Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen Gibb, KK Yap, Guido Appenzeller, Martin Cassado, Nick McKeown,

Slides:



Advertisements
Similar presentations
OpenFlow and Software Defined Networks. Outline o The history of OpenFlow o What is OpenFlow? o Slicing OpenFlow networks o Software Defined Networks.
Advertisements

Towards Software Defined Cellular Networks
Why SDN and MPLS? Saurav Das, Ali Reza Sharafat, Guru Parulkar, Nick McKeown Clean Slate CTO Summit 9 th November, 2011.
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.
Composing Software Defined Networks
Jennifer Rexford Princeton University MW 11:00am-12:20pm Network Virtualization COS 597E: Software Defined Networking.
Nanxi Kang Princeton University
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
Programmable Virtual Networks
NDN in Local Area Networks Junxiao Shi The University of Arizona
1 Aman Shaikh: June 02 UCSC INFOCOM 2002 Avoiding Instability during Graceful Shutdown of OSPF Aman Shaikh, UCSC Joint work with Rohit Dube, Xebeo Communications.
An Overview of Software-Defined Network Presenter: Xitao Wen.
OpenFlow Costin Raiciu Using slides from Brandon Heller and Nick McKeown.
Mobile Communication and Internet Technologies
OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.
Performance Evaluation of Open Virtual Routers M.Siraj Rathore
Towards Virtual Routers as a Service 6th GI/ITG KuVS Workshop on “Future Internet” November 22, 2010 Hannover Zdravko Bozakov.
Virtualization and OpenFlow Nick McKeown Nick McKeown VISA Workshop, Sigcomm 2009 Supported by NSF, Stanford Clean.
Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
1 GENI: Global Environment for Network Innovations Jennifer Rexford Princeton University
OpenFlow on top of NetFPGA Part I: Introduction to OpenFlow NetFPGA Spring School 2010 Some slides with permission from Prof. Nick McKeown. OpenFlow was.
Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen Gibb, KK Yap, Guido Appenzeller, Martin Cassado, Nick McKeown,
1 A Policy-aware Switching Layer for Data Centers Dilip Joseph Arsalan Tavakoli Ion Stoica University of California at Berkeley.
An Overview of Software-Defined Network
An Overview of Software-Defined Network Presenter: Xitao Wen.
Connecting LANs, Backbone Networks, and Virtual LANs
Formal checkings in networks James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown.
Information-Centric Networks10b-1 Week 13 / Paper 1 OpenFlow: enabling innovation in campus networks –Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru.
OpenFlow: Enabling Technology Transfer to Networking Industry Nikhil Handigol Nikhil Handigol Cisco Nerd.
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
Software-Defined Networks Jennifer Rexford Princeton University.
Software Defined Networks and OpenFlow SDN CIO Summit 2010 Nick McKeown & Guru Parulkar Stanford University In collaboration with Martin Casado and Scott.
Brent Salisbury CCIE#11972 Network Architect University of Kentucky 9/22/ OpenStack & OpenFlow Demo.
Software Defined-Networking. Network Policies Access control: reachability – Alice can not send packets to Bob Application classification – Place video.
VeriFlow: Verifying Network-Wide Invariants in Real Time
OpenFlow: Enabling Innovation in Campus Networks
CS : Software Defined Networks 3rd Lecture 28/3/2013
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Sponsored by the National Science Foundation Programmable Networks and GENI Marshall Brinn, GPO GEC October 25, 2012.
Networks big switch Hard Problems in SDN Rob Sherwood SDNRG – Atlanta, November 2012.
Management for IP-based Applications Mike Fisher BTexaCT Research
Sponsored by the National Science Foundation GENI Exploring Networks of the Future
OpenFlow:Enabling Innovation in Campus Network
Vytautas Valancius, Nick Feamster, Akihiro Nakao, and Jennifer Rexford.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Connecting Devices CORPORATE INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL Department of Electronics and.
Virtual Machines Created within the Virtualization layer, such as a hypervisor Shares the physical computer's CPU, hard disk, memory, and network interfaces.
SDN Management Layer DESIGN REQUIREMENTS AND FUTURE DIRECTION NO OF SLIDES : 26 1.
EXPOSING OVS STATISTICS FOR Q UANTUM USERS Tomer Shani Advanced Topics in Storage Systems Spring 2013.
Information-Centric Networks Section # 13.2: Alternatives Instructor: George Xylomenos Department: Informatics.
OpenFlow MPLS and the Open Source Label Switched Router Department of Computer Science and Information Engineering, National Cheng Kung University, Tainan,
OpenFlow & NOX (& how the SDN era started) CCR 2008 Whitepapers Nick McKeown & Natasha Gude et al. Presented by: M. Asim Jamshed Some slides have been.
Software Defined Networking and OpenFlow Geddings Barrineau Ryan Izard.
SDN and Beyond Ghufran Baig Mubashir Adnan Qureshi.
FlowVisor Can the Production Network Be the Testbed?
Ethernet Packet Filtering - Part1 Øyvind Holmeide Jean-Frédéric Gauvin 05/06/2014 by.
SDN challenges Deployment challenges
Multi Node Label Routing – A layer 2.5 routing protocol
Multi-layer software defined networking in GÉANT
The DPIaaS Controller Prototype
Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014
ETHANE: TAKING CONTROL OF THE ENTERPRISE
Stanford University Software Defined Networks and OpenFlow SDN CIO Summit 2010 Nick McKeown & Guru Parulkar In collaboration with Martin Casado and Scott.
The Stanford Clean Slate Program
Software Defined Networking (SDN)
DDoS Attack Detection under SDN Context
Implementing an OpenFlow Switch on the NetFPGA platform
Elmo Muhammad Shahbaz Lalith Suresh, Jennifer Rexford, Nick Feamster,
Intelligent Network Services through Active Flow Manipulation
Presentation transcript:

