JeronimoBezerra,JulioIbarraFloridaInternationalUniversity{jbezerra,julio}@amlight.net
VIIWorkshopPesquisa ExperimentaldaInternetdoFuturo (WPEIF)
June3rd 2016
AmLight’s OpenFlow Snifferdissected:Troubleshootingproductionnetworks
Humberto Galiza,MarcosSchwarzRede Nacional deEnsino ePesquisa
{humberto.galiza,marcos.schwarz}@rnp.br
Outline
• Context• Motivation• Features• Outputs• Roadmap
2
ContextAmLight isaDistributedAcademicExchangePoint
• Production SDNInfrastructure(sinceAug2014)• ConnectsAMPATHandSouthernLightGOLES- GLIFOpen
Lightpath Exchanges• CarriesAcademicandNon-Academictraffic
– L2VPN,IPv4,IPv6,Multicast• SupportsNetworkVirtualization/Slicing
– Openflow1.0– FlowSpaceFirewallforNetworkVirtualization/Slicing– OESSforL2VPNs– NSIenabled
• IncludingAMPATHandSouthernLight– Currently5slicesforexperimentation(includingONOSSDN-IP)
3
Context(2)
4
NSI
AmLight’sNRENs
FIBRESDN-IPONOS
SouthernLightAmpath2
Virtualization/Slices (FlowSpace Firewall)
Ampath1Andes1
Phys
ical L
ayer
Sout
hbou
nd A
PI:
Open
Flow
1.0
North
boun
d:Us
ers’
APIs
NOX
IDCP
Other NRENs
NOX
OpenNSA
OESS
OSCARS
OESS
Andes2
Univ.Twente
ONOS Internet2
Other Testbeds
Motivation
• AstroubleshootingSDNisstillcomplex,afewtoolsarebeingdevelopedatAmLight:– Testbed Sanitizer– AnOpenFlow Sniffer– Amulti-sliceSDNTraceroute– Integrationtools:Zabbix NMSw/OESS andFSFW
• WhyanewOpenFlow sniffer?– Wireshark requiresXorcapture/sendanddissectorforOF
• OF1.0:<50%dissected
– TsharkusesWiresharkdissectors– Thereareothertools,buttheyarenotspecificforrealtimeand
commandlineOpenFlow troubleshooting(lackofOpenFlow filters)5
Features
• OpenFlow 1.0support• Completelypassive/libpcap• RunsonLinuxshell– NoneedforXWindows
• Colorsimportantuserfields• Easytoinstall(installpython-pcapy &&git clone)• SupportsOpenFlow typefilteringusingaJSONfile• ConvertsFlowMods toOVS-OFCTLcommands– Help“reproduce”someproblems
• ApacheLicense• https://github.com/jab1982/ofp_sniffer 6
Outputs(1/2)
7
Outputs(2/2)
8
HandlingNetworkVirtualization(1/2)
• SupportingNetworkTestbeds isanewtrend– Butcreatesanotherlayer
• Applicationsdon’ttalktoOFswitchesdirectly– Virtualizationlayerinterfacesbothentities
• NetworkSniffersdon’tseetheend-to-endflow:– OritseesOFswitchtalkingtoVirtualization
Layer– OritseesVirtualizationLayertalkingto
Application
• OpenFlowmessagesdon’tidentifytheOFswitch:– HowtoassociateOFswitchtoApplication?
• SpeciallyforOFP_ERRORmessages? 9
10
HandlingNetworkVirtualization(2/2)
11
HandlingNetworkVirtualization(2/2)
Roadmap
• Version0.3– ByJune2016– FullOF1.3 (.5)support– ReadfromLibpcap files– Betterdocumentation– Bettercodeorganization– Supportforvirtualization– Interfaceforextrafiltersè
• Version0.4- ?– FullNICIRA/OVSsupport– SSL/TLSsupport– TrafficProfile?– Suggestions??
12
UseCases• Teaching/Learning:
– Greattooltoteach/learnSDNandOpenFlow– EasytoseeallOpenFlowmessagesandfields
• Coding:– Greatwaytoseeifyourcontroller(Ryu,POX,ONOS)issendingthe
OpenFlowmessagethewayyouexpect– Example:MalformedOFmessagesarenotsendbyRyu andnoalarmis
generated
• andTroubleshooting:– SDNnetworksareveryhardtodebug:lackoftools,protocolsandlogs– MostOFswitchagentsareinabetadeploymentphase
• Moreinformation:– www.sdn.amlight.net– Papers,Presentations,Videos,etc.
13
JeronimoBezerra,JulioIbarraFlorida InternationalUniversity{jbezerra,julio}@amlight.net
VIIWorkshopPesquisa ExperimentaldaInternetdoFuturo (WPEIF)
June3rd 2016
AmLight’s OpenFlow Snifferdissected:Troubleshootingproductionnetworks
Humberto Galiza,MarcosSchwarzRede Nacional deEnsino ePesquisa
{humberto.galiza,marcos.schwarz}@rnp.br
Questions?