Tbps/960Mpps 48 x 1 Gb/10 Gb SFP+ ports, 4 x 40 Gb QSFP+ ports Up to 64 x 1Gb/10 Gb SFP+ ports with optional breakout cables Airflow type Rear to Front Airflow type Front to Rear 17.3" wide, 19.0" deep, 1U high 9.98 kg 50 - 60 Hz, 100 - 240 V / 330 wats 0-40 C degree 10-90%, non-condensing 3,050 m (10,000feet) 165,990 hours @ 40@ C

OpenFlow Protocol Version Number of OpenFlow table entries Number of instances Protocols Management

Note: Specification might be changed without any notice. Page 15

NEC Confidential

Customer Case Study

Networking Challenges
Nippon Express built a common datacenter in order to gain efficiency and improve IT governance Large numbers of virtual servers were created after server consolidation. The network had to be redesigned and reconfigured after each migration, driving operational costs and complexity

Customer Goals
Reduction in operational cost (1) Changing the culture of network operation. (2) Reducing the operational/maintenance cost caused by migration.
Benefits Realized

Significantly reduce the load of operation by simplifying network through centralized control. Realize the multi-tenant network virtualization environment easily without physical restriction. The cause of failures in communication path and quality deterioration are visually found instantly through network visualization.
Page 16

Case Study: Nippon Express

Nippon Express Data Center Network Results
-Systems such as a transportation operation history management system will be migrated to the private cloud. -A new system has been introduced in which a usage fee is charged to each dept. according to the usage amount.

Benefits
- Reduced Operational cost reduction of $70,000/year - Shortened network configuration lead time from 2 months to 10 days. - The server-related costs including the operation is expected to drop by 30 % Load Balancer Pool

Server Pool

Page 17

Customer Case Study

Genesis Hosting Solutions provides one of the most flexible hosted computing service available today. Genesis build-your-own cloud environments' enables customers to build and provision customized, highly available virtual machine clusters. Networking Challenges Time to implement and complexity of network reconfigurations Inconsistent protocol support across network gear

Customer Goals
(1) Create Strategy for Mass Scale without increasing network complexity (2) Add new services without hardware upgrades (3) Maintain and improve network SLAs
Decision Factors

Interoperability with existing Infrastructure Independent IP Range and IP Gateway address assignments Scalable, robust network without need to change existing network design Ability to create new per tenant network services

PagePage 18 18

ProgrammableFlow Summary
Simple
Deploy Multi-Tenant Virtual Networks as easily as deploying VMs Integrate network and application policy Centralized network management and control Eliminates need for spanning tree or other distributed protocols

ProgrammableFlow Switch (PFS)

Open
Create multivendor OpenFlow enabled switches, virtual switches and NICs Scales from single switch to entire data center fabric Policy based appliance integration Hardware forwarding Quick convergence times Network load balancing

Scalable

ProgrammableFlow Controller (PFC)

Fast

Key Benefits Reduce operating expenses and maintenance Reduced network equipment investment Increase server and network utilization Agile delivery new services and applications
Page 19

APPENDIX

Page 20

Cloud Infrastructure from NEC

D/M-Series Express Cluster

Servers

Storage
Fibre Channel & Ethernet (iSCSI) Archiving Feature Rich

Software
LAN/Wan Clustering Disaster Recovery Capacity Planning

Network
Network Virtualization High Availability High Throughput

Highly ScalableGX Highly Available Intel Based

Page 21

Cloud Deployment Services

Page 22

ProgrammableFlow Benefits
Scalability Open Architecture Performance
Scales from single switch to entire data center fabric Policy based appliance integration Uses standardized interface to create multivendor network consisting of OpenFlow enabled switches, virtual switches and NICs Hardware forwarding Quick convergence times Network load balancing Deploy Multi-Tenant Virtual Networks as easily as deploying VMs Integrate network and application policy Centralized network management and control Eliminates need for spanning tree or other distributed protocols

Simplified Management

Key Benefits Reduce operating expenses and maintenance Reduced network equipment investment Increase server and network utilization Agile delivery new services and applications
Page 23

Building a Flat Network

Broadcast Domain Constraint VM Migration Limited VLAN Management
L3 Network

Scalability

+No Addressing Constraints + VM Mobility + Simple Admin

L2

L2

Flat DC span Network (L2+L3) L2

Page 24

Network Scale-Out
Scale out based on adding switching elements ports, links Requires no further configurations

