SDN Abstractions. In an SDN Ideal World, we want… multiple applications (Composition): – So, need to worry about sharing. – About isolation. Network policies.

Slides:



Advertisements
Similar presentations
Brief-out: Isolation Working Group Topic discussion leader: Ken Birman.
Advertisements

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Video Services over Software-Defined Networks
Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.
FIND PI Meeting, April Contract-Switching: Value Flows in Inter-Domain Routing Murat Yuksel University of Nevada – Reno Reno, NV Aparna Gupta, Koushik.
Chapter 1: Introduction to Scaling Networks
The Platform as a Service Model for Networking Eric Keller, Jennifer Rexford Princeton University INM/WREN 2010.
Seyed K. Fayazbakhsh Vyas Sekar Minlan Yu Jeff Mogul
Intentional Networking: Opportunistic Exploitation of Mobile Network Diversity T.J. Giuli David Watson Brett Higgins Azarias Reda Timur Alperovich Jason.
Towards Software Defined Cellular Networks
Sliding window protocols:  Window: subset of consecutive frames  only frames in window can be sent.
Chapter 7: Intranet LAN Design
SDN Controller Challenges
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Connecting LANs: Section Figure 15.1 Five categories of connecting devices.
VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.
Jennifer Rexford Princeton University Future of SDN.
Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.
SDN and Openflow.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—3-1 Implementing a Scalable Multiarea Network OSPF- Based Solution Configuring and Verifying.
Data Plane Verification. Background: What are network policies Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must.
IOFlow: A Software-defined Storage Architecture Eno Thereska, Hitesh Ballani, Greg O’Shea, Thomas Karagiannis, Antony Rowstron, Tom Talpey, Richard Black,
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.
Introduction to Networking Concepts. Introducing TCP/IP Addressing Network address – common portion of the IP address shared by all hosts on a subnet/network.
Software-Defined Networks Jennifer Rexford Princeton University.
End-to-end resource management in DiffServ Networks –DiffServ focuses on singal domain –Users want end-to-end services –No consensus at this time –Two.
SDN Abstractions Lecture 20 Aditya Akella. Going beyond defining a virtual network, configuring specific network functions Application interface – PANE:
VeriFlow: Verifying Network-Wide Invariants in Real Time
Higher-Level Abstractions for Software-Defined Networks Jennifer Rexford Princeton University.
What’s New in Fireware v11.9.5
The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Security Requirements for Software Defined Networks Internet Area WG IETF 85: Atlanta November 4, 2012 Margaret Wasserman
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Module 10: How Middleboxes Impact Performance
Programming Languages for Software Defined Networks Jennifer Rexford and David Walker Princeton University Joint work with the.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.
SDN Management Layer DESIGN REQUIREMENTS AND FUTURE DIRECTION NO OF SLIDES : 26 1.
Switched LAN Architecture
Introduction to Active Directory
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
CSci8211: SDN Controller Design 1 Overview of SDN Controller Design  SDN Re-cap  SDN Controller Design: Case Studies  NOX Next Week:  ONIX  ONOS 
ITE PC v4.0 Chapter 8 1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public  Networks are systems that are formed by links.  People use different.
Towards Secure and Dependable Software-Defined Networks Fernando M. V. Ramos LaSIGE/FCUL, University of Lisbon
Secure Access and Mobility Jason Kunst, Technical Marketing Engineer March 2016 Location Based Services with Mobility Services Engine ISE Location Services.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-00.
Software Defined Networking BY RAVI NAMBOORI. Overview  Origins of SDN.  What is SDN ?  Original Definition of SDN.  What = Why We need SDN ?  Conclusion.
SDN challenges Deployment challenges
SDN controller scalability issue
Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014
ETHANE: TAKING CONTROL OF THE ENTERPRISE
Single-Area OSPF 1 Cisco Networking Academy program Routing Protocols
Overview of SDN Controller Design
Configuring EtherChannels and Switch Troubleshooting
Virtual LANs.
Software Defined Networking (SDN)
Routing and Switching Essentials v6.0
Software Defined Networking (SDN)
Toward Taming Policy Enforcement for SDN_______ in the RIGHT way_
Lecture 10, Computer Networks (198:552)
Microsoft Virtual Academy
Control-Data Plane Separation
Towards Predictable Datacenter Networks
Presentation transcript:

