Monday, 1 August 2016

SDNCon 2017

SDNCon was a hands-on, network engineering meeting took place 7th and 8th July at Victoria University of Wellington (New Zealand). The organizers would like to thank Allied Telesis for their help with sponsoring the costs of the hackathon, NoviFlow for organising an evening networking event and REANNZ for help with organisation and publicity. We also thank Josh Bailey and Dean Pemberton for contributions in the form of advice on running the event and updates to the Faucet code base to allow us to make the most of it.

Where and when.

We used two University seminar rooms. The rooms were open from 9am until whenever teams wanted to finish on the first day and from 9am until 2pm on the second day. Demonstrations and judging ran from 2-5pm followed by pizza onsite.

Recruitment.

We advertised the event to previous attenders of SDNCon 2014 and other SDN workshops organized by VUW as well as through InternetNZ, REANNZ and the Wellington SDN Meetup Group (52 members). The event was attended by 20 people from Victoria University, Waikato University, University of New South Wales, Whitireia Polytechnic, Christchurch Polytechnic Institute of Technology (CPIT) and REANNZ as well as individuals who are members of the meetup group.

Some participants had never actually programmed using Faucet or Ryu whereas others had helped develop Faucet or came with a lot of prior experience with SDN/OpenFlow.

Approximately 10% of the participants were female.

Hackathon brief.

We asked that the projects be primarily related to ONF’s Faucet Controller application but could include the use of other controllers. We also provided a list of potential projects related to either using Faucet to solve a real world problem or to add new features to Faucet. Recognising different levels of preparation we also said that relative newcomers would be welcome but support that we could offer would be limited.

Preparation.

The entry bar for attendance was that all participants had worked through a set of exercises to get them up to speed with using Faucet on mininet (https://github.com/gwacter/sdn-workshop).

Testbed.

At the event we provided a testbed built out of Raspberry PIs and a Zodiac FX switch. The PIs had traffic generation tools installed on the end hosts and Faucet installed on host acting as a controller. We also had an AT X510 switch available and in addition REANNZ brought along an Acton switch and two AT X510 switches. We also provided laptops as well as the PIs for teams to use for their development and demonstrations.

We had Internet connectivity via the University wireless guest network and the Victoria Engineering Club also provided us with Internet access via their own switch that could support both wired and wireless access.

What each team did.

There were four teams:

1) Active network defence using Faucet and ONOS (UNSW).

The UNSW team (Himal, Jason, Vijay and Winston) wanted to implement a proof-of-concept active network defence scenario involving multiple controllers and a scenario with a transit provider (ONOS controller) and enterprise network (Faucet controller at the gateway). Faucet provided flow statistics, these were used to construct a statistical machine learning model capable of classifying flows as benign or malicious. Faucet was extended to send a control signal upstream to the ONOS controller to trigger the dropping of malicious traffic targeting the enterprise network. Traffic generators were used to create benign traffic and a denial-of-service tool used to launch the attack. The was successfully demonstrated using a testbed made up of two AT X510-28GTX switches and laptops

2) Multi switch support, topology discovery and broadcast suppression in Faucet (VUW).

The VUW team (Callum, David, Jarrod, Liang, Radek and Trung) wanted to address issue #112 - implementing support for configuring multi-datapaths. This had also been identified as a real-world feature that Whitireia would like to see implemented so Faucet could manage multiple switches in their labs.

The team successfully implemented multi-datapath support and topology discovery for all links within a given VLAN. This involved changes to Faucet configuration management and internal data structures as well as changes so it could work with the Ryu topology viewer application.

They demonstrated their project working on a testbed built from Raspberry PIs and Zodaic FX switches. They were able to show connectivity and that the topology viewer responded to switches being removed from the network.

A problem with multiple switches is broadcast storms. They also partially implemented a separate Ryu application with the aim of suppressing these by computing a spanning tree centrally for the network managed by Faucet.

Post-hackathon, the team is going working on the completion of broadcast suppression, complete unit tests for the changes and to agree with other Faucet contributors on the a backwards compatible format for the Faucet configuration file.

3) Implementing Faucet using OFDPA (CyberNet: Waikato WAND group, REANNZ and Michael F).

The Cyber Networking team (Brad, Chris, Michael and Richard) took on the project this year of writing an OFDPA pipeline for Faucet to see if it could be easily done. The idea was that if they could use the bridging table for Faucet that we should be able to learn many more hosts than if just ACL table was used. Using OFDPA is hard so this was a challenging project!

They made some minor tweaks to the Faucet OFDPA pipeline to properly support how OFDPA MAC learning works, but it worked well. At the end of the hackathon they got working:

- Tagged, Untagged VLAN separation
- MAC learning (with aging)

For the demo, the team connected their Accton AS5710-54X running Open Networking Linux with OFDPA to an Allied Telesis x510 running regular Faucet with a VLAN trunk between the two switches. We had half our machines on one switch, half on the other switch to show that worked. Iperfs between both halves of the network show we can hit line rate.

There are a few issues when doing MAC relearning, but we suspect that's fixable. They intend to implement some of the more advanced features of Faucet such as ACLs at a later stage.

4) Enterprise network (Whitireia, Christchurch Polytechnic Institute of Technology).

This team focused on how Faucet and more generally SDN/OpenFlow could be used in either teaching or in their own networks. Dave from CPIT successfully got a Ryu-based implementation of NAT and L2switching working on the Zodiac FX testbed. The team from Whitireia (Lisa, Ryan, Scott, Sue and Steve) implement scripts to build a virtual copy of their network in mininet and also used the Zodiac FX testbed to explore Faucet features that they would be using in an actual deployment.

Hackathon outputs.

Code produced by the teams:

1) Active network defence using Faucet and ONOS (UNSW).

Currently being cleaned up and we will update this report with a link once available.

2) Multi switch support, topology discovery and broadcast suppression in Faucet (VUW).

Code from the hackathon is available from https://github.com/gwacter/faucet under the subbranches multiple-dps (enhancements to Faucet), untag-llpd (Ryu’s topology discovery was being broken by Faucet mistakenly untag LLDP packets) and faucet-stp (spanning tree computation and enforcement).

3) Implementing Faucet using OFDPA (CyberNet: Waikato WAND group, REANNZ and Michael F).

Code from the hackathon is available here: https://github.com/wandsdn/faucet/tree/ofdpa

Hackathon resources and documentation:

1) The World's Smallest OpenFlow Testbed using the World's Smallest OpenFlow Switch (a recipe for building our testbed)

2) Resources for SDNCon 2016 https://github.com/gwacter/sdncon2016

3) SDNcon.net site provided by REANNZ  http://sdncon.net

Prizes and Judging.

Randy Fitton acted as the judge for the competition with support from the VUW organisers. In the judging notes, Randy said that it was actually hard to distinguish the work done because each tackled quite a different problem with diverse challenges.

UNSW was awarded first prize (real world scenario, great demonstration), VUW second prize (implemented features that take Faucet forward), Cyber Networking came third (fantastic technical work) and Whitireia/CPIT came fourth (met their aim of increasing understanding how Faucet works and how it and Ryu might be useful to them) .

Prizes included mugs, t-shirts, chocolate and soap. We didn’t want high value prizes because the focus of the event was building code and learning together rather than competition.

Feedback included “Great networking. Encouraging to share with a variety of people, with a common interest. Learnt some good things too! learnt a lot from the networking that took place between teams”.

No comments:

Post a Comment