SDX: A Software Defined Internet Exchange

Similar documents
Bringing SDN to the Internet, one exchange point at the time

SDN-enabled Internet Exchange Point

Making the Internet more scalable and manageable

Improving the Internet

SDN Use-Cases. internet exchange, home networks. TELE4642: Week8. Materials from Prof. Nick Feamster is gratefully acknowledged

Communication Networks

SDN SEMINAR 2017 ARCHITECTING A CONTROL PLANE

Sweet Little Lies: Fake Topologies for Flexible Routing

Lecture 4: Intradomain Routing. CS 598: Advanced Internetworking Matthew Caesar February 1, 2011

Communication Networks

CS4450. Computer Networks: Architecture and Protocols. Lecture 15 BGP. Spring 2018 Rachit Agarwal

COMP211 Chapter 5 Network Layer: The Control Plane

Peering at Peerings: On the Role of IXP Route Servers

ENDEAVOUR: Towards a flexible software-defined network ecosystem

Communication Networks

Design and development of the reactive BGP peering in softwaredefined routing exchanges

Master Course Computer Networks IN2097

Inter-Autonomous-System Routing: Border Gateway Protocol

A Framework for Fine-Grained Inter-Domain Routing Diversity Via SDN

PIX-IE An SDN-based Programmable Internet exchange

Inter-Autonomous-System Routing: Border Gateway Protocol

Tag Switching. Background. Tag-Switching Architecture. Forwarding Component CHAPTER

COMP/ELEC 429 Introduction to Computer Networks

CS4700/CS5700 Fundamentals of Computer Networks

How the Internet works? The Border Gateway Protocol (BGP)

Internet Routing Basics

Routing Basics. SANOG July, 2017 Gurgaon, INDIA

BGP Peering Engineering Automation challenges and enablers Cloud & Virtualization Group

PART III. Implementing Inter-Network Relationships with BGP

Interdomain Routing Design for MobilityFirst

CS 640: Introduction to Computer Networks. Intra-domain routing. Inter-domain Routing: Hierarchy. Aditya Akella

Programmatic Interface to Routing

Interdomain Routing Reading: Sections P&D 4.3.{3,4}

Link State Routing & Inter-Domain Routing

Lecture 18: Border Gateway Protocol

Interdomain routing CSCI 466: Networks Keith Vertanen Fall 2011

Lecture 13: Traffic Engineering

Lecture 17: Border Gateway Protocol

Inter-AS routing. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley

Composing Software-Defined Networks

Some Foundational Problems in Interdomain Routing

Internet inter-as routing: BGP

Network Layer (Routing)

An Architecture to Manage Incoming Traffic of Inter-Domain Routing Using OpenFlow Networks

Compiling Path Queries

Network Configuration Example

Master Course Computer Networks IN2097

Interdomain Routing Reading: Sections K&R EE122: Intro to Communication Networks Fall 2007 (WF 4:00-5:30 in Cory 277)

Multihoming Complex Cases & Caveats

NaMeX Route Server HOWTO

Virtual Multi-homing: On the Feasibility of Combining Overlay Routing with BGP Routing

BGP Case Studies. ISP Workshops

CS 204: BGP. Jiasi Chen Lectures: MWF 12:10-1pm Humanities and Social Sciences

CSC 4900 Computer Networks: Routing Protocols

Computer Science 461 Final Exam May 22, :30-3:30pm

Dynamics of Hot-Potato Routing in IP Networks

MPLS VPN--Inter-AS Option AB

Hierarchical Routing. Our routing study thus far - idealization all routers identical network flat not true in practice

Lecture 16: Interdomain Routing. CSE 123: Computer Networks Stefan Savage

Preventing the unnecessary propagation of BGP withdraws

The Case for Separating Routing from Routers

internet technologies and standards

Back to basics J. Addressing is the key! Application (HTTP, DNS, FTP) Application (HTTP, DNS, FTP) Transport. Transport (TCP/UDP) Internet (IPv4/IPv6)

Outline Computer Networking. Inter and Intra-Domain Routing. Internet s Area Hierarchy Routing hierarchy. Internet structure

Vendor: Alcatel-Lucent. Exam Code: 4A Exam Name: Alcatel-Lucent Border Gateway Protocol. Version: Demo

