Scalable Flow-Based Networking with DIFANE 1 Minlan Yu Princeton University Joint work with Mike Freedman, Jennifer Rexford and Jia Wang.

Slides:



Advertisements
Similar presentations
Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.
Advertisements

Towards Software Defined Cellular Networks
Traffic and routing. Network Queueing Model Packets are buffered in egress queues waiting for serialization on line Link capacity is C bps Average packet.
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Programming Protocol-Independent Packet Processors
Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison, Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker.
VCRIB: Virtual Cloud Rule Information Base Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan HotCloud 2012.
Nanxi Kang Princeton University
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.
PARIS: ProActive Routing In Scalable Data Centers Dushyant Arora, Theophilus Benson, Jennifer Rexford Princeton University.
Incremental Consistent Updates Naga Praveen Katta Jennifer Rexford, David Walker Princeton University.
OpenFlow-Based Server Load Balancing GoneWild
Scalable Network Virtualization in Software-Defined Networks
Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.
Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.
Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:
Shadow Configurations: A Network Management Primitive Richard Alimi, Ye Wang, Y. Richard Yang Laboratory of Networked Systems Yale University.
A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University
Tesseract A 4D Network Control Plane
SDN Scalability Issues
Languages for Software-Defined Networks Nate Foster, Arjun Guha, Mark Reitblatt, and Alec Story, Cornell University Michael J. Freedman, Naga Praveen Katta,
Scalable Management of Enterprise and Data Center Networks Minlan Yu Princeton University 1.
BUFFALO: Bloom Filter Forwarding Architecture for Large Organizations Minlan Yu Princeton University Joint work with Alex Fabrikant,
Hash, Don’t Cache: Fast Packet Forwarding for Enterprise Edge Routers Minlan Yu Princeton University Joint work with Jennifer.
Software Defined Networking COMS , Fall 2013 Instructor: Li Erran Li SDNFall2013/
Scalable Server Load Balancing Inside Data Centers Dana Butnariu Princeton University Computer Science Department July – September 2010 Joint work with.
OpenFlow Switch Limitations. Background: Current Applications Traffic Engineering application (performance) – Fine grained rules and short time scales.
1 Latency Equalization: A Programmable Routing Service Primitive Minlan Yu Joint work with Marina Thottan, Li Li at Bell Labs.
Cellular Core Network Architecture
Enabling Innovation Inside the Network Jennifer Rexford Princeton University
OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.
Software-Defined Networks Jennifer Rexford Princeton University.
Software Defined Networking COMS , Fall 2014
Measuring Control Plane Latency in SDN-enabled Switches Keqiang He, Junaid Khalid, Aaron Gember-Jacobson, Sourav Das, Chaithan Prakash, Aditya Akella,
BUFFALO: Bloom Filter Forwarding Architecture for Large Organizations Minlan Yu Princeton University Joint work with Alex Fabrikant,
Floodless in SEATTLE : A Scalable Ethernet ArchiTecTure for Large Enterprises. Changhoon Kim, Matthew Caesar and Jenifer Rexford. Princeton University.
Wire Speed Packet Classification Without TCAMs ACM SIGMETRICS 2007 Qunfeng Dong (University of Wisconsin-Madison) Suman Banerjee (University of Wisconsin-Madison)
Palette: Distributing Tables in Software-Defined Networks Yossi Kanizo (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel) and David Hay.
SEATTLE and Recent Work Jennifer Rexford Princeton University Joint with Changhoon Kim, Minlan Yu, and Matthew Caesar.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.
Fast Crash Recovery in RAMCloud. Motivation The role of DRAM has been increasing – Facebook used 150TB of DRAM For 200TB of disk storage However, there.
Programming Languages for Software Defined Networks Jennifer Rexford and David Walker Princeton University Joint work with the.
Aaron Gember, Theophilus Benson, Aditya Akella University of Wisconsin-Madison.
SDN Management Layer DESIGN REQUIREMENTS AND FUTURE DIRECTION NO OF SLIDES : 26 1.
High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.
CellSDN: Software-Defined Cellular Core networks Xin Jin Princeton University Joint work with Li Erran Li, Laurent Vanbever, and Jennifer Rexford.
Yaping Zhu with: Jennifer Rexford (Princeton University) Aman Shaikh and Subhabrata Sen (ATT Research) Route Oracle: Where Have.
Improving Network Management with Software Defined Network Group 5 : z Xuling Wu z Haipeng Jiang z Sichen Wu z Aparna Sanil.
SIMPLE-fying Middlebox Policy Enforcement Using SDN
1 IEX8175 RF Electronics Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
Shadow MACs: Scalable Label- switching for Commodity Ethernet Author: Kanak Agarwal, John Carter, Eric Rozner and Colin Dixon Publisher: HotSDN 2014 Presenter:
Jennifer Rexford Princeton University MW 11:00am-12:20pm Data-Plane Verification COS 597E: Software Defined Networking.
BUFFALO: Bloom Filter Forwarding Architecture for Large Organizations Minlan Yu Princeton University Joint work with Alex Fabrikant,
Xin Li, Chen Qian University of Kentucky
SDN challenges Deployment challenges
HULA: Scalable Load Balancing Using Programmable Data Planes
Software defined networking: Experimental research on QoS
The DPIaaS Controller Prototype
ETHANE: TAKING CONTROL OF THE ENTERPRISE
Revisiting Ethernet: Plug-and-play made scalable and efficient
NOX: Towards an Operating System for Networks
CS 31006: Computer Networks – The Routers
Be Fast, Cheap and in Control
Toward Taming Policy Enforcement for SDN_______ in the RIGHT way_
SoftRing: Taming the Reactive Model for Software Defined Networks
Implementing an OpenFlow Switch on the NetFPGA platform
EE 122: Lecture 7 Ion Stoica September 18, 2001.
Programmable Networks
OpenSec:Policy-Based Security Using Software-Defined Networking
Presentation transcript:

