Lagopus: SDN Software Switch - Internet2
Lagopus: SDN Software SwitchApril 2015NTT Network Innovation LaboratoriesHirokazu TakahashiCopyright 2014 NTT corp. All Rights Reserved.
What’s Lagopus? A software implementation of OpenFlow switch Can be run on commodity x86 servers and Linux High performance 10Gbps wire-rate packet processing Almost fully conforms to OpenFlow 1.3.4 spec. Open source http://lagopus.github.io/OpenFlow controllerControl planeOpenFlowprotocolOpenFlow switchData planeFlow TableFlow pattern Flow pattern Flow patternFlow pattern Flow pattern Flow patternFlowTable#2FlowTable#3Copyright 2014 NTT corp. All Rights Reserved.FlowTable#41
Agenda Motivation and Target Basic Design and Evaluation Current Development Community ActivitiesCopyright 2014 NTT corp. All Rights Reserved.2
Motivation Agile and flexible networking Full automation in provisioning, operation and managementSeamless networking for customers Server virtualization and NFV needs a high-performancesoftware switch Small latencyWire-rate with short packet (64B) NO high-performance OpenFlow 1.3 software switch forwide-area networks 1M flow rules10Gbps-wire-rateManagement protocolCopyright 2014 NTT corp. All Rights Reserved.3
Target of Lagopus High performance software-based OpenFlowswitch 10Gbps wire-rate packet processing 1M flow rules Expands the application to wide-area networks Not only for data centers WAN protocols, e.g. MPLS and PBB Various management/configuration interfaces Open Innovation Already released as OSS, http://lagopus.github.io/Copyright 2014 NTT corp. All Rights Reserved.4
Agenda Motivation and Target Basic Design and Evaluation Current Development Community ActivitiesCopyright 2014 NTT corp. All Rights Reserved.5
Design Switch agent and data planecomponentOpenFlow controllerOpenFlow 1.3 Connected via event queue Supports multiple data planeimplementations Switch agent Modular architecture Easy to add configuration andmanagement protocols Software data plane User space implementationusing Intel DPDK Easy deploymentCopyright 2014 NTT corp. All Rights Reserved.6
Software data plane implementation OpenFlow data plane processing Reducing data copy, packet batching, polling, . Exploit many core CPUs Pipelining: dividing I/O and packet processing Parallelizing each processing Improves performance and reduces I/O overheadRing bufferNIC RX bufferNIC 1RXNIC 2RXNIC 3RXNIC 4RXI/O RXCPU0I/O RXCPU1Flow lookuppacket processingCPU2Flow lookuppacket processingCPU3Flow lookuppacket processingCPU4Flow lookuppacket processingCPU5NIC TX bufferRing bufferI/O TXCPU6I/O TXCPU7Copyright 2014 NTT corp. All Rights Reserved.NIC 1TXNIC 2TXNIC 3TXNIC 4TX7
Functional evaluation example Conformance test results by Ryu Certification ow Switch Action (56)Set Field (170) Match (714)Group (15) Meter (36) Total (991)Switch A349046780599Switch B349653460670Switch C501035991526793Switch D246842834527Switch E501597081534966Lagopus561617141534980Copyright 2014 NTT corp. All Rights Reserved.8
Performance evaluation exampleWAN-DC Gateway, throughput vs packet size, 1 flow, flow-cache109Throughput (Gbps)810 flow rules7100 flow rules61k flow rules510k flow rules4100k flow rules31M flow rules21002004001000800600Packet size (byte)120014001600Copyright 2014 NTT corp. All Rights Reserved.9
Performance evaluation exampleWAN-DC Gateway, throughput vs flows, 1518 bytes packet109Throughput (Gbps)8765410k flow rules3100k flow rules21M flow rules101101001000flows100001000001000000Copyright 2014 NTT corp. All Rights Reserved.10
Agenda Motivation and Target Basic Design and Evaluation Current Development Community ActivitiesCopyright 2014 NTT corp. All Rights Reserved.11
Virtual NIC VM to VM and VM to physical NW forwarding Reducing data copy and context switching between VM and LagopusHas been released as OpenSouceWill be merged to Intel DPDK ir o-net PMDPMDVir o-net PMDvir oPMDvNICMap memory in guest VMto lagopus memoryPMDvNICQEMUvir oqueuevir oqueueQEMUvir oMap memory in guest VMto lagopus memoryCopyright 2014 NTT corp. All Rights Reserved.12
Management data store Common data store connectedto multiple management I/F Switch setting data store includesNIC, bridge, controller, logs, .Multiple namespaces, atomicregion (transaction), rollback, .Will be released in 2Q 2015Copyright 2014 NTT corp. All Rights Reserved.13
What’s next? Agent OpenFlow 1.5 Openconfig Data-plane 40Gbps wire-rate Whitebox switchCopyright 2014 NTT corp. All Rights Reserved.14
Agenda Motivation and Target Basic Design and Evaluation Current Development Community ActivitiesCopyright 2014 NTT corp. All Rights Reserved.15
