Openflow switch Application Mode

Openflow switch Application Mode

Researchers at Stanford University proposed that Openflow had two original intentions: first, they needed to conduct innovative network research and wanted to separate the control layer functions of network devices from physical devices, to control and modify the behavior of network devices through programming as needed. Second, we hope to build a new universal network data forwarding plane to meet the requirements of future network development, the stream table forwarding mode introduced by Openflow is completely different from the L2/L3 data forwarding mode of the traditional network. It processes network packet forwarding through the unified "stream table matching/execution action" method.

After the release of the Openflow Protocol, its revolutionary network architecture immediately attracted a wide range of attention from many vendors and users in the industry, and has been deployed and implemented in SDN Based on openflow in network products and applications. Later, the openflow protocol was further developed and promoted by the ONF organization. It has evolved to the latest version 1.4 after continuous improvement in recent years. OF-config is an openflow protocol released by ONF and a southbound interface protocol for connecting network devices. It provides open interfaces for remote management OF openflow switches, you can use the OF-config protocol to configure and adjust the openflow switch attributes in the network, including configuring the connection parameters between the switch and the Controller, configuring the physical port attributes, and configuring the port queue attributes, configure logical port properties (such as IP-GRE, VXLAN, NVGRE) to work with the openflow protocol to automate the deployment of openflow switches.

Any new network technology has the value of survival and development only when it solves problems that are hard to be solved using existing technologies in Real Networks. Openflow differs significantly from traditional network technologies in that, unlike traditional network devices, it only relies on the destination MAC address or destination IP address for path search, openflow flow tables have more data packet fields to match, so that you can implement more flexible forwarding policies than traditional network technologies based on the diverse combinations of matching fields in the flow table rules, achieve diversified traffic control requirements for users. Combined with the OF-config protocol, the openflow protocol allows you to easily allocate dynamic network resources, specify dynamic network functions, adjust dynamic network paths, adjust dynamic link bandwidth, and quickly diagnose network faults, these features are urgently needed in cloud data centers and other network environments. The following describes the specific application of the openflow switch in some typical environments.

The network of scientific research institutions is the original source of openflow and also the network environment in which openflow is widely used. Researchers may have a brand new network control protocol and data forwarding technology to verify when conducting innovative research on the next generation Internet, in this way, they hope to have a platform to help them separate the network control software from the limitations of hardware black box devices. At the same time, their data plane functions are quite common, in order to be able to freely verify their research work on such a platform, the openflow-based network structure can meet their aspirations. Of course, due to the uncertainty of the research content, a certain amount of customized development work may be required for devices to verify innovative network technologies on openflow devices.

The cloud data center is where openflow can flourish. openflow has two main scenarios for data center applications. One is the deployment requirements for network Virtualization in the data center, second, the need for Link Scheduling for traffic transmission between remote data centers. The cloud data center is the basic IT environment of cloud service providers. during deployment, there are virtualization requirements such as dynamic creation of multi-tenant resources, multi-tenant traffic isolation, and dynamic migration of tenant virtual machines, the openflow switch can be deeply integrated with the cloud management software platform, such as the neutron network component of openstack. It can be used with the cloud management platform to achieve dynamic allocation of network resources and on-demand transmission of network traffic, achieve the network virtualization requirements of cloud services and significantly improve their network performance. Second, there is a large amount of traffic transmitted between data centers, while the link transmission usage for connecting data centers is often unbalanced. Improper traffic scheduling will put a lot of pressure on service providers to expand the link bandwidth, increase the operating costs. If an openflow switch is deployed between data centers, the Traffic Transmission status of each link can be dynamically obtained, And the openflow flow table rules are dynamically issued to perform balanced traffic scheduling between links to maximize link usage, reduce link expansion requirements. Openflow switches can even set different service quality actions in flow table rules based on different service levels of cloud tenants to achieve different traffic transmission.

Openflow switches are also used to meet the needs of traffic Identification and Control in the network security field. In this case, openflow switches are usually inserted into the existing network as intermediate devices in a transparent manner, it does not change the running mode of the original network. The advantage of using SDN/openflow to identify and control network traffic is that new network applications are emerging, and existing network security devices cannot identify new network applications or network applications specific to the user environment, after the openflow switch is deployed, You can first send the network traffic image or sample (or dynamically pull when the link traffic is abnormal) to the Controller Application for identification, then, the traffic is distributed to the identified specific traffic rule, or discarded, or its transmission bandwidth is limited, or it is redirected to another transmission port. As an independent software service, Controller Applications can dynamically update network features, quickly respond to changing requirements of network applications, and overcome the software functional defects of proprietary devices. In addition, the Openflow device can act as a server cluster load balancing device. It can develop more flexible request scheduling policies based on the running status of backend servers to quickly respond to changes in the server cluster Scale, saves the cost of purchasing dedicated and expensive load balancing equipment.

In the campus network, you can use openflow to effectively control the access layer devices. The access layer devices feature high management and O & M costs due to large device volumes, the requirement for direct connection to user traffic control is high and the problem rate is high, but the device functions and traffic policies are relatively simple. If the access device is changed to an openflow switch, you can centrally distribute the configuration, software upgrade, network monitoring, and other maintenance work of the access device on the central controller, when user identity authentication is required, the authentication traffic can be directed to the authentication management software on the controller, and then the access rules can be issued to the switch port connected to the user after the user identity is verified to be valid, when the controller detects a specific network port or abnormal user traffic (if a broadcast storm occurs or the download traffic is too large), it can issue a rule in the central controller to shut down the device port or limit the specific traffic, quickly restores network faults to improve network operation reliability and ease of use.

The Application of Openflow switches is not limited to the above scenarios. openflow switches can be deployed in network environments that require centralized network control or dynamic management of network behavior.