Last time(s)?! Network models! Connection provisioning! Part2: Lecture 03! Network Virtualization and SDNs! 25/04/14

Transcription

1 Last time(s)? Part2: Lecture 03 Network Virtualization and SDNs Optical nets Spectrum Multiplexing NSA/NSI Lightpaths NDL: network topology description Connection provisioning Network models What do optical networks do? Provide communication paths between locations How do they do it? By managing: Connection provisioning and connection recovery Where do you put the intelligence? Application Presentation Session Transport Network Data Link Physical OSI model Management plane Control plane Routing plane Data plane 1

2 Management plane Control planes Management plane The systems, interfaces, and protocols used to manage the network and its services. Management plane Control plane Routing plane Data plane Control plane Routing plane Data plane The logic and hardware required for the physical transfer of data in the network. This intelligence is typically realized in the form of various communication protocols. Such protocols can be broadly classified into signaling, discovery protocols and routing. Data plane Management plane Control plane Control planes Routing plane Data plane The logic and hardware required for the physical transfer of data in the network. 2

3 Layers An optical network consists of layers and partitions. Layers Layering: G.805 A control plane will be concerned with the operation at a specific layer. In the context of optical networks we are focusing on switching of OXCs (SONET/SDH) and PXCs (wavelengths). Path Line Section Photonic Line Section Photonic Section Photonic Section Photonic Line Section Photonic Path Line Section Photonic An ITU-T recommendation that describes the layering concepts, independent from the underlying technology. G.805: transport networks functional models Partitions link connection subnetwork connection link connection link connection tandem connection network connection A network can be partitioned (recursively) in smaller parts: Topological partitions Control domains link connection trail network connection Client layer Adaptation is equivalent to Termination Client layer Adaptation Termination Control planes can operate: Intradomain, within the same control domain; Interdomain, to build an unified end-to-end control architecture across control domains. Server layer Server layer 3

4 Partitioning: information exchange How do you transfer information between control domains? Control plane interfaces The User-Network Interface (UNI) This is the control interface between a node in the client network and a node in the optical network. The Interior Network- Network Interface (I-NNI) This is the control interface between two subnetworks (or nodes) within the same control domain. The Exterior Network- Network (E-NNI) This is the control interface between two nodes in different control domains. Control plane abstraction Control functionality can be distinct from the transport functionality, I.e is not implemented in the devices. Control plane functions Neighbor discovery "a function whereby a network element automatically determines the details of its connectivity to all its data plane neighbors. Neighbor discovery applies to both the UNI and the NNI. Routing "Consists of two aspects: automatic topology and resource discovery. Signaling "the syntax and the semantics of communication between control agents in establishing and maintaining connections. Local resource management "The representation and accounting of locally available resources controlled by a control agent. 4

5 25/04/14 Networks work DCN DCN - the Data Communication Network - is the infrastructure used for messaging between control plane agents in the network. It is also used to provide connectivity between control plane agents. Packet switched networks Circuit-switched networks Communication is packet oriented, most often based on IP (v4 or v6). It can be: in-fiber - if the network is associated with the optical data plane out-of-fiber - if the network is based on a separate network technology (I.e. a separate IP network) Ossification of the Internet Many aspects of networking are set in stone. Network virtualization New protocols are difficult to implement. Most changes are incremental updates. There is no service tailored to application needs. Research community started in 2005 to think about it: 1. T. Anderson, L. Peterson, S. Shenker, J. Turner, Overcoming the Internet impasse through virtualization, Computer 38 (4) (2005) J. Turner, D. Taylor, Diversifying the internet, in: Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM 05), vol. 2,

6 Network virtualization Virtualization in the network A virtual network (VN) is a collection of virtual nodes and virtual links. Essentially, a virtual network is a subset of the underlying physical network resources. A network environment supporting virtualization allows the coexistence of multiple virtual networks on the same physical substrate. Decoupling the services provided by a network from the physical infrastructure Virtual network is a container of network services, provisioned by software Faithful reproduction of services provided by a physical network Analogy to a VM complete reproduction of physical machine (CPU, memory, I/O, etc.) Slide courtesy of : Why? Sharing the network Different controllers for different users/traffic Isolation (bandwidth, table space, flow space) Abstracting the topology One big virtual switch Many virtual switches to one physical switch Arbitrary network topologies While presenting a familiar abstraction A network Slide courtesy of : Slide courtesy of : 6

7 Network sharing Why sharing the network? User groups Virtualized Network Backbone Virtualized data center/services Multiple administrative groups Different departments on a campus Multiple customers Tenants in a shared data center Researchers on a shared infrastructure Experiments vs. operational network Support research without breaking real services Expanding a network s footprint Lease components in another carrier s network Multiple services or applications in one domain Challanges The network security issues for a shared infrastructure: 1. Access control Legitimate users need to authenticated and authorized to access the portion of the network/resources they have been assigned; 2. Path isolation Mapping of users and resources has to be done effectively to avoid interference 3. Services The right services have to available to the right users Why Abstract the Topology? Partial deployment Tunnel through components you don t control Simplicity Hide inessential details, churn, migration, Privacy Hide internal details of the network Scalability Present a smaller topology and fewer events Experimentation Try topologies that don t really exist 7

8 Benefits Types of VNE Rapid innovation: network services now delivered at software Speeds New forms of network control: API to NV controller allows creation and management of virtual networks under software control Snapshot, rollback etc. Vendor choice: decoupled networking services from underlying hardware Simplified programming: expose abstractions that make sense to programmers Simplified operations: network state managed like a VM provision centrally in SW, snapshot, rollback, etc. Four main types of VNEs: - VLANs Virtual Local Area Networks - VPNs Virtual Private Networks - Overlay Networks - Active Networks and Programmable Networks VLANs " " They create a single broadcast domain that groups hosts with a common interest. Pros: Configured via software they are easy to manage Provide isolation and are cost effective Q VLAN frame format type preamble dest. address source address data (payload) type 2-byte Tag Protocol Identifier (value: 81-00) CRC preamble dest. source address address data (payload) CRC Recomputed CRC frame 802.1Q frame Tag Control Information (12 bit VLAN ID field, 3 bit priority field like IP TOS) 8

9 VPNs Basic VPN component Customer edges (CEs) are connected to one or more provider edges (PEs). A service provider (SP) manages and provisions the VPN: PPVPN - Provider Provisioned VPN. Know more: RFC 4026 March 2005 VPNs can operate at different layers: Layer1 VPNs Layer2 VPNs Layer3 VPNs Higher level VPNs Provider Provisioned VPNs terminology Overlay networks Overlay Network An overlay network is a virtual network that creates a virtual topology on top of the physical topology of another network. Nodes in an overlay network are connected through virtual links which correspond to paths in the underlying network. Overlays are typically implemented in the application layer. Nodes are connected by logical/virtual links Logical Network Layer implemented on top of the physical network Uses different addresses for routing messages 9

10 Architecture Unstructured p2p Structured p2p Digression into p2p nets No structure for the overlay network. Specific topology that is easy search through DHTs and p2p DHT identifiers Distributed Hash Table is distributed over the nodes in the P2P network in order to locate content. The DHT stores the location (IP address of peer in charge) of the content across the network. No need for an indexer or central server. Notable DHTs: Chord Pastry Tapestry Kademlia In Chord there is an m -bit identifier. Related to an identifier circle. Given m: Assign integer identifier to each peer in range [0,2 m-1 ] Require each key to be an integer in same range 0 To get integer key, hash original key e.g., key = hash( Led Zeppelin IV ) 3 m=

