Inter-domain SDN Data Plane Validation: Next Steps at AmLight

Similar documents
AmLight s SDN Looking Glass A Network Monitoring System for SDN Networks

Troubleshoo>ng AmLight: Handling Network Events in a Produc>on SDN Environment

SDN AmLight: One Year Later

IRNC PI Meeting. Internet2 Global Summit May 6, 2018

Network Testbeds at AmLight: Eight Months Later

AmLight ExP & AtlanticWave-SDX: new projects supporting Future Internet Research between U.S. & South America

South American Astronomy Coordination Committee (SAACC) Meeting

AmLight supports wide-area network demonstrations in Super Computing 2013 (SC13)

IRNC Kickoff Meeting

Tical 2018 Conference Taller de Desarrollo y Evolución de Las Redes de Investigación y Educación September 6, 2018

WELCOME TO GLIF Technical Working Group Summer 2015 meeting. Prague, Czech Republic September 2015

Alex Soares de Moura

Pacific Wave: Building an SDN Exchange

Heterogeneous Interconnection between SDN and Layer2 Networks based on NSI

Deploying Standards-based, Multi-domain, Bandwidth-on-Demand

International Networking in support of Extremely Large Astronomical Data-centric Operations

OpenFlow: What s it Good for?

Software Defined Networks and OpenFlow. Courtesy of: AT&T Tech Talks.

Connectivity Services, Autobahn and New Services

Software-Defined Networking (SDN) Overview

IRNC:RXP SDN / SDX Update

Security Considerations for Cloud Readiness

Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall

Developing Applications with Networking Capabilities via End-to-End Software Defined Networking (DANCES)

Design and development of the reactive BGP peering in softwaredefined routing exchanges

Ethernet Operation Administration and Maintenance Deliverable 2010

Advance Reservation Access Control Using Software-Defined Networking and Tokens

Regional Networks, Communities and Ecosystems Americas Africa Research and education Lightpaths (AARCLight) Study: Year 1 findings

Software-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017

Cisco Data Center Network Manager 5.1

A SECURE SDN SCIENCE DMZ

Vendor: Cisco. Exam Code: Exam Name: Developing with Cisco Network Programmability (NPDEV) Version: Demo

18th WRNP Workshop RNP May Belém, Brasil Gerben van Malenstein

Performing Diagnostics

Innovation and Experimentation through SDN and Network Virtualization

Software Defined Networking

Network Services Interface. OGF NSI standards development progress:

Software Defined Exchanges: The new SDN? Inder Monga Chief Technologist Energy Sciences Network

SEL-5056 Software-Defined Network (SDN) Flow Controller

FROM NETWORK ADMINISTRATOR TO DOMAIN SCIENTIST: CHALLENGES WITH CREATING USABLE HIGH SPEED NETWORKS

PIX-IE An SDN-based Programmable Internet exchange

Testbeds as a Service Building Future Networks A view into a new GN3Plus Service. Jerry Sobieski (NORDUnet) GLIF Oct 2013 Singapore

Source Address Validation: from the Current Network Architecture to SDN-based Architecture

Cisco Cisco ADVDESIGN. Download Full Version :

Slicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)

Overview. Overview. OTV Fundamentals. OTV Terms. This chapter provides an overview for Overlay Transport Virtualization (OTV) on Cisco NX-OS devices.

Metro Ethernet Forum OAM. Matt Squire Hatteras Networks

CCIE ROUTING & SWITCHING V5.0

The threat landscape is constantly

Open Networking Opera-ng System

SDN/DANCES Project Update Developing Applications with Networking Capabilities via End-to-end SDN (DANCES)

SMART WORKING una infrastruttura agile per un nuovo modo di lavorare. Luca Guerra Sales Engineer Networking Avaya Italia SpA

GlobalNOC Services Update Internet2 Global Summit

Več kot SDN - SDA arhitektura v uporabniških omrežjih

Network Behavior Analysis

2610:f8:ffff:2010:04:13:0085:1

Storage Access Network Design Using the Cisco MDS 9124 Multilayer Fabric Switch

THE NETWORK AND THE CLOUD

Border Provisioning Use Case in VXLAN BGP EVPN Fabrics - Multi-Site

End to End SLA for Enterprise Multi-Tenant Applications

Overview on FP7 Projects SPARC and UNIFY

Solution Overview Vectored Event Grid Architecture for Real-Time Intelligent Event Management

Hierarchical Fabric Designs The Journey to Multisite. Lukas Krattiger Principal Engineer September 2017

The Challenges of Measuring Wireless Networks. David Kotz Dartmouth College August 2005

DetNet Requirements on Data Plane and Control Plane

PassTorrent. Pass your actual test with our latest and valid practice torrent at once

Configuring MPLS Transport Profile

HIPrelay Product. The Industry's First Identity-Based Router Product FAQ

Politecnico di Torino Network architecture and management. Outline 11/01/2016. Marcello Maggiora, Antonio Lantieri, Marco Ricca

Wireless LAN Controller (WLC) Mobility Groups FAQ

Cisco Prime Network Client Overview

PREREQUISITES TARGET AUDIENCE. Length Days: 5

1V0-642.exam.30q.

