Openflow allows for external control of networking devices through the separation of the control plane and forwarding plane. It defines a standardized protocol and API for an external controller to program the forwarding tables of Openflow-enabled switches. The controller installs flow entries into flow tables on switches to determine how packets should be matched and processed. This provides programmability of the network and flexibility in how traffic is routed.

1. INTRODUCTION TO PENFLOW

2. STATEMENT OF PRODUCT DIRECTION
This statement of product direction sets forth Juniper Networks‟
current intention and is subject to change at any time without
notice. No purchases are contingent upon Juniper Networks
delivering any feature or functionality depicted in this
presentation.
2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

3. OPENFLOW – WHAT IS IT?
Openflow compromises an architecture and a protocol
In a traditional networking device, the control processes and
forwarding functionality reside on the network device
penflow
Control Control penflow Controller
Forwarding Forwarding
Traditional Openflow-enabled
In the Openflow architecture, an interface is created on the
network device through which an external control process known
as a „controller‟, is able the program the packet matching and
forwarding operations of the networking device
3 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

4. OPENFLOW – WHAT IS IT?
The Openflow protocol defines
 A standardized API and communication method between the external
controller and Openflow process on the networking device
 The use of „Flow-tables‟ held on the networking device which are
populated by the external controller which are used for matching and
forwarding packets
Openflow Flow-tables contain
 Header Fields – fields against which a packet can be matched
 Counters – statistics reporting capabilities
 Actions – defining how the packet should be treated (forward, drop,
modify)
There is no use of static configuration or cli/xml-based programming
via Openflow, nor does Openflow provide functionality to boot or
maintain the networking device
4 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

5. OPENFLOW 1.0 FLOW TABLE & FIELDS
Ingress Ethernet VLAN IP TCP/UDP
Header Fields Port SA DA Type ID Priority SA DA Proto TOS Src Dst
Classifier Action Statistics
Classifier Action Statistics
Flow Table Classifier Action Statistics
OF1.0 style
…
Classifier Action Statistics
Physical Port
ALL
CONTROLLER
Actions Forward Virtual
LOCAL
Port
TABLE
IN_PORT
Mandatory Action
Drop
Virtual NORMAL Optional Action
Forward
Port FLOOD
Enqueue
Modify Field
5 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Actions

6. OPENFLOW – WHAT IS IT?
Two components
 Openflow controller
 Controls one or more switches
 Computes paths, maintains state, formulates flows and programs
Openflow Switches
 Openflow Switch
 Receives commands (flow entries, queries) from the Openflow
controller in order to populate entries in the flow-table
 Holds the flow-table in volatile memory
Flow-table population can occur in two modes
 Reactive – Flow-table programmed in response to received packet
 Proactive – Flow-table is populated with pre-provisioned entries
6 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

7. MODES OF OPERATION
Reactive – Data plane driven Pro-active – Configuration driven
• Like Static routes & LSPs
 Base principle of flow caching
• Not stored in configuration file
Controller FIB Controller FIB
C
4
Switch FIB Switch FIB
1 2 3 1 2 3
1. Receive packet 1. Receive packet
2. Perform lookup in local FIB 2. Perform lookup in local FIB
3. Hit: forward to port 3. Hit: forward to port
4. Miss: forward to controller 4. Miss: DROP
 Controller inspects packet
 Performs route computation
 C: Inserts new flow entry
7 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

8. OPENFLOW SWITCH / NETWORK DESIGN
Switch Control Plane
Applications Switch Control Plane:
• Logically centralized
OpenFlow Controller
• Physically distributed in one
or more compute devices
• Embedded OF Controller to
OpenFlow communicate with switches
Protocol
penflow switch
penflow switch
penflow switch penflow switch
penflow switch penflow switch
Source: OpenFlow.org
8 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

9. THE ISSUE:
APPLICATIONS DON’T COMMUNICATE WITH THE NETWORK
THE HUMAN WORLD THE NETWORK WORLD
Network Aware Applications: Application Aware Networking:
Applications blindly probe the network Networks spy on traffic to try to
to understand what it can deliver understand applications
 Game ping-stats, Doppler, Geo-  Deep Packet Inspection, Deep
location, whois, proprietary Flow Inspection
codecs, proprietary control
 Approximate application by
channels in VBRB
fingerprinting
 Approximate topology/location
 Service specific overlay topologies
thru:
 Application-based Quality of
 Active/game-based broadcast,
Service profiles
passive derivation
Current approximation techniques are barely sufficient and inefficient
9 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

10. OPENFLOW HELPS BY ENABLING NETWORK
PROGRAMMABILITY FOR COMMUNICATION
APPLICATION NETWORK NETWORK APPLICATION
Applications made better by Networks made better by information
information from network from application
 Understanding of end-device  Bandwidth and resource optimization
capabilities  New service topologies
 Real location / topology  Security identification
 Adjust behavior to real-time usage  Service-specific packet treatment
 Billing granularity
Flexibility of service placement Control of resources from
applications
10 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

11. HOW DO YOU MAKE THIS HAPPEN?
THE APPLICATION WORLD THE APPLICATION WORLD
Real-time topology
understanding
(ALTO, BGP-TE) SI ISV Service Research Enterprise
Partner Partner Provider Institution Customer
Steering traffic through Web Services API
optimal paths
(PCE)
Network Orchestration Across Networks
Programmability
Selecting specific traffic
OpenFlow
BGP-TE
(OpenFlow)
ALTO
Mgmt
PCE
Network APIs
…
Opening more touchpoints
to control: Gateways, billing
collectors, service
appliances, CDN, DPI/IDP
THE NETWORK WORLD THE NETWORK WORLD
11
Programmable Networking is SFW Copyright © 2011 Juniper Networks, Inc. www.juniper.net

12. AN EXAMPLE: BE “IN THE NETWORK”
Weak architecture = one-legged tap dancing Continuous, real-time streaming of surrounding
content, resources, places, people
Where am I? I am here!
And this is
You’re here! around you:
 Active broadcast <access>
 Game broadcast <content>
<capability> <resources>
 Passive <BW>
derivation <places>
<profile> <people>
…
! “Above the topology”
“Visualize the topology”
“Below the topology”
“In the topology”
Low value in navigational coordinates APPLICATION NETWORK
12 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

13. WANT MORE ON OPENFLOW?
Useful URLs:
Open Networking Foundation https://www.opennetworking.org/
Openflow Whitepaper
http://www.openflow.org//documents/openflow-wp-latest.pdf
Openflow protocol
https://www.opennetworking.org/standards/open-flow/50-
openflow
13 Copyright © 2011 Juniper Networks, Inc. www.juniper.net