Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by Shinae Woo Borrowed many of the original author’s slides Aaron Gember-Jacobson, Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid.

Published byKelley Fleming Modified over 8 years ago

Similar presentations

Presentation on theme: "Presented by Shinae Woo Borrowed many of the original author’s slides Aaron Gember-Jacobson, Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid."— Presentation transcript:

1 Presented by Shinae Woo Borrowed many of the original author’s slides Aaron Gember-Jacobson, Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella OpenNF: Enabling Innovation in Network Function Control 1

2 Network functions (NFs) Perform sophisticated stateful actions on packets/flows WAN optimizer Caching proxy Intrusion det ection system (IDS) 2

3 NF trends NFV → dynamically allocate NF instances SDN → dynamically reroute flows Dynamic reallocation of packet processing Xen/KVM 3

4 Example: elastic NF scaling 1.Satisfy performance SLAs 2.Minimize operating costs 3.Accurately monitor traffic CPU Packet lossPacket loss 4

5 To simultaneously… 1.Satisfy performance SLAs 2.Minimize operating costs 3.Accurately monitor traffic Cannot effectively implement new servicesor abstractions! Problem: NFV+SDN is insufficient 5

6 Why NFV + SDN falls short Reroute existing flows [SIMPLE - SIGCOMM ‘13] Wait for flows to die [Stratos - arXiv:1305.0209] Packet loss SLA: <1% 1. SLAs2. Cost2. Cost3. Accuracy Reroute new flows [Stratos - arXiv:1305.0209] 6

7 Why NFV + SDN falls short Wait for flows to die [Stratos - arXiv:1305.0209] Packet loss 1. SLAs2. Cost2. Cost3. Accuracy Reroute new flows [Stratos - arXiv:1305.0209] Reroute existing flows [SIMPLE - SIGCOMM ‘13] 6

8 Why NFV + SDN falls short Packet loss 1. SLAs2. Cost2. Cost3. Accuracy Reroute new flows [Stratos - arXiv:1305.0209] Reroute existing flows [SIMPLE - SIGCOMM ‘13] Wait for flows to die [Stratos - arXiv:1305.0209] 6 ?

9 SLAs + cost + accuracy: What do we need? Quickly move, copy, or share internal NF state alongside updates to network forwarding state Guarantees: loss-free, order-preserving, … … 123123 Also applies to other scenarios 7

10 Outline Motivation and requirements Challenges OpenNF architecture – State export/import – State operations – Guarantees Evaluation 8

11 OpenNF overview NF State ManagerFlow Manager OpenNF Controller Control Application move/copy/share state export/import state 10 NF1 NF2 ex) Elastic scaling Hot standby Dynamic enhancement

12 1.Many NFs, minimal changes - state operations at different granularities 3.Ensure application’s flexibility - state operations at different granularities - flexibility in choosing guarantees Challenges StateState PacketPacket RouteUpdateRouteUpdate 9 2. Reigning in race conditions

13 State created or updated by an NF applies to either a single flow or a collection of flows NF state taxonomy ConnectionHttpAnalyzer ConnectionTcpAnalyzer TcpAnalyzer HttpAnalyzer Per-flow state Multi-flow state ConnCountConnCount All-flows state Statistics 11

14 NF API: export/import state Functions: get, put, delete No need to expose/change internal state organization! FilterFilter PerPer Multi All Scope NF get put 12

15 Control operations: move NF State Manager 3. [Chunk1] [Chunk2] Control ApplicationFlow Manager 1. move (port=80, Bro 1, Bro 2 )6. forward(port=80, Bro 2 ) 2. get(per, port=80) 4. del(per, port=80) 5. put (per, Chunk1) put (per, Chunk2) Bro2Bro2 Bro1Bro1 Also provide copy and share 13

16 detect- MHRMHR Loss-free: All state updates should be reflected in the transferred state, and all packets should be processed Lost updates during move B1 R1R2 Missing state Bro1Bro2Bro1Bro2 move(red,Bro 1,Bro 2 ) Missing updates R3 14 Split/Merge [NSDI ‘13] : pause traffic, buffer packets – Packets in-transit when buffering starts are dropped

17 NF API: observe/prevent updates using events Only need to change an NF’s receive packet function! R1 NF 15

18 1. enableEvents(red,drop) on Bro 1 Use events for loss-free move Bro2Bro2 Bro1Bro1 Drop R1 16

19 1. enableEvents(red,drop) on Bro 1 2. get / delete on Bro 1 Use events for loss-free move Bro2Bro2 Bro1Bro1 Drop R1 16

20 1. enableEvents(red,drop) on Bro 1 2. get / delete on Bro 1 Use events for loss-free move Bro2Bro2 Bro1Bro1 Drop R1 R2 16

21 1. enableEvents(red,drop) on Bro 1 2. get / delete on Bro 1 3.Buffer events at controller Use events for loss-free move Bro2Bro2 Bro1Bro1 Drop R1 R2 16

22 1. enableEvents(red,drop) on Bro 1 2. get / delete on Bro 1 3.Buffer events at controller 4. put on Bro 2 Use events for loss-free move Bro2Bro2 Bro1Bro1 Drop R1 R2 16

23 1. enableEvents(red,drop) on Bro 1 2. get / delete on Bro 1 3.Buffer events at controller 4. put on Bro 2 5.Flush packets in events to Bro 2 Use events for loss-free move Bro2Bro2 Bro1Bro1 Drop R1 R1,R2 16

24 1. enableEvents(red,drop) on Bro 1 2. get / delete on Bro 1 3.Buffer events at controller 4. put on Bro 2 5.Flush packets in events to Bro 2 6.Update forwarding Use events for loss-free move Bro2Bro2 Bro1Bro1 Drop R1 R1,R2 16

25 1. enableEvents(red,drop) on Bro 1 2. get / delete on Bro 1 3.Buffer events at controller 4. put on Bro 2 5.Flush packets in events to Bro 2 6.Update forwarding Use events for loss-free move Bro2Bro2 Bro1Bro1 Drop R1 R1,R2R1,R2,R3R1,R2,R3 17

26 False positives from Bro’s weird script Re-ordering of packets Order-preserving: All packets should be processed in the order they were forwarded by the switch Controller Switch Bro2Bro2 5.Flush buffer 6.Request forwarding update Bro1Bro1 R2 R4 R3 R2 R4 R3 17

27 1.Dealing with diversity Export/import state based on its association with flows 2.Dealing with race conditions OpenNF: SLAs + cost + accuracy EventsLock-step forwarding updates 18 +

28 Implementation Controller (3.8K lines of Java) Communication library (2.6K lines of C) Modified NFs (3-8% increase in code) Bro IDS iptablesSquid CachePRADS 19

29 Overall benefits for elastic scaling Bro IDS processing 10K pkts/sec – At 180 sec: move HTTP flows (489) to new IDS – At 360 sec: move back to old IDS SLAs: 260ms to move (loss-free) Accuracy: same log entries as using one IDS – VM replication: incorrect log entries Cost: scale down after state is moved – Stratos: scale down delayed 25+ minutes [arXiv:1305.0209] 20

30 Evaluation: state export/import Serialization/deserialization costs dominate Cost grows with state complexity 21

31 0 50 100 150 200 AverageAverageMaximum P e r - pa c k e t L a t e n c y I n c r e a se ( ms) 500 400 300 200 100 0 NGNG PLLF PL+ER M ov e Ti me ( m s ) PRADS asset detector processing 5K pkts/sec Move per-flow state for 500 flows Evaluation: operations Packets dropped! 686 881 packets in events Operations are efficient, but guarantees come at a cost! 1120 pkts + in events buffered 838 pkts NGNG PLLF PL+ER OP PL+ER 22 462

32 Dynamic reallocation of packet processing enables new services Realizing SLAs + cost + accuracy requires quick, safe control of internal NF state OpenNF provides flexible and efficient control with few NF modifications ht p:/ opennf.cs.wisc.edu Conclusion 23

33 Is it feasible to modify NFs to support OpenNF? Serialization/Deserialization is trivial parts We need to know internal data structure / allocation or acces sing strategies / algorithm How to merge multiple states into one or split single state to multiple? It may merge two hash tables, split linked list into multipl e, or merge B+ tree…. It may require locking data structures  Blocking NF processi ng during locking! Discussion 23

34 Is the performance enough to use in the real network? In paper, 2500 pps, up to 1000 flows migrations In real network, millions pps, hundred thousand flows.. Per-packet latency will be increase from lock-step forwarding and state update Discussion 23 Linearly increases with # flows State complexity add the delay

Download ppt "Presented by Shinae Woo Borrowed many of the original author’s slides Aaron Gember-Jacobson, Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid."

