onePK is an easy-to-use toolkit for development, automation, rapid service creation and more. It enables you to access the valuable data inside your network via easy-to-use APIs. Build or extend applications across your routers and switches, to servers and new business platforms. Automate current services or create new ones on demand, when and where you need them and faster than ever. onePK makes your network more powerful and flexible while giving you the control you need. http://ebrahma.com

1. Cisco Open Network Environment Webinar
Series
An Introduction to OpenFlow:
February 2013
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

2. Industry’s Most Comprehensive Networking Portfolio
Hardware + Software Physical + Virtual Network + Compute
Applications
Platform Network
APIs Overlays
a
Controllers
and Agents
“OpenFlow”
www.cisco.com/go/one
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

3. An Introduction to OpenFlow
Early Perspectives: Indiana University & NTT communications
OpenFlow @Cisco
Q&A
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

4. David Ward Matt Davy Yuichi Ikejiri
CTO, Cisco Engineering (Former) Executive Director, Technology
and Chief Architect Director, InCNTRE and Department, Network
Chief Network Architect, Services Division
Chair, Technology Indiana University
Advisory Group – Open NTT Communications
Networking Foundation Corporation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

5. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

6. Board of
Board of Technical
Technical
Directors
Directors Advisory Group
Advisory Group
Chairs Council of Chairs
Council
Council Executive
Executive
of Chairs
of Chairs Director
Director
Market
Market
Technical
Technical Technical
Technical Regional
Regional
Education
Education
Working Group
Working Group Working Group
Working Group Activities
Activities
Activities
Activities
Source: www.opennetworking.org – January 2013
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

7. Architecture
Architecture
and
and Configuration Security
Extensibility Framework Configuration
Extensibility Framework and
and
Management
Management
Forwarding
Forwarding
Abstractions
Migration
Abstractions
Market and
Market and
Education
Education
Testing and
Testing and
Hybrid
Hybrid Interoperability
Interoperability Transport
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

8. 802.1 Overlay Networking Projects
SDN WG
Open Network Research
Center at Stanford University
Technical Advisory
Group, Working Groups:
Config, Extensibility,
Futures/FPMOD/OF2.0
Initiatives:
Quantum (Folsom release)
Open Source Cloud
Donabe
Computing project
Overlay Working Groups:
NVO3, L2VPN, TRILL, L3VPN, LISP, PWE3
API Working Groups/BOFs
NETCONF, ALTO, CDNI, XMPP, SDNP, I2AEX
Controller Working Groups:
PCE, FORCES
ETSI SGI on “Network Protocol Working Groups:
Function Virtualization” IDR, IS-IS, OSPF, MPLS, CCAMP, BFD
New working group:
I2RS – Interface to the Routing System
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

9. OpenFlow Approach
OpenFlow Approach
Applications
“Northbound Interface”
APIs
Controller
Controller
“Southbound Interface”
OpenFlow OpenFlow
Configuration Protocol Protocol
Data Plane
Data Plane
Simpler Provisioning, Topology Abstraction
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

10. • OpenFlow Components OpenFlow OpenFlow Config.
OpenFlow OpenFlow Config.
Application Layer Protocol: OF-Protocol Controller
Controller Point
Point
Device Model: OF-Device Model (abstraction of a device OpenFlow
with Ethernet interfaces and a set of forwarding capabilities) Protocol OF-CONFIG
Transport Protocol: Connection between
OF-Controller and OF-Device*
Group
Group
• Observation Data Plane
Data Plane Table
Table
OF-Controller and OF-Device need
pre-established IP-connectivity
Flow
Flow Flow
Flow
Table
Table Table
Table
* TLS, TCP – OF 1.3.0 introduces auxiliary connections, Pipeline
which can use TCP, TLS, DTLS, or UDP
OpenFlow Switch
Source: OpenFlow 1.3.0 specification, figure 1
10
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

