University of Roma La Sapienza Telecomunicazioni Docente: Andrea Baiocchi DIET - Stanza 07, piano palazzina P. Piga Via Eudossiana 8 E-mail: andrea.baiocchi@uniroma.it Corso di Laurea in Ingegneria Gestionale a.a. 07/08 Computers Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done. [Andy Rooney]
Part of the slides are adapted from companion material of Chapter 4 (Network layer) of the book: Computer Networking: A Top Down Approach 7 th edition. by Jim Kurose and Keith Ross Pearson, 06. Outline ICMP ARP Routing algorithms Link state Distance Vector Routing in the Internet OSPF BGP The SDN control plane
ICMP: Internet Control Message Protocol Used by hosts & routers to communicate network-level control information error reporting: unreachable host, network, port, protocol echo request/reply (used by ping) ICMP msgs are carried in IP datagrams ICMP message: type, code, plus first 8 bytes of IP datagram causing error Type Code description 0 0 echo reply (ping) 3 0 dest network unreachable 3 dest host unreachable 3 dest protocol unreachable 3 3 dest port unreachable 3 6 dest network unknown 3 7 dest host unknown 4 0 source quench (congestion control - not used) 8 0 echo request (ping) 9 0 route advertisement 0 0 router discovery 0 TTL expired 0 bad IP header ICMP approach ICMP aim is to notify mulfunctioning to the host originating the packet that triggered malfunctioning detection. It does not specify ensuing actions. It does not locate the source of the problem e.g., intermediate system between packet origin and system detecting the error and issuing the ICMP msg Each notification ICMP message is related to a specific IP packet.
Traceroute Source sends series of UDP segments to dest First has TTL =, second has TTL=, etc. When n-th datagram arrives to n-th router: Router discards datagram and sends to source an ICMP message (type, code 0) Message includes name of router & IP address When ICMP message arrives, source calculates RTT Traceroute does this 3 times Stopping criterion UDP segment eventually arrives at destination host Destination returns ICMP port unreachable packet (type 3, code 3) When source gets this ICMP, stops. 3 probes 3 probes 3 probes Traceroute example traceroute: gaia.cs.umass.edu to www.eurecom.fr Three delay measurements from gaia.cs.umass.edu to cs-gw.cs.umass.edu cs-gw (8.9.40.54) ms ms ms border-rt-fa5--0.gw.umass.edu (8.9.3.45) ms ms ms 3 cht-vbns.gw.umass.edu (8.9.3.30) 6 ms 5 ms 5 ms 4 jn-at-0-0-9.wor.vbns.net (04.47.3.9) 6 ms ms 3 ms 5 jn-so7-0-0-0.wae.vbns.net (04.47.36.36) ms 8 ms 8 ms 6 abilene-vbns.abilene.ucaid.edu (98.3..9) ms 8 ms ms 7 nycm-wash.abilene.ucaid.edu (98.3.8.46) ms ms ms 8 6.40.03.53 (6.40.03.53) 04 ms 09 ms 06 ms 9 de-.de.de.geant.net (6.40.96.9) 09 ms 0 ms 04 ms 0 de.fr.fr.geant.net (6.40.96.50) 3 ms ms 4 ms renater-gw.fr.fr.geant.net (6.40.03.54) ms 4 ms ms nio-n.cssi.renater.fr (93.5.06.3) ms 4 ms 6 ms 3 nice.cssi.renater.fr (95.0.98.0) 3 ms 5 ms 4 ms 4 r3t-nice.cssi.renater.fr (95.0.98.0) 6 ms 6 ms 4 ms 5 eurecom-valbonne.r3t.ft.net (93.48.50.54) 35 ms 8 ms 33 ms 6 94.4..5 (94.4..5) 6 ms 8 ms 6 ms 7 * * * 8 * * * trans-oceanic link * means no response (probe lost, router not replying) 9 fantasia.eurecom.fr (93.55.3.4) 3 ms 8 ms 36 ms