Internet Routing Protocols Lecture 01 & 02

Interdomain Routing and Connectivity

Configuring BGP on Cisco Routers Volume 1

Interdomain routing with BGP4 C BGP. A new approach to BGP simulation. (1/2)

MPLS VPN Inter-AS Option AB

BGP Attributes and Policy Control

Distributed Route Aggregation (DRAGON)

Communication Networks

Lecture 3: Packet Forwarding

TELE 301 Network Management

IP Fabric Reference Architecture

Connecting to a Service Provider Using External BGP

IPv6 Switching: Provider Edge Router over MPLS

Lecture 19: Network Layer Routing in the Internet

SDN-based Automated Peering Optimization Challenges and Solutions

Backbone Networks. Networking Case Studies. Backbone Networks. Backbone Topology. Mike Freedman COS 461: Computer Networks.

Impactful Routing Research with the PEERING Testbed

Active BGP Measurement with BGP-Mux. Ethan Katz-Bassett (USC) with testbed and some slides hijacked from Nick Feamster and Valas Valancius

Configuring MSDP. Overview. How MSDP operates. MSDP peers

BGP. Autonomous system (AS) BGP version 4. Definition (AS Autonomous System)

Module 16 An Internet Exchange Point

BGP. Autonomous system (AS) BGP version 4

Shim6: Network Operator Concerns. Jason Schiller Senior Internet Network Engineer IP Core Infrastructure Engineering UUNET / MCI

Routing Basics ISP/IXP Workshops

BGP Attributes and Policy Control

Introduction to BGP. ISP Workshops. Last updated 30 October 2013

CS 457 Networking and the Internet. The Global Internet (Then) The Global Internet (And Now) 10/4/16. Fall 2016

COM-208: Computer Networks - Homework 6

BGP. Autonomous system (AS) BGP version 4

Lecture 16: Border Gateway Protocol

Chapter IV: Network Layer

Service Provider Multihoming

MPLS L3VPN. The MPLS L3VPN model consists of three kinds of devices: PE CE Site 2. Figure 1 Network diagram for MPLS L3VPN model

Border Gateway Protocol (an introduction) Karst Koymans. Monday, March 10, 2014

Interdomain Routing. Networked Systems (H) Lecture 11

Transcription:

SDX: A Software Defined Internet Exchange @SIGCOMM 2014 Laurent Vanbever Princeton University FGRE Workshop (Ghent, iminds) July, 8 2014

The Internet is a network of networks, referred to as Autonomous Systems (AS) AS20 AS30 AS10 AS40 AS50

BGP is the routing protocol glueing the Internet together AS20 AS30 AS10 BGP sessions AS40 AS50

ASes exchange information about the IP prefixes they can reach AS40 129.132.0.0/16 ETH/UNIZH Camp Net

ASes exchange information about the IP prefixes they can reach AS20 AS30 AS10 129.132.0.0/16 Path: 40 AS40 AS50 129.132.0.0/16 Path: 40 129.132.0.0/16 ETH/UNIZH Camp Net

Reachability information is propagated hop-by-hop AS20 AS30 AS10 AS40 AS50 129.132.0.0/16 Path: 10 40 129.132.0.0/16 ETH/UNIZH Camp Net

Reachability information is propagated hop-by-hop AS20 129.132.0.0/16 Path: 10 40 AS10 AS30 129.132.0.0/16 Path: 50 10 40 AS50 AS40 129.132.0.0/16 ETH/UNIZH Camp Net

Life of a BGP router is made of three consecutive steps while true: receives routes from my neighbors select one best route for each prefix export the best route to my neighbors

Each AS can apply local routing policies Each AS is free to select and use any path preferably, the cheapest one

always prefer Deutsche Telekom routes over AT&T 129.132.0.0/16 Path: 10 40 129.132.0.0/16 Path: 50 10 40

IP traffic always prefer Deutsche Telekom routes over AT&T

Each AS can apply local routing policies Each AS is free to select and use any path preferably, the cheapest one decide which path to export (if any) to which neighbor preferably none, to minimize carried traffic

do not export ETH routes to AT&T 129.132.0.0/16 Path: 40

do not export ETH routes to AT&T

BGP is notoriously inflexible and difficult to manage

BGP is notoriously inflexible and difficult to manage Fwd paradigm Fwd control Fwd influence

BGP is notoriously inflexible and difficult to manage BGP Fwd paradigm destination-based Fwd control indirect configuration Fwd influence local BGP session

SDN can enable fine-grained, flexible and direct expression of interdomain policies BGP SDN Fwd paradigm destination-based any source addr, ports, VLAN, Fwd control indirect configuration direct open API (e.g., OpenFlow) Fwd influence local BGP session global remote controller control

How do you deploy SDN in a network composed of 50,000 subnetworks?

