Faucet

Open source SDN Controller for production networks

What is Faucet?

Faucet is an OpenFlow controller for multi-table OpenFlow 1.3 switches (including optional table features), that implements layer 2 switching, VLANs, ACLs, and layer 3 IPv4 and IPv6 routing, static and via BGP. The Openflow switch is deployed as a drop in replacement for a L2/L3 switch in the network to enable extra SDN based functionality.

Easy Installation, Upgrades

30seconds to a few minutes depending on the mode of installation: python pip install, OVF/ISO deploy or Docker. Once installed, edit the configuration file and start the controller to manage your switches.
Faster upgrades than non SDN (can upgrade controller in <1sec while network still runs and without rebooting the hardware) → Important with increasing number of zero day attacks

Network Operations

Much easier to automate and integrate configuration (YAML). Real-time time-series database integration for stats → Grafana dashboards. NoSQL database integration for flows.
"Push On Green": Built-in unit test framework for Mininet & Hardware

Control Plane Security

Switch-Controller connection on a dedicated port secured by TLS or 802.1AE MACSec. Faucet initally programs the switch with “default-deny” flows to drop all unknown traffic. Flows periodically timeout and are refreshed by the controller.Faucet implements expiry times on all flows. Forwarding will cease if no controller can be reached for a configurable period of time.
Switch can be configured for “fail-secure” (default) - keep forwarding and using currently programmed flows until they expire or “fail-standalone” - revert to being a non-programmable switch

Hardware Support

Any dataplane (Switch) supporting Openflow v1.3.x with multiple tables, group table and optional table features. Openflow pipeline is built on Faucet and pushed to switches. Vendor specific pipelines (ex. Broadcom's OFDPA) are not supported. Open vSwitch, Lagopous, HPE Aruba, Allied Telesis, Noviflow, Netronome, and Northbound Networks are some of the switch vendors supported.

SDN Configurability

Ability to configure learning (ex. Unicast flooding), Routing algorithms, ACLs, Policy Based Forwarding (PBF) based on OpenFlow matches, Stacking of switches (Fabric) and so on. This configurability is the biggest difference between a traditional switch with a SDN enabled one.

High Availability & Scalability

High Availability (HA) via Idempotency (make that same call repeatedly while producing the same result). No inter-controller configuration or communication required. 2+ Faucet instances with the same config are configured for the same switch (fabric) to enable HA.
Faucet minimizes PACKET_INs. Controller scaling is decoupled from switch scaling. Faucet controls a fabric of switches and programs intra-switch dataplane.

Features

Get Started

Installation

Installation is very simple, you install via Python pip. Then edit the faucet.yaml file to configure the switches that you would want to control. After this, Faucet controller can be started using ryu-manager

                      
                      
                        $ sudo pip install faucet
                        $ sudo vi /etc/ryu/faucet/faucet.yaml
                        $ ryu-manager faucet.faucet
                      
                    

Full Documentation

All documentation is available (including FAQ etc) on GitHub

Docs on GitHub Blog Tutorials ACM Queue Videos Podcast

Deployment

Faucet has been deployed in production around the world. Some of the sites include Open Networking Foundation, REANNZ, AARNet, ESNet, GEANT, GEANT HQ, Victoria University of Wellington, Allied Telesis, and WAND Group Waikato University.

Support

Please subscrible to the appropriate mailing lists [ Annoucements, Developers, Users ] to post your questions and feature requests. Use github Issue to post issues.

Get Connected