Design & Build

Data Center Solution-Primer: OpenFlow Deployment with Brocade Hybrid Port Mode

by on ‎08-08-2013 01:53 PM - edited on ‎04-09-2014 04:24 PM by pmadduru (1,361 Views)

Synopsis: Primer about OpenFlow and Brocade’s implementation of Hybrid Mode in IronWare Release 5.5. the earlier Hybrid Switch mode is extended with Hybrid Port mode allowing only selected traffic on a port to be forwarded via OpenFlow.

 

 

Contents

 Summary

 

What is OpenFlow?

OpenFlow is an open standard that enables control plane communication between an external OpenFlow controller and an OpenFlow enabled router. OpenFlow is a key component of Software-Defined Networking (SDN) and it a feature to Brocade’s NetIron series starting with release 5.4. OpenFlow separates the packet-forwarding (data plane) and the high-level routing decisions (control plane). Traditionally these two planes reside on the same device (router or switch) but in an OpenFlow network, the high-level routing decisions are moved to a separate controller which typically runs on a standard server platform. Hence OpenFlow allows an “external” controller to control how IP packets are forwarded by routers and switches by updating router forwarding tables based on the forwarding rules stored in the OpenFlow controller. This is attractive when a large number of routers need to be managed and also when fine-grained routing decisions need to be made as is common in multi-tenant networks.

 

Key OpenFlow Benefits

OpenFlow decouples network application innovation from dependency on new router operating system (OS) releases. What this means is network operators can implement the features they want in software they control, rather than having to wait for a vendor to add it in in their proprietary products.

 

OpenFlow automates network configuration and simplifies changes which results in lower operating expenses, fewer errors and less network downtime.

Customers can create an OpenFlow overlay on top of existing production networks. The OpenFlow overlay can be used to support new premium services and software defined networking (SDN) applications on top of the underlay network.

 

Brocade OpenFlow Hybrid Mode Solution

The Multi-Service IronWare release 5.5 for Brocade MLXe supports OpenFlow version 1.0 with a new “Hybrid Port mode” option. This is the first product in the industry to support OpenFlow Hybrid Port mode. Brocade supported OpenFlow Hybrid Switch mode when OpenFlow was first introduced in Multi-Service IronWare release 5.4 in 2012. Release 5.5 includes both Hybrid Port and Hybrid Switch modes.

 

With Brocade Hybrid Port mode, you do not need to create a separate network to realize the benefits of SDN and OpenFlow. You deploy an overlay OpenFlow network on top of the existing IP network. Brocade Hybrid Port mode is available as a software upgrade for the Brocade MLXe router series.

Testing OpenFlow controllers and SDN applications on top of the underlying production network can be risky. What if a configuration error affects production traffic? Brocade Hybrid Port mode supports “VLAN Protection”, a simple configuration command that protects a set of VLANs from being affected by OpenFlow. Packets arriving on any protected VLAN skip the OpenFlow table lookup. VLAN protection is supported in hardware so there is no degradation in frame forwarding for the protected VLAN traffic.

 

Brocade supports OpenFlow Hybrid Switch mode and OpenFlow Hybrid Port mode in same MLXe router as illustrated below. In Hybrid Switch mode, traditional IP traffic is forwarded on “blue” ports, OpenFlow traffic on “red” ports. With the addition of Hybrid Port mode, a single port can forward both traditional IP traffic and OpenFlow traffic as shown on the “red/blue” ports.

 

12724_MLX_PortUse.jpg

 

 

OpenFlow Hybrid Switch Mode

  • Classic switching and routing features runs concurrently with OpenFlow on the same router
  • OpenFlow-enable ports do not run classic switching and routing features
  • Other ports run existing features, e.g., IP/BGP, etc.
  • OpenFlow ports can run existing features, e.g., IP/BGP, concurrently with OpenFlow on the same port
  • Hybrid port mode comes with an optional protection where OpenFlow does not affect traditional traffic. This allows for initial OpenFlow overlay service development/testing without risk

OpenFlow Hybrid Port Mode

  • OpenFlow ports can run existing features, e.g., IP/BGP, concurrently with OpenFlow on the same port

Hybrid port mode comes with an optional protection where OpenFlow does not affect traditional traffic. This allows for initial OpenFlow overlay service development/testing without risk

 

Purpose of This Document

The document demonstrates Brocade OpenFlow Hybrid Port mode on MLXe as an overlay to the existing IP network. Several use cases illustrate key benefits of using OpenFlow for selected Layer 3 traffic including “VLAN Protection” to prevent OpenFlow processing of critical, traditional IP traffic.

 

Audience

This content is of interest to anyone who wants to implement Brocade OpenFlow Hybrid Port mode.