11 Assigning keys to peers Query Assign integer to each peer Convert each key to an integer Put (key,value) pair in the peer that is closest to the key Given key k the key will be stored at successor(k) O(N) messages on average to resolve query, when there are N peers 1111 I am Who s responsible for key 1110? Closest is the immediate successor of the key (equal or follows). First node clockwise from k. e.g.,m=4; peers: 1,3,4,5,8,10,12,14; key = 13, then successor peer = 14 key = 15, then successor peer = 1 Chord uses SHA-1 hash codes instead of integers Queries for content are passed around the circle Query with shortcuts Content delivery networks (Akamai) 1 Who s responsible for key 1110? each peer keeps track of IP addresses of predecessor, successor, short cuts. reduced from 6 to 2 messages. 11

12 Pause VXLAN Virtual Extensible LAN. VTEPs High scalability: From 4096 VLAN ID (12 bits) to 16Millions VNID (VXLAN Network Identifier). Better utilization of network paths relying on L3 routing. VXLAN is a Layer 2 overlay scheme over a Layer 3 network. It uses VXLAN tunnel endpoint (VTEP) devices to map tenants' end devices to VXLAN segments and to perform VXLAN encapsulation and de-encapsulation. Interesting that this is supported by software switches too (Open vswitch) 12

13 VXLAN packet format It uses MAC Address-in-User Datagram Protocol (MAC-in-UDP). Network Virtualization History GENI Dedicated overlays for incremental deployment Mbone (multicast) and 6bone (IPv6) Overlays for improving the network Resilient Overlay Networks (RON) Shared experimental testbeds PlanetLab, Emulab, Orbit, Virtualizing the network infrastructure Overcoming Internet impasse through virtualization Later testbeds like GENI, VINI, Three main components: GENI racks: virtualized computation and storage resources. Software-defined networks (SDNs): virtualized, programmable network resources. WiMAX: virtualized cellular wireless communication (at selected campuses). 13

14 ExoGENI Test Time Programmable networks 14

15 Programmable networks A. T. Campbell, H. G. De Meer, M. E. Kounavis, K. Miki, J. B. Vicente, and D. Villela, A survey of programmable networks, SIGCOMM Comput. Commun. Rev., vol. 29, no. 2, p. 7, Apr Programmability and virtualization Are programmable networks VNEs? Maybe not directly, but programmability can ensure the coexistence of multiple networks. The key is to separate the control plane from the data plane: Control plane à control software Data planeà the network hardware Active networks (I) Allows packets flowing through the network to modify the network behaviour. Software Defined Networking A short intro based on the course of prof. Jennifer Rexford cos597e/syllabus.html 60 15

16 25/04/14 SDN and Network Virtualization SDN and network virtualization Network virtualization = SDN Predates SDN Doesn t require SDN Easier to virtualize an SDN switch Run separate controller per virtual network Partition the space of all flows Leverage open interface to the hardware Software Defined Networks control plane: distributed algorithms data plane: packet processing 63 Software Defined Networks decouple control and data planes 64 16

17 Software Defined Networks decouple control and data planes by providing open standard API Simple, Open Data-Plane API" Prioritized list of rules Pattern: match packet header bits Actions: drop, forward, modify, send to controller Priority: disambiguate overlapping patterns Counters: #bytes and #packets src=1.2.*.*, dest=3.4.5.* à drop 2. src = *.*.*.*, dest=3.4.*.* à forward(2) 3. src= , dest=*.*.*.* à send to controller (Logically) Centralized Controller Controller Platform Protocols è Applications Controller Application Controller Platform

18 Seamless Mobility Server Load Balancing" See host sending traffic at new location Modify rules to reroute the traffic Pre-install load-balancing policy Split traffic based on source IP src=0*, dst= src=1*, dst= Example SDN Applications A Major Trend in Networking Seamless mobility and migration Server load balancing Dynamic access control Using multiple wireless access points Energy-efficient networking Adaptive traffic monitoring Denial-of-Service attack detection Network virtualization See Entire backbone runs on SDN Bought for $1.2 x 10 9 (mostly cash) 18

19 Literature Home reading Towards a diversified internet by Turner et al. A survey of network virtualization by Chowdhuri et al. For the test on May 09 read: MPLS: the magic begind the myth Chapter 27 Network and Information Infrastructure Virtualization Chapter 5 Modern Optical Control Planes 19