Open Source Released on Jul. 2014 http://lagopus.github.io/Copyright 2014 NTT corp. All Rights Reserved.16
Promotion (last 12 months) 3/2-63/16-173/31-4/2NV Symposium (Japan)ONDM (Sweden)IPOP2014 (Japan)NV&SDN World (UK)Press releaseInterop Tokyo 2014 (Japan)PIF (Japan)NWGN Symposium (Japan)NV Symposium (Japan)Open source releaseOCS summer school (Japan)Lagopus Hands-on (Taiwan)Lagopus Day Tokyo (Japan)DPDK Summit (USA)Cloud & SDN Seminar (Japan)Lagopus Day Yokohama (Japan)CIAJ (Japan)ICT innovation forum (Japan)SDN & OpenFlow World Congress (Germany)Broadband World Forum (Netherland)SDN Japan (Japan)SDN/MPLS 2014 (USA)SDN Taiwan & Lagpus Hands-on (Taiwan)Internet Week 2014 (Japan)Docomo R&D Open House (Japan)Okinawa OpenDays (Japan)Lagopus Day Osaka (Japan)Nikkei Electronics Magazine (Japan)Nikkei Communication Magazine (Japan)NTT R&D Forum (Japan)Open Source Conference (Japan)APRICOT-APAN 2015 (Japan)NV workshopInternet 2 workshop (USA)Lagopus Day TokyoInterop Tokyo 2014Hands-on in TaiwanOpen Source Conference (Japan)Copyright 2014 NTT corp. All Rights Reserved.17
Demonstration experiment in SDN Japan Location-aware bandwidth control forconference Wifi Good audience, good connection Front area, good connection Back area, poor connectionインターネットL a g o p u sの役割 A Pの識別(V L A N ) V ID 毎にQ o S �( AP)BackFrontAccesspointsアクセス ポイントCopyright 2014 NTT corp. All Rights Reserved.18
Related business Stratosphere Inc. Press release for Lagopusprofessional support Riava Inc. Sells Lagopus-inside boxCopyright 2014 NTT corp. All Rights Reserved.19
Thank you for your attentionThis research is a part of the project for “Research and Development ofNetwork Virtualization Technology” supported by the Ministry of InternalAffairs and Communications.Copyright 2014 NTT corp. All Rights Reserved.20
Apr 02, 2015 · 9/19 Cloud & SDN Seminar (Japan) 9/27 Lagopus Day Yokohama (Japan) 10/3 CIAJ (Japan) 10/7 ICT innovation forum (Japan) 10/14 SDN & OpenFlow World Congress (Germany) 10/22 Broadband World Forum (Netherland) 10/31 SDN Japan (Japan) 11/3-5 SDN/MPLS 2014 (USA) 11/12-14
sdn.301 security protocol3(sp3) sdn.401 security protocol4(sp4) sdn.701 messagesecurity protocol sdn.702 directoryspecs forusewith msp key management sdn.601 keymanagement profile sdn.902 kmp definitionof servicesprovided bykmase sdn.903 kmp servicesprovided bykmase sdn,906 kmp traffickey attribute negotiation access control sdn.801 .
Oct 06, 2015 · Internet2 Network Advanced Layer2 Services Topology Map July 2015 Tucson Equinix Hartford Missoula Indianapolis Cincinnatti Reno Las Vegas Louisville. Fiber & Optical Transport SDN . eboyd@internet2.edu ebalas@grnoc.iu.edu NETWORK VIRTUALIZATION: A RETROSPECTIVE AFTER ONE YEAR Internet2 and Indiana University OCTOER, 2015 ERIC
SDN 40-24-100C aND SDN 40-24-480C DImENSIoNS Catalog Number Dimensions - mm (in) h w D SDN 5-24-100C 123.0 (4.85) 50.0 (1.97) 111.0 (4.36) SDN 10-24-100C 123.0 (4.85) 60.0 (2.36) 111.0 (4.36) SDN 20-24-100C 123.0 (4.85) 87.0 (3.42) 127.0 (4.98) SDN 5-24-480C 123.0 (4.85) 50.0 (1.97) 111.0 (4.36) SDN 10-24-480C 123.0 (4.85) 60
SDN Waypoint Enforcement Insight #1: 1 SDN switch Policy enforcement Insight #2: 2 SDN switches Fine-grained control Legacy devices must direct traffic to SDN switches Ensure that all traffic to/from an SDN-controlled port always traverses at least one SDN switch
Oct 05, 2015 · Internet2 Network Advanced Layer2 Services Topology Map July 2015 Tucson Equinix Hartford Missoula Indianapolis Cincinnatti Reno Las Vegas Louisville. Fiber & Optical Transport SDN Controller I2-Run Service Specific Hardware Ethernet . INTERNET2 NETWORK ABOVE 100G: CHOICES AND CHALLENGES
SDN security issues [31-37] Security policies in SDN [28,38-52] DDoS [53-56] DDoS vulnerability in SDN [33,36,57] Policies for rescuing SDN from DDoS [58-69] DDoS, distributed denial of service; SDN, software-defined network. focusing on DDoS issue, followed by the comparison of various proposed countermeasures for them. Table I has
Dynamic and Diverse SDN Networks . The IxNetwork SDN test solution delivers feature sets covering various SDN technology approaches, including green-field OpenFlow deployment, carrier network SDN technology, data center virtualization overlay, as well as overall orchestration and management. The IxNetwork SDN solution emulates carrier-
day I am going to buy a car just like that.'' He thei1 explained : ''You see, mister, Harm can't waJk. I go downtow11. and look at' all e nice Tiiii;-J(S in the store window, and come home and try tc, tell Harry what it is all about, but r tell it very good. Some day J am going to make
