BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Why the need for an OpenFlow controller?
In a data center or cloud where virtual machines (VMs) move swiftly from server to server, networks must respond rapidly to traffic changes. But traditional switch and router path determination algorithms react slowly. Enter software-defined networking (SDN) and the OpenFlow controller.
SDN aims to reduce network reaction time to traffic changes by moving path allocation from individual devices to centralized controller software that lives on a workstation or server. The controller component communicates with each device in the network, receiving updates on load and link status and then managing traffic flows among the devices.
When a data source begins communication with a destination across the network, the controller determines an optimal path through the network based on existing load and network status. The controller then creates a flow defined by source and destination addresses and communicates with each device along the path, informing them of the new flow and how to handle packets in the flow.
The OpenFlow protocol is an open source, standard language that connects controller software with network devices. Numerous network vendors have released or announced device software compatible with OpenFlow.
OpenFlow-based Floodlight controller
Floodlight is an OpenFlow controller built on work that began at Stanford University and UC at Berkeley and now continues among a community of open source developers along with engineers at SDN and network virtualization startup Big Switch Networks Inc. Floodlight is available via a free download for third-party application development and is released under an Apache 2.0 license, which enables the software to be included in commercial packages.
For developers, Floodlight offers these advantages:
Floodlight controller for a hybrid physical-virtual environment
Floodlight has been tested with both physical and virtual OpenFlow-compatible switches. It also supports networks where groups of OpenFlow-compatible switches are connected through conventional, non-OpenFlow switches.
More OpenFlow Controllers
Northbound OpenFlow applications up next: Watch out Cisco!
Big Switch SDN: Network virtualization and an army of partners
IBM OpenFlow controller: Big Blue eyes SDN application layer
NEC ProgrammableFlow: OpenFlow networking
Software-defined networking is not OpenFlow, companies proclaim
HP SDN portfolio: Contoller, switches and network apps
Big Switch has developed a version of the Floodlight code that can support more than 1,000 physical and virtual switches, 250,000 new host connections per second and 32,000 virtual network segments.
Floodlight also works with OpenStack, an open source cloud orchestration system begun by Rackspace Inc. and NASA. It is now supported and enhanced by a large community including Intel, Cisco, HP and IBM. Once a Floodlight controller is integrated into a cloud orchestration architecture like OpenStack, engineers can dynamically provision network resources alongside other virtual and physical compute resources, improving overall flexibility and performance.
Floodlight controller applications
While the controller is a key component in SDN, it provides only the means to manage or direct the network that lies beneath. Applications that interface to the controller determine network policies that guide this granular network management. The open source community, Big Switch developers and several cloud and network vendors have been working steadily on creating a plethora of open-source Floodlight applications.
Some Floodlight applications include the following:
- The Virtual Networking Filter identifies packets that enter the network but do not match an existing flow. The application determines whether the source and destination are on the same virtual network; if so, the application signals the controller to continue flow creation.
- The Circuit Pusher then creates a flow and provisions switches along the path to the packet's destination.
- The Static Flow Pusher is used to create a flow in advance of the initial packet in the flow entering the network.
- Firewall modules give the same protection to devices on the software-defined network as traditional firewalls on a physical network. Access Control List rules control whether a flow should be set up to a specific destination.
Floodlight controller for software-defined storage
At the VMworld 2012 conference, storage vendor Coraid Inc. demonstrated integration of its EtherCloud software-defined storage platform with Floodlight by using Floodlight's APIs to set up flows through both virtual and nonvirtual switches from VMs to Coraid storage targets. The Coraid demonstration included Avior, an open source Floodlight GUI. Developed by the Marist College/IBM Joint Study OpenFlow research team, it displays the status of network devices and links and enables administrators to create, modify or delete flows.
Big Switch Floodlight plans
Big Switch Networks recently unveiled an ecosystem of applications built around a Floodlight controller. The product suite includes a controller based on a commercial version of Floodlight, as well as a network virtualization application for the data center that will enable automated provisioning of virtual network resources. The release also includes a network monitoring tool that could replace traditional monitoring switch networks.
Although Big Switch's controller will not be open source, the company will maintain interface compatibility between its commercial product and open source Floodlight. This will enable third parties to combine their own open source Floodlight products with Big Switch's commercial offerings.
About the author:
David B. Jacobs of The Jacobs Group has more than twenty years of networking industry experience. He has managed leading-edge software development projects and consulted to Fortune 500 companies as well as software startups.