11. OpenFlow
OpenFlow OpenFlow
OpenFlow OpenFlow
OpenFlow
Configuration Point(s)
Configuration Point(s) Controller(s)
Controller(s) Controller(s)
Controller(s)
OF-Config OpenFlow OpenFlow
OpenFlow Capable Switch
OpenFlow Capable Switch
OF Logical Switch
OF Logical Switch OF Logical Switch
OF Logical Switch
OF
OF OF
OF OF
OF OF
OF
Resources
Resources Resources
Resources Resources
Resources Resources
Resources
(e.g. Port)
(e.g. Port) (e.g. Port)
(e.g. Port) (e.g. Port)
(e.g. Port) (e.g. Port)
(e.g. Port)
Figure 2: Relationship between components defined is this specification, the OF-CONFIG protocol and the OpenFlow protocol
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

12. • Single table • IPv6
• L2, IPv4 focused • Flexible TLV matching
matching • Multiple controllers • Bug fixes
DEC 2009 FEB 2011 DEC 2011 APR 2012 JUN 2012 SEP 2012
OF 1.0 OF 1.1 OF 1.2 OF 1.3.0 OF 1.0.1 OF 1.3.1
• Multiple Tables • 802.1ah PBB • Bug fixes
• MPLS, VLAN matching • Multiple parallel channels
• Groups: {Any-,Multi-}cast between switch and
• ECMP controller
“Working code before new standards”
“ONF should not anoint a single reference implementation but
instead encourage open-source implementations”; ONF board
encourages multiple reference implementations
OpenFlow 1.0.X : no work planned
OpenFlow 1.3.X: long term support
OpenFlow 1.4: extensibility, incremental improvements
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

13. • Configuration and
• Consolidation of ver 1.1
management protocol
• Fixing small inconsistencies
for OpenFlow switches
JAN 2012 MAY 2012 JAN 2013 PROPOSED
OF Config v1.0 OF Config v1.1 OF Config v1.1.1 OF Config v1.2
• Capability discovery Under discussion, candidates include:
• Tunnel configuration •Assigning resources to logical
• Error handling switches
•Simple topology detection
•Event notification
Discussions led by the ONF
Configuration and
Management Working Group
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

14. Packet in
Packet in
Start at Table 0
Start at Table 0
Yes
Yes
Main in Goto-Table
Main in
Table n? Update Counters Execute
Update Counters Execute
Goto-Table
n?
Table n? n?
Instructions:
Instructions:
•Updated action set
•Updated action set
No •Updated packet/match set fields
•Updated packet/match set fields
•Update metadata No
•Update metadata
Table-miss Yes Execute Action
Table-miss
Flow Entry
Execute Action
Flow Entry
Exits?
Set
Set
Exits?
No
Drop Packet
Drop Packet
Figure 3: Flowchart detailing packet flow through an OpenFlow switch
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

15. OpenFlow Capable Switch
OpenFlow Capable Switch
Packet +
Ingress
Ingress Port +
Packet In Port Metadata Packet
Execute
Execute Packet Out
Table
Table Table
Table Table
Table Action
00 11 n Action
Action Action n Action Set
Set = Set Set
Set
{}
(a) Packets Are Matched Against Multiple Tables in the Pipeline
• (1.3.X) introduces per flow meters, IPv6 extension header
{Any,Multi}cast (1.1) handling, flexible table miss support, enhanced/refactored
ECMP (1.1) capability negotiation, multipart requests, MPLS BoS matching,
push/pop for PBB, tunnel-ID meta-data, cookies for packet_in
MPLS (1.1, note push/pop, .1q) messages, augmented flow table entry (adds cookie), among
others
IPv6 (1.2) • Configuration Protocol under co-development
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

16. Examples of Ongoing Work
• Hardware friendly switch model negotiations (“typed tables”) (→ Forwarding Abstractions WG)
• Configuration Management (→ OF Config WG)
• Security model (granular access control) (→ Architecture and Framework WG)
• HA-model for device and controller (state re-sync etc.),
Controller peering (→ Architecture & Framework WG)
• Integration with Existing Networks; Integrate SDN Controllers and SDN Control Plane capabilities
in Network Devices (formerly covered by “Hybrid WG”) (→ Architecture and Framework WG)
• OF Protocol Extensibility (→ Extensibility WG)
• …
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

17. Early Perspectives: Indiana
University & NTT
communications
© 2011 Cisco and/or its affiliates. All rights reserved. 17

18. Indiana University
© 2011 Cisco and/or its affiliates. All rights reserved. 18

19. Interoperability Testing

20. Network Slicing Use Case
Internet
Dynamic Scalable, Flexible
Control L4–7 Service
via SDN Insertion
Layer-3
Fabric
Virtualized,
Unified
Access Layer
Building A
Building A Building B
Building B

21. NTT
© 2011 Cisco and/or its affiliates. All rights reserved. 21

22. NTT Communications Whole picture of the Cloud Vision
<NTT Communications Group> <Partners>
Consulting
and others Consulting/Individual Applications Partnering Consulting firm/
Application Vendor
Security Managed Security Services
SaaS Mail, Desktop, VoIP etc. Partnering
Hybrid Cloud SaaS Vendor
Global Total Management
Integrated
OSS Control Portal
/Visualization
Partnering
Cloud Hybrid Cloud
Controller
PaaS Other Cloud
/ Private Cloud Provide Public Cloud Hybrid
IaaS Hybrid Cloud Cloud
Direct Access to Cloud
Direct Access to Cloud
Network Customer’s
Virtualized Controller System
Network
Virtualized Network
Data
Center Data Center
Physical
Network Ａｒｃｓｔａｒ Ｕｎｉｖｅｒｓａｌ Ｏｎｅ
Access
Multi network/ PC, One-Stop Operation
Network/
Terminals Smartphone, Tablet PC, etc.
Global ICT Partner
Innovative. Reliable. Seamless.
Copyright © 2012 NTT Communications Corporation and/or its affiliates. All right reserved. 22

23. Expected expansion of application of OpenFlow/SDN technology
Data Center
Network Virtualization
Network Virtualization
OAM
Expand
OAM
Function
Function
DC-VPN Interconnection
DC-VPN Interconnection
Network Edge
Network Edge
Global ICT Partner
Innovative. Reliable. Seamless.
23 Copyright © 2012 NTT Communications Corporation and/or its affiliates. All right reserved.

24. OpenFlow@Cisco
© 2011 Cisco and/or its affiliates. All rights reserved. 24

25. 2Q13
2Q13
Cisco Apps
Cisco Apps Customer Apps
Customer Apps ISV Apps
ISV Apps Open Src Apps
Open Src Apps
More
Published APIs
REST JAVA
Coming for Popular Languages and
Software (Eg: OpenStack)
Cisco Advanced Functions
Cisco Advanced Functions
Modular Architecture
Allows Rapid Adoption of Evolving
Core Functionality
Core Functionality Controller Functionality While
Minimizing Operational Disruption
More
onePK OpenFlow Coming
Extensible Protocol Support
Ensures Continuous Adoption
of Emerging Standards
Network
Infrastructure
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

26. Previously Announced
Previously Announced Phase 2 Apps
Phase 2 Apps
Network Slicing Network Tapping Custom Forwarding
Dynamic network partitioning Ability to monitor, analyze, Using unique parameters
of the network using logical and debug network flows such as low latency to
associations provided using conventional network program specific forwarding
by ONE Controllers switches rules across the network
centralized view
All Controller Apps Are in Customer PoC
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26

27. Platform APIs Controller/Agents Overlay Networks
onePK Platforms ONE Controller 1H13
1H13 CSR 1000V 1Q13
1Q13
•ISR G2 1H13
1H13
OpenFlow Agents Nexus 1000V Updates
•ASR 1000 1H13 •N1KV Hyper-V 1H13
1H13
•Catalyst 3000* 1H13
•ASR 9000* •N1KV KVM*
•Nexus 3000 1H13 •Catalyst 6500* •VXLAN Gateway 1H13
1H13 1H13
•Nexus 7000* •Nexus 3000 1H13
1H13 •Service Chaining (w/
•Nexus 7000* vPath)
•ASR 9000* Cisco Edition of
OpenStack
N1KV InterCloud 2Q13
2Q13
Virtual NAM (vNAM)*
© 2011 Cisco and/or its affiliates. All rights reserved.
*Customer PoC: on-going or in 1H13 Cisco Confidential 27