Similar presentations

M AINTAINING L ARGE A ND F AST S TREAMING I NDEXES O N F LASH Aditya Akella, UW-Madison First GENI Measurement Workshop Joint work with Ashok Anand, Steven.

M AINTAINING L ARGE A ND F AST S TREAMING I NDEXES O N F LASH Aditya Akella, UW-Madison First GENI Measurement Workshop Joint work with Ashok Anand, Steven.
SDN Controller Challenges

SDN Controller Challenges
Traffic Engineering with Forward Fault Correction (FFC)

Traffic Engineering with Forward Fault Correction (FFC)
Aaron Gember-Jacobson, Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1 OpenNF: Enabling Innovation in Network.

Aaron Gember-Jacobson, Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1 OpenNF: Enabling Innovation in Network.
SIMPLE-fying Middlebox Policy Enforcement Using SDN

SIMPLE-fying Middlebox Policy Enforcement Using SDN
Anand Krishnamurthy, Shoban P. Chandrabose and Aaron Gember-Jackobson 1 Pratyaastha: An Efficient Elastic Distributed SDN Control Plane.

Anand Krishnamurthy, Shoban P. Chandrabose and Aaron Gember-Jackobson 1 Pratyaastha: An Efficient Elastic Distributed SDN Control Plane.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.
REfactor-ing Content Overhearing to Improve Wireless Performance Shan-Hsiang Shen Aaron Gember Ashok Anand Aditya Akella abc 1d ab 1.

REfactor-ing Content Overhearing to Improve Wireless Performance Shan-Hsiang Shen Aaron Gember Ashok Anand Aditya Akella abc 1d ab 1.
Programmable Measurement Architecture for Data Centers Minlan Yu University of Southern California 1.

Programmable Measurement Architecture for Data Centers Minlan Yu University of Southern California 1.
OpenNF: Enabling Innovation in Network Function Control Aditya Akella With: Aaron Gember, Raajay Vishwanathan, Chaithan Prakash, Sourav Das, Robert Grandl,

OpenNF: Enabling Innovation in Network Function Control Aditya Akella With: Aaron Gember, Raajay Vishwanathan, Chaithan Prakash, Sourav Das, Robert Grandl,
OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.

OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.
Stratos: A Network-Aware Orchestration Layer for Middleboxes in the Cloud Aditya Akella, Aaron Gember, Anand Krishnamurthy, Saul St. John University of.

Stratos: A Network-Aware Orchestration Layer for Middleboxes in the Cloud Aditya Akella, Aaron Gember, Anand Krishnamurthy, Saul St. John University of.
Flowlet Switching Srikanth Kandula Shan Sinha & Dina Katabi.

Flowlet Switching Srikanth Kandula Shan Sinha & Dina Katabi.
Incremental Consistent Updates Naga Praveen Katta Jennifer Rexford, David Walker Princeton University.

Incremental Consistent Updates Naga Praveen Katta Jennifer Rexford, David Walker Princeton University.
Aaron Gember-Jacobson, Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1 OpenNF: Enabling Innovation in Network.

Aaron Gember-Jacobson, Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1 OpenNF: Enabling Innovation in Network.
PERSISTENT DROPPING: An Efficient Control of Traffic Aggregates Hani JamjoomKang G. Shin Electrical Engineering & Computer Science UNIVERSITY OF MICHIGAN,

PERSISTENT DROPPING: An Efficient Control of Traffic Aggregates Hani JamjoomKang G. Shin Electrical Engineering & Computer Science UNIVERSITY OF MICHIGAN,
Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.

Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.
Towards Virtual Routers as a Service 6th GI/ITG KuVS Workshop on “Future Internet” November 22, 2010 Hannover Zdravko Bozakov.

Towards Virtual Routers as a Service 6th GI/ITG KuVS Workshop on “Future Internet” November 22, 2010 Hannover Zdravko Bozakov.
Scalable and Crash-Tolerant Load Balancing based on Switch Migration

Scalable and Crash-Tolerant Load Balancing based on Switch Migration

Similar presentations

Ads by Google