How do you deploy SDN in a network composed of 50,000 subnetworks? Well, you don t

Instead, you aim at finding locations where deploying SDN can have the most impact

Instead, you aim at finding locations where deploying SDN can have the most impact Deploy SDN in locations that connect a large number of networks carry a large amount of traffic are opened to innovation

Internet exchange Points (IXP) meet all the criteria Deploy SDN in locations that AMS-IX connect a large number of networks carry a large amount of traffic are opened to innovation 670 networks 2.9 Tb/s (peak) BGP Route Server Mobile peering Open peering https://www.ams-ix.net

A single deployment can have a large impact Deploy SDN in locations that AMS-IX connect a large number of networks carry a large amount of traffic are opened to innovation 670 networks 2.9 Tb/s (peak) BGP Route Server Mobile peering Open peering https://www.ams-ix.net

SDX = SDN + IXP

SDX = SDN + IXP Augment the IXP data-plane with SDN capabilities keeping default forwarding and routing behavior Enable fine-grained inter domain policies bringing new features while simplifying operations

SDX = SDN + IXP Augment the IXP data-plane with SDN capabilities keeping default forwarding and routing behavior Enable fine-grained inter domain policies bringing new features while simplifying operations with scalability and correctness in mind supporting the load of a large IXP and resolving conflicts

SDX enables a wide range of novel applications security Prevent/block policy violation Prevent participants communication Upstream blocking of DoS attacks forwarding optimization Middlebox traffic steering Traffic offloading Inbound Traffic Engineering Fast convergence peering Application-specific peering remote-control Influence BGP path selection Wide-area load balancing

SDX: A Software Defined Internet Exchange 1 Architecture programming model 2 Scalability control- & data-plane 3 Applications inter domain bonanza

SDX: A Software Defined Internet Exchange 1 Architecture programming model Scalability control- & data-plane Applications inter domain bonanza

An IXP is a large layer-2 domain where participant routers exchange routes using BGP Participant #1 Edge router Participant #2 IXP Switching Fabric Participant #3

An IXP is a large layer-2 domain where participant routers exchange routes using BGP Participant #1 ebgp sessions Participant #2 ebgp routes Participant #3

To alleviate the need of establishing ebgp sessions, IXP often provides a Route Server (route multiplexer) Participant #1 10.0.0.0/8 10.0.0.0/8 Participant #2 Router Server 10.0.0.0/8 Participant #3

IP traffic is exchanged directly between participants IXP is forwarding transparent Participant #1 IP traffic Participant #2 Router Server Participant #3

With respect to a traditional IXP, SDX data-plane relies on SDN-capable devices Participant #1 Participant #2 Router Server Participant #3

With respect to a traditional IXP, SDX s data-plane relies on SDN-capable devices Participant #1 SDN Participant #2 Router Server Participant #3

With respect to a traditional IXP, SDX s control-plane relies on a SDN controller Participant #1 BGP sessions Participant #2 SDN controller also a Route Server Participant #3

SDX participants express their forwarding policies in a high-level language built on top of Pyretic (*) (*) http://frenetic-lang.org/pyretic/

SDX policies are composed of a pattern and some actions match ( Pattern ), then ( Actions )

Pattern selects packets based on any header fields while Actions forward or modify the selected packets Pattern eth_type vlan_id srcmac match ( dstmac, &&, ), then ( Actions ) protocol dstip tos srcip srcport dstport

Pattern selects packets based on any header fields, while actions forward or modify the selected packets Actions drop match ( Pattern ), then ( forward ) rewrite

Each participant writes policies independently and transmits them to the controller Participant #2 policy match(dstport=80), fwd(#3) match(dstport=22), fwd(#1) Participant #1 SDN controller Participant #3 policy match(srcip=0*), fwd(left) match(srcip=1*), fwd(right)

Given the participant policies, the controller compiles them to SDN forwarding rules Participant #2 policy match(dstport=80), fwd(#3) match(dstport=22), fwd(#1) Participant #1 forwarding entries SDN SDN controller Participant #3 policy match(srcip=0*), fwd(left) match(srcip=1*), fwd(right)

Given the participant policies, the controller compiles them to SDN forwarding rules Ensuring isolation Resolving policies conflict Ensuring compatibility with BGP

Given the participant policies, the controller compiles them to SDN forwarding rules Ensuring isolation Each participant controls one virtual switch connected to participants it can communicate with Resolving policies conflict Ensuring compatibility with BGP

Given the participant policies, the controller compiles them to SDN forwarding rules Ensuring isolation Resolving policies conflict Participant policies are sequentially composed in an order that respects business relationships Ensuring compatibility with BGP

Given the participant policies, the controller compiles them to SDN forwarding rules Ensuring isolation Resolving policies conflict Ensuring compatibility with BGP policies are augmented with BGP information guaranteed correctness and reachability

SDX: A Software Defined Internet Exchange Architecture programming model 2 Scalability control- & data-plane Applications inter domain bonanza

The SDX platform faces scalability challenges in both the data- and in the control-plane data-plane space control-plane time

data-plane space control-plane time 500,000 prefixes, 500+ participants, potentially billions of forwarding rules 100s of policies that have to be updated dynamically according to BGP

To scale, the SDX platform leverages domain-specific knowledge data-plane space control-plane time leverage existing routing platform leverage inherent policy structure

data-plane space control-plane time leverage existing routing platform

The edge routers, sitting next to the fabric, are tailored to match on numerous IP prefixes not FIB-constrained FIB constrained Edge router SDN switch

We consider routers FIB as the first stage of a multi-stage FIB IXP fabric Table #1 Table #2 Edge router SDN switch

Routers FIB match on the destination prefix and set a tag accordingly set a TAG based on IP Table #1 Table #2 Edge router SDN switch

The SDN FIB matches on the tag, not on the IP prefixes set a TAG based on IP match TAG Table #1 Table #2 Edge router SDN switch

How do we provision tag entries in a router, and what are these tags? set a TAG based on IP match TAG Table #1 Table #2 Edge router SDN switch

We use BGP as a provisioning interface and BGP next-hops as labels forward to BGP NH match on BGP NH p1 p2 p3 p4 p5 BGP router fwd(1) fwd(2) fwd(3) fwd(4) virtual switch

All prefixes sharing the same forwarding behavior are grouped together using the same BGP next-hop p1 p2 p3 p4 p5 BGP router fwd(1) fwd(2) fwd(3) fwd(4) virtual switch

The SDX data-plane maintains one forwarding entry per prefix-group p1 p2 p3 p4 p5 BGP router fwd(1) fwd(2) fwd(3) fwd(4) virtual switch

Data-plane utilization is reduced considerably as there are way more prefixes than prefixes groups # prefixes >> #prefixes groups p1 p2 p3 p4 p5 BGP router fwd(1) fwd(2) fwd(3) fwd(4) virtual switch

By leveraging BGP, the SDX can accommodate policies for hundreds of participants with less than 30k rules

data-plane space control-plane time leverage inherent policy structure

SDX policies exacerbate key characteristics that enable to speed-up compilation time considerably Policies are often disjoint Policy updates are local Policy updates are bursty

SDX policies exacerbate key characteristics that enable to speed-up compilation time considerably Policies are often disjoint disjoint policy do not have to be composed together significant gain as composing policies is time consuming Policy updates are local Policy updates are bursty

SDX policies exacerbate key characteristics that enable to speed-up compilation time considerably Policies are often disjoint Policy updates are local Policy updates usually impact a few prefix-groups 75% of the updates affect no more than 3 prefixes Policy updates are bursty

SDX policies exacerbate key characteristics that enable to speed-up compilation time considerably Policies are often disjoint Policy updates are local Policy updates are bursty policy changes are separated of large periode of inactivity 75% of the time, inter-arrival time between updates is at least 10s

The SDX controller adopts a two-staged compilation algorithm Fast, but non-optimal algorithm upon updates can create more rules than required Slow, but optimal algorithm in background recompute prefix groups Time vs Space trade-off

In most cases, the SDX takes <100 ms to recompute the global policy upon a BGP event

Novel Applications for a SDN-enabled Internet exchange Point Architecture programming model Scalability control- & data-plane 3 Applications inter domain bonanza