Can the Production Network Be the Testbed? Rob Sherwood Deutsche Telekom Inc. R&D Lab Glen Gibb, KK Yap, Guido Appenzeller, Martin Cassado, Nick McKeown, Guru Parulkar Stanford University, Big Switch Networks, Nicira Networks

Problem: Realisticly evaluating new network services is hard services that require changes to switches and routers e.g., o routing protocols o traffic monitoring services o IP mobility Result: Many good ideas don't gets deployed; Many deployed services still have bugs.

Why is Evaluation Hard? Real Networks Testbeds

Not a New Problem Build open, programmable network hardware o NetFPGA, network processors o but: deployment is expensive, fan-out is small Build bigger software testbeds o VINI/PlanetLab, Emulab o but: performance is slower, realistic topologies? Convince users to try experimental services o personal incentive, SatelliteLab o but: getting lots of users is hard

Solution Overview: Network Slicing Divide the production network into logical slices o each slice/service controls its own packet forwarding o users pick which slice controls their traffic: opt-in o existing production services run in their own slice  e.g., Spanning tree, OSPF/BGP Enforce strong isolation between slices o actions in one slice do not affect another Allows the (logical) testbed to mirror the production network o real hardware, performance, topologies, scale, users

Rest of Talk... How network slicing works: FlowSpace, Opt-In Our prototype implementation: FlowVisor Isolation and performance results Current deployments: 8+ campuses, 2+ ISPs Future directions and conclusion

Current Network Devices Control Plane Data Plane Switch/Router General-purpose CPU Custom ASIC Computes forwarding rules “ /16 --> port 6” Pushes rules down to data plane Enforces forwarding rules Exceptions pushed back to control plane e.g., unmatched packets Rules Excepts Control/Data Protocol

Add a Slicing Layer Between Planes Data Plane Rules Excepts Slice 1 Control Plane Slice 2 Control Plane Control/Data Protocol Slice Policies Slice 3 Control Plane

Network Slicing Architecture A network slice is a collection of sliced switches/routers Data plane is unmodified – Packets forwarded with no performance penalty – Slicing with existing ASIC Transparent slicing layer – each slice believes it owns the data path – enforces isolation between slices i.e., rewrites, drops rules to adhere to slice police – forwards exceptions to correct slice(s)

Slicing Policies The policy specifies resource limits for each slice: – Link bandwidth – Maximum number of forwarding rules – Topology – Fraction of switch/router CPU – FlowSpace: which packets does the slice control?

