SlideShare ist ein Scribd-Unternehmen logo
1 von 17
Downloaden Sie, um offline zu lesen
Evaluation of OpenFlow in RB750GL
- RouterOS 6.6 -

2013.11.19
@ttsubo
Motivation
I want to get the OpenFlow s lab in minimum cost .
So, I am so happy what if it works under the experimental version .
Currently RouterOS implements OpenFlow version 1.0.0 required
features. Support for newer versions, optional features and switching
hardware acceleration are to be added. Current implementation should
be considered experimental - NOT production ready and is available
for evaluation purposes. Please contact support with feature requests
and bug reports.
OpenFlow support is available as standalone openflow package.
OpenFlow feature overrides regular packet processing functionality packets that are received on interfaces that are OpenFlow switch ports,
will not pass through the regular networking stack unless OpenFlow
controller sets up flows that enable this. Due to this care must be taken
to not disable access to the device when configuring OpenFlow.
Currently only unencrypted TCP is available as the communications
channel between RouterOS OpenFlow switch and controller.
http://wiki.mikrotik.com/wiki/Manual:OpenFlow
2
Test Scenario1: IP Routing in OpenFlow

3
Test Scenario1: IP Routing in OpenFlow
- ICMP Echo Request from PC-A to PC-B
- ICMP Echo Reply from PC-B to PC-A
OFS

PC-A

OFC

PC-B

Secure
Channel

192.168.0.1

ARP Request
ARP Reply
ICMP_Echo Request

192.168.1.1

Packet-in
Packet-out

Packet-in
Packet-out

Drop!!
ARP Request
ARP Reply

FlowMod

ICMP_Echo Request
ICMP (Echo Reply

ICMP_Echo Request
ICMP (Echo Reply
4
Test Result : No good !!
The OFS doesn t send ARP Packets to OFC
using packet-in messages .
OFS

PC-A

OFC

PC-B

Secure
Channel

192.168.0.1

ARP Request
ARP Reply
ICMP_Echo Request

192.168.1.1

Packet-in
Packet-out

Packet-in
Packet-out

Drop!!
ARP Request
ARP Reply

FlowMod

ICMP_Echo Request
ICMP (Echo Reply

ICMP_Echo Request
ICMP (Echo Reply
5
Investigation of the cause
When the secure channel has established, I ve checked
Features Reply packet as below .
OFS

OFC
Secure
Channel

It looks like Max packets buffered
sets zero value .

Hello
Hello
Features Request

Features Reply
Set Config
Echo Request
Echo Reply
6
Investigation of the cause
Because of Max packets buffered: zero , the OFS doesn t
send Packets to OFC using packt-in messages .
/* Switch features. */	

struct ofp_switch_features {	

struct ofp_header header;	

};	


OpenFlow Switch Specification Version 1.3.2 

7.3 Controller-to-Switch Messages

uint64_t datapath_id;	

uint32_t n_buffers;	

uint8_t n_tables;	

uint8_t auxiliary_id;	

uint8_t pad[2];	

/* Datapath unique ID. The lower 48-bits are for	

a MAC address, while the upper 16-bits are	

implementer-defined. */	

/* Max packets buffered at once. */	

/* Number of tables supported by datapath. */	

/* Identify auxiliary connections */	

/* Align to 64-bits. */	

/* Features. */	

uint32_t capabilities; /* Bitmap of support "ofp_capabilities". */	

uint32_t reserved;	

};	

OFP_ASSERT(sizeof(struct ofp_switch_features) == 32);	

The datapath_id field uniquely identifies a datapath. The lower 48 bits are intended for the switch MAC address, while the
top 16 bits are up to the implementer. An example use of the top 16 bits would be a VLAN ID to distinguish multiple virtual
switch instances on a single physical switch. This field should be treated as an opaque bit string by controllers.	


The n_buffers field specifies the maximum number of packets the switch can buffer
when sending packets to the controller using packet-in messages (see 6.1.2).

Reference : Max packets buffered

7
Test Scenario2: IP Routing in OpenFlow
without Packet-in

8
Test Scenario2: IP Routing in OpenFlow w/o Packet-in

I ve rebuilt Test Scenario1 without Packet-in as below .
OFS

PC-A

OFC

PC-B

Secure
Channel

192.168.0.1

ARP Request

192.168.1.1

Packet-in
Packet-out

PC-A and PC-B has already done
the sequence ARP resolve .