 

Objective

Application of Brocade’s OpenFlow Hybrid Port mode is demonstrated with use cases. By the end of this document, you will have a thorough understanding of the Hybrid Port mode feature, you will be able to implement Hybrid Port mode on MLX-e routers. There is also a video demonstration of setting up OpenFlow and configuration of Hybrid Port mode.

 

Related Documents

References

 

About Brocade

Brocade® (NASDAQ: BRCD) networking solutions help the world’s leading organizations transition smoothly to a world where applications and information reside anywhere. This vision is designed to deliver key business benefits such as unmatched simplicity, non-stop networking, application optimization, and investment protection.

Innovative Ethernet and storage networking solutions for data center, campus, and service provider networks help reduce complexity and cost while enabling virtualization and cloud computing to increase business agility.

To help ensure a complete solution, Brocade partners with world-class IT companies and provides comprehensive education, support, and professional services offerings. (www.brocade.com)

 

Key Contributors

The content in this guide was developed by the following key contributors.

  • Lead Engineer: Mitesh Shah, Strategic Solutions Lab
  • Technical Author:Brook Reams, Strategic Solutions Lab

 

Document History

Date Version Description

2013-08-09 1.0 Initial Release

 

Solution Framework

OpenFlow enabled routers, such as the Brocade MLX/MLX-e series with NetIron Release 5.5, can be deployed in the edge of a network as shown in the following template from Brocade’s Data Center Base Reference Architecture.

 

 

12726_EdgeRouter.jpg

Edge Router Template

 

 

The following OpenFlow use cases focus primarily on edge routers. Customers can easily deploy OpenFlow wherever they see the need to redirect or manipulate traffic based on different rules than what traditional routing and MPLS offers today.

 

OpenFlow Configuration Demonstration Video

The video below provides a quick review of how to configure OpenFlow Hybrid Ports on the Brocade MLX-e router.

 

 

 

References

 

Partners

Because the Brocade MLX supports the OpenFlow 1.0 specifications set by the ONF, it is interoperable with any controller, proprietary or open source, which supports the same specifications. For example, we have participated in interoperability plug-fests with NEC, BigSwitch, Indiana University’s NOX, NTT Data, and FlowVisor controllers. Also, Brocade is a platinum member of the OpenDaylight Project and Brocade’s David Meyer is the chairman of the Technical Steering Committee. Brocade works with Open Daylight to create a common and open SDN controller.

 

 

OpenFlow Hybrid Port Use Cases

There are several use cases that take advantage of OpenFlow forwarding as an overlay on top of traditional IP frame forwarding on the same physical router port. These are described below.

An in-band OpenFlow controller can be used to create and send forwarding rules to multiple routers in separate locations as shown below. The OpenFlow control plane traffic is routed through the Layer 3 network to all routers managed by the OpenFlow controller

 

 

12725_InbandController.jpg

In-band OpenFlow Controller Configuration

 

 

Initial Configuration

Assume two data centers, one in San Francisco where Customer A is located and a second data center in Denver operated by a service provider that offers computing and storage services to all its customers. Customer A can access any of the services offered by the Denver data center through Layer 3 routing configured between the two sites. This use case shows 10GE traditional Layer 3 IP traffic between Customer A and the Denver data center.

 

Topology Diagram

12727_InitialCustomerConfiguration.jpg

Initial Customer Configuration

 

 

Use Case 1: Traditional IP Traffic with OpenFlow Traffic

Customer A is already using services at the Denver site through traditional Layer 3 routing. Now, Customer A wants to transfer files to specific servers at the Denver Site, and they want to be in complete control of the file transfer traffic and network path is used. OpenFlow can act as an overlay service on top of the regular IP network. By configuring a few OpenFlow rules, the customer can control the files transfer traffic directing it to specific servers without changing the existing configuration of the IP network on the routers. With Hybrid Port mode, the same router ports can forward specific traffic based on OpenFlow rules while the remaining IP traffic uses the existing router configuration.

 

 

Topology Diagram

12728_UseCase 1CustomerConfiguration.jpg

Use Case 1: Customer Configuration

 

 

In the above use case, ports 1/1, 1/2 on San Francisco MLXe_1 and port 5/2 on the Denver MLXe_2 are carrying IP services and OpenFlow services. Ports colored in red on the Denver MLXe_2 are carrying OpenFlow traffic only; hence they are configured for Hybrid Switch mode rather than Hybrid Port mode.

Below are the flows that are added to both the San Francisco and Denver MLXe routers through an external in-band controller

 

 

UseCase1OpenFlowRules.jpg

Use Case 1: OpenFlow Rules (Click to Enlarge)

 

 

The first OpenFlow command, “Push flow on MLX1”, instructs OpenFlow to match all the traffic coming in on port 1 of MLX1 (MLXe8-1) with a VLAN tag of 100. The corresponding OpenFlow action for traffic matching this pattern is to forward it on port 2 of MLX1.

