Presentation is loading. Please wait.

Presentation is loading. Please wait.

Northbound API Dan Shmidt | January 2017

Published byJosefina Lara Camacho Modified over 5 years ago

Similar presentations

Presentation on theme: "Northbound API Dan Shmidt | January 2017"— Presentation transcript:

1 Northbound API Dan Shmidt | January 2017
OpenBox Controller Northbound API Dan Shmidt | January 2017

2 Project Goal Design and Implementation of OpenBox’s Northbound API

3 Agenda Network Function (AKA the Problem) OpenBox (AKA Solution)
Zoom-In OpenBox Controller Workflows Architecture Implementation Experimental Results

4 Network Functions (NF)

5 What are Network Functions
Appliances deployed on a network’s data plane (Physical or Virtual) Usually perform some sort of Packet Processing Examples: Firewall, IDS, IPS, Load Balancer

6 Typical Firewall (Example)

7 Typical IPS (Example)

8 The Downside of NFs Managed Separately Hardware Management Interface
Redundant Processing Header inspection Payload pattern matching Unified Control and Data planes

9 OpenBox

10 OpenBox Introduction Framework: Hardware, Software, SDK, API
Decouple NF control plane from data plane Merge data plane activity for multiple NFs Allow network administrators to experiment with NFs

11 Merged Firewall + IPS

12 OpenBox Architecture

13 OpenBox Components

14 Northbound API SDK for NF developers that allows NF creation with a small set of generic pieces. Application loading and management API for applications to interact with the data plane

15 OpenBox Application (OBA)
User defined logic that aims to perform packet processing Defined in terms of the Northbound API (SDK) Formally a Tuple: <Priority, Logic, Event Handlers>

16 OpenBox Controller (OBC)
Centralized control of the OpenBox Framework Facing the user (Northbound API) Facing the data plane (Soutbound API)

17 OpenBox Instance (OBI)
A single unit in OpenBox’s data plane Executes the user defined logic Single Requirement: Implement OpenBox protocol Virtual / Physical / Software / Hardware

18 Southbound API Communication protocol between OBI and OBC
Control plane messages e.g: “Set Processing Graph” Data plane messages e.g: “Read Handle” (count of dropped packets)

19 OpenBox Controller

20 Responsibilities (South)
Manage the Data plane by controlling OBIs Communication layer between Applications and data plane Load Custom modules

21 Responsibilities (North)
Create applications Load applications Query applications Network Overview Expose OpenBox functionality Aggregate applications Isolate applications from one another

22 Architecture

23 Challenges Asynchronous System
How much of the raw data is exposed to the application Application Isolation

24 OpenBox Abstraction Layer (OBAL)
SDK for application developers Building blocks for every possible NF Header Matching Payload Matching Alerts Hooks for data retrieval

25 OBAL Implementation

26 Events Manager Responsible for triggering events
Registers application to requested events Holds a hook to access applications when needed

27 Available Events Mandatory events: Application Started
Application Stopped Error Non-Mandatory: Alert Instance Down Instance Up

28 Read / Write Handles Access to the application configuration and statistics Access to specific processing block of a specific application

29 Topology Manager The knowledge of how the network is built
Topology information is needed across the board Users OBC internal use

30 Application Registry Entry point for application creators
Ability to register new applications to the controller Plugin like behavior

31 Application Aggregator
Merge mutual processing blocks of several applications. Caution to not disrupt application isolation

32 OBA Topology Manager To Data plane Via Southbound API OBAL Registry
Aggregator Handle Clients Event Handlers Events Manager

33 Workflows

34 Application Loading How to install a new OpenBox Application
Implement logic with OpenBox SDK Supply Topology Information Use ApplicationRegistry to load application

35 Application Loading OBA Registry Aggregation Event Manager
Load Application Aggregate Perform Aggregation Application Loaded Application Started

36 Read / Write Handles Workflow
Once application has started, the administrator would like to query the application from the data plane. How many packets were processed? How many packets were dropped?