28. Application Framework //Controller
Application Framework Controller
Agent Communication Component
Agent Communication Component
Solution Defined Protocol
(e.g. OpenFlow)
Agent Implementation (e.g. OpenFlow)
Agent Implementation (e.g. OpenFlow)
onePK APIs Presentation
onePK APIs Presentation Agent Framework
Agent Framework
onePK API Infrastructure
onePK API Infrastructure
IOS //XE
IOS XE NX-OS
NX-OS IOS-XR
IOS-XR
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28

29. “Ships-in-the-night” “Integrated”
(aka “Vertical Partitioning”*) (aka “Horizontal Partitioning”)
Control Control Plane
Control Plane
OpenFlow Control
OpenFlow Plane OpenFlow
Plane OpenFlow
Router
Router Router
Router
• A subset of ports controlled by OF, • Use OF for feature definition – augment
another subset controlled by router’s the native control plane
native CP – physical resources are
partitioned • No longer partitioning of resources
• Some level of integration: “OF_NORMAL”: • Can operate at different abstraction levels
Implementer free to define what “normal” is (low-level like OF1.0 or higher level)
May or may not be what router normally does
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29

30. • Installing ephemeral routes in the RIB
Install routes in RIB subject to admin distance or …
Moral equivalent of static routes, but dynamic
May require changes to the OF protocol/model
• Edge classification
Basically use the OF as an API used to install ephemeral classifiers at the edge
Moral equivalent of … ‘ip set next-hop <addr>’ (PBR)
Use case: Service Engineered Paths/Service Wires
Program switch edge classifiers to select set of {MPLS, GRE, …} tunnels
Core remains the same
• Programmable Service Chaining
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30

31. • VIRL is a multi-purpose network virtualization platform
• Brings virtual machines running Cisco Network Operating Systems to the customer
The same operating systems as used on physical Cisco products
• Virtual Machine orchestration capabilities enables:
Creation of highly-accurate models of real-world or future networks – scales to thousands of virtual network devices
Production Network Test Lab
SP / Enterprise Modeling
‘What-if’ Analysis Virtualization
Training and Cisco Onepk Test Lab
Partner Community Education Virtual Testbed Virtualization
VIRL
Virtual Internet Routing Lab
University and Education Networking
Research
Rapid
Prototyping
Network
Education
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31

32. IOS XR NXOS
VM-based tool: XR VR VM-based tool: vNXOS
IOS XE IOS
VIRL
VM-based tool: CSR1000v VM-based tool: vIOS
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32

33. • VIRL virtual networks enable building,
testing, learning and experimenting
with Cisco open networking
technologies
• E,g. OnePK-enabled virtual Openflow
switches and routers in a mixed
Openflow and MPLS-TE topology
• Virtual-machine based Cisco ONE
and PCE controllers drive traffic
through the network
• OnePK developers are able to test
and validate applications against
virtual devices before deploying to the
real network
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33

34. Demo:
© 2011 Cisco and/or its affiliates. All rights reserved. 34

35. App
App App
App App
App
Cisco ONE Controller
Cisco ONE Controller
OpenFlow Support on
the Industry’s Most
Extensible Controller
onePK
onePK
OpenFlow
OpenFlow
Cisco Network Device
Cisco Network Device
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35

36. Cisco Open Network Environment
www.cisco.com/go/one
Questions?
ask-one@cisco.com
Open Network Foundation
www.opennetworking.org
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36

37. • An Introduction to onePK
• An Introduction to Overlay Networks
• An Introduction to the Cisco ONE controller architecture
• Security in Open Network Environments
• And more!
www.cisco.com/go/onewebcasts
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37