Special Loop Address draft-turaga-lmap-special-loop-address. Partha Turaga & Robert Raszuk Bloomberg L.P.

Carrier SDN for Multilayer Control

Some Musings on OpenFlow and SDN for Enterprise Networks. David Meyer Open Networking Summit October 18-19, 2011

Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security

Hands-On TCP/IP Networking

Implementation of the FELIX SDN Experimental Facility

Campus network: Looking at the big picture

Vendor: Cisco. Exam Code: Exam Name: DCID Designing Cisco Data Center Infrastructure. Version: Demo

Lab Troubleshooting Problems at the Physical and Data Link Layers

Chapter 10: Review and Preparation for Troubleshooting Complex Enterprise Networks

DEPLOYING AND EVOLVING FABRICS IN EXISTING NETWORKS. Scott Fincher Global Solutions Architect Avaya Networking

Knowledge-Defined Network Orchestration in a Hybrid Optical/Electrical Datacenter Network

SMART Questionnaire. Fields marked with * are mandatory. Introduction

MOC 6421B: Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

ENTERPRISE MPLS. Kireeti Kompella

Building a Digital Bridge from Ohio

CCNA Routing and Switching (NI )

CTR8500/8300 Installation, Operation and Maintenance (CE/Layer 2) TRN-WW-CTR85X83XL2-01. Hamilton, Scotland, UK Lagos, Nigeria

International OpenFlow/SDN Test Beds 3/31/15

Public Cloud Connection for R&E Network. Jin Tanaka APAN-JP/KDDI

IPv6 in Internet2. Rick Summerhill Associate Director, Backbone Network Infrastructure, Internet2

WHAT NETWORK VIRTUALIZATION TECHNOLOGY CAN DO FOR YOUR NETWORK TODAY

Emerging MPLS OAM mechanisms

Wireless LANs (CO72047) Bill Buchanan, Reader, School of Computing.

IP Broadband Network Management 2016 Training Programs. Catalog of Course Descriptions

Borderless Networks. Tom Schepers, Director Systems Engineering

Implementing Cisco IP Routing (ROUTE)

Transcription:

Internet2 Global Summit Washington DC, Apr 26 th 2017 Inter-domain SDN Data Plane Validation: Next Steps at AmLight Jeronimo Bezerra Florida International University <jab@amlight.net> Marcos Schwarz Rede Nacional de Ensino e Pesquisa <marcos.schwarz@rnp.br>

Outline Introducing AmLight Troubleshooting production SDN networks Troubleshooting the Data Plane Inter-Domain Tracing Protocol Future Work Introducing the AmLight SDNTrace app Inter-Domain screenshots 2

AmLight is a Distributed Academic Exchange Point Production SDN Infrastructure since Aug 2014 Responsible for the South America academic connectivity Carries Academic and Non-Academic/Commercial traffic L2VPN, IPv4, IPv6, Multicast Supports Network Programmability/Slicing OpenFlow 1.0 Flow Space Firewall for Network Programmability/Slicing OGF Network Service Interface (NSI) enabled Currently, operating with more than 1k flows (production and experimentation) Web site: www.sdn.amlight.net With the SDN deployment, everything changed. 3

Troubleshooting a production SDN network Troubleshooting a production environment has different requirements It needs to be agile and least disruptive as possible It might need historical information and understanding of traffic going through the network Tools have to be handy! Legacy troubleshooting tools are partially useful or completely useless OAM (Operation, Administration and Maintenance) is not supported by OpenFlow (yet) Ping, traceroute, SNMP, Wireshark/Tcpdump are not made for OpenFlow networks Deep knowledge of the hardware and software platform is required: Usage of the hidden commands becomes part of your routine 4

Troubleshooting Data Plane? In some cases, everything looks fine, but traffic is not flowing Examples of data plane black holes: A specific line card or interface discarding all traffic Due to an interface memory issue, flows are installed but traffic is discarded Interface down in one side but up in the remote and the SDN app doesn t understand that For instance: 10G LAN-PHY, Ethernet circuits and 100G long haul circuits In this case, depending of the side, the SDN app installs the circuits pointing to the affected link, discarding all traffic A specific installed flow entry crashed Due to an interface memory issue, one specific flow is affected and traffic is discarded Depending of the number of OpenFlow switches and flow entries, finding the problem might be extremely timeconsuming In these cases, in-band tests are required: Just a very few SDN apps test in-band per link No SDN apps test in-band per flow 5

Data Plane Monitoring Monitoring individual flows is important but extremely expensive Being proactive with all flows is desired but the interval between tests and number of flows need to be taken into consideration Using a reactive approach is the best suggestion OESS ONOS/SDN-IP Testbed Application Layer Users won t be happy, but your switches won t crash OpenFlow 1.0 Approaches to validate users flows are being proposed: FlowSpace Firewall SDN traceroute: Tracing SDN Forwarding without Changing Network Behavior Multi-protocol Network Troubleshooting with Pathtrace protocol OpenFlow 1.0 Forwarding Device AmLight s developed a solution to trace users flows: SDNTrace User A Forwarding Device Forwarding Device User B Forwarding Device Monitoring User Flows: SDNTrace 6

But, wait a minute! What about circuits that spans multiple domains?

Inter-domain Data Plane Troubleshooting Multi-domain virtual circuits are subject to problems in each domain they transverse Issues on links peering two domains are even more difficult to detect and troubleshoot: Multiple NOCs, configuration inconsistencies, devices malfunction, unpredicted topology changes The legacy way: manually add an IP to each switch in the path, ping each switch until you isolate the issue What about SDN? You don t easily add an IP to an OpenFlow switch! Lack of inter-domain tools, current efforts mainly on intra-domain Recent experience: Two users (Brazil and UK) Five domains in the path, including two OpenFlow-based (AmLight and Internet2) 22 days & 45 e-mails to restore a single VLAN! Then we decided to work on this problem 8

Requirements for an inter-domain troubleshooting solution An inter-domain SDN data plane troubleshooting solution was created with the following initial requirements: User should not need to know the network topology or understand OpenFlow, just like a traditional traceroute Each domain in the path should be able to have different privacy policies The solution should not require topology or technology changes, just a few OpenFlow entries Optional: The inter-domain trace protocol should be flexible enough to support different solutions of path trace 9

How does it work? (1) Simple Version Step 1: Contract established between neighbor domains with the "color" of the peering switches. Peering configuration between A and B IP address type remote label/color interface a.b.c.d:443 tracepath domaina:switcha2 dl_src:111 p2 w.x.y.z:443 tracepath domainb:switchb1 dl_src:110 p1 Step 2: Each Controller Pushes the colored flows to the peering switches 10

After a trace request: Step 3: Controller A uses the contract and sends a probe matching the neighbor s switch color Step 4: Switch A2 matches the probe with the inter-domain flow entry and forward it to B1 Step 5: Switch B1 matches the probe with the colored flow and sends the probe to Controller B Step 7: Controller B reports < domain B, switch B1, port 1 > to Controller A Step 8: Controller A forwards the report to the user Step N: Domain B continues the intra-domain trace till the end of its domain. If there is a "Domain C for such user circuit, process continues in the next domain. 11

How does it work? (3) Full Version 12

AmLight SDNTrace Does not change user flow entries AT ALL Lightweight (2-4 flow entries needed per sw) Works with OpenFlow 1.0 and 1.3 Based on Ryu SDN framework Trace flows from different SDN applications Trace User Flows based on Layer 2, Layer 3 or mix of layers Supports Inter-domain Tracing Beta code: http://github.com/amlight/sdntrace 13

SDNTrace running Demo 14

Screenshots Trace from RNP (left) to CLARA (right) RNP CLARA 15

Screenshots Trace from CLARA (right) to RNP (left) RNP CLARA 16

Future Expand the solution to use the Network Service Interface (NSI) protocol NSI provides models for describing network services and enables the use of shared resources through secure and reliable sessions for communication between domains Used by GLIF AutoGOLE community for inter-domain L2 circuits provisioning Supports authentication and encryption NSI can be used to enforce the peering contract and transport communication between controllers Deploy at AMPATH, AmLight, SouthernLight, ANSP and RNP in 2017 Evolve to a more complex solution with alarms/triggers, etc. 17

Internet2 Global Summit Washington DC, Apr 26 th 2017 AmLight s Development Team: ANSP Academic Network of Sao Paulo: Antonio Francisco Jorge Marcos Rogerio Motitsuki RNP Rede Nacional de Ensino e Pesquisa Marcos Schwarz FIU Florida International University Jeronimo Bezerra Thank You! Questions?

References Agarwal, Kanak, et al. "SDN traceroute: Tracing SDN forwarding without changing network behavior." Proceedings of the third workshop on Hot topics in software defined networking. ACM, 2014. http://groups.geni.net/geni/wiki/gec24agenda/eveningdemosessi on#multi-protocolnetworktroubleshootingwithpathtraceprotocol

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback