amlight’sopenflow sniffer dissectedamlight.net/wp-content/uploads/2015/03/wpeif-2016... · sdn-ip...
TRANSCRIPT
![Page 1: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/1.jpg)
JeronimoBezerra,JulioIbarraFloridaInternationalUniversity{jbezerra,julio}@amlight.net
VIIWorkshopPesquisa ExperimentaldaInternetdoFuturo (WPEIF)
June3rd 2016
AmLight’s OpenFlow Snifferdissected:Troubleshootingproductionnetworks
Humberto Galiza,MarcosSchwarzRede Nacional deEnsino ePesquisa
{humberto.galiza,marcos.schwarz}@rnp.br
![Page 2: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/2.jpg)
Outline
• Context• Motivation• Features• Outputs• Roadmap
2
![Page 3: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/3.jpg)
ContextAmLight isaDistributedAcademicExchangePoint
• Production SDNInfrastructure(sinceAug2014)• ConnectsAMPATHandSouthernLightGOLES- GLIFOpen
Lightpath Exchanges• CarriesAcademicandNon-Academictraffic
– L2VPN,IPv4,IPv6,Multicast• SupportsNetworkVirtualization/Slicing
– Openflow1.0– FlowSpaceFirewallforNetworkVirtualization/Slicing– OESSforL2VPNs– NSIenabled
• IncludingAMPATHandSouthernLight– Currently5slicesforexperimentation(includingONOSSDN-IP)
3
![Page 4: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/4.jpg)
Context(2)
4
NSI
AmLight’sNRENs
FIBRESDN-IPONOS
SouthernLightAmpath2
Virtualization/Slices (FlowSpace Firewall)
Ampath1Andes1
Phys
ical L
ayer
Sout
hbou
nd A
PI:
Open
Flow
1.0
North
boun
d:Us
ers’
APIs
NOX
IDCP
Other NRENs
NOX
OpenNSA
OESS
OSCARS
OESS
Andes2
Univ.Twente
ONOS Internet2
Other Testbeds
![Page 5: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/5.jpg)
Motivation
• AstroubleshootingSDNisstillcomplex,afewtoolsarebeingdevelopedatAmLight:– Testbed Sanitizer– AnOpenFlow Sniffer– Amulti-sliceSDNTraceroute– Integrationtools:Zabbix NMSw/OESS andFSFW
• WhyanewOpenFlow sniffer?– Wireshark requiresXorcapture/sendanddissectorforOF
• OF1.0:<50%dissected
– TsharkusesWiresharkdissectors– Thereareothertools,buttheyarenotspecificforrealtimeand
commandlineOpenFlow troubleshooting(lackofOpenFlow filters)5
![Page 6: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/6.jpg)
Features
• OpenFlow 1.0support• Completelypassive/libpcap• RunsonLinuxshell– NoneedforXWindows
• Colorsimportantuserfields• Easytoinstall(installpython-pcapy &&git clone)• SupportsOpenFlow typefilteringusingaJSONfile• ConvertsFlowMods toOVS-OFCTLcommands– Help“reproduce”someproblems
• ApacheLicense• https://github.com/jab1982/ofp_sniffer 6
![Page 7: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/7.jpg)
Outputs(1/2)
7
![Page 8: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/8.jpg)
Outputs(2/2)
8
![Page 9: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/9.jpg)
HandlingNetworkVirtualization(1/2)
• SupportingNetworkTestbeds isanewtrend– Butcreatesanotherlayer
• Applicationsdon’ttalktoOFswitchesdirectly– Virtualizationlayerinterfacesbothentities
• NetworkSniffersdon’tseetheend-to-endflow:– OritseesOFswitchtalkingtoVirtualization
Layer– OritseesVirtualizationLayertalkingto
Application
• OpenFlowmessagesdon’tidentifytheOFswitch:– HowtoassociateOFswitchtoApplication?
• SpeciallyforOFP_ERRORmessages? 9
![Page 10: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/10.jpg)
10
HandlingNetworkVirtualization(2/2)
![Page 11: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/11.jpg)
11
HandlingNetworkVirtualization(2/2)
![Page 12: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/12.jpg)
Roadmap
• Version0.3– ByJune2016– FullOF1.3 (.5)support– ReadfromLibpcap files– Betterdocumentation– Bettercodeorganization– Supportforvirtualization– Interfaceforextrafiltersè
• Version0.4- ?– FullNICIRA/OVSsupport– SSL/TLSsupport– TrafficProfile?– Suggestions??
12
![Page 13: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/13.jpg)
UseCases• Teaching/Learning:
– Greattooltoteach/learnSDNandOpenFlow– EasytoseeallOpenFlowmessagesandfields
• Coding:– Greatwaytoseeifyourcontroller(Ryu,POX,ONOS)issendingthe
OpenFlowmessagethewayyouexpect– Example:MalformedOFmessagesarenotsendbyRyu andnoalarmis
generated
• andTroubleshooting:– SDNnetworksareveryhardtodebug:lackoftools,protocolsandlogs– MostOFswitchagentsareinabetadeploymentphase
• Moreinformation:– www.sdn.amlight.net– Papers,Presentations,Videos,etc.
13
![Page 14: AmLight’sOpenFlow Sniffer dissectedamlight.net/wp-content/uploads/2015/03/WPEIF-2016... · SDN-IP FIBRE ONOS Ampath2 SouthernLight Virtualization/Slices (FlowSpace Firewall) Andes1](https://reader035.vdocumento.com/reader035/viewer/2022062602/5ec9e8ca910d163d675d4cf8/html5/thumbnails/14.jpg)
JeronimoBezerra,JulioIbarraFlorida InternationalUniversity{jbezerra,julio}@amlight.net
VIIWorkshopPesquisa ExperimentaldaInternetdoFuturo (WPEIF)
June3rd 2016
AmLight’s OpenFlow Snifferdissected:Troubleshootingproductionnetworks
Humberto Galiza,MarcosSchwarzRede Nacional deEnsino ePesquisa
{humberto.galiza,marcos.schwarz}@rnp.br
Questions?