 

 

Similarly, “Push flow on MLX2” instructs OpenFlow on MLX2 (MLXe8_2) to match all traffic coming in on port 194 of MLX2 with a VLAN tag of 100. The action on this match is to modify the VLAN tag to 999 and then forward it to port 193 to a specific file server.

 

The third and fourth OpenFlow commands work similarly, but using matches on MAC addresses rather than VLAN tags to redirect file server traffic to different servers in Denver as indicated by the yellow flows in the diagram above.

 

Note: Once OpenFlow is enabled on a port, the port is assigned a unique OpenFlow port ID. The OpenFlow port ID, rather than the actual router port number, is used when determining flows. For example, Port 194 and Port 193 are OpenFlow port IDs on MLX2 (MLXe8-2) while port IDs 1 and 2 are OpenFlow port IDs on MLX1 (MLXe81).

 

Use Case 2: Customer Upgrades to Premium Services

We know from the above use cases that Customer A uses services from the Denver DC through the traditional IP network, the route is shown with blue dotted line in the above diagram.

 

Use Case 2: Initial Customer Configuration

A Data Center in Seattle is offering services for premium customers. Customer A decides to use premium services from the Seattle data center for their production applications. Traditionally, changes are made to the routing services on the router. With OpenFlow the change is accomplished by adding an OpenFlow rule to the router. Brocade Hybrid Port mode can match on specific Layer 3 traffic redirecting only that traffic to the Seattle data center as shown by the red dotted line from San Francisco to Seattle. Other customer traffic (file copying service or backup for example) continues to the Denver data center.

 

 

Use Case 2: Customer Desired Configuration

 

 

Topology Diagram

As shown below, a flow rule matching on VLAN 202 is added to the OpenFlow rule table. This VLAN is carrying the application traffic destined for premium services in Seattle. As soon as the new flow is added to the OpenFlow rule table, the IP traffic on VLAN 202 is forwarded to the Seattle data center. The customer can send files to Denver on VLAN 100 as before.

 

Use Case 2: Customer OpenFlow Configuration

 

 

Use Case 3: Protecting Production IP Traffic from OpenFlow Processing

 

Note Use Case 3 requires OpenFlow rules to match some of the production traffic carried by VLAN 202. What if there is a misconfiguration of the OpenFlow rule table causing other production traffic to be dropped? For example, if the OpenFlow controller pushes a flow to the router matching on any packet and the action is to drop the packet, the router would drop all packets, including the IP services..

 

OpenFlow rules can be tested while protecting other production and IP network traffic. The Brocade Hybrid Port mode has a “VLAN protection” feature. With a simple command you protect a set of VLANs from being affected by OpenFlow. Packets arriving on a protected VLAN skip OpenFlow table lookup. VLAN protection is supported in hardware so there is no performance degradation to the VLAN protection traffic.

 

In our example above, Customer A does not want OpenFlow to match on their Layer 3 production traffic. On port 1/1 of the San Francisco MLXe , configure VLAN protection for VLAN 202. All packets tagged with VLAN 202 will be routed without any processing by the OpenFlow rules table. As soon as VLAN Protection 202 is configured on port 1/1 of the San Francisco MLXe, the added flow shown in the diagram will not redirect traffic to the Seattle data center anymore. The traffic will now follow the traditional IP route to the Denver Site.

 

This illustrates the flexibility and how gradual migration are possible with Brocade’s OpenFlow Hybrid Port option.

 

 

Topology Diagram

Use Case 3: Customer OpenFlow Configuration

 

Example MLX-e OpenFlow Configuration

The following shows the commands needed to configure OpenFlow and Hybrid Port mode on an the MLX-e switch with Multi-Service IronWare release 5.5, MLXe8-1 shown in the use cases.

 

 

telnet@MLXe8_1#show run

Current configuration:

!

ver V5.5.0aT163

module 1 br-mlx-2-port-100g-x

module 3 ni-mlx-8-port-10g-m

!

#Enable OpenFlow Version 1.0

openflow enable ofv100

#We have configured two OF controllers, active and passive

openflow controller passive no-ssl

#Configure controller’s IP address in active command

openflow controller ip-address 192.10.10.2 no-ssl

!

#Mandatory to configure, max supported is 4096

system-max openflow-flow-entries 2000

#Mandatory to configure, max supported is 2000

system-max openflow-pvlan-entries 200

#Mandatory to configure, max supported is 2000

system-max openflow-unprotectedvlan-entries 200

#

#The above commands are mandatory to configure for ports to work as OpenFlow hybrid mode, reload the MLXe after the #above configuration

#

!