Scalable Flow-Based Networking with DIFANE 1 Minlan Yu Princeton University Joint work with Mike Freedman, Jennifer Rexford and Jia Wang

2 What’s DIFANE? Traditional enterprise – Hard to manage – Limited policies – Distributed Flow-based networking – Easy to manage – Support fine-grained policy – Scalability remains a challenge DIFANE: A scalable way to apply fine-grained policies in enterprises DIFANE: A scalable way to apply fine-grained policies in enterprises

HTTP Access control – Drop packets from malicious hosts Customized routing – Direct Skype calls on a low-latency path Measurement – Collect detailed HTTP traffic statistics Flexible Policies in Enterprises 3 HTTP

Flow-based Switches Install rules in flow-based switches – Store rules in high speed memory (TCAM) Perform simple actions based on rules – Rules: Match on bits in the packet header – Actions: Drop, forward, count 4 drop forward via link 1 Flow space src. dst.

Challenges of Policy-Based Management Policy-based network management – Specify high-level policies in a management system – Enforce low-level rules in the switches Challenges – Large number of hosts, switches and policies – Limited TCAM space in switches – Support host mobility – No hardware changes to commodity switches 5

Pre-install Rules in Switches 6 Packets hit the rules Forward Problems: – No host mobility support – Switches do not have enough memory Pre-install rules Controller

Install Rules on Demand (Ethane, NOX) 7 First packet misses the rules Buffer and send packet header to the controller Install rules Forward Controller Problems: – Delay of going through the controller – Switch complexity – Misbehaving hosts

DIFANE: Combining Proactive & Reactive 8 Features Proactive Reactive( Ethane) DIFANE Host mobility Memory usage Keep packet in data plane Install rules

DIFANE Architecture (two stages) 9 DIstributed Flow Architecture for Networked Enterprises

Stage 1 10 The controller proactively generates the rules and distributes them to authority switches.

Partition and Distribute the Flow Rules 11 Ingress Switch Egress Switch Distribute partition information Authority Switch A AuthoritySwitch B Authority Switch C reject accept Flow space Controller Authority Switch A Authority Switch B Authority Switch C

Stage 2 12 The authority switches keep packets always in the data plane and reactively cache rules.