ARP Reply

ICMP_Echo Request
ARP Reply

Packet-in
Packet-out
Packet-out
Packet-out

Drop!!
ARP Request
ARP Reply
ARP Reply

FlowMod

ICMP_Echo Request
ICMP (Echo Reply

ICMP_Echo Request
ICMP (Echo Reply
9
Test Result : No good !!
PC-A hasn t received ICMP_Echo_Reply .
OFS

PC-A

OFC

PC-B

Secure
Channel

192.168.0.1

ARP Reply

192.168.1.1

Packet-out
Packet-out

ARP Reply

FlowMod

ICMP_Echo Request
ICMP (Echo Reply

ICMP_Echo Request
ICMP (Echo Reply

No received !!
10
Investigation of the cause
OFS

PC-A

OFC

PC-B

Secure
Channel

192.168.0.1

ARP Reply

192.168.1.1

Packet-out
Packet-out

ARP Reply

FlowMod

ICMP_Echo Request
[admin@MikroTik] > openflow flow print detail
Flags: I - inactive
0 switch=oflow1 version=1
match="inport:1 dlsrc:7C:C3:A1:87:8F:65 dldst:00:00:00:00:00:01 dltype:0x800
nwdst:192.168.1.1/32"
actions="set_dl_src:00:00:00:00:00:02, set_dl_dst:00:1A:80:0A:9E:D4, output:2"

ICMP_Echo Request

OFC has set to
the FlowMod
in properly

info="priority 255, idletimeout 0, hardtimeout 0, cookie 0, removenotify 1"

!
1 switch=oflow1 version=1
match="inport:2 dlsrc:00:1A:80:0A:9E:D4 dldst:00:00:00:00:00:02 dltype:0x800
nwdst:192.168.0.1/32"
actions="set_dl_src:00:00:00:00:00:01, set_dl_dst:7C:C3:A1:87:8F:65, output:1"
info="priority 255, idletimeout 0, hardtimeout 0, cookie 0, removenotify 1"

11
Investigation of the cause
OFS

PC-A

OFC

PC-B

Secure
Channel

192.168.0.1

192.168.1.1

Packet-out

ARP Reply

Packet-out

ARP Reply

FlowMod

ICMP_Echo Request

ICMP_Echo Request

A Flow statistic hasn t counted up .
So, the FlowEntry doesn t work in properly .
[admin@MikroTik] > openflow flow print stats
Flags: I - inactive
# SWITCH MATCH

BYTES

0 oflow1
1 oflow1

0
0

inpor...
inpor...

PACKETS DURATION
0 3m38s830ms
0 3m38s830ms
12
Investigation of the cause
OFS

PC-A

OFC

PC-B

Secure
Channel

192.168.0.1

ARP Reply

192.168.1.1

Packet-out
Packet-out

ARP Reply

FlowMod

ICMP_Echo Request

ICMP_Echo Request

When PC-B has received
ICMP_Echo_Request from PC-A,
PC-B hasn t sended
ICMP_Echo_Reply

13
Investigation of the cause

This packet is ICMP_Echo_Request
in PC-A

192.168.0.1
(7C:C3:A1:87:8F:65)

OFS

PC-A
192.168.0.10
(00:00:00:00:00:01)

192.168.1.1
(00:1A:80:0A:9E:D4)

The OFS doesn t
replace mac_address
fields in spite of
storing FlowTable .

PC-B

ICMP_Echo Request
14
Investigation of the cause
When the secure channel has established, I ve checked
Features Reply packet as below, again .
OFS

OFC
Secure
Channel

OFS in RouterBOARD can t
replace L2/L3 header field .

Hello
Hello
Features Request

Features Reply
Set Config
Echo Request
Echo Reply
15
Conclusion:
The latest OpenFlow code under the experimental version
doesn t work in properly as below in RB750GL.
I m looking forward to releasing the product version .
OFC
FlowMod
: it works

SecureChannel
: it works
Packet-out
: it works

Packet-in
: it doesn t work
PC-A

PC-B

Flow Table

OFS

Forwarding
: it doesn t work
16
referense : OpenFlow in Open-WRT
It works in Test Scenario1: IP Routing in OpenFlow !!
OFS

PC-A

OFC

PC-B

Secure
Channel

192.168.0.1

ARP Request
ARP Reply
ICMP_Echo Request

192.168.1.1

Packet-in
Packet-out

Packet-in
Packet-out

Drop!!
ARP Request
ARP Reply

FlowMod

ICMP_Echo Request
ICMP (Echo Reply

ICMP_Echo Request
ICMP (Echo Reply
17

Weitere ähnliche Inhalte

Was ist angesagt?

Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration3Anetwork com
 
Design and build a wireless transceiver using nrf24l01p single chip 2.4g hz
Design and build a wireless transceiver using nrf24l01p single chip 2.4g hz Design and build a wireless transceiver using nrf24l01p single chip 2.4g hz
Design and build a wireless transceiver using nrf24l01p single chip 2.4g hz Ehsan Izadi
 
Troubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversTroubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversSatpal Parmar
 
Specializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackSpecializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackKernel TLV
 
使用XMPP進行遠端設備控制
使用XMPP進行遠端設備控制使用XMPP進行遠端設備控制
使用XMPP進行遠端設備控制艾鍗科技
 
用Raspberry Pi 學Linux I2C Driver
用Raspberry Pi 學Linux I2C Driver用Raspberry Pi 學Linux I2C Driver
用Raspberry Pi 學Linux I2C Driver艾鍗科技
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureCyber Security Alliance
 
Cs423 raw sockets_bw
Cs423 raw sockets_bwCs423 raw sockets_bw
Cs423 raw sockets_bwjktjpc
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examplesTeja Bheemanapally
 
Openstack Testbed_ovs_virtualbox_devstack_single node
Openstack Testbed_ovs_virtualbox_devstack_single nodeOpenstack Testbed_ovs_virtualbox_devstack_single node
Openstack Testbed_ovs_virtualbox_devstack_single nodeYongyoon Shin
 
20190521 pwn 101_by_roy
20190521 pwn 101_by_roy20190521 pwn 101_by_roy
20190521 pwn 101_by_royRoy
 
Network Adapter Deep dive
Network Adapter Deep diveNetwork Adapter Deep dive
Network Adapter Deep diveNaoto MATSUMOTO
 

Was ist angesagt? (16)

Linux router
Linux routerLinux router
Linux router
 
Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration
 
Design and build a wireless transceiver using nrf24l01p single chip 2.4g hz
Design and build a wireless transceiver using nrf24l01p single chip 2.4g hz Design and build a wireless transceiver using nrf24l01p single chip 2.4g hz
Design and build a wireless transceiver using nrf24l01p single chip 2.4g hz
 
Troubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversTroubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device Drivers
 
Specializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackSpecializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network Stack
 
使用XMPP進行遠端設備控制
使用XMPP進行遠端設備控制使用XMPP進行遠端設備控制
使用XMPP進行遠端設備控制
 
用Raspberry Pi 學Linux I2C Driver
用Raspberry Pi 學Linux I2C Driver用Raspberry Pi 學Linux I2C Driver
用Raspberry Pi 學Linux I2C Driver
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented feature
 
Cs423 raw sockets_bw
Cs423 raw sockets_bwCs423 raw sockets_bw
Cs423 raw sockets_bw
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setup
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
 
Openstack Testbed_ovs_virtualbox_devstack_single node
Openstack Testbed_ovs_virtualbox_devstack_single nodeOpenstack Testbed_ovs_virtualbox_devstack_single node
Openstack Testbed_ovs_virtualbox_devstack_single node
 
Debugging 2013- Jesper Brouer
Debugging 2013- Jesper BrouerDebugging 2013- Jesper Brouer
Debugging 2013- Jesper Brouer
 
20190521 pwn 101_by_roy
20190521 pwn 101_by_roy20190521 pwn 101_by_roy
20190521 pwn 101_by_roy
 
Proxy arp
Proxy arpProxy arp
Proxy arp
 
Network Adapter Deep dive
Network Adapter Deep diveNetwork Adapter Deep dive
Network Adapter Deep dive
 

Ähnlich wie Evaluation of OpenFlow in RB750GL

Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Andriy Berestovskyy
 
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPPROIDEA
 
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Kentaro Ebisawa
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Open stackdaykorea2016 wedge
Open stackdaykorea2016 wedgeOpen stackdaykorea2016 wedge
Open stackdaykorea2016 wedgeJunho Suh
 
Run Run Trema Test
Run Run Trema TestRun Run Trema Test
Run Run Trema TestHiroshi Ota
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center supportKrunal Shah
 