#This will enable port 1/1 for hybrid-mode. We use layer2 mode since we #are matching on Vlan and Mac address. Use layer3 if you have to match on #ip address

interface ethernet 1/1

openflow enable layer2 hybrid-mode

enable

link-fault-signaling

!

interface ethernet 1/2

openflow enable layer2 hybrid-mode

enable

link-fault-signaling

!

#This will enable port 3/2 for normal OpenFlow (OF Switch Mode)

interface ethernet 3/2

openflow enable

enable

 

Examples of “show” Commands for OpenFlow

The following are examples of “show” commands for the OpenFlow feature.

 

telnet@MLXe8_1#show openflow interface

Total number of Openflow interfaces: 3

Port Link Speed Tag MAC OF-portid Name Mode

1/1 Up 100G Yes 0024.387b.c700 1 Hybrid-Layer2

1/2 Up 100G Yes 0024.387b.c700 2 Hybrid-Layer2

3/2 Up 10G Yes 0024.387b.c761 98 Layer2

telnet@MLXe8_2#show openflow interface

Total number of Openflow interfaces: 4

Port Link Speed Tag MAC OF-portid Name Mode

2/3 Up 10G Yes 0024.3888.5432 51 Layer2

2/4 Up 10G Yes 0024.3888.5433      52 Layer2 

5/1 Up      100G  Yes 0024.3888.54c0      193                          Layer2       

5/2 Up      100G  Yes 0024.3888.5400      194                          Hybrid-Layer2 

#This command will show you the total number of controllers configured, #also the total number of protected and unprotected vlans configured on #ports

telnet@MLXe8_1#show openflow

Administrative Status:      Enabled

SSL Status:                  Enabled

Controller Type:            OFV 100

Number of Controllers:      2

Controller 1:

Connection Mode:      passive, TCP,

Listening Address:    0.0.0.0

Connection Port:      6633

Connection Status:     

No connection found.

Controller 2:

Connection Mode:      active, TCP,

Controller Address:    192.10.10.2

Connection Port:      6633

Connection Status:     

Local IP addressSmiley Tongueort <-> Remote IP addressSmiley Tongueort TCP state    RcvQue  RxBuffe SendQue TxBuffe

  1. 192.10.10.1 8806 192.10.10.2    6633  SYN-SENT    0                0            1            0     

Match Capability:

L2: Port, Source MAC, Destination MAC, Ether type, Vlan, Vlan PCP

L3: Port, Vlan, Ether type, Vlan PCP, Source IP, Destination IP, IP Protocol, IP TOS, IP Src Port, IP Dst

Normal Openflow Enabled Ports:      e3/2

Openflow Hybrid Interfaces:

e1/1

Protected VLANs : None

Unprotected VLANs :  202

e1/2

Protected VLANs : None

Unprotected VLANs :  200

Default action: drop

Maximum number of flows allowed: 2000

Maximum number of Protected Vlans allowed: 200

Maximum number of Unprotected Vlans allowed: 200

Total number of Unprotected Vlans: 2

#Below are the total numbers of flows pushed to the MLXe_1 from an In-band #controller. Each flow is explained in this command. This command will #also show the traffic statistics associated with each flow

telnet@MLXe8_1#show openflow flow

Total Number of data packets sent to controller:                    0

Total Number of data bytes sent to controller  :                    0

Total Number of Flows: 3

Total Number of Port based Flows: 3

Total Number of L2 Generic Flows: 0

Total Number of L3 Generic Flows: 0

Total Number of L2+L3 Generic Flows: 0

Total Number of Hardware entries for Generic flow: 0

Flow ID: 106 Priority: 32768 Status: Active

Rule:

In Port:      e1/1

Source Mac:  1096.0000.0007

Source Mac Mask:      ffff.ffff.ffff

Action: FORWARD

Out Port:  e1/2

Statistics:

Total Pkts: 297609652

Total Bytes: 38094035456

Flow ID: 107 Priority: 32768 Status: Active

Rule:

In Port:      e1/1                                   

In Vlan:      Tagged[100]

Source Mac:  1095.0000.0005

Source Mac Mask: ffff.ffff.ffff

Action: FORWARD

Out Port:  e1/2

Statistics:

Total Pkts: 2380881598

Total Bytes: 304752844544

Flow ID: 108 Priority: 32768 Status: Active

Rule:

In Port:      e1/1

In Vlan:      Tagged[202]

Action: FORWARD

Out Port:  e3/2

Statistics:

Total Pkts: 595849999

Total Bytes: 76268799872

Contributors