Traceroute example From my laptop, via LAN to the server next building traceroute to 5.00.37. (5.00.37.), 64 hops max, 40 byte packets 9.68...96 ms.58 ms.88 ms 5.00.. 4.79 ms 4.58 ms 4.03 ms 3 5.00.54.53 4.38 ms 4.66 ms 4.873 ms 4 0.00.3.4 4.9 ms 4.96 ms 5.635 ms 5 94.8.46.09 4.73 ms 4.3 ms 4.7 ms 6 94.88.6.4 8.986 ms 4.6 ms.356 ms 7 94.88.6.4 0.3 ms 9.44 ms 7.99 ms 8 0.00.46. 8.75 ms 8.5 ms 8.39 ms 9 5.00.37. 9.505 ms.5 ms.65 ms PDU e bit Trama di livello (Ethernet) che contiene un pacchetto IP, catturata da Wireshark E una sequenza di bit!!! Caratteri hex per comodità ( hex = 4 bit) 00d9d8d734009df7bb08004500003c3430000800eaec0a8cd59c0a8cd008004d56000000566636465666768696a6b6c6d6e6f707773747576776663646566.. Header Ethernet Payload Ethernet Header Payload IP IP c0a8cd59 c0a8cd0 Header 08 00d9d8d734 009df7bb 0800=IP 0=ICMP Payload 9.68.05.89 9.68.05. ICMP ping request ICMP MAC MAC Protocol typeprotocol Indirizzo Indirizzo typeicmp IP IP Type Destinazione Sorgente Sorgente Destinazione
Outline ICMP ARP Routing algorithms Link state Distance Vector Routing in the Internet OSPF BGP The SDN control plane MAC addresses and ARP MAC (or LAN or physical or Ethernet) address: function: used locally to get frame from one interface to another physically-connected interface (same network, in IPaddressing sense) 48 bit MAC address (for most LANs) burned in NIC ROM, also sometimes software settable e.g.: A-F-BB-76-09-AD hexadecimal (base 6) notation (each numeral represents 4 bits)
LAN addresses and ARP each adapter on LAN has unique LAN address A-F-BB-76-09-AD 7-65-F7-B-08-53 LAN (wired or wireless) 58-3-D7-FA-0-B0 adapter 0C-C4--6F-E3-98 LAN addresses (more) MAC address allocation administered by IEEE manufacturer buys portion of MAC address space (to assure uniqueness) MAC flat address portability can move LAN card from one LAN to another IP hierarchical address not portable address depends on IP subnet to which node is attached
ARP: address resolution protocol Question: how to determine interface s MAC address, knowing its IP address? 37.96.7.3 7-65-F7-B-08-53 LAN 37.96.7.78 A-F-BB-76-09-AD 37.96.7.4 58-3-D7-FA-0-B0 ARP table: each IP node (host, router) on LAN has table IP/MAC address mappings for some LAN nodes: < IP address; MAC address; TTL> TTL (Time To Live): time after which address mapping will be forgotten (typically 0 min) 37.96.7.88 0C-C4--6F-E3-98 ARP protocol: same LAN A wants to send datagram to B B s MAC address not in A s ARP table. A broadcasts ARP query packet, containing B's IP address destination MAC address = FF- FF-FF-FF-FF-FF all nodes on LAN receive ARP query B receives ARP packet, replies to A with its (B's) MAC address frame sent to A s MAC address (unicast) A caches (saves) IP-to-MAC address pair in its ARP table until information becomes old (times out) soft state: information that times out (goes away) unless refreshed ARP is plug-and-play : nodes create their ARP tables without intervention from net administrator
ARP cache (ARP table) Updated each time an ARP request or ARP reply is read from the broadcast medium Gratuitous ARP Addressing: routing to another LAN walkthrough: send datagram from A to B via R focus on addressing at IP (datagram) and MAC layer (frame) assume A knows B s IP address assume A knows IP address of first hop router, R (how?) assume A knows R s MAC address (how?) A... 74-9-9C-E8-FF-55... CC-49-DE-D0-AB-7D R...0 E6-E9-00-7-BB-4B...0 A-3-F9-CD-06-9B B... 49-BD-D-C7-56-A... 88-B-F-54-A-0F
Addressing: routing to another LAN A creates IP datagram with IP source A, destination B A creates link-layer frame with R's MAC address as destination address, frame contains A-to-B IP datagram MAC src: 74-9-9C-E8-FF-55 MAC dest: E6-E9-00-7-BB-4B IP src:... IP dest:... IP Eth Phy A... 74-9-9C-E8-FF-55... CC-49-DE-D0-AB-7D R...0 E6-E9-00-7-BB-4B...0 A-3-F9-CD-06-9B B... 49-BD-D-C7-56-A... 88-B-F-54-A-0F Addressing: routing to another LAN frame sent from A to R frame received at R, datagram removed, passed up to IP MAC src: 74-9-9C-E8-FF-55 MAC dest: E6-E9-00-7-BB-4B IP src:... IP src:... IP dest:... IP dest:... IP Eth Phy A... 74-9-9C-E8-FF-55... CC-49-DE-D0-AB-7D IP Eth Phy R...0 E6-E9-00-7-BB-4B...0 A-3-F9-CD-06-9B B... 49-BD-D-C7-56-A... 88-B-F-54-A-0F
