Can the Production Network Be the Testbed?

Similar documents
Software Defined Networks and OpenFlow. Courtesy of: AT&T Tech Talks.

HY436: Network Virtualization

Slicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)

Advanced Computer Networks. Network Virtualization

Scalability and Resilience in SDN: an overview. Nicola Rustignoli

Software Defined Networks and OpenFlow

So#ware Defined Networks and OpenFlow

OFELIA The European OpenFlow Experimental Facility

Maturing of OpenFlow and Software-Defined Networking through Deployments

A Datapath-centric Virtualization Mechanism for OpenFlow Networks

Software Defined Networking

Software Defined Networking

VIRTUALIZATION IN OPENFLOW NETWORKS

Connecting NetOpen Nodes for NetOpen Resource Aggregate

OpenFlow network virtualization with FlowVisor

Advanced Computer Networks. RDMA, Network Virtualization

Openflow for Network Engineers. Ma4 Davy, Indiana University Internet2 Joint Techs Workshop July 12 th, 2010

Prototyping and Evaluation of Mobility First Architecture

Server Load Balancing with Path Selection in Virtualized Software Defined Networks

Next Generation Emergency Communication Systems via Software Defined Networks

Software Defined Networking

Software-Defined Networking:

Software Defined Network(SDN) Workshop + Hackathon

ON.Lab Overview SDN: New Approach to Networking. Bill Snow

VIRTUALIZATION IN 5G SYSTEMS PART I

Software Defined Networking Security: Security for SDN and Security with SDN. Seungwon Shin Texas A&M University

NetServ: Dynamically Deploying In-network Services

OpenFlow Ronald van der Pol

SDN and Wireless Network. Seungwon Shin KAIST

Project Title: Open Virtualized WiMAX Base Station Node for GENI Wide-Area Wireless Deployments

Network Myths and Mysteries. Radia Perlman Intel Labs

Network Hypervisors Pros and Cons: A survey

Building a Fast, Virtualized Data Plane with Programmable Hardware. Bilal Anwer Nick Feamster

Chapter 5 Network Layer: The Control Plane

SCALING SOFTWARE DEFINED NETWORKS. Chengyu Fan (edited by Lorenzo De Carli)

Header Space Analysis: Static Checking For Networks

Introduction to Software-Defined Networking UG3 Computer Communications & Networks (COMN)

Centralization of Network using Openflow Protocol

Future Internet Research using OpenFlow

An Optimal Slicing Strategy for SDN based Smart Home Network

National Taiwan University. Software-Defined Networking

SPDY - A Web Protocol. Mike Belshe Velocity, Dec 2009

NETWORK VIRTUALIZATION IN THE HOME Chris Donley CableLabs

TOWARDS REMOTE ACCESS TO VIRTUALIZED TELECOM RESEARCH INFRASTRACTURS

Wireless software defined networks: 5G or beyond 4G

So#ware Defined Networking

Evaluation Strategies. Nick Feamster CS 7260 February 26, 2007

Research on Firewall in Software Defined Network

Revisiting router architectures with Zipf

SDN Security: Two Sides of the Same Coin. Scott Hogg, CTO GTRI. CCIE #5133, CISSP #4610 Thursday June 22, 2017

Blueprint for Introducing Innovation into Wireless Mobile Networks

ConEx Concepts and Uses

CSC 401 Data and Computer Communications Networks

API Design Challenges for Open Router Platforms on Proprietary Hardware

Interoperability guide Phoenix Contact WLAN clients with Cisco Wireless LAN Controllers (WLC) Published:

A strategy for IPv6 adoption

CS 4226: Internet Architecture

CS 5114 Network Programming Languages Data Plane. Nate Foster Cornell University Spring 2013

IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 18, NO. 1, FIRST QUARTER

The RIT SDN Testbed and GENI

DEPLOYMENT GUIDE Version 1.1. DNS Traffic Management using the BIG-IP Local Traffic Manager

Introduction to GENI. Ben Newton University of North Carolina at Chapel Hill Sponsored by the National Science Foundation

Routing and router security in an operator environment

Innovation and Experimentation through SDN and Network Virtualization

Enterasys K-Series. Benefits. Product Overview. There is nothing more important than our customers. DATASHEET. Operational Efficiency.

SwitchBlade: A Platform for Rapid Deployment of Network Protocols on Programmable Hardware

SOFTWARE DEFINED NETWORKS. Jonathan Chu Muhammad Salman Malik

A Crash Course in OpenFlow 1.1. Rob Sherwood August 2011

Interdomain Routing Design for MobilityFirst

ADVANCED COMPUTER NETWORKS Assignment 9: Introduction to OpenFlow

Deploying a Disaggregated Model for LINX s LON2 Network. How LINX reimagined its LON2 network architecture using EVPN routing technology

A Scalable, Commodity Data Center Network Architecture

Outline. Traditional computer networks. Software Defined Networking - 3 (SDN) Pag. 1 SDN. Openflow protocol Some issues Advances

HEADER SPACE ANALYSIS

Experiences with Dynamic Circuit Creation in a Regional Network Testbed

IQ for DNA. Interactive Query for Dynamic Network Analytics. Haoyu Song. HUAWEI TECHNOLOGIES Co., Ltd.

Software Defined Networks

T9: SDN and Flow Management: DevoFlow

Federal Agencies and the Transition to IPv6

Network Virtualization: from a Network Provider Perspective

EECS 122: Introduction to Computer Networks Switch and Router Architectures. Today s Lecture

Before jumping into the exercises perhaps we should recall the FlowVisor API calls which can be reached by using the command fvctl as shown below:

HY436: Modular Network Programming with Pyretic

Managing and Securing Computer Networks. Guy Leduc. Chapter 2: Software-Defined Networks (SDN) Chapter 2. Chapter goals:

ProgrammableFlow: OpenFlow Network Fabric

Networking in Virtual Infrastructure and Future Internet. NCHC Jen-Wei Hu

OpenFlow: What s it Good for?

SDN QoS. Yatish Kumar - CTO Corsa

DevoFlow: Scaling Flow Management for High Performance Networks

Building the At-Scale GENI Testbed

Confused, Timid, and Unstable: Picking a Video Streaming Rate is Hard

The DETER Testbed: Overview 25 August 2004

Application-Driven Network Management with ProtoRINA

BTSDN: BGP-based Transition for the Existing Networks to SDN

CSCI-375 Operating Systems

Active BGP Measurement with BGP-Mux. Ethan Katz-Bassett (USC) with testbed and some slides hijacked from Nick Feamster and Valas Valancius

FIFO Service with Differentiated Queueing

Efficient Conflict Detection in Flow-Based Virtualized Networks

BGP Policy violations in the data-plane

The Bro Cluster The Bro Cluster

Transcription:

Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen Gibb, KK Yap, Guido Appenzeller, Martin Cassado, Nick McKeown, Guru Parulkar Stanford University, Big Switch Networks, Nicira Networks

Problem: Realisticly evaluating new network services is hard services that require changes to switches and routers e.g., o routing protocols o traffic monitoring services o IP mobility Result: Many good ideas don't gets deployed; Many deployed services still have bugs.

Why is Evaluation Hard? Real Networks Testbeds

Not a New Problem Build open, programmable network hardware o NetFPGA, network processors o but: deployment is expensive, fan-out is small Build bigger software testbeds o VINI/PlanetLab, Emulab o but: performance is slower, realistic topologies? Convince users to try experimental services o personal incentive, SatelliteLab o but: getting lots of users is hard

Solution Overview: Network Slicing Divide the production network into logical slices o each slice/service controls its own packet forwarding o users pick which slice controls their traffic: opt-in o existing production services run in their own slice e.g., Spanning tree, OSPF/BGP Enforce strong isolation between slices o actions in one slice do not affect another Allows the (logical) testbed to mirror the production network o real hardware, performance, topologies, scale, users

Rest of Talk... How network slicing works: FlowSpace, Opt-In Our prototype implementation: FlowVisor Isolation and performance results Current deployments: 8+ campuses, 2+ ISPs Future directions and conclusion

Current Network Devices Switch/Router Control Plane Computes forwarding rules 128.8.128/16 --> port 6 Pushes rules down to data plane Rules Control/Data Protocol General-purpose CPU Excepts Data Plane Enforces forwarding rules Exceptions pushed back to control plane e.g., unmatched packets Custom ASIC

Add a Slicing Layer Between Planes Slice 2 Control Plane Slice 1 Control Plane Slice 3 Control Plane Rules Control/Data Protocol Excepts Slice Policies Data Plane

Network Slicing Architecture A network slice is a collection of sliced switches/routers Data plane is unmodified Packets forwarded with no performance penalty Slicing with existing ASIC Transparent slicing layer each slice believes it owns the data path enforces isolation between slices i.e., rewrites, drops rules to adhere to slice police forwards exceptions to correct slice(s)

Slicing Policies The policy specifies resource limits for each slice: Link bandwidth Maximum number of forwarding rules Topology Fraction of switch/router CPU FlowSpace: which packets does the slice control?

FlowSpace: Maps Packets to Slices

Real User Traffic: Opt-In Allow users to Opt-In to services in real-time o Users can delegate control of individual flows to Slices o Add new FlowSpace to each slice's policy Example: o "Slice 1 will handle my HTTP traffic" o "Slice 2 will handle my VoIP traffic" o "Slice 3 will handle everything else" Creates incentives for building high-quality services

Rest of Talk... How network slicing works: FlowSpace, Opt-In Our prototype implementation: FlowVisor Isolation and performance results Current deployments: 8+ campuses, 2+ ISPs Future directions and conclusion

Implemented on OpenFlow Server Custom Control Plane Network Stub Control Plane Data Plane OpenFlow Controller OpenFlow Protocol Control OpenFlow Path Firmware Data Path Switch/ Router API for controlling packet forwarding Abstraction of control plane/data plane protocol Works on commodity hardware via firmware upgrade www.openflow.org

FlowVisor Implemented on OpenFlow Server Servers Custom Control Plane OpenFlow Controller OpenFlow Controller OpenFlow OpenFlow Controller OpenFlow Controller Network Stub Control Plane OpenFlow Protocol OpenFlow Firmware FlowVisor OpenFlow OpenFlow Firmware Data Plane Data Path Data Path Switch/ Router Switch/ Router

FlowVisor Message Handling Alice Controller Bob Controller Cathy Controller Rule Policy Check: Is this rule allowed? Full Line Rate Forwarding OpenFlow FlowVisor OpenFlow OpenFlow Firmware Exception Policy Check: Who controls this packet? Packet Data Path

FlowVisor Implementation Custom handlers for each of OpenFlow's 20 message types Transparent OpenFlow proxy 8261 LOC in C New version with extra API for GENI Could extend to non-openflow (ForCES?) Code: `git clone git://openflow.org/flowvisor.git`

Rest of Talk... How network slicing works: FlowSpace, Opt-In Our prototype implementation: FlowVisor Isolation and performance results Current deployments: 8+ campuses, 2+ ISPs Future directions and conclusion

Isolation Techniques Isolation is critical for slicing In talk: Device CPU In paper: FlowSpace Link bandwidth Topology Forwarding rules As well as performance and scaling numbers

Device CPU Isolation Ensure that no slice monopolizes Device CPU CPU exhaustion prevent rule updates drop LLDPs ---> Causes link flapping Techniques Limiting rule insertion rate Use periodic drop-rules to throttle exceptions Proper rate-limiting coming in OpenFlow 1.1

CPU Isolation: Malicious Slice

Rest of Talk... How network slicing works: FlowSpace, Opt-In Our prototype implementation: FlowVisor Isolation and performance results Current deployments: 8+ campuses, 2+ ISPs Future directions and conclusion

FlowVisor Deployment: Stanford Our real, production network o 15 switches, 35 APs o 25+ users o 1+ year of use o my personal email and web-traffic! Same physical network hosts Stanford demos o 7 different demos

FlowVisor Deployments: GENI

Future Directions Currently limited to subsets of actual topology Add virtual links, nodes support Adaptive CPU isolation Change rate-limits dynamically with load... message type More deployments, experience

Conclusion: Tentative Yes! Network slicing can help perform more realistic evaluations FlowVisor allows experiments to run concurrently but safely on the production network CPU isolation needs OpenFlow 1.1 feature Over one year of deployment experience FlowVisor+GENI coming to a campus near you! Questions? git://openflow.org/flowvisor.git

Backup Slides

What about VLANs? Can't program packet forwarding Stuck with learning switch and spanning tree OpenFlow per VLAN? No obvious opt-in mechanism: Who maps a packet to a vlan? By port? Resource isolation more problematic CPU Isolation problems in existing VLANs

FlowSpace Isolation Policy Desired Rule Result HTTP ALL HTTP-only HTTP VoIP Drop Discontinuous FlowSpace: (HTTP or VoIP) & ALL == two rules Isolation by rule priority is hard longest-prefix-match-like ordering issues need to be careful about preserving rule ordering

Scaling

Performance

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback