Improving the Internet

Size: px

Start display at page:

Download "Improving the Internet"

Olivia Lucas
5 years ago
Views:

1 Improving the Internet From Fragility to Resilience Laurent Vanbever D-ITET ETH Zürich December, 1st 2015

2 80 000

3 estimated # of Internet hosts in 1990

4 2.8 billion estimated* # of Internet hosts in 2014, 6 months before I joined ETH * Cisco Visual Networking Index 2015

5 3.9 billion estimated # of Internet hosts in 2019

6 ~2 exabytes estimated global IP traffic in 2015 per day

7 If = 1 Gigabyte

8 volume(great Wall of China) = 1 exabyte

9 ~2 exabytes estimated global IP traffic in 2015 per day

10 ~6 exabytes estimated global IP traffic in 2019 per day

11 Looks like everything is going well?

12 Looks like everything is going well? Well, not exactly

13 Here are some amuse bouches of the challenges the Internet faces manageability & reliability scalability security

14 manageability & reliability scalability security

16 The outage was due to one faulty Internet device

18 The outage was due to a change to the site s configuration systems

19 Human factors are responsible for 50% to 80% of network outages Juniper Networks, What s Behind Network Downtime?, 2008

20 National Research Council. The Internet Under Crisis Conditions: Learning from September 11

21 Internet advertisements rates suggest that The Internet was more stable than normal on Sept 11

22 Internet advertisements rates suggest that The Internet was more stable than normal on Sept 11 Information suggests that operators were watching the news instead of making changes to their infrastucture

23 Cost per network outage can be as high as $ Smart Management for Robust Carrier Network Health and Reduced TCO!, NANOG54, 2012

24 manageability & reliability scalability security

25 Scalable routing systems maintain detailed information about nearby destination coarse-grained information about far-away destination

26 The internet maintains detailed information about every destination Sign Post Forest, Watson Lake, Yukon

28 manageability & reliability scalability security

30 manageability & reliability scalability security

31 Solving these problems was hard because network devices are completely locked down closed software closed hardware Cisco device

32 There is hope for change though: networks are on the verge of a paradigm shift

33 Software-Defined Network

34 Software-Defined Network enable network programmability

35 SDN also enables us, researchers, to innovate, at a much faster pace SDN controller open-source software standardized interface (OpenFlow) standardized hardware SDN device

36 Our focus these days Leverage network programability to improve today s networks deploy design tomorrow's networks

37 What is a network?

38 For a lot of people, this is what the Internet looks like Network connection

39 Data exchanged on the Internet is fragmented into small chunks, called IP packets

40 Data exchanged on the Internet is fragmented into small chunks, called IP packets Packet #1 Packet #2 Packet #3

41 You can think of packets as envelopes Packet

42 Like an envelope, packets have a header Header

43 Like an envelope, packets have a payload Payload

44 The header contains the metadata needed to forward the packet Identify the src address source dst address destination of the communication

45 The payload contains the data to be delivered Payload Could you please send me an

46 Network connection src Laurent dst Google Payload

47 Network connection src Google dst Laurent Payload

48 Network connection What is this?

49 A network is a distributed system SEAT SALT KANS CHIC NEWY WASH LOSA ATLA HOUS

50 A network is a distributed system composed of routers SEAT SALT KANS CHIC NEWY WASH LOSA ATLA HOUS

51 Routers vary in size and usage Home router Internet core router ~20 cm 0,5 kg 1 Gbps >200cm 700kg 1.2 Tbps

52 A network is a distributed system composed of routers and links SEAT SALT KANS CHIC NEWY WASH LOSA ATLA HOUS

54 Somewhere in Manhattan

55 Routers forward IP packets hop-by-hop towards their destination SEAT SALT KANS CHIC NEWY WASH LOSA ATLA HOUS

56 SEAT SALT KANS CHIC NEWY WASH LOSA src Laurent ATLA dst Google HOUS

57 SEAT SALT KANS CHIC NEWY WASH LOSA src dst Laurent Google HOUS ATLA

58 SEAT SALT KANS CHIC NEWY WASH LOSA HOUS src ATLA Laurent dst Google

59 SEAT SALT KANS CHIC NEWY WASH LOSA src Laurent ATLA dst Google HOUS

60 SEAT SALT KANS CHIC NEWY src Laurent LOSA dst Google ATLA HOUS

61 SEAT NEWY SALT CHIC src Laurent KANS dst Google WASH LOSA ATLA HOUS

62 Let s zoom in on what going on between two routers SEAT SALT KANS CHIC NEWY WASH LOSA ATLA HOUS

63 LOSA IP router HOUS IP router IF#2 IF#4 IF#2 IF#4 Data-Plane Data-Plane IF#1 IF#3 IF#1 IF#3

64 The forwarding table maps destinations (IP addresses) to output ports LOSA IP router HOUS IP router IF#2 IF#4 IF#2 IF#4 Data-Plane Data-Plane IF#1 IF#3 IF#1 IF#3 Forwarding table src Laurent destination output dst Google Laurent IF#1 Google IF#4