Addressing: routing to another LAN R forwards datagram with IP source A, destination B R creates link-layer frame with B's MAC address as destination address, frame contains A-to-B IP datagram A... 74-9-9C-E8-FF-55 IP Eth Phy R...0 A-3-F9-CD-06-9B MAC src: A-3-F9-CD-06-9B MAC dest: 49-BD-D-C7-56-A IP src:... IP dest:... IP Eth Phy B... 49-BD-D-C7-56-A... CC-49-DE-D0-AB-7D...0 E6-E9-00-7-BB-4B... 88-B-F-54-A-0F Addressing: routing to another LAN R forwards datagram with IP source A, destination B R creates link-layer frame with B's MAC address as destination address, frame contains A-to-B IP datagram A... 74-9-9C-E8-FF-55 IP Eth Phy R...0 A-3-F9-CD-06-9B MAC src: A-3-F9-CD-06-9B MAC dest: 49-BD-D-C7-56-A IP src:... IP dest:... IP Eth Phy B... 49-BD-D-C7-56-A... CC-49-DE-D0-AB-7D...0 E6-E9-00-7-BB-4B... 88-B-F-54-A-0F
Addressing: routing to another LAN R forwards datagram with IP source A, destination B R creates link-layer frame with B's MAC address as dest, frame contains A-to-B IP datagram MAC src: A-3-F9-CD-06-9B MAC dest: 49-BD-D-C7-56-A IP src:... IP dest:... IP Eth Phy A... 74-9-9C-E8-FF-55... CC-49-DE-D0-AB-7D R...0 E6-E9-00-7-BB-4B...0 A-3-F9-CD-06-9B B... 49-BD-D-C7-56-A... 88-B-F-54-A-0F Outline ICMP ARP Routing algorithms Link state Distance Vector Routing in the Internet OSPF BGP The SDN control plane
Routing protocols Routing protocol goal: determine good paths (equivalently, routes), from sending hosts to receiving host, through network of routers path: sequence of routers packets will traverse in going from given initial source host to given final destination host good : least cost, fastest, least congested routing: a top-0 networking challenge! Graph abstraction 5 u v x 3 3 w y 5 z Graph: G = (N,E) = (NODES, EDGES) N = set of routers = { u, v, w, x, y, z } E = set of links ={ (u,v), (u,x), (v,x), (v,w), (x,w), (x,y), (w,y), (w,z), (y,z) } Remark: Graph abstraction is useful in other network contexts Example: PP, where N is set of peers and E is set of TCP connections; social networks where nodes are users and edges exist iff two users have a direct contact
Graph abstraction: costs u 5 v x 3 3 w y 5 z c(x,x ) = cost of link (x,x ) - e.g., c(w,z) = 5 cost could always be, or proportionl to link fee or inversely related to bandwidth, or inversely related to congestion Cost of path (x, x, x 3,, x p ) = c(x,x )+c(x,x 3 )+ +c(x p-,x p ) Question: What s the least-cost path between u and z? Routing algorithm: algorithm that finds least-cost path Routing Algorithm classification Global: link state algorithm (Dijkstra) all routers have complete topology, link cost info distributed implementation: all-to-all router messages, no central server. centralized implementation: all router send messages to a central server (Software Defined Network, SDN) Local: distance vector algorithm (Bellman-Ford) router knows physically-connected neighbors, link costs to neighbors iterative process of computation, exchange of messages only with neighbors
A Link-State Routing Algorithm Dijkstra s algorithm net topology, link costs known to all nodes accomplished via link state broadcast all nodes have same info computes least cost paths from one node ( source ) to all other nodes gives forwarding table for that node iterative: after k iterations, know least cost path to k destinations Notation: c(x,y): link cost from node x to y; = if not direct neighbors D(v): current value of cost of path from source to dest. v p(v): predecessor node along path from source to v N': set of nodes whose least cost path definitively known Dijsktra s Algorithm for node a Initialization: N' = {a} 3 for all nodes x 4 if x adjacent to a 5 then D(x) = c(a,x) and p(x)=a 6 else D(x) = 8 Loop 9 find y not in N' such that D(y) is a minimum 0 add y to N' update D(z) for all z adjacent to y and not in N' : D(z) = min{ D(z), D(y) + c(y,z) } if D(y)+c(y,z) < D(z) then p(z)=y /* new cost to z is either old cost to z or known 4 shortest path cost to y plus cost from y to z */ 5 until all nodes in N'
Dijkstra s algorithm: example D(v) p(v) D(w) p(w) D(x) p(x) D(y) p(y) D(z) p(z) Step N' 0 u 7,u 3,u 5,u uw 6,w 5,u,w uwx 6,w,w 4,x 3 uwxv 0,v 4,x 4 uwxvy,y 5 uwxvyz x 9 notes: construct shortest path tree by tracing predecessor nodes ties can exist (can be broken arbitrarily) u 5 3 w 4 8 7 3 7 4 y z v Dijkstra s algorithm, discussion Algorithm complexity: n nodes each iteration: need to check all nodes, w, not in N n(n+)/ comparisons: O(n ) more efficient implementations possible: O(n logn) Oscillations possible: e.g., link cost = amount of carried traffic A +e D 0 0 B 0 e C e initially +e A 0 D B 0 +e 0 C recompute routing 0 A +e D 0 0 B +e C recompute +e A 0 D +e B 0 0 C recompute
Distance-vectors!33 d x (y) = estimate of least cost from x to y Node x knows cost to each neighbor v: c(x,v) Node x maintains its own distance vector (DV) D x = [d x (y): y є N ] Node x also maintains its neighbors DVs: for each neighbor v, x maintains D v = [d v (y): y є N ] DV are computed by means of the iterative Bellman-Ford algorithm Distance-vector algorithm!34 Basic idea: From time-to-time, each node sends its own DV estimate to neighbors (can be asynchronous) When a node x receives new DV estimate from neighbor, it updates its own DV using B-F equation: d x (y) = min {c(x,v) + d v (y) } for each node y in the network. v Under minor, natural conditions, the estimate D x (y) converge to the actual least cost d x (y)
Comparison of LS and DV algorithms message complexity LS: with n nodes, E links, O(nE) msgs sent DV: exchange between neighbors only convergence time varies speed of convergence LS: O(n ) algorithm requires O(nE) msgs may have oscillations DV: convergence time varies may be routing loops count-to-infinity problem robustness: what happens if router malfunctions? LS: node can advertise incorrect link cost each node computes only its own table DV: DV node can advertise incorrect path cost each node s table used by others error propagate thru network Outline ICMP ARP Routing algorithms Link state Distance Vector Routing in the Internet OSPF BGP The SDN control plane
Making routing scalable our routing study thus far - idealized all routers identical network flat not true in practice scale: with billions of destinations: can t store all destinations in routing tables! routing table exchange would swamp links! administrative autonomy internet = network of networks each network admin may want to control routing in its own network Internet approach to scalable routing aggregate routers into regions known as autonomous systems (AS) (a.k.a. domains ) intra-as routing routing among hosts, routers in same AS ( network ) all routers in AS must run same intra-domain protocol routers in different AS can run different intra-domain routing protocol gateway router: at edge of its own AS, has link(s) to router(s) in other AS es inter-as routing routing among AS es gateways perform interdomain routing (as well as intra-domain routing)
Interconnected ASes 3c 3a 3b AS3 a c d b Intra-AS Routing algorithm AS Forwarding table Inter-AS Routing algorithm a c AS b forwarding table configured by both intraand inter-as routing algorithm intra-as routing determine entries for destinations within AS inter-as & intra-as determine entries for external destinations Inter-AS tasks suppose router in AS receives datagram destined outside of AS: router should forward packet to gateway router, but which one? AS must:. learn which dests are reachable through AS, which through AS3. propagate this reachability info to all routers in AS job of inter-as routing! 3c other networks 3b 3a AS3 a AS c d b a AS c b other networks
Intra-AS Routing also known as interior gateway protocols (IGP) most common intra-as routing protocols: RIP: Routing Information Protocol OSPF: Open Shortest Path First (IS-IS protocol essentially same as OSPF) IGRP: Interior Gateway Routing Protocol (Cisco proprietary for decades, until 06) OSPF (Open Shortest Path First) open : publicly available uses link-state algorithm link state packet dissemination topology map at each node route computation using Dijkstra s algorithm router floods OSPF link-state advertisements to all other routers in entire AS carried in OSPF messages directly over IP (rather than TCP or UDP link state: for each attached lin
OSPF advanced features security: all OSPF messages authenticated (to prevent malicious intrusion) multiple same-cost paths allowed (only one path in RIP) for each link, multiple cost metrics for different TOS (e.g., satellite link cost set low for best effort ToS; high for real-time ToS) integrated uni- and multi-cast support: Multicast OSPF (MOSPF) uses same topology data base as OSPF hierarchical OSPF in large domains. Hierarchical OSPF
Hierarchical OSPF two-level hierarchy: local area, backbone. Link-state advertisements only in area each nodes has detailed area topology; only know direction (shortest path) to nets in other areas. area border routers: summarize distances to nets in own area, advertise to other Area Border routers. backbone routers: run OSPF routing limited to backbone. boundary routers: connect to other AS s. Outline 4. Internet architecture 4. What s inside a router 4.3 Internet Protocol (IP) Datagram format IPv4 addressing ICMP 4.4 Routing algorithms Link state 4.5 Routing in the Internet OSPF BGP
Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto inter-domain routing protocol glue that holds the Internet together BGP provides each AS a means to: ebgp: obtain subnet reachability information from neighboring ASes ibgp: propagate reachability information to all ASinternal routers. determine good routes to other networks based on reachability information and policy allows subnet to advertise its existence to rest of Internet: I am here ebgp, ibgp connections b b a c 3b a c d 3a 3c d AS 3d AS ebgp connectivity ibgp connectivity AS 3 c gateway routers run both ebgp and ibgp protools
BGP basics BGP session: two BGP routers ( peers ) exchange BGP messages over semi-permanent TCP connection: advertising paths to different destination network prefixes (BGP is a path vector protocol) when AS3 gateway router 3a advertises path AS3,X to AS gateway router c: AS3 promises to AS it will forward datagrams towards X AS b AS 3 3b a d c AS a b c 3a 3d 3c BGP advertisement: AS3, X X d Path attributes and BGP routes advertised prefix includes BGP attributes prefix + attributes = route two important attributes: AS-PATH: list of ASes through which prefix advertisement has passed NEXT-HOP: indicates specific internal-as router to nexthop AS Policy-based routing: gateway receiving route advertisement uses import policy to accept/decline path (e.g., never route through AS Y). AS policy also determines whether to advertise path to other other neighboring ASes
BGP path advertisement AS b AS3 3b a c d AS,AS3,X AS a b c 3a AS3,X 3d 3c X d AS router c receives path advertisement AS3,X (via ebgp) from AS3 router 3a Based on AS policy, AS router c accepts path AS3,X, propagates (via ibgp) to all AS routers Based on AS policy, AS router a advertises (via ebgp) path AS, AS3, X to AS router c BGP path advertisement AS b AS3,X AS3 3b a c d AS,AS3,X AS a b c 3a AS3,X 3d 3c X d gateway router may learn about multiple paths to destination: AS gateway router c learns path AS,AS3,X from a AS gateway router c learns path AS3,X from 3a Based on policy, AS gateway router c chooses path AS3,X, and advertises path within AS via ibgp
BGP messages BGP messages exchanged between peers over TCP connection BGP messages: OPEN: opens TCP connection to remote BGP peer and authenticates sending BGP peer UPDATE: advertises new path (or withdraws old) KEEPALIVE: keeps connection alive in absence of UPDATES; also ACKs OPEN request NOTIFICATION: reports errors in previous msg; also used to close connection BGP, OSPF, forwarding table entries Q: how does router set forwarding table entry to distant prefix? AS a local link interfaces at a, d b c d AS,AS3,X AS3,X AS a b d AS3,X c AS3 3a AS3,X 3b 3d 3c physical link X dest X interface recall: a, b, c learn about dest X via ibgp from c: path to X goes through c d: OSPF intra-domain routing: to get to c, forward over outgoing local interface
BGP, OSPF, forwarding table entries Q: how does router set forwarding table entry to distant prefix? AS a b d c AS b AS3 3a 3b 3d 3c X a c d dest X interface recall: a, b, c learn about dest X via ibgp from c: path to X goes through c d: OSPF intra-domain routing: to get to c, forward over outgoing local interface a: OSPF intra-domain routing: to get to c, forward over outgoing local interface BGP route selection router may learn about more than one route to destination AS, selects route based on:. local preference value attribute: policy decision. shortest AS-PATH 3. closest NEXT-HOP router: hot potato routing 4. additional criteria
Hot Potato Routing AS b AS3 3b a d c AS,AS3,X AS a b 0 63 d 5 c 3a AS3,X 3c 3d X OSPF link weights d learns (via ibgp) it can route to X via a or c hot potato routing: choose local gateway that has least intradomain cost (e.g., d chooses a, even though more AS hops to X): don t worry about inter-domain cost! Another BGP policy example!58 AS X AS X AS Y AS Y Perth Sydney Perth Sydney Figure 0: Traffic flow between two ASes, one in Perth and the other in Sydney. Note the asymmetry in traffic: due to the action of hot potato routing, the path taken by a traffic flow from Perth to Sydney differs from the reverse path, since by BGP s Hot implementation, the closest routing: external link of an AS is always chosen to route traffic out from the AS. each ISP aims at minimizing the path of the outbound traffic within his own AS Hot potato routing is implemented as a part of the BGP decision process [90]. BGP allows network operators to choose the egress points of traffic at the prefix level. The decision may also vary across a network so that traffic at different points can end up being routed to different egress points. The idea of hot potato routing comes from its namesake: traffic is the hot potato in this case and the network tries to get rid of the hot potato as quickly as possible to avoid costs of transiting it over long distances. Therefore, traffic is sent on the shortest external route connecting an ingress to egress point. BGP provides less control over ingress points and this is what leads to the fundamental asymmetry in the IE traffic matrix. An example of hot potato routing is in Figure 0. Here, there is a clear asymmetry since the paths taken by traffic flows from Perth to Sydney differ from Sydney to Perth. To further understand hot potato routing, we refer the reader to [7] for a basic understanding of BGP routing policy.
BGP: achieving policy via advertisements W A B C X legend: provider network customer network: Y Suppose an ISP only wants to route traffic to/from its customer networks (does not want to carry transit traffic between other ISPs) A advertises path Aw to B and to C B chooses not to advertise BAw to C: B gets no revenue for routing CBAw, since none of C, A, w are B s customers C does not learn about CBAw path C will route CAw (not using B) to get to w BGP: achieving policy via advertisements W A B C X legend: provider network customer network: Y Suppose an ISP only wants to route traffic to/from its customer networks (does not want to carry transit traffic between other ISPs) A,B,C are provider networks X,W,Y are customer (of provider networks) X is dual-homed: attached to two networks policy to enforce: X does not want to route from B to C via X.. so X will not advertise to B a route to C
Why different Intra-, Inter-AS routing? policy: inter-as: admin wants control over how its traffic routed, who routes through its net. intra-as: single admin, so no policy decisions needed scale: hierarchical routing saves table size, reduced update traffic performance: intra-as: can focus on performance inter-as: policy may dominate over performance Outline ICMP ARP Routing algorithms Link state Distance Vector Routing in the Internet OSPF BGP The SDN control plane
Software defined networking (SDN) Internet network layer: historically has been implemented via distributed, per-router approach monolithic router contains switching hardware, runs proprietary implementation of Internet standard protocols (IP, RIP, IS-IS, OSPF, BGP) in proprietary router OS (e.g., Cisco IOS) different middleboxes for different network layer functions: firewalls, load balancers, NAT boxes,.. ~005: renewed interest in rethinking network control plane Recall: per-router control plane Individual routing algorithm components in each and every router interact with each other in control plane to compute forwarding tables Routing Algorithm control plane data plane
Recall: logically centralized control plane A distinct (typically remote) controller interacts with local control agents (CAs) in routers to compute forwarding tables Remote Controller CA CA CA CA CA control plane data plane Software defined networking (SDN) Why a logically centralized control plane? easier network management: avoid router misconfigurations, greater flexibility of traffic flows table-based forwarding (recall OpenFlow API) allows programming routers centralized programming easier: compute tables centrally and distribute distributed programming: more difficult: compute tables as result of distributed algorithm (protocol) implemented in each and every router open (non-proprietary) implementation of control plane
Analogy:)mainframe)to)PC)evolution * Specialized Applications App App App App App App App App App App Open Interface Specialized Operating System Specialized Hardware Windows (OS) or Linux or Open Interface Microprocessor Mac OS Vertically integrated Closed, proprietary Slow innovation Small industry Horizontal Open interfaces Rapid innovation Huge industry * Slide courtesy: N. McKeown Traffic engineering: difficult traditional routing 5 u x v 3 3 w y 5 z Q: what if network operator wants u-to-z traffic to flow along uvwz, x-to-z traffic to flow xwyz? A: need to define link weights so traffic routing algorithm computes routes accordingly (or need a new routing algorithm)! Link weights are only control knobs : wrong!