Scalability

Add Switch/ Link

Increase (Decrease) Capacity

Physical Network

vBridge

Virtual Network 1
Page 25

OpenFlow Ecosystem

Open Architecture

NEC ProgrammableFlow Controller

VM

VM

VM

VM

Virtual Switch (Hypervisors)

XEN (OpenVSwitch) KVM (OpenVSwitch) Windows Hyper-V*

TOR/Aggregation Switches

NEC IBM (Blade Networks) Others to be announced

Mixed Legacy Environments also supported

Page 26

*Future release

OpenFlow Fabric for Performance

Performance

Maximizing Resource Utilization (Interconnection bandwidth) Multiple paths Dynamic traffic balancing

Physical Network

vBridge

Virtual Network 1
Page 27

Location-free Virtual Mapping

Simplified Management

VLAN MAC

Virtual Network 1

Virtual 3 Network

Port

Virtual Network2

VM VM

VM VM

Simplified Configuration Management

Configuration Manager

Simplified Management

One definition

Configuration Manager
Many definitions

PF Controller

X switch level config K servers K^2 ports config

Page 29

One controller level config

Network Level API

Simplified Management

P-Flow API makes it easier for the management system to control the entire network P-Flow API provides both command-based Command API (i.e. SSH) and WEB-API (i.e. REST) PFC provides simplified APIs vs. traditional networks Network settings (i.e. VLAN) can be done by centralized control.

Management System
P-Flow API

VM information Virtual network configuration

Statistics
HTTP/HTTPS SSH Alerts, Monitoring

P-Flow Network

: Provides simplified interfaces

Page 30

End-to-End Reliability
Switch or link failure End-to-end path reconstructed and applied Fast recovery and End-to-end recovery!!

Simplified Management

-No Spanning Tree - Fast Convergence Times

Intelligent Route Control

Packets can be explicitly routed to any appliance port Multiple Appliances can be selectively composed Appliance pooling enabled

Simplified Management

Flow Based Network Benefits

Per Flow Path Optimization

Flow 1 Controller Flow 2

Switch AP 1 AP 2 AP 1 AP 2

Server

Server

Power OFF Fire Wall Load Balancer

Mesh and Per-flow QoS Service Insertion (LB, FW) Load Concentration

Page 33

OpenFlow Functions Enhance Switch Functionality

Co-existence of multiple experimental networks using Virtual Switch Instance (VSI) Flow Table Quota Maximum # of flow entries can be set to each virtual hardware switch
Controller A
SecChan

OpenFlow configuration on SD memory card

Controller B
SecChan
TCP/SSL Secure Channel

NEC OpenFlow Switch

Non-OpenFlow VLAN (Bridge) VLAN ID : X

1
VID: X

OpenFlow enabled Table VLAN (Virtual Hardware Switch) VLAN ID : Y Ports OF Logical datapath id : M

OpenFlow enabled VLAN Table (Virtual Hardware Switch) VLAN ID : Z datapath id : N OF Logical Ports

SD Card Cert
Config

19

1
VID: Z

VID: Y

VID: Y

23

24

25

26

VLAN-based partitioning with legacy L2/L3 network support

Production and OpenFlow traffic on a single physical port

Physical Port-based and VLAN Tag-based logical port assignment

Flow entries are shown through CLI command

Page 34

NEC Proprietary

Definition of Flow and Programmability

Flow 1. Rule (exact & wildcard) Action Statistics

Flow N.

Rule (exact & wildcard)

Default Action

Statistics

Definition of flow filtering (ie)

Switch: Port, VLAN ID, L2, L3, L4

Actions for Flow

(ie)Switch: Unicast, Multcast, bandwidth control, Flitering, load balancing, alarm recovery, tunneling, encryption

Flow statistics
(ie) Switch: Number of packet, byte, connection time

Unicast

Multipath
Load-balancing Redundancy

Example of Actions

1.
Multicast

3.
Waypoints

2.

4.

