The Multi-Service IronWare software release 5.5 for Brocade MLXe supports OpenFlow version 1.0 with a new “hybrid port mode” option. This is the first product in the industry to support OpenFlow hybrid port mode. OpenFlow hybrid port mode is supported as part of a normal software release. That is, OpenFlow hybrid port mode is available as a fully supported feature on the MLXe. This is not an experimental feature or a prototype for experimentation.
Brocade has supported OpenFlow “hybrid switch mode” since OpenFlow was first introduced as part of software release 5.4 in 2012. Software release 5.5 adds a new hybrid option Brocade calls “hybrid port mode.” Before we go into the details of hybrid port mode, let’s review what hybrid switch mode provides.
Brocade’s OpenFlow hybrid switch mode allows the user to enable OpenFlow on any desired port on the MLXe or CES/CER router platforms, while other ports on the same router can run any other supported features, such as IPv4/v6 routing, MPLS VPNs, etc. This means that the router can be divided into two sets of ports: ports enabled with OpenFlow and ports running other router features. An OpenFlow Controller connected to the router will only see the OpenFlow-enabled ports. For that reason, the OpenFlow Controller can only forward packets among the OpenFlow-enabled ports. Ports enabled in the “hybrid switch mode” cannot be configured with other router forwarding features such as L2 switching, VLANs, IPv4/v6 routing, MPLS VPNs, and etc. Thus, normal ports (i.e., those not enabled with OpenFlow) cannot forward packets to OpenFlow-enabled ports. In effect, the router is split into two routers.
Like hybrid switch mode, Brocade’s OpenFlow hybrid port mode allows users to enable OpenFlow on any desired port on the MLXe. However, the port can support other router features concurrently with OpenFlow. For example, the user can configure IPv4 routing (BGP, OSPF, or ISIS) on a set of VLANs on a port and enable OpenFlow on the same port. When a packet arrives at the port, the packet is first submitted to the flow table. If there is a match, the actions specified in the flow are executed. If the packet does not match any flow, the packet is submitted for normal forwarding. In this example, if the packet belongs to one of the configured VLANs, the packet would be routed. Otherwise, the packet would be subjected to the default OpenFlow action, i.e., drop or send to the controller, per configuration.
Did we say the user needs to configure VLANs to enable OpenFlow on the port? Absolutely not! With the Brocade implementation, OpenFlow is always enabled on the port, not on a VLAN or a set of VLANs. In fact, the user can enable OpenFlow hybrid port mode on a port before any other feature is configured on the port. In the previous example, the user decided to configure a set of VLANs for normal IPv4 routing.
Can OpenFlow hybrid port mode match on any VLAN id on that port? Absolutely! OpenFlow hybrid port mode is enabled on the port and can match on any VLAN ID on that port without regard to the existence of any VLAN configuration on that port. The reality is that VLAN configurations belong to the normal router features on that port and not to the OpenFlow configuration.
Now that you may be getting agitated with thoughts of cool and novel applications you can build with the Brocade hybrid port mode feature, here is one more twist. You can enable some ports on the MLXe in hybrid switch mode and other ports in hybrid port mode, while leaving other ports without OpenFlow configuration. This splits the router in three sets of ports (see figure below). All of these at line rate for 1G, 10G, 40G, and 100G ports. I guess it is redundant to say that packet forwarding is hardware based. Be careful and do your homework! Some other vendors support OpenFlow data forwarding in software, which is never line rate.
Some folks may be thinking… “if hybrid port mode supports OpenFlow lookups followed by traditional lookups, this must increase latency.” However, that is not the case. The Brocade hybrid port mode feature does not increase latency.
Brocade demonstrated the MLXe hybrid port mode capability at the Open Networking Summit from April 15th to 17th at the Santa Clara Convention Center (http://opennetsummit.org/). The Brocade hybrid port mode is already deployed by a customer on a nation-wide 100G production network supporting traditional IP routing underlay with OpenFlow overlay.
Brocade at the Open Networking Summit
Why hybrid port mode? Brocade customers requested support for this feature. Customers want to be able to create an OpenFlow overlay on top of existing production networks. The OpenFlow overlay would be used to support new premium services and SDN applications on top of the underlay network. As mentioned above, the Brocade hybrid port capability is already deployed in this way on a nation-wide 100G production network.
What does this mean for you? If you’re interested in taking a practical path to SDN, hybrid port mode is exactly what you’re looking for. With the Brocade hybrid port mode you do not need to create a separate network to realize the benefits of SDN and OpenFlow. You can deploy an overlay SDN/OpenFlow network leveraging your existing network. Brocade hybrid port mode is available as a software upgrade for the Brocade MLXe.
You may be thinking… “That seems risky, since I will be testing OpenFlow controllers and SDN applications on top of my underlay production network. What if there is a misconfiguration on the OpenFlow overlay and it drops my production traffic on the underlay network?” This is a valid concern. For example, if the OpenFlow controller pushes a flow to the router matching on any packet and the action is to drop the packet, the router would drop all packets, including underlay traffic. That can happen if you are not careful. Fortunately, Brocade has a solution for this problem. While you are testing OpenFlow controllers and applications, you can “protect” the underlay traffic. The Brocade hybrid port mode feature supports “VLAN protection”. With a simple configuration command you can protect a set of VLANs from being affected by OpenFlow. Packets arriving on a protected VLAN will skip the OpenFlow table lookup. VLAN protection is supported in hardware. That is, performance is line rate as usual.
Do I need to protect any VLANs? No. This is an optional feature. Whether you want to run the underlay traffic on protected VLANs or not is your choice. Why would I choose to allow OpenFlow to touch the underlay traffic? To support premium services using OpenFlow. For example, premium services such as traffic engineering and service insertion/chaining can be added to selected underlay traffic by allowing OpenFlow to touch the underlay traffic. Besides supporting testing and experimentation, is there a use case where VLAN protection is desirable? Yes. You may want to protect management VLANs.
Brocade hybrid port mode with optional VLAN protection provides a practical path to SDN.