Traffic engineering: difficult 5 u x v 3 3 w y 5 z Q: what if network operator wants to split u-to-z traffic along uvwz and uxyz (load balancing)? A: can t do it (or need a new routing algorithm) Traffic engineering: difficult Networking 40 5 u v x x 3 3 w y 5 z z Q: what if w wants to route blue and red traffic differently? A: can t do it (with destination based forwarding, and LS, DV routing)
Software defined networking (SDN) 4. programmable control applications routing access control Remote Controller load balance 3. control plane functions external to dataplane switches control plane data plane CA CA CA CA CA. control, data plane separation : generalized flowbased forwarding (e.g., OpenFlow) SDN perspective: data plane switches Data plane switches fast, simple, commodity switches implementing generalized dataplane forwarding (Section 4.4) in hardware switch flow table computed, installed by controller API for table-based switch control (e.g., OpenFlow) defines what is controllable and what is not protocol for communicating with controller (e.g., OpenFlow) routing network-control applications access control load balance northbound API SDN Controller (network operating system) southbound API control plane data plane SDN-controlled switches
SDN perspective: SDN controller SDN controller (network OS): maintain network state information interacts with network control applications above via northbound API interacts with network switches below via southbound API implemented as distributed system for performance, scalability, fault-tolerance, robustness routing network-control applications access control load balance northbound API SDN Controller (network operating system) southbound API control plane data plane SDN-controlled switches SDN perspective: control applications network-control apps: brains of control: implement control functions using lowerlevel services, API provided by SND controller unbundled: can be provided by 3 rd party: distinct from routing vendor, or SDN controller routing network-control applications access control load balance northbound API SDN Controller (network operating system) control plane southbound API data plane SDN-controlled switches
Components of SDN controller Interface layer to network control apps: abstractions API Network-wide state management layer: state of networks links, switches, services: a distributed database communication layer: communicate between SDN controller and controlled switches routing network graph Network-wide distributed, robust state management Link-state info statistics OpenFlow access control RESTful API host info load balance Interface, abstractions for network control apps flow tables SNMP intent switch info Communication to/from controlled devices SDN controller Network Layer: Control Plane!75 OpenFlow protocol OpenFlow Controller operates between controller, switch TCP used to exchange messages optional encryption three classes of OpenFlow messages: controller-to-switch asynchronous (switch to controller) symmetric (misc)
OpenFlow: controller-to-switch messages Key controller-to-switch messages features: controller queries switch features, switch replies configure: controller queries/sets switch configuration parameters modify-state: add, delete, modify flow entries in the OpenFlow tables packet-out: controller can send this packet out of specific switch port OpenFlow Controller OpenFlow: switch-to-controller messages Key switch-to-controller messages packet-in: transfer packet (and its control) to controller. See packetout message from controller flow-removed: flow table entry deleted at switch port status: inform controller of a change on a port. OpenFlow Controller Fortunately, network operators don t program switches by creating/sending OpenFlow messages directly. Instead use higher-level abstraction at controller
SDN: control/data plane interaction example network graph statistics Link-state info s 3 Dijkstra s link-state Routing 4 OpenFlow RESTful API host info 6 s3 s 5 flow tables SNMP s4 intent switch info 3 4 S, experiencing link failure using OpenFlow port status message to notify controller SDN controller receives OpenFlow message, updates link status info Dijkstra s routing algorithm application has previously registered to be called when ever link status changes. It is called. Dijkstra s routing algorithm access network graph info, link state info in controller, computes new routes SDN: control/data plane interaction example network graph statistics 3 Link-state info Dijkstra s link-state Routing 4 OpenFlow RESTful API host info 5 flow tables SNMP intent switch info 5 6 link state routing app interacts with flow-table-computation component in SDN controller, which computes new flow tables needed Controller uses OpenFlow to install new tables in switches that need updating 6 s s3 s s4
SDN: selected challenges hardening the control plane: dependable, reliable, performance-scalable, secure distributed system robustness to failures: leverage strong theory of reliable distributed system for control plane dependability, security: baked in from day one? networks, protocols meeting mission-specific requirements e.g., real-time, ultra-reliable, ultra-secure Internet-scaling