FlowSpace: Maps Packets to Slices

Real User Traffic: Opt-In Allow users to Opt-In to services in real-time o Users can delegate control of individual flows to Slices o Add new FlowSpace to each slice's policy Example: o "Slice 1 will handle my HTTP traffic" o "Slice 2 will handle my VoIP traffic" o "Slice 3 will handle everything else" Creates incentives for building high-quality services

Rest of Talk... How network slicing works: FlowSpace, Opt-In Our prototype implementation: FlowVisor Isolation and performance results Current deployments: 8+ campuses, 2+ ISPs Future directions and conclusion

Implemented on OpenFlow API for controlling packet forwarding Abstraction of control plane/data plane protocol Works on commodity hardware –via firmware upgrade – Data Plane Switch/ Router Switch/ Router OpenFlow Firmware Data Path Custom Control Plane Stub Control Plane OpenFlow Protocol Server Network OpenFlow Controller Control Path

FlowVisor Implemented on OpenFlow Custom Control Plane Stub Control Plane Data Plane OpenFlow Protocol Switch/ Router Server Network Switch/ Router Servers OpenFlow Firmware Data Path OpenFlow Controller Switch/ Router Switch/ Router OpenFlow Firmware Data Path OpenFlow Controller OpenFlow Controller OpenFlow Controller FlowVisor OpenFlow

FlowVisor Message Handling OpenFlow Firmware Data Path Alice Controller Bob Controller Cathy Controller FlowVisor OpenFlow Packet Exception Policy Check: Is this rule allowed? Policy Check: Who controls this packet? Full Line Rate Forwarding Rule Packet

FlowVisor Implementation Custom handlers for each of OpenFlow's 20 message types Transparent OpenFlow proxy 8261 LOC in C New version with extra API for GENI Could extend to non-OpenFlow (ForCES?) Code: `git clone git://openflow.org/flowvisor.git`

Rest of Talk... How network slicing works: FlowSpace, Opt-In Our prototype implementation: FlowVisor Isolation and performance results Current deployments: 8+ campuses, 2+ ISPs Future directions and conclusion

Isolation Techniques Isolation is critical for slicing In talk: Device CPU In paper: FlowSpace Link bandwidth Topology Forwarding rules As well as performance and scaling numbers

Device CPU Isolation Ensure that no slice monopolizes Device CPU CPU exhaustion prevent rule updates drop LLDPs ---> Causes link flapping Techniques Limiting rule insertion rate Use periodic drop-rules to throttle exceptions Proper rate-limiting coming in OpenFlow 1.1

CPU Isolation: Malicious Slice

Rest of Talk... How network slicing works: FlowSpace, Opt-In Our prototype implementation: FlowVisor Isolation and performance results Current deployments: 8+ campuses, 2+ ISPs Future directions and conclusion

FlowVisor Deployment: Stanford Our real, production network o 15 switches, 35 APs o 25+ users o 1+ year of use o my personal and web-traffic! Same physical network hosts Stanford demos o 7 different demos

FlowVisor Deployments: GENI

Future Directions Currently limited to subsets of actual topology Add virtual links, nodes support Adaptive CPU isolation Change rate-limits dynamically with load... message type More deployments, experience

Conclusion: Tentative Yes! Network slicing can help perform more realistic evaluations FlowVisor allows experiments to run concurrently but safely on the production network CPU isolation needs OpenFlow 1.1 feature Over one year of deployment experience FlowVisor+GENI coming to a campus near you! Questions? git://openflow.org/flowvisor.git

Backup Slides

What about VLANs? Can't program packet forwarding –Stuck with learning switch and spanning tree OpenFlow per VLAN? –No obvious opt-in mechanism: Who maps a packet to a vlan? By port? –Resource isolation more problematic CPU Isolation problems in existing VLANs

FlowSpace Isolation Discontinuous FlowSpace: (HTTP or VoIP) & ALL == two rules Isolation by rule priority is hard longest-prefix-match-like ordering issues need to be careful about preserving rule ordering PolicyDesired RuleResult HTTPALLHTTP-only HTTPVoIP Drop

Scaling

Performance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.