SDN Abstractions

In an SDN Ideal World, we want… multiple applications (Composition): – So, need to worry about sharing. – About isolation. Network policies affect multiple devices – Need to worry about consistency of updates We don’t want any bugs – We need to verify App and controllers Scalable control plane – Make sure data is distributed

So.. We have several problems Composition: Network Sharing – PANE, HFT, Pyretic Composition/isolation: Network Isolation – Pyretic, Nicira Consistent Updates – Pyretic, Zupdates, ConsistentUpdates Verification – Vericon [PLDI’14], Veriflow, Libra Scalable/Distributed control place – Onix [OSDI 10], Kandoo [HotSDN 11], Beehive [HotNets 14], ElasticCon [ ANCS ‘14]

Are these Problems New? No….. – We’ve always wanted verification – We’ve always wanted consistent updates – Always wanted isolation We never really worried about – Network sharing: everything was made by Cisco and cisco figured out sharing. Or we manually figured it out: e.g QoS – Scalable control plane: all decentralized.

SDN … and logical centralization As indicated in veriflow – A central location … we can debug from Programmatic API – We can more directly control the network – We can make more guarantees Consistency becomes a huge problem when you start making security/performance guarantees

Network Sharing: PANE/HFT Operators and users depend on the network but find ways to work around the network. They employ overlays to find better paths They use pings to measure bandwidth and manually shift traffic.

Participatory Networking Rather than working around the network, application should work with the network to achieve their goals Apps need to: – Learn from the network: available resources – Write to the network: make requests for current/future resources. E.g. bandwidth, links …

So a share: Skype example I’m skype application, I would like to request 20MB bandwidth for all port 432 traffic. – Share: App/User: skype Message type: request (20MB) Flow-Group: traffic on port 432

So a share: Security example I’m firewall application, I would like to request all port 80 traffic to go to a Middleboxes. – Share: App/User: firewall Message type: send traffic to a middlebox ‘way-point’ Flow-Group: traffic on port 80

So a share: performance example I’m windows update application, I would like to see how much B/W is available. – Share: App/User: window-update Message type: query for available BW Flow-Group: N/A

PANE Controller allows for resource sharing by allowing people to specify `shares` A Share, includes – App/User allowed to make requests – Types of messages that can be sent to the network – What IP/Subnets can the requests affect

Types of Messages/Requests actions: rate-limit, bandwidth requests, path control(way-points/avoidances), access- control Queries: Network weather service: (aggregate TM), Link info: anything OF exposes Hints: Hints: e.g. size of flow, priority, deadline, predictability of TM

PANE: Challenges. Isolation between different tenants. Enforcement resource limitations. Safely provide control/visibility over the network. detect and resolve resource conflicts.

Share Tree/HFT Build a hierarchical structure that shows how the flowgroups that a share acts on are related.

How does PANE Work: User submits actions User/App submits a request with – The share the user owns. – The action to perform – The Flowgroup to perform action on.

How does PANE Work: verifies authentication + resource availability PANE verifies – Ability to perform action on flow-group based on ‘shares’ – Convert request into a policy – Can make a policy tree. PANE checks to see if enough resources exist: – Conflict Resolution!!! – Two apps can have shares that give 20MB – But network only has 30MB so….

Life of a Request in PANE

Contributions: Delegation of privileges (capabilities). – Provide fine-grained control over resources. – Can further chop-up and delegate resources to others. Hierarchical conflict resolution – Detect and resolve conflicts

Interesting Tid-Bits about PANE Single admin domain. During failures: accepted requests may be rejected due to resource limitations.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.