Category: OpenFlow

A friend of mine sent me a challenging question:

You've stated a couple of times that you don't favor the OpenFlow version of SDN due to a variety of problems like scaling and latency. What model/mechanism do you like? Hybrid? Something else?

Before answering the question, let’s step back and ask another one: “Does centralized control plane, as evangelized by ONF, make sense?”

There are tons of SDN workshops, academies, and webinars out there, many of them praising the almost-magic properties of the new technologies, or the shininess of vendors’ new gadgets and strategic alliances. Not surprisingly, the dirty details of real-life deployments aren’t their main focus.

As you might expect, my 2-day workshop isn’t one of them.

Distributed DoS mitigation is another one of the “we were doing SDN without knowing it” cases: remote-triggered black holes are used by most major ISPs, and BGP Flowspec was available for years. Not surprisingly, people started using OpenFlow to implement the same concept (there’s even a proposal to integrate OpenFlow support into Bro IDS).

For more details, watch the Distributed DoS Prevention video recorded during the Real Life OpenFlow-based SDN Use Cases webinar.

An interesting startup is launching their SDN solution @ Interop Las Vegas today: Quantum Networks use the latest quantum computing technology to solve some of the hardest problems of controller-based networking.

One of the fundamental problems of hardware-based OpenFlow solutions is the flow update rate – most switches using merchant silicon can insert around 1000 new flows per second into their forwarding tables. Technologies based on quantum mechanics effects change all that – a quantum entanglement technology patented by Quantum Networks can install new flows instantaneously across the whole network.

Talking about OpenFlow (and poking holes in it) is fun, but are there any real-life deployments (apart from highly-publicized Google’s internal network)? I tried to describe a few of them in my SDN 101 webinar.

Microsoft is using tap aggregation network in production, and I forgot to mention OpenFlow-based New Zealand IXP.

Watch the video

When OpenFlow was still fresh and exciting, someone made quite a name for himself by proposing a global load-balancing solution that would install per-session OpenFlow entries in every core switch around the world. Clearly a great idea, mimicking the best experiences we had with ATM SVCs.

Meanwhile some people started using OpenFlow in real-life networks for coarse-grained load balancing that improves the scalability of stateful network services. For more details, watch the video recorded during the Real Life OpenFlow-based SDN Use Cases webinar.

New to the OpenFlow/SDN discussions? Interested in the reality behind the ever-growing hype? Check out the OpenFlow 101 video recorded during the SDN, NFV and OpenFlow for Skeptics webinar.

If you plan to attend the Troopers 2014 conference in two weeks, don’t forget to include my full-day SDN workshop on Tuesday in your agenda (the Troopers conference is sold out, but you can still register for the workshop). The topics of the workshop will include:

• Why do we need SDN and what is it?
• OpenFlow, its advantages, drawbacks and scalability challenges;
• Typical OpenFlow and SDN deployment considerations;
• Real-life SDN use cases, both OpenFlow- and non-OpenFlow ones;
• Network function virtualization;
• Software-defined data centers.

For more details, check out the workshop description; for other SDN-related materials visit my SDN Resources page.

Another pretty-down-to-Earth OpenFlow use case: service insertion. “Slightly” easier than playing with VLANs or PBR (can you tell how tired I am based on the enormous length of this intro?).

I hope it’s obvious to everyone by now that flow-based forwarding doesn’t work well in existing hardware. Switches designed for large number of flow-like forwarding entries (NEC ProgrammableFlow switches, Enterasys data center switches and a few others) might be an exception, but even they can’t cope with the tremendous flow update rate required by reactive flow setup ideas.

One would expect virtual switches to fare better. Unfortunately that doesn’t seem to be the case.

Network tapping and tap aggregation are obviously the OpenFlow equivalent of the Hello World application – almost every OpenFlow controller vendor has a tap aggregation solution. Does that make sense? Sure – tap aggregation network is outside of the production data path and thus a great candidate for semi-production technology pilots.

For more details, watch the Tap Aggregation Networks video recorded during the Real Life OpenFlow-based SDN Use Cases webinar

You know how hard it is to get the network traffic statistics: interface counters are too coarse, Netflow records are too granular, Sflow is sampling… life is hard for network monitoring Goldilocks.

In the Network Monitoring video (part of Real-Life OpenFlow Use Cases webinar) I explained an interesting alternative: you could get (hardware permitting) traffic counters with ever OpenFlow flow entry, resulting in any granularity you need.

Almost three years ago the OpenFlow/SDN hype exploded and the Open Networking Foundation started promoting the concept of physically separate control and data planes. Let’s see how far its founding members got in the meantime:

The first part of the Real-life OpenFlow Use Cases webinar focused on controller design and implementation choices that can significantly impact the scalability of an OpenFlow solution:

• Proactive versus reactive flow setup;
• Hop-by-hop versus path-based forwarding;
• State explosion with OpenFlow 1.0;

You could tell we had great fun with these topics: we spent more than half an hour on five slides.

A few days ago I described how most OpenFlow data center fabric solutions use out-of-band control plane (separate control-plane network). Can we do something similar when running OpenFlow switch (example: Open vSwitch) in a hypervisor host?

TL&DR answer: Sure we can. Does it make sense? It depends.