37 Read / Write Handles Workflow
OBA Handle Client Southbound API OBI Read Handle Read Handle Read Handle Read Result Read Result

38 Application Isolation
Aggregator keeps a mapping of original block id - > new block id A query for a read handle checks the mapping and queries the new block that actually resides in the data plane

39 Event / Alert Workflow Application’s way to actively notify about it’s lifetime and about it’s process. Instance Down Packet Dropped Threat Detected

40 Event/Alert Workflow OBA Event Manager Southbound API OBI Alert
Handle Alert handler.Handle

41 Application Isolation
Alert Blocks carry their identifier Application aggregator keeps original blocks -> Application mapping Aggregation takes care of keeping the original identifier on the aggregated graph Alert messages contains the original block identifier

42 Example (Simple IPS)

43 Processing Graph

44 Code Snippets (Create Blocks)

45 Code Snippets (Connect)

46 Benefits ~270 lines of code Code is readable and self explanatory
Easy Configurable Easily Changeable

47 Experimental Results

48 Experimental Environment
Hardware (sheldon): Intel Xeon E V3 CPU 32GB Ram

49 How well does the OBC handles messages from the Data plane?
Experiment Goal How well does the OBC handles messages from the Data plane? Resource Utilization Latency

50 Experimental Scenario
Controller Single OBI Single Application which sends alerts in a configurable rate (MPM).

51 Memory Utilization

52 CPU Utilization

53 Latency

54 Futuristic

55 Future Work Smart / Automatic NF Placement OpenFlow Integration
Create NFs with graphical tool Native Northbound API Dashboard Reloading applications while controller is running

56 Questions ?

Download ppt "Northbound API Dan Shmidt | January 2017"

Similar presentations

TSpaces Services Suite: Automating the Development and Management of Web Services Presenter: Kevin McCurley IBM Almaden Research Center Contact: Marcus.

TSpaces Services Suite: Automating the Development and Management of Web Services Presenter: Kevin McCurley IBM Almaden Research Center Contact: Marcus.
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.

Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
SDN and Openflow.

SDN and Openflow.
Scalable Network Virtualization in Software-Defined Networks

Scalable Network Virtualization in Software-Defined Networks
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.

Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.
Managing Agent Platforms with SNMP Brian Remick Research Proposal Defense June 27, 2015.

Managing Agent Platforms with SNMP Brian Remick Research Proposal Defense June 27, 2015.
UNIT-V The MVC architecture and Struts Framework.

UNIT-V The MVC architecture and Struts Framework.
Emanuele Pasqualucci Extending AppManager Monitoring with the SNMP Toolkit.

Emanuele Pasqualucci Extending AppManager Monitoring with the SNMP Toolkit.
Interconnection Protocol Mustafa Kara 514051008 Term Work.

Interconnection Protocol Mustafa Kara Term Work.
Introduction to the Enterprise Library. Sounds familiar? Writing a component to encapsulate data access Building a component that allows you to log errors.

Introduction to the Enterprise Library. Sounds familiar? Writing a component to encapsulate data access Building a component that allows you to log errors.
WINDOWS SERVICES. Introduction You often need programs that run continuously in the background Examples: –Email servers –Print spooler You often need.

WINDOWS SERVICES. Introduction You often need programs that run continuously in the background Examples: – servers –Print spooler You often need.
Configuration Management and Server Administration Mohan Bang Endeca Server.

Configuration Management and Server Administration Mohan Bang Endeca Server.
Zhonghua Qu and Ovidiu Daescu December 24, 2009 University of Texas at Dallas.

Zhonghua Qu and Ovidiu Daescu December 24, 2009 University of Texas at Dallas.
Institute of Computer and Communication Network Engineering OFC/NFOEC, 6-10 March 2011, Los Angeles, CA Lessons Learned From Implementing a Path Computation.

Institute of Computer and Communication Network Engineering OFC/NFOEC, 6-10 March 2011, Los Angeles, CA Lessons Learned From Implementing a Path Computation.
Eric Keller, Evan Green Princeton University PRESTO 2008 8/22/08 Virtualizing the Data Plane Through Source Code Merging.

Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.
Module 7: Fundamentals of Administering Windows Server 2008.

Module 7: Fundamentals of Administering Windows Server 2008.
Windows 2000 Course Summary Computing Department, Lancaster University, UK.

Windows 2000 Course Summary Computing Department, Lancaster University, UK.
Computer Emergency Notification System (CENS)

Computer Emergency Notification System (CENS)
Www.korem.com 1 Geospatial and Business Intelligence Jean-Sébastien Turcotte Executive VP San Francisco - April 2007 Streamlining web mapping applications.

1 Geospatial and Business Intelligence Jean-Sébastien Turcotte Executive VP San Francisco - April 2007 Streamlining web mapping applications.

Similar presentations

Ads by Google