Middleware Intrusion detection

Page 35

Virtualized Fabric Like a Big Switch

Scale out based on adding switching elements ports, links Requires no further configurations

Increase Decrease Capacity

Virtualized Fabric Like a Big Switch

Automatic end-to-end routing and reliability provides Big Switch Perception Scale out based on adding switching elements ports, links

Increase Decrease Capacity

NEC PF5240 Specifications

MODEL Maximum Switching Capacity Maximum Packet Processing Performance 10/100/1000BASE-T Network 1000BAS SFP(SX/LX/ZX Interface E-X Features 10GBAS SFP+(SR/LR) E-R Version Switch Instance Secure Channel PF5240F-48T4XW 176Gbps 131Mpps 48 4*1 PF5240R-48T4XW

OpenFlow Version 1.0.0 RSI(Real Switch Instance),VSI(Virtual Switch Instance) TLS Connection, TCP Connection Hello, Error, Echo, Features, Get Configuration, Set Configuration, Packet In, Port Status, Protocol Packet Out, Flow Mod, Flow Removed, Port Mod, Statistics, Barrier, Queue Get Config Ingress Port, Ethernet source address, Ethernet destination address, VLAN ID, VLAN priority, Ethernet type, IP protocol/ARP Op-code, IPv4 ToS bits, Matching Fields IP source address/ARP IP source address, IP destination address/ARP IP destination OpenFlow address, Transport source port/ICMP Type, Transport destination port/ICMP Code Features Out port (Unicast), Out Multiple Port (Multicast), All, Controller, Actions Local, In Port, Normal, Flood, Enqueue, Drop Ethernet source address, Ethernet destination address, VLAN ID, VLAN priority, Strip VLAN Header, IPv4 ToS Bits Field-modify Actions IP source address, IP destination address, Transport source port, Transort destination port Flow entries 64K - 160K(Maximum)*2 MAC Address Table 32,768 VLANs 4,094 *1: Four SFP/SFP+ slots can be used as 1000BASE-X or 10GBASE-R ports. *2: Maximum number of flow entries depends on the configured flow definitions.

Page 38

NEC PF5240 Specifications Continued

MODEL PF5240F-48T4XW PF5240R-48T4XW Static, RIP, RIP2, OSPF, BGP4 IPv4 Routing IGMPv2/v3, PIM-SM, PIM-SSM Protocol Static, RIPng, OSPFv3, BGP4+ IPv6 MLDv1/2, PIM-SM, PIM-SSM VLAN Port-VLAN, Tag-VLAN(IEEE802.1Q), Tag translation Spanning Tree Protocol STP(IEEE802.1D), RSTP(IEEE802.1w), MSTP(IEEE802.1s), PVST+, BPDU Filter, Root Guard Layer2 Features Layer3 Cooperation IGMP/MLD snooping Jumbo Frame Maximum 9,234bytes (tagged), 9230 bytes (untagged) Security Filter (L2/IPv4/L4), Interruption of relays between ports Classifier L2/IPv4/L4, Rate Limiting, Marking(DSCP/User Priority), QoS Discard Control, Shaping(8class, Port Bandwidth Control, Scheduling(PQ, WPR, WFQ)), Diffserv Network ECMP(IPv4/IPv6), VRRP(IPv4/IPv6), Static Polling(IPv4/IPv6), VRRP Polling (IPv4/IPv6), Link Features Aggregation(IEEE802.3ad), Reliability, Availability Strom Limiting, Graceful Restart(helper), UDLD(IEEE802.3ah*3), Ring Protocol, Local ProxyARP, L2 Loop Detection, Uplink trunk redundant, CFM(IEEE802.1ag) L2-VPN VLAN Tunneling(Extended VLAN) SNMPv1/v2c/v3 , MIB II, IPv6 MIB, RMON, syslog, CLI, ping, traceroute, SSHv2, telnet, ftp, tftp, NTP, Operational & Management Features IPv4 DHCP Server/Relay, Prefix Delegation, LLDP, OADP, Port Mirroring, RADIUS, TACACS+, sFlow Power Saving Features Remote Power Control, Port LED Brightness Control, Power Consumption Monitor Redundancy Internal redundant power supply Hot-swappable Input Voltage AC100V, 120V, 220-230V, 240V Maximum Power Consumption 264W Operating Conditions Temperature 0 to 40C, Humidity 20 to 85% Non-condensing Dimensions WxDxH (mm) 44558844(1U) Weight 15kg Air Flow Front to Rear Rear to Front *3: Supports only Information OAMPDU. Unicast Multicast Unicast Multicast

Page 39