1 Problems and Solutions in Enterprise Network Control: Motivations for a 4D Architecture David A. Maltz Microsoft Research Joint work with Albert Greenberg,

Slides:



Advertisements
Similar presentations
David A. Maltz Carnegie Mellon University/Microsoft Research
Advertisements

MPLS VPN.
Route Optimisation RD-CSY3021.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 4: Routing Concepts Routing Protocols.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Understanding and Mitigating the Complexity in Network Configuration and Management Aditya Akella UW-Madison Joint work with Theo Benson (UW-Madison) and.
SDN and Openflow.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
August, 2006 Usenix Security 2006 SANE: Addressing the Protection Problem in Enterprise Networks Martin Casado Tal Garfinkel Michael Freedman Aditya Akaella.
A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University
Tesseract A 4D Network Control Plane
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.
1 Network-wide Decision Making: Toward a Wafer-thin Control Plane Jennifer Rexford, Albert Greenberg, Gisli Hjalmtysson ATT Labs Research David A. Maltz,
WiNG 5.3.
Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Theophilus Benson Aditya Akella David A Maltz
Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.
1 Structure Preserving Anonymization of Router Configuration Data David A. Maltz, Jibin Zhan, Geoffrey Xie, Hui Zhang Carnegie Mellon University Gisli.
Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.
InterVLAN Routing Design and Implementation. What Routers Do Intelligent, dynamic routing protocols for packet transport Packet filtering capabilities.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
TCOM 515 Lecture 6.
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
TCP/SYN Attack – use ACL to allow traffic from TCP connections that were established from the internal network and block packets from an external network.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Access Control Lists (ACLs)
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Introduction to Routing and Packet Forwarding Routing Protocols and.
1 Pertemuan 26 Integrating Network using Routing Protocol.
Chapter 9. Implementing Scalability Features in Your Internetwork.
1 Rethinking Network Control & Management The Case for a New 4D Architecture David A. Maltz Carnegie Mellon University Joint work with Albert Greenberg,
Threaded Case Study for Phoenix, AZ. School District Sunny Slope & Sunset Elementary present by Todd Thousand, Bill Siepel, and Jeff Moore.
OpenFlow:Enabling Innovation in Campus Network
1 Rethinking Network Control and Management David A. Maltz
Page 1 Access Lists Lecture 7 Hassan Shuja 04/25/2006.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 2 – 6 IP Access Lists 1.
11 Tesseract* A 4D Network Control Plane Hong Yan, David A. Maltz, T. S. Eugene Ng Hemant Gogineni, Hui Zhang, Zheng Cai *Tesseract is a 4-dimensional.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.
SDN AND OPENFLOW SPECIFICATION SPEAKER: HSUAN-LING WENG DATE: 2014/11/18.
Module 1: Configuring Routing by Using Routing and Remote Access.
1 Routing Design in Operational Networks: A Look from the Inside David A. Maltz, Geoffrey Xie, Jibin Zhan, Hui Zhang Carnegie Mellon University Gisli Hjalmtysson,
Evolving Toward a Self-Managing Network Jennifer Rexford Princeton University
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—13-1 Lesson 13 Switching and Routing.
+ Routing Concepts 1 st semester Objectives  Describe the primary functions and features of a router.  Explain how routers use information.
Role of Router. The Router as a Perimeter Device  Usually the main function of a router is considered as the forwarding of packets between two network.
Cisco Routers Routers collectively provide the main feature of the network layer—the capability to forward packets end-to-end through a network. routers.
15-744: Computer Networking
Routing Jennifer Rexford.
ETHANE: TAKING CONTROL OF THE ENTERPRISE
Chapter 4: Routing Concepts
Cisco Real Exam Dumps IT-Dumps
Software Defined Networking (SDN)
Troubleshooting an Enterprise Network
BGP Instability Jennifer Rexford
Scrumium NetBrain Thursday, May 09, 2019.
Presentation transcript:

1 Problems and Solutions in Enterprise Network Control: Motivations for a 4D Architecture David A. Maltz Microsoft Research Joint work with Albert Greenberg, Gisli Hjalmtysson Andy Myers, Jennifer Rexford, Geoffrey Xie, Hong Yan, Jibin Zhan, Hui Zhang

2 Isolation, VLANs, and the Spaghetti that Results Network designers want to deal in groups –Collect users/host into group –Measure, restrict/permit, QoS, a group’s traffic Routing designs to do this are horribly complicated –VLANs –Clever IP address assignment –Packet filters everywhere Let the designers configure policy in terms of groups Shouldn’t have to worry about L2/L3 etc.