65 LOSA IP router HOUS IP router IF#2 IF#4 IF#2 IF#4 Data-Plane Data-Plane IF#1 IF#3 IF#1 IF#3 Forwarding table src Laurent destination output dst Google Laurent IF#1 Google IF#4

66 LOSA IP router HOUS IP router IF#2 IF#4 IF#2 IF#4 Data-Plane Data-Plane IF#1 IF#3 IF#1 IF#3 Forwarding table src Laurent destination output dst Google Laurent IF#1 Google IF#4

67 LOSA IP router HOUS IP router IF#2 IF#4 IF#2 IF#4 Data-Plane Data-Plane IF#1 IF#3 IF#1 IF#3 src Laurent dst Google

68 This processes is repeated at each router, until the destination is reached LOSA IP router HOUS IP router IF#2 IF#4 IF#2 IF#4 Data-Plane Data-Plane IF#1 IF#3 IF#1 IF#3 Forwarding table src Laurent destination output dst Google Laurent IF#1 Google IF#3

69 LOSA IP router HOUS IP router IF#2 IF#4 IF#2 IF#4 Data-Plane Data-Plane IF#1 IF#3 IF#1 IF#3 Forwarding table src Laurent destination output dst Google Laurent IF#1 Google IF#3

70 LOSA IP router HOUS IP router IF#2 IF#4 IF#2 IF#4 Data-Plane Data-Plane IF#1 IF#3 IF#1 IF#3 Forwarding table src Laurent destination output dst Google Laurent IF#1 Google IF#3

71 LOSA IP router HOUS IP router IF#2 IF#4 IF#2 IF#4 Data-Plane Data-Plane IF#1 IF#3 IF#1 IF#3 src Laurent dst Google

72 How are these forwarding tables computed and provisioned? LOSA IP router HOUS IP router IF#2 IF#4 IF#2 IF#4 Data-Plane Data-Plane IF#1 IF#3 IF#1 IF#3 Forwarding table Forwarding table destination output destination output Laurent IF#1 Laurent IF#1 Google IF#4 Google IF#3

73 Traditionally, by distributed protocols running on each routers

74 Data-Plane Data-Plane LOSA IP router HOUS IP router

75 Control-Plane Control-Plane Data-Plane Data-Plane LOSA IP router HOUS IP router

76 I can reach Laurent Control-Plane Control-Plane Data-Plane Data-Plane LOSA IP router HOUS IP router

77 I can reach Laurent Control-Plane Control-Plane Data-Plane Data-Plane destination Laurent output IF#1

78 Network operators adapt their forwarding table by configuring the control-plane of each router Control plane Data plane Control plane Control plane Data plane Control plane Control plane Data plane Data plane Control plane Control plane Data plane Data plane Data plane Control plane Control plane Data plane Data plane

79 Configuring each router is often done manually, using arcane low-level, vendor-specific languages

80 Software-Defined Network enable network programmability

81 In contrast, SDN simplifies the control of forwarding entries Control plane Data plane Control plane Control plane Data plane Control plane Control plane Data plane Data plane Control plane Control plane Data plane Data plane Data plane Control plane Control plane Data plane Data plane

82 by removing the intelligence from the equipments Control plane Data plane Control plane Control plane Data plane Control plane Control plane Data plane Data plane Control plane Control plane Data plane Data plane Data plane Control plane Control plane Data plane Data plane

83 by removing the intelligence from the equipments Data plane Data plane Data plane Data plane Data plane Data plane Data plane Data plane Data plane

84 and centralizing it in a controller that can run arbitrary programs SDN Controller Data plane Data plane Data plane Data plane Data plane Data plane Data plane Data plane Data plane

85 The controller programs entries in the forwarding tables using an open interface Data plane open API forwarding entries SDN Controller Data plane Data plane Data plane Data plane Data plane Data plane Data plane Data plane

86 Our focus these days Leverage network programability to improve today s networks deploy design tomorrow's networks

87 Our focus these days Leverage network programability to improve today s networks

88 Wouldn t it be great to program existing network instead of configuring them?

89 Fibbing Joint work with: [SIGCOMM 15] Stefano Vissicchio, Olivier Tilmans and Jennifer Rexford

90 Fibbing = lying

91 Fibbing to control router s forwarding table

92 How can lying in a network help?!

93 Consider this network where a source sends traffic to 2 destinations A 1 B 10 1 C 3 D source destination traffic flow

94 As congestion appears, the operator wants to shift away one flow from (C,D) initial desired A 1 B A 1 B C 3 D C 3 D

95 Moving only one flow is impossible though as both destinations are connected to D initial desired A 1 B A 1 B C D C D 3 3 impossible to achieve by reweighing the links

96 Let s lie to the router A 1 B 10 1 C 3 D

97 Let s lie to the router Fibbing controller A 1 B routing session 10 1 C 3 D

98 Let s lie to the router, by injecting fake nodes, links and destinations Fibbing controller A 1 B routing session 10 1 C 3 D

99 Let s lie to the router, by injecting fake nodes, links and destinations Fibbing controller A 1 B Lie 15 A C C 3 D

100 Lies are propagated network-wide by the protocol A A 1 C B Fibbing controller 10 1 A C C 3 D

101 Now all routers see this topology on which they compute their shortest-paths 15 A 1 B Fibbing controller C 3 D 1

102 Now, C prefers the virtual node (cost 2) to reach the blue destination 15 A 1 B Fibbing controller C 3 D 1

103 As the virtual node does not really exist, actual traffic is physically sent to A 15 A 1 B Fibbing controller C 3 D 1

104 A router control-plane implements a function from routing messages to forwarding paths input function output Routing Messages MPLS OSPF BGP Forwarding Paths IP router

105 The forwarding paths are known, provided by the operators or by the controller input function output Routing Messages MPLS OSPF BGP Forwarding Paths Known

106 The function is known, from the protocols specification & the configuration input function output Routing Messages MPLS OSPF BGP Forwarding Paths Known

107 Given a path and a function, Fibbing computes corresponding routing messages by inverting the function input function output Routing Messages MPLS OSPF BGP Forwarding Paths Inverse

108 Fibbing is powerful

109 Fibbing is powerful Theorem Fibbing can program any set of non-contradictory paths

110 Fibbing is powerful Theorem Fibbing can program any set of non-contradictory paths

111 Fibbing is powerful Theorem Fibbing can program any set of non-contradictory paths any path is loop-free (e.g., [s1, a, b, a, d] is not possible) paths are consistent (e.g. [s1, a, b, d] and [s2, b, a, d] are inconsistent)

112 Fibbing is fast, & works in practice We developed efficient algorithms polynomial in the # of requirements Compute and minimize topologies in ms independently of the size of the network We tested them against real routers works on both Cisco and Juniper

113 Fibbing enables network programmability today, on an existing network Can be deployed immediately supported by virtually any network, including ETH s Simplify controller implementation most of the heavy work is still done by the routers Maintain operators mental model good old protocols running, easier troubleshooting

114 Check out our webpage

115

116 Our focus these days Leverage network programability to improve today s networks deploy design tomorrow's networks

117 Our focus these days Leverage network programability to deploy better routing in the Internet

118

119 The Internet is a network of >50,000 networks, referred to as Autonomous Systems (AS) AS20 AS30 AS10 AS40 AS50

120 BGP is the routing protocol glueing the Internet together AS20 AS30 AS10 BGP sessions AS40 AS50

121 ASes exchange information about the destinations (IP addresses) they can reach AS /16 ETH/UNIZH Camp Net

122 ASes exchange information about the destinations (IP addresses) they can reach AS20 AS30 AS /16 Path: 40 AS40 AS /16 Path: /16 ETH/UNIZH Camp Net

123 Reachability information is propagated hop-by-hop AS20 AS30 AS10 AS40 AS /16 Path: /16 ETH/UNIZH Camp Net

124 Reachability information is propagated hop-by-hop AS /16 Path: AS10 AS /16 Path: AS50 AS /16 ETH/UNIZH Camp Net

125 Life of a BGP router is made of three consecutive steps while true: receives paths from my neighbors select one best path for each destination export the best path to my neighbors

126 BGP is notoriously inflexible and difficult to manage

127 BGP is notoriously inflexible and difficult to manage Flexibility Control Complexity

128 BGP is notoriously inflexible and difficult to manage BGP Flexibility limited destination-based Control indirect configuration-based local Complexity high PSPACE-hard* to know if it converges * [CCDVV ICNP 13] Using Routers to Build Logic Circuits: How Powerful is BGP?

129 SDN can really help! BGP SDN Flexibility limited high Control indirect direct local local & remote Complexity high simpler deterministic

130 How do you deploy SDN in a network composed of 50,000 subnetworks?

131 How do you deploy SDN in a network composed of 50,000 subnetworks? you just don t

132 Instead, you aim at finding locations where deploying SDN can have the most impact

133 Instead, you aim at finding locations where deploying SDN can have the most impact Deploy SDN in locations that connect a large number of networks carry a large amount of traffic are opened to innovation

134 Internet exchange Points (IXP) meet all the criteria Deploy SDN in locations that AMS-IX connect a large number of networks carry a large amount of traffic are opened to innovation 750 networks 4.3 Tb/s (peak) BGP Route Server Mobile peering Open peering

135 A single deployment can have a large impact

136 SDX = SDN + IXP Joint work with: [SIGCOMM 15] Arpit Gupta, Muhammad Shahbaz, Russ Clark, Ethan Katz-Bassett, Nick Feamster, Jennifer Rexford and Scott Shenker

137 SDX = SDN + IXP Augment the IXP data-plane with SDN capabilities keeping default forwarding and routing behavior Enable fine-grained inter domain policies bringing new features while simplifying operations

138 SDX = SDN + IXP Augment the IXP data-plane with SDN capabilities keeping default forwarding and routing behavior Enable fine-grained inter domain policies bringing new features while simplifying operations with scalability and correctness in mind supporting the load of a large IXP and resolving conflicts

139 In a SDX, each participant connects its edge router(s) to a shared SDN-enabled network Participant #1 BGP Participant #2 SDN SDN controller also a Route Server Participant #n

140 Each participant writes policies independently in a highlevel language and transmits them to the controller Participant #2 s policy: Participant #1 s policy: match(dstip=google), fwd(1.1) match(dstip=yahoo), fwd(1.2) match(dstip=ip1), fwd(1) match(dstip=ip2), fwd(3) match(dstip=ip3), fwd(5) SDN controller match(dstip=ipx), fwd(n.1) Participant #n s policy

141 The SDX controller compiles policies to forwarding entries ensuring isolation, scalability and solving conflicts Participant #1 forwarding entries Participant #2 SDN SDN controller also a Route Server Participant #n

142 SDX enables a wide range of novel applications security Prevent/block policy violation Prevent participants communication Upstream blocking of attacks forwarding optimization Middlebox traffic steering Traffic offloading Inbound Traffic Engineering Fast convergence peering Application-specific peering remote-control Influence BGP path selection Wide-area load balancing

143 SDX works today! We have running code (*) controller and BGP daemon We are seeing ongoing deployments FBI (US), TelX (Atlanta, US) Many more interested parties including AT&T, Amazon, Facebook & Google (*)

144 Our focus these days Leverage network programability to improve today s networks deploy design tomorrow's networks

145 Our focus these days Leverage network programability to design tomorrow's networks

146 Build controller platforms Develop new applications

147 Build controller platforms Develop new applications

148 SDN makes network programmability possible, but not easy Challenges Current SDN interfaces are low-level remember assembly languages? Controllers are valuable targets for attackers take down the brain, not the body Scalability, reliability & performance are paramount control loops must complete within a second, all the time

149 Working on management abstractions Current SDN interfaces are low-level remember assembly languages? defense mechanisms Controllers are valuable targets for attackers take down the brain, not the body control optimization Scalability, reliability & performance are paramount control loops must complete within a second, all the time

150 Build controller platforms Develop new applications

151 There are many avenues data-center networks enterprise networks cellular (5G) networks

152 Programmability can radically change the way we do network Stars are aligned tremendous interests from industry & academia Tons of interesting research challenges SDN has only been around for ~6 years Turn networking into a proper discipline instead of the current engineering minefield

153 Improving the Internet From Fragility to Resilience Laurent Vanbever ETH Zürich See you at the Apéro!

Making the Internet more scalable and manageable

Making the Internet more scalable and manageable Laurent Vanbever Princeton University ETH Zürich March, 17 2014 Human factors are responsible for 50% to 80% of network outages Juniper Networks, What s