Separating Routing From Routers Jennifer Rexford Princeton University
Today’s IP Routers Management plane –Construct network-wide view –Configure the routers Control plane –Track topology changes –Compute routes and install forwarding tables Data plane –Forward, filter, buffer, mark, and rate-limitpackets –Collect traffic statistics OSPF BGP OSPF BGP OSPF BGP FIB configuration monitoring controlled by vendor
Death to the Control Plane! Faster pace of innovation –Remove dependence on vendors and the IETF Simpler management systems –No need to “invert” control-plane operations Easier interoperability between vendors –Compatibility necessary only in “wire” protocols Simpler, cheaper routers –Little or no software on the routers 3
We Can Remove the Control Plane! Control software can run elsewhere –The control plane is just software anyway State and computation is reasonable –E.g., 300K prefixes, a few million changes/day System overheads can be amortized –Mostly redundant data across routers Easier access to other information –Layer-2 risks, host measurements, biz goals, … Some control could move to end hosts 4
Outline 4D architecture –Decision, dissemination, discovery, data Routing Control Platform (RCP) –Interdomain routing without routers Three stages of research –Scalability and reliability –Value-added services –Customization and extensibility Conclusion and ongoing work 5
Clean-Slate 4D Architecture 6
Three Goals of 4D Architecture Network-level objectives –Configure the network, not the routers –E.g., minimize the maximum link utilization –E.g., connectivity under all layer-two failures Network-wide views –Complete visibility to drive decision-making –Traffic matrix, network topology, equipment Direct control –Direct, sole control over data-plane configuration –Packet forwarding, filtering, marking, buffering… 7
The Four Planes Decision: all management and control Dissemination: communication to/from the routers Discovery: topology and traffic monitoring Data: packet handling 8 routers
Practical Challenges Scalability –Decision elements responsible for many routers Response time –Delays between decision elements and routers Reliability –Must have multiple decision elements and failover Security –Network vulnerable to attacks on decision elements Interoperability –Legacy routers and neighboring domains 9
Routing Control Platform (RCP)
Separating Interdomain Routing From Routers Compute interdomain routes for the routers –Input: BGP-learned routes –Output: forwarding-table entries for each router Backwards compatibility with legacy routers –RCP speaks to routers using BGP protocol Routers still run intradomain routing protocol RCP Autonomous System
Incremental Deployability Backwards compatibility –Work with existing routers and protocols Incentive compatibility –Offer significant benefits, even to the first adopters 12 AS 3 AS 2 AS 1 BGP Inter-AS Protocol RCP RCP tells routers how to forward traffic Use BGP to communicate with the legacy routers Simplify management and enable new services Other ASes can deploy an RCP independently ASes with RCPs can cooperate for new featuresASes can upgrade to new routing protocol… while using BGP to control the legacy routers
Three Stages of Research Scalability and reliability –Ensuring the RCP can handle the workload –… doing exactly what routers normally do Value-added services –Capitalizing on the RCP –… to enable new capabilities in the network Extensibility and customization –Redesigning the RCP software –… with extensibility and customization in mind 13
Scalability and Reliability
Scalable Implementation Eliminate redundancy –Store a single copy of each BGP-learned route Accelerate lookups –Maintain indices to identify affected routers Avoid recomputation –Compute routes once for group of related routers Handle only BGP routing –Leave intradomain routing to the routers 15 An extensible, scalable, “smart” route reflector
Runs on a Single High-End PC Home-grown implementation on top of Linux –Experiments on 3.2 Ghz P4 with 4GB memory Computing routes for all AT&T routers –Grouping routers in the same point-of-presence Replaying all routing-protocol messages –BGP and OSPF logs, for 203,000 IP prefixes Experimental results –Memory footprint: 2.5 GB –Processing time: msec 16
Reliability Simple replication –Single PC can serve as an RCP –So, just run multiple such PCs Run replicas independently –Separate BGP update feeds and router sessions –Same inputs, and the same algorithm –No need for replica consistency protocol 17 RCP
Value-Added Services
Example: DoS Blackholing Filtering attack traffic –Measurement system detects an attack –Identify entry point and victim of attack –Drop offending traffic at the entry point RCP null route DoS attack
Example: Maintenance Dry-out Planned maintenance on an edge router –Drain traffic off of an edge router –Before bringing it down for maintenance d egress 1 egress 2 RCP use egress 2
Example: Egress Selection Customer-controlled egress selection –Multiple ways to reach the same destination –Giving customers control over the decision egress 1 egress 2 data center 1 data center 2 hot-potato routing RCP use egress 1 customer sites
Example: Better BGP Security Enhanced interdomain routing security –Anomaly detection to detect bogus routes –Prefer “familiar” routes over unfamiliar d???? egress 1 egress 2 RCP use egress 2 d
Example: Saving Router Memory Reduce memory requirements on routers –Strip BGP route attributes (except prefix and next-hop) –Combine related prefixes into a single route 23 RCP BGP with other ASes /16 nh /16 nh /15 nh 1
Extensibility and Customization
Customized Routes Different routes have different properties –Security, performance, cost, stay in U.S., … Different preferences for different customers –Offer customized route selection as a service 25 Bank VoIP provider School
BGP Artificially Constrains Policy Selecting a single best route – Router selects the highest-ranked route – … and either exports that route or not 26
BGP Artificially Constrains Policy Overloading of BGP attributes –Route selection based on a fixed set of steps –Comparing attributes of the learned routes –E.g., overloading of local preference 27 Business RelationshipsTraffic EngineeringLocal-preference
BGP Artificially Constrains Policy Difficulty of incorporating “side information” –Policies normally depend on many factors –Making BGP routing policy very indirect External information –Traffic and performance measurement –Business relationships –Registry of prefix ownership Internal state –History of prefix origination –History of route stability 28
BGP Artificially Constrains Policy Strict ranking of one attribute over another –Cannot easily balance trade-offs between objectives Cannot implement policies like: 29 “If all paths are somewhat unstable, pick the most stable path (of any length); Otherwise, pick the shortest path through a customer”.
Morpheus System Customized route selection –Per group of neighbors with similar needs Independent policy objectives –Biz relationships, security, stability, performance, cost, … Incorporating side information –Policy modules can receive data feeds Flexible weighing of policy objectives –Weighted sum of “scores” for each route 30
Prototype Implementation Implemented as an extension to XORP –Four new classifier modules (as a pipeline) –New decision processes that run in parallel Selecting weights for policy objectives –Multi-criteria decision analysis –Decision theory technique for selecting weights
Data Plane: Flexible Route Assignment Support for multiple paths already available –“Virtual routing and forwarding (VRF)” (Cisco) –“Virtual router” (Juniper) D: (red path): R6 D: (blue path): R7 R3’s forwarding table (FIB) entries
Data Plane: Consistent Packet Forwarding Tunnels from ingress links to egress links –IP-in-IP or Multiprotocol Label Switching (MPLS) ?
Concluding… 34
Returning to 4D Challenges Scalability –Amortize state and computation, or pre-compute routes Response time –Decision element near the routers, or make routing static Reliability –Simple replication of the decision elements Security –Perimeter filters, only routers talk to decision elements Interoperability –Use BGP, MPLS, or OpenFlow as dissemination plane 35
Conclusions Today’s routers –Too complicated –Too difficult to manage –Too hard to change Dumb routers, smart decision elements –Routers forward packets & collect measurement –… at the behest of the decision elements Proofs of concept –Original RCP prototype, AT&T IRSCP deployment, and Princeton Morpheus project 36
Ongoing Work: OpenFlow and NOX Enterprise network monitoring –Adaptive monitoring of flow aggregates –IDS, anomaly detection, traffic engineering, … Server load balancing in data centers –Multiple servers in a single data center –Sticky load balancing through switch flow rules Wide-area replicated services –Multiple servers in multiple data centers –Directing client traffic to the service instance 37