3 Device Configuration is a Nightmare interface Ethernet0 ip address interface Serial1/0.5 point-to-point ip address ip access-group 143 in frame-relay interface-dlci 28 router ospf 64 redistribute connected subnets redistribute bgp metric 1 subnets network area 0 router bgp redistribute ospf 64 match route-map 8aTzlvBrbaW neighbor remote-as neighbor distribute-list 4 in access-list 143 deny /16 access-list 143 permit any route-map 8aTzlvBrbaW deny 10 match ip address 4 route-map 8aTzlvBrbaW permit 20 match ip address 7 ip route /

4 Device Configuration is a Nightmare Thousands of lines of configuration Make a configuration mistake, router becomes unreachable over the network Want zero device-specific configuration

5 Network Designers Want “Simple” Things (But Achieving Them is Incredibly Hard) Data Center Infrastructure Servers

6 Network Designers Want “Simple” Things (But Achieving Them is Incredibly Hard) Support customized responses Enable designers to express desired behaviors

7 Embrace Heterogeneity or Die! No two router versions have the same capabilities –That’s why they have different version #s Device vendors add features to differentiate their products –No one wants to be made a commodity Management/control systems that treat devices as generic are doomed to be stillborn Must make use of new features that vendors innovate Common format for configuration state - okay One-size-fits all logic computing that state – not okay

8 Good Abstractions Reduce Complexity All decision making logic lifted out of control plane Routers no longer run routing protocols Dissemination plane provides robust communication to/from data plane switches Management Plane Control Plane Data Plane Decision Plane Dissemination Data Plane Configs FIBs, ACLs

9 A Clean-Slate Approach: The 4D Architecture Routing Table Access Control Table NAT Table Tunnel Table Decision Plane Generating table entries Data Plane Modeled as a set of tables Install table entries Discovery Plane Dissemination Plane

10 Using the 4D Architecture Install a security key on each device Connect them together Connect Decision Elements Example network with 49 switches and 5 DEs

11 Does it work? Yes. 4D designed so performance can be predicted Recovers from single link failure in < 120 ms –< 1 s response considered “excellent” –Faster forwarding reconvergence possible Survives failure of master Decision Element –New DE takes control within 170 ms –No disruption unless second fault occurs Gracefully handles complete network partitions –Less than 170 ms of outage –At no point did two DEs attempt to master the same switch

12 4D Enables Customized Decision Logic Example also illustrates the 4D controlling both L2 and L3 (Ethernet and IP)

13 Tying the Hosts and Users Back Into the Network 4D gets us back to every Ethernet jack on the wall is the same –Now how to differentiate them based on what user/hosts connects? Extend 4D into the hosts (a little bit) 4D creates paths between newly connected hosts and authentication server (DHCP/DC/BRAS) Hosts bootstrap, users login Discovery Plane finds the new host Routes pushed to switches DNS/printer/IPSEC policies/etc pushed to host

14 4D as the Framework for Network Control (?) Decision Plane must be modular/extensible –Isolation: each group specifies the decision logic used to control traffic among the group –Device heterogeneity: vendor ships decision logic that leverages their cool new feature along with the router Grand Vision: 4D must arbitrate access to resources Different decision logics may output conflicting state The operating system for the network Step 1: 4D is the easiest framework in which to implement cool routing/control ideas What Click did for routers, 4D should do for the network

15 Backup Slides

16

17

18 Simple Questions Should switches/routers be in the same address space as end hosts? –End hosts hack into routers? Communication channel for control and management –Operational when data channel fails?

19 Routers Serve Different Functions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.