FPGA based 10G Performance Tester for HW OpenFlow Switch
FPGA based 10G Performance Tester for HW OpenFlow SwitchFPGA based 10G Performance Tester for HW OpenFlow Switch
FPGA based 10G Performance Tester for HW OpenFlow SwitchYutaka Yasuda
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspeChris Westin
 
Technical Overview of QUIC
Technical  Overview of QUICTechnical  Overview of QUIC
Technical Overview of QUICshigeki_ohtsu
 
OpenStack Meetup - SDN
OpenStack Meetup - SDNOpenStack Meetup - SDN
OpenStack Meetup - SDNSzilvia Racz
 
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068  Troubleshooting Catalyst 2K and 3K.pdfBRKRST-3068  Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfssusercbaa33
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packetLinaro
 
Tesla Hacking to FreedomEV
Tesla Hacking to FreedomEVTesla Hacking to FreedomEV
Tesla Hacking to FreedomEVJasper Nuyens
 
Analise NetFlow in Real Time
Analise NetFlow in Real TimeAnalise NetFlow in Real Time
Analise NetFlow in Real TimePiotr Perzyna
 
Dpdk accelerated Ostinato
Dpdk accelerated OstinatoDpdk accelerated Ostinato
Dpdk accelerated Ostinatopstavirs
 

Ähnlich wie Evaluation of OpenFlow in RB750GL (20)

Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)
 
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
 
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet Processing
 
Open stackdaykorea2016 wedge
Open stackdaykorea2016 wedgeOpen stackdaykorea2016 wedge
Open stackdaykorea2016 wedge
 
Run Run Trema Test
Run Run Trema TestRun Run Trema Test
Run Run Trema Test
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
 
FPGA based 10G Performance Tester for HW OpenFlow Switch
FPGA based 10G Performance Tester for HW OpenFlow SwitchFPGA based 10G Performance Tester for HW OpenFlow Switch
FPGA based 10G Performance Tester for HW OpenFlow Switch
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspe
 
Technical Overview of QUIC
Technical  Overview of QUICTechnical  Overview of QUIC
Technical Overview of QUIC
 
Session 2
Session 2Session 2
Session 2
 
OpenStack Meetup - SDN
OpenStack Meetup - SDNOpenStack Meetup - SDN
OpenStack Meetup - SDN
 
Exam viewer2
Exam viewer2Exam viewer2
Exam viewer2
 
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068  Troubleshooting Catalyst 2K and 3K.pdfBRKRST-3068  Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packet
 
Netlink-Optimization.pptx
Netlink-Optimization.pptxNetlink-Optimization.pptx
Netlink-Optimization.pptx
 
Tesla Hacking to FreedomEV
Tesla Hacking to FreedomEVTesla Hacking to FreedomEV
Tesla Hacking to FreedomEV
 
Analise NetFlow in Real Time
Analise NetFlow in Real TimeAnalise NetFlow in Real Time
Analise NetFlow in Real Time
 
Dpdk accelerated Ostinato
Dpdk accelerated OstinatoDpdk accelerated Ostinato
Dpdk accelerated Ostinato
 
Troubleshooting basic networks
Troubleshooting basic networksTroubleshooting basic networks
Troubleshooting basic networks
 

Mehr von Toshiki Tsuboi

GoBGP活用によるSD-WANプラクティス
GoBGP活用によるSD-WANプラクティスGoBGP活用によるSD-WANプラクティス
GoBGP活用によるSD-WANプラクティスToshiki Tsuboi
 
SDNアプローチによるBGP経路監視の提案
SDNアプローチによるBGP経路監視の提案SDNアプローチによるBGP経路監視の提案
SDNアプローチによるBGP経路監視の提案Toshiki Tsuboi
 
BMP活用による SDN時代のオーバレイNW監視手法の提案
BMP活用による SDN時代のオーバレイNW監視手法の提案BMP活用による SDN時代のオーバレイNW監視手法の提案
BMP活用による SDN時代のオーバレイNW監視手法の提案Toshiki Tsuboi
 
SDN Lab環境でのRobotFramework実践活用
SDN Lab環境でのRobotFramework実践活用SDN Lab環境でのRobotFramework実践活用
SDN Lab環境でのRobotFramework実践活用Toshiki Tsuboi
 
BGP/MPLS-VPNのお勉強資料
BGP/MPLS-VPNのお勉強資料BGP/MPLS-VPNのお勉強資料
BGP/MPLS-VPNのお勉強資料Toshiki Tsuboi
 
RyuBGPSpeakerを活用したOpenFlow簡易ルータを試してみた
RyuBGPSpeakerを活用したOpenFlow簡易ルータを試してみたRyuBGPSpeakerを活用したOpenFlow簡易ルータを試してみた
RyuBGPSpeakerを活用したOpenFlow簡易ルータを試してみたToshiki Tsuboi
 
Technical report for IPv6 Routing w/ bgp4+ (part2)
Technical report for IPv6 Routing w/ bgp4+ (part2)Technical report for IPv6 Routing w/ bgp4+ (part2)
Technical report for IPv6 Routing w/ bgp4+ (part2)Toshiki Tsuboi
 
Technical report for IPv6 Routing w/ bgp4+
Technical report for IPv6 Routing w/ bgp4+Technical report for IPv6 Routing w/ bgp4+
Technical report for IPv6 Routing w/ bgp4+Toshiki Tsuboi
 
InterAS MPLS-VPN with RyuBgp
InterAS MPLS-VPN with RyuBgpInterAS MPLS-VPN with RyuBgp
InterAS MPLS-VPN with RyuBgpToshiki Tsuboi
 
OpenFlow in Raspberry Pi
OpenFlow in Raspberry PiOpenFlow in Raspberry Pi
OpenFlow in Raspberry PiToshiki Tsuboi
 
RouterBOARD with OpenFlow
RouterBOARD with OpenFlowRouterBOARD with OpenFlow
RouterBOARD with OpenFlowToshiki Tsuboi
 
Echo server implementation for Python
Echo server implementation for PythonEcho server implementation for Python
Echo server implementation for PythonToshiki Tsuboi
 
OpenStack with OpenFlow
OpenStack with OpenFlowOpenStack with OpenFlow
OpenStack with OpenFlowToshiki Tsuboi
 

Mehr von Toshiki Tsuboi (15)

GoBGP活用によるSD-WANプラクティス
GoBGP活用によるSD-WANプラクティスGoBGP活用によるSD-WANプラクティス
GoBGP活用によるSD-WANプラクティス
 
SDNアプローチによるBGP経路監視の提案
SDNアプローチによるBGP経路監視の提案SDNアプローチによるBGP経路監視の提案
SDNアプローチによるBGP経路監視の提案
 
BMP活用による SDN時代のオーバレイNW監視手法の提案
BMP活用による SDN時代のオーバレイNW監視手法の提案BMP活用による SDN時代のオーバレイNW監視手法の提案
BMP活用による SDN時代のオーバレイNW監視手法の提案
 
SDN Lab環境でのRobotFramework実践活用
SDN Lab環境でのRobotFramework実践活用SDN Lab環境でのRobotFramework実践活用
SDN Lab環境でのRobotFramework実践活用
 
BGP/MPLS-VPNのお勉強資料
BGP/MPLS-VPNのお勉強資料BGP/MPLS-VPNのお勉強資料
BGP/MPLS-VPNのお勉強資料
 
RyuBGPSpeakerを活用したOpenFlow簡易ルータを試してみた
RyuBGPSpeakerを活用したOpenFlow簡易ルータを試してみたRyuBGPSpeakerを活用したOpenFlow簡易ルータを試してみた
RyuBGPSpeakerを活用したOpenFlow簡易ルータを試してみた
 
Technical report for IPv6 Routing w/ bgp4+ (part2)
Technical report for IPv6 Routing w/ bgp4+ (part2)Technical report for IPv6 Routing w/ bgp4+ (part2)
Technical report for IPv6 Routing w/ bgp4+ (part2)
 
Technical report for IPv6 Routing w/ bgp4+
Technical report for IPv6 Routing w/ bgp4+Technical report for IPv6 Routing w/ bgp4+
Technical report for IPv6 Routing w/ bgp4+
 
InterAS MPLS-VPN with RyuBgp
InterAS MPLS-VPN with RyuBgpInterAS MPLS-VPN with RyuBgp
InterAS MPLS-VPN with RyuBgp
 
OpenFlow in Raspberry Pi
OpenFlow in Raspberry PiOpenFlow in Raspberry Pi
OpenFlow in Raspberry Pi
 
RouterBOARD with OpenFlow
RouterBOARD with OpenFlowRouterBOARD with OpenFlow
RouterBOARD with OpenFlow
 
Echo server implementation for Python
Echo server implementation for PythonEcho server implementation for Python
Echo server implementation for Python
 
OpenStack with OpenFlow
OpenStack with OpenFlowOpenStack with OpenFlow
OpenStack with OpenFlow
 
OpenFlow Group Table
OpenFlow Group TableOpenFlow Group Table
OpenFlow Group Table
 
TremaDay #2
TremaDay #2TremaDay #2
TremaDay #2
 

Kürzlich hochgeladen

ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 

Kürzlich hochgeladen (20)

ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 

Evaluation of OpenFlow in RB750GL

  • 1. Evaluation of OpenFlow in RB750GL - RouterOS 6.6 - 2013.11.19 @ttsubo
  • 2. Motivation I want to get the OpenFlow s lab in minimum cost . So, I am so happy what if it works under the experimental version . Currently RouterOS implements OpenFlow version 1.0.0 required features. Support for newer versions, optional features and switching hardware acceleration are to be added. Current implementation should be considered experimental - NOT production ready and is available for evaluation purposes. Please contact support with feature requests and bug reports. OpenFlow support is available as standalone openflow package. OpenFlow feature overrides regular packet processing functionality packets that are received on interfaces that are OpenFlow switch ports, will not pass through the regular networking stack unless OpenFlow controller sets up flows that enable this. Due to this care must be taken to not disable access to the device when configuring OpenFlow. Currently only unencrypted TCP is available as the communications channel between RouterOS OpenFlow switch and controller. http://wiki.mikrotik.com/wiki/Manual:OpenFlow 2
  • 3. Test Scenario1: IP Routing in OpenFlow 3
  • 4. Test Scenario1: IP Routing in OpenFlow - ICMP Echo Request from PC-A to PC-B - ICMP Echo Reply from PC-B to PC-A OFS PC-A OFC PC-B Secure Channel 192.168.0.1 ARP Request ARP Reply ICMP_Echo Request 192.168.1.1 Packet-in Packet-out Packet-in Packet-out Drop!! ARP Request ARP Reply FlowMod ICMP_Echo Request ICMP (Echo Reply ICMP_Echo Request ICMP (Echo Reply 4
  • 5. Test Result : No good !! The OFS doesn t send ARP Packets to OFC using packet-in messages . OFS PC-A OFC PC-B Secure Channel 192.168.0.1 ARP Request ARP Reply ICMP_Echo Request 192.168.1.1 Packet-in Packet-out Packet-in Packet-out Drop!! ARP Request ARP Reply FlowMod ICMP_Echo Request ICMP (Echo Reply ICMP_Echo Request ICMP (Echo Reply 5
  • 6. Investigation of the cause When the secure channel has established, I ve checked Features Reply packet as below . OFS OFC Secure Channel It looks like Max packets buffered sets zero value . Hello Hello Features Request Features Reply Set Config Echo Request Echo Reply 6
  • 7. Investigation of the cause Because of Max packets buffered: zero , the OFS doesn t send Packets to OFC using packt-in messages . /* Switch features. */ struct ofp_switch_features { struct ofp_header header; }; OpenFlow Switch Specification Version 1.3.2 7.3 Controller-to-Switch Messages uint64_t datapath_id; uint32_t n_buffers; uint8_t n_tables; uint8_t auxiliary_id; uint8_t pad[2]; /* Datapath unique ID. The lower 48-bits are for a MAC address, while the upper 16-bits are implementer-defined. */ /* Max packets buffered at once. */ /* Number of tables supported by datapath. */ /* Identify auxiliary connections */ /* Align to 64-bits. */ /* Features. */ uint32_t capabilities; /* Bitmap of support "ofp_capabilities". */ uint32_t reserved; }; OFP_ASSERT(sizeof(struct ofp_switch_features) == 32); The datapath_id field uniquely identifies a datapath. The lower 48 bits are intended for the switch MAC address, while the top 16 bits are up to the implementer. An example use of the top 16 bits would be a VLAN ID to distinguish multiple virtual switch instances on a single physical switch. This field should be treated as an opaque bit string by controllers. The n_buffers field specifies the maximum number of packets the switch can buffer when sending packets to the controller using packet-in messages (see 6.1.2). Reference : Max packets buffered 7
  • 8. Test Scenario2: IP Routing in OpenFlow without Packet-in 8
  • 9. Test Scenario2: IP Routing in OpenFlow w/o Packet-in I ve rebuilt Test Scenario1 without Packet-in as below . OFS PC-A OFC PC-B Secure Channel 192.168.0.1 ARP Request 192.168.1.1 Packet-in Packet-out PC-A and PC-B has already done the sequence ARP resolve . ARP Reply ICMP_Echo Request ARP Reply Packet-in Packet-out Packet-out Packet-out Drop!! ARP Request ARP Reply ARP Reply FlowMod ICMP_Echo Request ICMP (Echo Reply ICMP_Echo Request ICMP (Echo Reply 9
  • 10. Test Result : No good !! PC-A hasn t received ICMP_Echo_Reply . OFS PC-A OFC PC-B Secure Channel 192.168.0.1 ARP Reply 192.168.1.1 Packet-out Packet-out ARP Reply FlowMod ICMP_Echo Request ICMP (Echo Reply ICMP_Echo Request ICMP (Echo Reply No received !! 10
  • 11. Investigation of the cause OFS PC-A OFC PC-B Secure Channel 192.168.0.1 ARP Reply 192.168.1.1 Packet-out Packet-out ARP Reply FlowMod ICMP_Echo Request [admin@MikroTik] > openflow flow print detail Flags: I - inactive 0 switch=oflow1 version=1 match="inport:1 dlsrc:7C:C3:A1:87:8F:65 dldst:00:00:00:00:00:01 dltype:0x800 nwdst:192.168.1.1/32" actions="set_dl_src:00:00:00:00:00:02, set_dl_dst:00:1A:80:0A:9E:D4, output:2" ICMP_Echo Request OFC has set to the FlowMod in properly info="priority 255, idletimeout 0, hardtimeout 0, cookie 0, removenotify 1" ! 1 switch=oflow1 version=1 match="inport:2 dlsrc:00:1A:80:0A:9E:D4 dldst:00:00:00:00:00:02 dltype:0x800 nwdst:192.168.0.1/32" actions="set_dl_src:00:00:00:00:00:01, set_dl_dst:7C:C3:A1:87:8F:65, output:1" info="priority 255, idletimeout 0, hardtimeout 0, cookie 0, removenotify 1" 11
  • 12. Investigation of the cause OFS PC-A OFC PC-B Secure Channel 192.168.0.1 192.168.1.1 Packet-out ARP Reply Packet-out ARP Reply FlowMod ICMP_Echo Request ICMP_Echo Request A Flow statistic hasn t counted up . So, the FlowEntry doesn t work in properly . [admin@MikroTik] > openflow flow print stats Flags: I - inactive # SWITCH MATCH BYTES 0 oflow1 1 oflow1 0 0 inpor... inpor... PACKETS DURATION 0 3m38s830ms 0 3m38s830ms 12
  • 13. Investigation of the cause OFS PC-A OFC PC-B Secure Channel 192.168.0.1 ARP Reply 192.168.1.1 Packet-out Packet-out ARP Reply FlowMod ICMP_Echo Request ICMP_Echo Request When PC-B has received ICMP_Echo_Request from PC-A, PC-B hasn t sended ICMP_Echo_Reply 13
  • 14. Investigation of the cause This packet is ICMP_Echo_Request in PC-A 192.168.0.1 (7C:C3:A1:87:8F:65) OFS PC-A 192.168.0.10 (00:00:00:00:00:01) 192.168.1.1 (00:1A:80:0A:9E:D4) The OFS doesn t replace mac_address fields in spite of storing FlowTable . PC-B ICMP_Echo Request 14
  • 15. Investigation of the cause When the secure channel has established, I ve checked Features Reply packet as below, again . OFS OFC Secure Channel OFS in RouterBOARD can t replace L2/L3 header field . Hello Hello Features Request Features Reply Set Config Echo Request Echo Reply 15
  • 16. Conclusion: The latest OpenFlow code under the experimental version doesn t work in properly as below in RB750GL. I m looking forward to releasing the product version . OFC FlowMod : it works SecureChannel : it works Packet-out : it works Packet-in : it doesn t work PC-A PC-B Flow Table OFS Forwarding : it doesn t work 16
  • 17. referense : OpenFlow in Open-WRT It works in Test Scenario1: IP Routing in OpenFlow !! OFS PC-A OFC PC-B Secure Channel 192.168.0.1 ARP Request ARP Reply ICMP_Echo Request 192.168.1.1 Packet-in Packet-out Packet-in Packet-out Drop!! ARP Request ARP Reply FlowMod ICMP_Echo Request ICMP (Echo Reply ICMP_Echo Request ICMP (Echo Reply 17