Saturday, August 17, 2013

RESTful control of switches

Figure 1: Performance aware software defined networking with OpenFlow controller
Software defined networking (SDN) controllers typically offer RESTful Northbound APIs to support application developers. RESTful APIs are widely used in systems software, allowing an SDN application to use a common set of tools to orchestrate the network and the services that make use of it. For example, Performance aware software defined networking describes how standard sFlow instrumentation in the switch forwarding plane can be used to drive configuration changes to address important use cases, such as DDoS mitigation, large flow load balancing, multi-tenant performance isolation, traffic engineering, and packet capture.

Programmatic configuration of network devices is one of the challenges in SDN solutions. Even if the OpenFlow protocol is going to be used to control forwarding, there is still a need to perform basic configuration tasks like connecting the switch to the controller, configuring interfaces, enabling monitoring, etc. One interesting option is to implement a RESTful configuration API directly on the switches.
Figure 2: Controller-less performance aware software defined networking
Not only does a RESTful API provide a way for an SDN controller to configure the switches, but it also provides a convenient way for SDN applications to directly access switches - making controller-less SDN applications an option. There are limitations with using HTTP as the Southbound API for applications that require large scale, fine grain control of the data plane. In these use cases an OpenFlow controller based solution offers significant advantages. However, for simple use cases, a controller-less design is an attractive alternative.

This article explores the concept of using a RESTful switch API to develop SDN applications, using Arista Network's implementation of JSON-RPC as an example, see eAPI: Learning the basics.

The following script re-implements the Large flow detection script in Python:

#!/usr/bin/env python

import requests
import json
import signal
from jsonrpclib import Server

switch_ips = ["192.168.56.201","192.168.56.202"]
username = "user"
password = "password"

sflow_ip = "192.168.56.1"
sflow_port = "6343"
sflow_polling = "20"
sflow_sampling = "10000"

metric = "largeflow"
metric_threshold = 125000000

flows = { "keys":"ipsource,ipdestination",
          "value":"bytes",
          "n":10,
          "t":2 }
threshold = {"metric":metric,"value":metric_threshold,"byFlow":True}

for switch_ip in switch_ips:
  switch = Server("http://%s:%s@%s/command-api" %
                (username, password, switch_ip))
  response = switch.runCmds(1,
   ["enable",
    "configure",
    "sflow source %s" % switch_ip,
    "sflow destination %s %s" % (sflow_ip, sflow_port),
    "sflow polling-interval %s" % sflow_polling,
    "sflow sample output interface",
    "sflow sample dangerous %s" % sflow_sampling,
    "sflow run"])

r = requests.put("http://%s:8008/flow/%s/json" % (sflow_ip, metric),
                 data=json.dumps(flows))
r = requests.put("http://%s:8008/threshold/%s/json" % (sflow_ip, metric),
                 data=json.dumps(threshold))

def sig_handler(signal,frame):
  requests.delete("http://%s:8008/flow/%s/json" % (sflow_ip, metric))
  requests.delete("http://%s:8008/threshold/%s/json" % (sflow_ip, metric))
  exit(0)
signal.signal(signal.SIGINT, sig_handler)

eventID = -1
while 1 == 1:
  r = requests.get("http://%s:8008/events/json?maxEvents=10&timeout=60&eventID=%s"
                   % (sflow_ip,eventID))
  if r.status_code != 200: break
  events = r.json()
  if len(events) == 0: continue

  eventID = events[0]["eventID"]
  for e in events:
    if metric == e["metric"]:
      print e["flowKey"]

There are a few points worth noting:
  1. The script starts by making JSON-RPC calls to configure sFlow on a pair of switches (192.168.56.201 and 192.168.56.202). The script can easily configure large numbers of switches by adding the additional switches to the switch_ips list. See, Configuring Arista switches for more information on the sFlow configuration commands.
  2. The switches are configured to send the sFlow data to the sFlow-RT analyzer running on host 192.168.56.1.
  3. The script then makes REST calls to the sFlow analyzer to configure it track ipsource,ipdestination flows and generate an event when any flows consumes more than 10% of the bandwidth of a 10Gigabit link, 125000000 bytes per second.
  4. The script then waits for events, displaying the flows as they are reported.
The script can be extended to develop automated traffic engineering solutions: modifying the flow definitions and adding additional eAPI calls to implement configuration changes in response to the detected flows, including blocking, rate limiting, routing changes etc.

Many switches already contain an embedded web server in order to provide a user friendly web interface for operators to monitor and configure the devices. Moving to a RESTful API for programmatic access allows large numbers of devices to be managed by orchestration systems, reducing costs and eliminating manual errors. Automating configuration management doesn't just reduce costs. More importantly, automated configuration management increases agility, transforming the network from a fragile static resource into a robust and flexible resource that can be adapted to changing demands.

No comments:

Post a Comment