Reaping the Benefits of IPv6 Segment Routing

Transcription

1 Reaping the Benefits of IPv6 Segment Routing Public PhD thesis defense David Lebrun Université catholique de Louvain October 19, /69

2 Table of Contents Introduction Segment Routing Implementing IPv6 Segment Routing in Linux Exploring IPv6 Segment Routing Rethinking IPv6 Enterprise Networks Conclusion 2/69

3 Introduction Networks connect devices and transport information 3/69

4 Introduction Networks are interconnected 4/69

5 Introduction Basic building blocks of networks are routers 5/69

6 Packet-based forwarding Information is chunked into packets How are packets exchanged? The faster the better: shortest-path forwarding What is the shortest path? 6/69

7 Routing tables Routing table: instructions on how to forward packets Each router computes its routing table 7/69

8 Control plane Routers exchange view of network Interior Gateway Protocols (IGP) Convergence to coherent global network state 8/69

9 Fault tolerance IGP recomputation triggered on link/node failure Network state converges, best paths change 9/69

10 Quality of Service Not all traffic is equal Prioritization of some classes of traffic (QoS) Congestion may occur drop of low-prio traffic 10/69

11 Traffic engineering QoS only inefficient resource utilization Traffic steering: make a detour 11/69

12 Traffic engineering Difficult to achieve TE solely with IGPs Traffic will follow shortest path Existing solutions not scalable (MPLS/RSVP-TE) 12/69

13 Table of Contents Introduction Segment Routing Implementing IPv6 Segment Routing in Linux Exploring IPv6 Segment Routing Rethinking IPv6 Enterprise Networks Conclusion 13/69

14 Segment Routing Source routing paradigm Path defined at source as list of segments List of segments embedded in each packet Segment instruction (steering through node, link,...) IPv6 Segment Routing (SRv6) 1 segment = IPv6 address Runs on top of existing IGP: sequence of shortest paths 1 Stefano Previdi, Clarence Filsfils, David Lebrun, et al. IPv6 Segment Routing Header (SRH).. Internet-Draft draft-ietf-6man-segment-routing-header-07. Work in Progress. Internet Engineering Task Force, July pp. 14/69

15 Segment Routing From E1 to E2, segments: E2 From E1 to E2, segments: C1, E2 15/69

16 Segment Routing layers 16/69

17 Segment Routing Header 17/69

18 SRv6 operations: encapsulation and insertion Figure: SRH encapsulation by ingress node. Figure: SRH insertion by source. 18/69

19 SRv6 operations: processing and decapsulation Figure: SRH processing by segment endpoint. Figure: SRH decapsulation by egress node. 19/69

20 Table of Contents Introduction Segment Routing Implementing IPv6 Segment Routing in Linux Exploring IPv6 Segment Routing Rethinking IPv6 Enterprise Networks Conclusion 20/69

21 Benefits of a Linux implementation Mainline integration: widespread availability 2 Feedback loop for a developing technology Research opportunities for the scientific community 2 David Lebrun and Olivier Bonaventure. Implementing IPv6 Segment Routing in the Linux Kernel. In: Proceedings of the 2017 Applied Networking Research Workshop. ACM /69

22 Routing engine Figure: High-level overview of Linux routing process. 22/69

23 SRH insertion/encapsulation (forwarded packet) Figure: SRH insertion codepath for forwarded packets. 23/69

24 SRH insertion/encapsulation (local packet) Figure: SRH insertion codepath for locally generated packets. 24/69

25 SRH processing/decapsulation Figure: SR-enabled packet codepath. 25/69

26 Per-socket SRH insertion An application can (partially) program the network Listing 1: Application code defining a per-socket SRH. s t r u c t ipv6_sr_hdr s r h ; i n t fd, srh_len ; srh_len = b u i l d _ s r h (& s r h ) ; f d = s o c k e t (AF_INET6, SOCK_STREAM, IPPROTO_TCP ) ; s e t s o c k o p t ( fd, IPPROTO_IPV6, IPV6_RTHDR, srh, srh_len ) ; 26/69

27 Performance evaluation: hardware setup Figure: Physical testbed. Intel Xeon 2.53 GHz (4 cores / 8 threads) Intel Gbps Ethernet cards 16 GB RAM 27/69

28 Single-core performance Average throughput (Kpps) SRH insertion performances for 64-byte packets Single flow, single core Plain IPv6 Inline Encap Figure: Performance with a single core. 28/69

29 4-core performance SRH insertion performances for 64-byte packets Multi flows, 4 cores Single flow, single core Average throughput (Kpps) Plain IPv6 Inline Encap Figure: Performance comparison between single core and four cores. 29/69

30 SRv6 in Linux: conclusion Available in official Linux kernel (about 3,000 LoC) Accepted and merged in November 2016 Linux 4.10 (Feburary 2017): first release Linux 4.12 (July 2017): performance improvements Linux 4.14 (November 2017): new features Good and scalable performances Anyone can contribute 30/69

31 Table of Contents Introduction Segment Routing Implementing IPv6 Segment Routing in Linux Exploring IPv6 Segment Routing Rethinking IPv6 Enterprise Networks Conclusion 31/69

32 Overview Traffic duplication for latency-critical application 3 Fine-grained and scalable network monitoring 4 3 François Aubry, David Lebrun, Yves Deville, and Olivier Bonaventure. Traffic duplication through segmentable disjoint paths. In: IFIP Networking Conference (IFIP Networking), IEEE. 2015, pp Francois Aubry, David Lebrun, Stefano Vissicchio, Minh Thanh Khong, Yves Deville, and Olivier Bonaventure. SCMon: Leveraging segment routing to improve network monitoring. In: 35th Annual IEEE International Conference on Computer Communications, INFOCOM IEEE. 2016, pp /69

33 Network monitoring STTL CHIN NYCM SNVA DENV KSCY IPLS WASH LOSA ATLA HSTN Figure: Abilene network. 33/69

34 Link bundles SNVA Figure: Routing perspective. DENV SNVA DENV Figure: Physical perspective. 34/69

35 Backup links STTL 50 1 SNVA 1 DENV Figure: Topology with backup link. 35/69

36 Equal-Cost Multi-Path KSCY 2 IPLS KSCY 2 IPLS HSTN 3 ATLA Figure: ECMP topology. HSTN 3 ATLA Figure: ECMP routing. 36/69

37 Monitoring mechanisms Protocol-based [BFD]: per-link heartbeat Probe-based [IPSLA]: dataplane probe 37/69

38 Protocol-based monitoring Per-link, per-router configuration Miss forwarding failures SNVA BFD DENV BFD KSCY Figure: Undetected forwarding failure. 38/69

39 Probe-based monitoring Shortest-path forwarding Multiple vantage points Cannot traverse backup links Miss ECMP and bundle failures 39/69

40 SCMon Create cycles with segments Send probes over those cycles Single vantage point 40/69

41 Cycles (1) STTL CHIN NYCM SNVA DENV KSCY IPLS WASH LOSA ATLA HSTN Figure: Abilene network. 41/69

42 Cycles (2) STTL CHIN NYCM SNVA DENV KSCY IPLS WASH LOSA ATLA HSTN Figure: Abilene network. 42/69

43 Cycles (3) STTL CHIN NYCM SNVA DENV KSCY IPLS WASH LOSA ATLA HSTN Figure: Abilene network. 43/69

44 Cycles (4) STTL CHIN NYCM SNVA DENV KSCY IPLS WASH LOSA ATLA HSTN Figure: Abilene network. 44/69

45 SCMon evaluation Topology Nodes Links Cycles Avg RTT Max RTT OVH Europe ms 28 ms RF AS ms 360 ms RF AS ms 130 ms RF AS ms 127 ms RF AS ms 206 ms Time to detect blackhole RF1239 RF1755 RF3257 RF3967 OVH-EUR Links Time (milliseconds) Figure: Link failure detection time for each topology. 45/69

46 Network monitoring: conclusion SCMon: Single-box monitoring Data plane probes over cycles Prototype implementation Detect and locate link failure within milliseconds 46/69

47 Table of Contents Introduction Segment Routing Implementing IPv6 Segment Routing in Linux Exploring IPv6 Segment Routing Rethinking IPv6 Enterprise Networks Conclusion 47/69

48 Enterprise networks Complex networks, various business policies Operator needs fine-grained traffic engineering ( SR) Fast reaction to failures ( underlying IGP) Best place for control: traffic sources ( setsockopt()) How do sources (applications) know the segments to use? 48/69

49 Software-Defined Networking Central controller knows the network state and configures the devices Application controller communication? 49/69

50 DNS protocol Domain Name System Resolve names to IP addresses Example: google.com 2a00:1450:4009:815::200e Used virtually everywhere Idea: piggyback app flow control on DNS messages 50/69

51 Regular DNS request 51/69

52 Software Resolved Network Use DNS as network signaling protocol Software Resolved Network Resolver = Controller SDN Resolver Figure: Software Resolved Network. 52/69

53 SRN-augmented DNS request 53/69

54 Conversations Conversations: bidirectional flow between applications Identified by a unique PathID Mapping PathID network path Applications use only PathID 54/69

55 Implementing network paths Edge maps PathID list of segments Additional state only in edge 55/69

56 SRN layers 56/69

57 Fault tolerance: link failure 57/69

58 Fault tolerance: controller failure 58/69

59 Fault tolerance: full controller outage 59/69

60 Controller implementation Complete prototype in about 10,000 lines of C code 5 Microbenchmarks Virtual network experiment 5 David Lebrun. SDN Resolver controller code. 60/69

61 Microbenchmark evaluation Request completion time with 4 worker threads 2,000 req/s 4,000 req/s 10,000 req/s 0.7 Requests Time (milliseconds) Figure: Request completion time with four worker threads for various loads. 61/69

62 Virtual network experiment: initial setup Segments: F B A D F Client C E Server 5 ms Round-trip time (milliseconds) Controller Observed ping round-trip time 24 RTT Time (milliseconds) 62/69

63 Virtual network experiment: link down and IGP convergence Segments: F B A D F Client C E Server 5 ms Round-trip time (milliseconds) Controller Observed ping round-trip time 24 RTT IGP convergence 4 2 Link down Time (milliseconds) 63/69

64 Virtual network experiment: controller update Segments: D, F B A D F Client C E Server 5 ms Round-trip time (milliseconds) Controller Observed ping round-trip time 24 RTT Controller update IGP convergence 4 2 Link down Time (milliseconds) 64/69

65 Virtual network experiment: link up and IGP convergence Segments: D, F B A D F Client C E Server 5 ms Round-trip time (milliseconds) Controller Observed ping round-trip time 24 RTT Controller update IGP convergence IGP convergence 4 2 Link down Link up Time (milliseconds) 65/69

66 Virtual network experiment: controller update Segments: F B A D F Client C E Server 5 ms Round-trip time (milliseconds) Controller Observed ping round-trip time 24 RTT Controller update Controller update IGP convergence IGP convergence 4 2 Link down Link up Time (milliseconds) 66/69

67 Software Resolved Networks: conclusion SDN-like architecture for enterprise networks Traffic engineering through SRv6 Applications interact with controller through DNS Complete prototype implementation Evaluation meets performance expectations 67/69

68 Table of Contents Introduction Segment Routing Implementing IPv6 Segment Routing in Linux Exploring IPv6 Segment Routing Rethinking IPv6 Enterprise Networks Conclusion 68/69

69 Conclusion Linux kernel implementation of SRv6 Exploration of SRv6 applications Software Resolved Networks Fully reproducible: all code and data open-source and available (Linux kernel code) 69/69