Participatory Networking: An API for Application Control of SDNS SIGCOMM 13

Transcription

1 Participatory Networking: An API for Application Control of SDNS SIGCOMM 13 Ferguson, Guha, Liang, Fonseca, Krishnamurthi MAURICIO DE OLIVEIRA 1

2 The idea behind participatory networking There is a lot of information in the end-hosts that is not used to help the network manage its resources. - If I start streaming a 2-hour long movie on Netflix now, where can that information be used? - If I skype everyday at 10pm for 30 minutes, how can this information be helpful? - If I am going to install a firewall rule on my server, should the network also be aware of that? 2

3 The idea behind participatory networking Examples: A videoconference application: if it could manage the network, it would want to reserve bandwidth to deliver a good service to its users. Same for streaming. A firewall application: if it could manage the network, it would prefer to deny traffic closest possible to the source. Plus the network shouldn t be interested in forwarding a packet that is going to be dropped later on anyway. These examples (and others) suggest that there should be an API between the networks control plane and principals (end-hosts, applications and/or end-users) to (i) get information about the networks state and (ii) request configuration changes. 3

4 The idea behind participatory networking The idea behind participatory networking is to allow end-hosts, applications and/or end-users to tell the network what it needs from it and thus show the network how it should manage its resources. This prevents the network administrators from having to infer traffic behaviour. This prevents application developers and protocols from having to guess network performance. For that purpose, a controller called PANE is developed and evaluated. PANE includes an API to get principals requests and converts them into network configuration (more on that later). 4

5 Participatory Networking and Software Defined Networking The ability to tell the network what it wants via an API is strongly linked with SDN architecture (separation of control and data plane). The API between principals and the control plane becomes just another piece in the SDN stack. Moreover, the global view of the network provided by SDN is able to create an explicit communication channel between principals and the networks infrastructure. More specifically, PANE converts principals messages (defined later) to OpenFlow configurations in forwarding elements within a network administrative body. 5

6 A logically centralized controller: PANE 6

7 A logically centralized controller: PANE 7

8 Messages PANE defines 3 types of messages from principals to the controller: Requests (messages that lead to configuration change - affects state of the network), Hints (inform the network) and Queries (query information on state of the network). 8

9 Requests (Access Control, GMB, Path Control, Rate-limits) 9

10 Hints 10

11 Queries 11

12 Shares PANE uses shares to limit the authority of principals. A share states who (which principals) can say what (which messages) about which flows in the network. 12

13 Share Tree 13

14 Share Tree 14

15 Share Tree 15

16 Share Tree 16

17 Share Tree 17

18 Policy Tree, Conflict Resolution and Compilation Share trees describe what a principal can ask but they are not the policies (entries/updates of flow tables and other hardware configuration). Accepted requests become policies, which we call policy atoms. Policy atoms form a policy tree. PANE consults policy trees before determining the feasibility of a request. Policy trees are represented using HFTs (Hierarchical Flow Tables), which contain conflict resolution operators. Policy trees must become actual flow tables in the switch. Therefore, they must be compiled. PANE s compiler produces flow tables of size O(n^2), which is an improvement because direct compilation would result in a O(2^n) flow tables. 18

19 Conflict resolution 19

20 Evaluation Prototype in Mininet. Physical implementation: Pronto 3290 switches as as well as software OpenFlow switches. Linux Intel-compatible hardware and wireless APs. PANE controller uses Haskell, Java and Nettle library for OpenFlow. Examples: Ekiga (QoS guarantees), SSHGuard (Access Control), ZooKeeper. All open-source projects so they modified the code to enable PANE interaction. 20

21 Ekiga Video Conference app. Modified so users can request guaranteed bandwidth beforehand. If such request is not feasible at the moment, it presents two options: best effort operation or when such request is available. Otherwise, it installs forwarding rules for the switches specific queues that will provide such QoS performance. 21

22 SSHGuard Firewall application on end-hosts. Modified to allow the host to send Deny requests for a particular flow. Two hosts connected by a wireless AP transfer data at 24 Mbps. A outside attacker performs a DoS attack which causes the transfer to drop to 5 Mbps. With SSHGuard action, it rises to 8 Mbps. With Deny rules installed two switches away, the transfer continues at 24 Mbps (iperf). 22

23 ZooKeeper 23

24 Related Work Active Networking (90s). Integration of application demands and network operation via distributed programs running network nodes. QoS Reservation (90s and early 00s). RVSP (Resource Reservation Protocol) and NSIS protocols. More recently with SDN: Software-friendly networks (2010): similar to PANE but does not delegate authority (there is only on trusted party). FlowVisor (2010): uses OpenFlow controllers to manage slices of a network (independent and separate networks running on the same physical network). 24

25 Paper Assessment Scope (9/10): participatory networking is a concept that can be exploited in any type of network and just about any application could use some specific configuration. Intellectual (8/10): the authors ideas are certainly very compelling and it starts a conversation about different ways we can reason about networks. Impact (7/10): as of now, the paper has over 200 citations. Of course, since it borrows so much from SDN it does not have the same impact as Ethane and other early SDN works which are almost paradigm shifts. It is worth mentioning that Intent based networking which Cisco is currently marketing extensively seems a lot like participatory networking. 25

26 Thank you. Any questions? Mauricio de Oliveira DCC UFMG 26