Following packets Packet Redirection and Rule Caching 13 Ingress Switch Authority Switch Egress Switch First packet Redirect Forward Feedback: Cache rules Hit cached rules and forward A slightly longer path in the data plane is faster than going through the control plane

Locate Authority Switches Partition information in ingress switches – Using a small set of coarse-grained wildcard rules – … to locate the authority switch for each packet Distributed directory service but not DHT – Hashing does not work for wildcards – Keys can have wildcards in arbitrary bit positions 14 Authority Switch A AuthoritySwitch B Authority Switch C X:0-1 Y:0-3  A X:2-5 Y: 0-1  B X:2-5 Y:2-3  C X:0-1 Y:0-3  A X:2-5 Y: 0-1  B X:2-5 Y:2-3  C

Following packets Packet Redirection and Rule Caching 15 Ingress Switch Authority Switch Egress Switch First packet Redirect Forward Feedback: Cache rules Hit cached rules and forward

Three Sets of Rules in TCAM TypePriorityField 1Field 2ActionTimeout Cache Rules 21000**111*Forward to Switch B10 sec **Drop10 sec …………… Authority Rules 11000**001*Forward Trigger cache manager Infinity ***Drop, Trigger cache manager …………… Partition Rules 150***000*Redirect to auth. switch 14… …………… 16 In ingress switches reactively installed by authority switches In ingress switches reactively installed by authority switches In authority switches proactively installed by controller In authority switches proactively installed by controller In every switch proactively installed by controller In every switch proactively installed by controller

Cache Rules DIFANE Switch Prototype Built with OpenFlow switch 17 Data Plane Control Plane Cache Manager Cache Manager Send Cache Updates Recv Cache Updates Only in Auth. Switches Authority Rules Partition Rules Just software modification for authority switches Notification Cache rules

Caching Wildcard Rules Overlapping wildcard rules – Cannot simply cache matching rules 18

Caching Wildcard Rules Multiple authority switches – Contain independent sets of rules – Avoid cache conflicts in ingress switch 19 Authority switch 1 Authority switch 2

Partition Wildcard Rules Partition rules – Minimize the TCAM entries in switches – Decision-tree based rule partition algorithm 20 Cut A Cut B Cut B is better than Cut A

Handling Network Dynamics 21 Network dynamics Cache rules Authority Rules Partition Rules Policy changes at controller TimeoutChange Mostly no change Topology changes at switches No change Change Host mobilityTimeoutNo change

Prototype Evaluation Evaluation setup – Kernel-level Click-based OpenFlow switch – Traffic generators, switches, controller run on separate 3.0GHz 64-bit Intel Xeon machines Compare delay and throughput – NOX: Buffer packets and reactively install rules – DIFANE: Forward packets to authority switches 22

Delay Evaluation Average delay (RTT) of the first packet – NOX: 10 ms – DIFANE: 0.4 ms Reasons for performance improvement – Always keep packets in the data plane – Packets are delivered without waiting for rule caching – Easily implemented in hardware to further improve performance 23

Peak Throughput One authority switch; Single-packet flow ingress switch Controller Bottleneck (50K) Controller Bottleneck (50K) DIFANE (800K) DIFANE (800K) Ingress switch Bottleneck (20K) Ingress switch Bottleneck (20K) DIFANE further increases the throughput linearly with the number of authority switches.

Scaling with Many Rules How many authority switches do we need? – Depends on total number of rules … and the TCAM space in these authority switches 25 CampusIPTV # Rules30K5M # Switches1.7K3K Assumed Authority Switch TCAM size 160 KB1.6 MB Required # Authority Switches 5 (0.3%)100 (3%)

Stepping back … 26

Distributed or Centralized? 27 logically-centralized in the management system Distributed amongst the network elements All functions in switches OpenFlow/NOX DIFANE Controller is still in charge Switches host a distributed directory of the rules DIFANE Controller is still in charge Switches host a distributed directory of the rules

Thanks! 28

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.