SDX enables a wide range of novel applications security Prevent/block policy violation Prevent participants communication Upstream blocking of DoS attacks forwarding optimization Middlebox traffic steering Traffic offloading Inbound Traffic Engineering Fast convergence peering Application-specific peering remote-control Influence BGP path selection Wide-area load balancing

SDX enables a wide range of novel applications security Prevent/block policy violation Prevent participants communication Upstream blocking of DoS attacks forwarding optimization Middlebox traffic steering Traffic offloading Inbound Traffic Engineering Fast convergence peering Application-specific peering remote-control Influence BGP path selection Wide-area load balancing

SDX can improve inbound traffic engineering

Given an IXP Physical Topology and a BGP topology, implement B s inbound policies AS B 192.0.1/24 192.0.2/24 192.0.1/24 192.0.2/24 AS A AS C

Given an IXP Physical Topology and a BGP topology, Implement B s inbound policies B s inbound policies 192.0.1/24 192.0.2/24 to from receive on AS B 192.0.1/24 A left 192.0.2/24 C right 192.0.2/24 ATT_IP right 192.0.1/24 * right 192.0.2/24 * left AS A AS C

Given an IXP Physical Topology and a BGP topology, How do you that with BGP? B s inbound policies 192.0.1/24 192.0.2/24 to from receive on AS B 192.0.1/24 A left 192.0.2/24 C right 192.0.2/24 ATT_IP right 192.0.1/24 * right 192.0.2/24 * left AS A AS C

It is hard BGP provides few knobs to influence remote decisions Implementing such a policy is configuration-intensive using AS-Path prepend, MED, community tagging, etc.

It is hard...... and even impossible for some requirements BGP policies cannot influence remote decisions based on source addresses to from receive on 192.0.2.0/24 ATT_IP right

It is hard... In any case, the outcome is unpredictable Implementing such a policy is configuration-intensive using AS-Path prepend, MED, community tagging, etc. There is no guarantee that remote parties will comply one can only influence remote decisions Networks engineers have no choice but to try and see which makes it impossible to adapt to traffic pattern

With SDX, implement B s inbound policy is easy SDX policies give any participant direct control on its forwarding paths to from fwd B s SDX Policy 192.0.1/24 A 192.0.2/24 B 192.0.2/24 ATT_IP left right right match(dstip=192.0.1/24, srcmac=a), fwd(l) match(dstip=192.0.2/24, srcmac=b), fwd(r) match(dstip=192.0.2/24, srcip=att), fwd(r) 192.0.1/24 * right match(dstip=192.0.1/24), fwd(r) 192.0.2/24 * left match(dstip=192.0.2/24), fwd(l)

SDX enables a wide range of novel applications security Prevent/block policy violation Prevent participants communication Upstream blocking of DoS attacks forwarding optimization Middlebox traffic steering Traffic offloading Inbound Traffic Engineering Fast convergence peering Application-specific peering remote-control Influence BGP path selection Wide-area load balancing

SDX enables a wide range of novel applications security Prevent/block policy violation Prevent participants communication Upstream blocking of DoS attacks forwarding optimization Middlebox traffic steering Traffic offloading Inbound Traffic Engineering Fast convergence peering Application-specific peering remote-control Influence BGP path selection Wide-area load balancing

SDX can help in blocking DDoS attacks closer to the source AS13 AS1 SDX#A SDX#B AS7

AS7 is victim of a DDoS attack originated from AS13 Attacker AS13 AS1 SDX#A SDX#B AS7 Victim

AS7 can remotely install drop() rule in the SDX platforms Attacker AS13 AS1 SDX#A SDX#B AS7 Victim

match(srcip=attacker/24, dstip=victim/32) >> drop()

SDX: A Software Defined Internet Exchange Architecture programming model Scalability control- & data-plane Applications inter domain bonanza

Our SDX platform can serve as skeleton for a SDX ecosystem We have running code (*) with full BGP integration, check out our tutorial We are in the process of having a first deployment SNAP @ ColoATL, planned deployment with GENI Many interested parties already important potential for impact (*) https://github.com/sdn-ixp/sdx/wiki

Demonstration

https://github.com/sdn-ixp/sdx/wiki

BGP picked routes

port:4321 port:80 + default port:4322

SDX: A Software Defined Internet Exchange Laurent Vanbever www.vanbever.eu FGRE Workshop (Ghent, iminds) July, 8 2014

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback