Child pages
  • Meeting Notes Dec. 5, 2013
Skip to end of metadata
Go to start of metadata

WG-SDN call notes 12/5/2013
Dan Schmiedt,
Michael Van Norman,
kevin mayeshiro -
Agenda items:
1) Agenda Bash
   Bill Snow, point out new open source BGP implementation:
2) Overview of flowspace firewall and other AL2S futures; Ed Balas
Context, Eric Boyd: I2 has had on roadmap a goal to be able to support network research and production applications via network virtualization.  Much great work and inspiration from ON.Lab and GENI.  Goal is to expand AL2S service, expand functionality to allow people to "grab" slices of the network without interfering with others.
FlowSpace firewall first demoed at GLIF meeting and at last GEC.  There will be a community engagement process before rollout; we are now just in the beginning stages.
GEC18 slides:
How this will be implemented is not entirely determined.  Will start here with a technical discussion and will continue the discussion in two weeks.
Ed Balas: historically, such things have been implemented via FlowVisor.  Need to be able to have L2 flow-spaces that were non-overlapping.  Need rate limits in place to ensure not overloading control plane.  Intend to use flowvisor for L3, but not reasonable at L2, which is where FSFW fits in.  FSFW based on floodlight and operates only via vlan tags.
Now looking to verify that policies and procedures are in place to allow FSFW to be able to be implemented.
John Moore: is FSFW deployed at scale?  Yes, at scale, but not with production traffic.
Ed Balas, continuing:  There will be a webinar in two weeks to show more details.  Also need to make sure integrate with FOAM and other GENI environments.  FSFW sits between OESS and switches. Protocol proxy - feature dependency for customers at the end points? 
Akbar: what kind of development resources?  Ed: same team that built OESS, same processes.
Deniz: What about those that do not want to participate it?  Eric Boyd: it is transparent if you do not want to use it.
Daryl: what are OF sets and matches that will be supported?  Ed: Per switch per port per vlan tag basis.  Match and set options will be robust.  Future goal would be that various OF applications could share infrastructure as "ships in the night." Hopeful that in next year switches will support simultaneious L2 and L3 matching.
John Moore:  Who will be authoring rules?  Ed: central operations staff, but with much community involvement in laying out the policy/process.  Will start with a strawman to figure out what is missing or is not quite right.
Example: firewall config example
<switch name="foo" dpid="5" flush_rules_on_connect="false" />!
<switch name="foo1" dpid="2" flush_rules_on_connect="false" />!
<switch name="foo2" dpid="3" flush_rules_on_connect="false" />!
<switch name="foo3" dpid="4" flush_rules_on_connect="false" />!
<slice name="OESS1”>!
<switch name="foo" max_flows="10" flow_rate="1">!
<port name="s5-eth1">!
! <range start="1" end="2000"/>!
<port name="s5-eth2">!
<range start="1" end="2000" />!
<controller ip_address="" ssl="false" port="6633" />!
Daryl: one problem space is that this kind of change to the operating environment on AL2s is that it could expose switches to different flow spaces than they may have been previoulsy exposed.  
Ed: there will be interop testing before application deployment. Any new application should be interoperable with the OESS AND FSFW in the interop lab before it is deployed.
Eric: can use NDDI NEC switches as at-scale test-bed and Brocade/Jumipers as production environment.  Note that there are not yet any best proactices; we will need to learn/build these as a community.
Ed: main goal is to provide a production-grade, stable envoironment.
Deniz:  What about non-OF capable DYNES sites?  Plans to upgrade those?  Ed: that is a good question for Eric, who had to leave.
Daryl: motivations for participation beyond traditional methods (eg, DYNES) will increase over time.  
Operational constraints, testing process, etc requires some baseline intellectual property exposure to SDN, OpenFlow, AL2S, etc - otherwise, the testing to deployment process may not be streamlined... Or, there may not be any application submissions either...?
Barrier to entry to AL2S: how many people? How hard is it?
Innovative application awards
Application example: routing - on top of AL2S, or how else? Demand?
Innovation: control plane is centralized, how to enable more applications to be deployed and experimented
Bill Snow: a new open source BGP in github
SDNIP buiklt on top of ONOS.  Distributed controller that is focused in operator/carrier environments: much scale and performance.  Continuing to develop code base.  
Deniz: mofre details?  Bill Snow: looks like a route server.  Added interface that allows to pull RIB into to controller to determine how to program flow tables.  So it's RIB -> Flow table conversion.  Could get developer on a future call to discuss in more detail.
3) OpenContrail; discussion: released a yearand a half ago. Was bought by Juniper and is now available.  Deniz has just started working with it.
Netguru to be held at NANOG 60 in Atlanta, GA; February 10-12, More details to come later.
4) HP's new app store and controller; discussion
5) OpenDaylight release is likely slipping past 12/9 release date, likely january release date.  Much focus on openstack now.
Tunnel per tenant - fully meshed tunnel
Key, VNI - tag: overlay, OpenStack Neutron
Nick Bastin at GEC18:
Edge-level entry is more feasible to insert policies
6) ACCTON broadcom-based ToR switch, white box switches, up to OF 1.3
Trident II based

  • No labels