THE HEBREW UNIVERSITY OF JERUSALEM OpenBox: A Software-Defined Framework for Developing, Deploying, and Managing Network Functions Yotam Harchol The Hebrew.

Slides:



Advertisements
Similar presentations
Towards Software Defined Cellular Networks
Advertisements

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
An Overview of Software-Defined Network Presenter: Xitao Wen.
Deep Packet Inspection as a Service Yaron Koral† Joint work with Anat Bremler-Barr‡, Yotam Harchol† and David Hay† †The Hebrew University, Israel ‡IDC.
INTRODUCTION Frequent and resource-exhaustive events, such as flow arrivals and network-wide statistics collection events, stress the control plane and.
L3vpn end-system draft Pedro Marques. Overview Defines a mechanism to associate an end- system virtual interface to an L3VPN. – Co-located forwarder:
SDN and Openflow.
Scalable Flow-Based Networking with DIFANE 1 Minlan Yu Princeton University Joint work with Mike Freedman, Jennifer Rexford and Jia Wang.
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
An Overview of Software-Defined Network
An Overview of Software-Defined Network Presenter: Xitao Wen.
Toward Software-Defined Middlebox Networking Aaron Gember, Prathmesh Prabhu, Zainab Ghadiyali, Aditya Akella University of Wisconsin-Madison 1.
Workshop on Software Defined Networks Spring 2014.
Data Center Network Redesign using SDN
Enabling Innovation Inside the Network Jennifer Rexford Princeton University
Composing Software Defined Networks Jennifer Rexford Princeton University With Joshua Reich, Chris Monsanto, Nate Foster, and.
XOMB Incrementally scalable architecture for middleboxes Presenter : Donghwi Kim.
Software-Defined Networks Jennifer Rexford Princeton University.
Deep Packet Inspection as a Service Anat Bremler-Barr IDC Herzliya Joint work with Yotam Harchol, David Hay and Yaron Koral The Hebrew University Appeared.
Higher-Level Abstractions for Software-Defined Networks Jennifer Rexford Princeton University.
Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network  perf overhead.
Open networking w/ Marist College Software Defined Networks.
Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags Seyed K. Fayazbakhsh *, Luis Chiang ¶, Vyas Sekar *, Minlan.
Extending SDN to Handle Dynamic Middlebox Actions via FlowTags (Full version to appear in NSDI’14) Seyed K. Fayazbakhsh, Luis Chiang, Vyas Sekar, Minlan.
SDN AND OPENFLOW SPECIFICATION SPEAKER: HSUAN-LING WENG DATE: 2014/11/18.
Programming Languages for Software Defined Networks Jennifer Rexford and David Walker Princeton University Joint work with the.
Aaron Gember, Theophilus Benson, Aditya Akella University of Wisconsin-Madison.
SDN and Openflow. Motivation Since the invention of the Internet, we find many innovative ways to use the Internet – Google, Facebook, Cloud computing,
CellSDN: Software-Defined Cellular Core networks Xin Jin Princeton University Joint work with Li Erran Li, Laurent Vanbever, and Jennifer Rexford.
Improving Network Management with Software Defined Network Group 5 : z Xuling Wu z Haipeng Jiang z Sichen Wu z Aparna Sanil.
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Programming Languages COS 597E: Software Defined Networking.
SDN and Beyond Ghufran Baig Mubashir Adnan Qureshi.
Outline PART 1: THEORY PART 2: HANDS ON
Preliminaries: EE807 Software-defined Networked Computing KyoungSoo Park Department of Electrical Engineering KAIST.
Deep Packet Inspection as a Service Author : Anat Bremler-Barr, Yotam Harchol, David Hay and Yaron Koral Conference: ACM 10th International Conference.
Design and Implementation of a Data Plane for the OpenBox Framework Pavel Lazar March 2016 This research was supported by the European Research Council.
Software Defined Networking BY RAVI NAMBOORI. Overview  Origins of SDN.  What is SDN ?  Original Definition of SDN.  What = Why We need SDN ?  Conclusion.
NFP: Enabling Network Function Parallelism in NFV
InterVLAN Routing 1. InterVLAN Routing 2. Multilayer Switching.
Ready-to-Deploy Service Function Chaining for Mobile Networks
Xin Li, Chen Qian University of Kentucky
SDN challenges Deployment challenges
Yotam Harchol The Hebrew University of Jerusalem
Yotam Harchol The Hebrew University of Jerusalem
David Hay The Hebrew University of Jerusalem
A Survey of Network Function Placement
Multi-layer software defined networking in GÉANT
The DPIaaS Controller Prototype
Heitor Moraes, Marcos Vieira, Italo Cunha, Dorgival Guedes
Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014
StratusLab Final Periodic Review
StratusLab Final Periodic Review
Yotam Harchol The Hebrew University of Jerusalem
6.829 Lecture 13: Software Defined Networking
Load Balancing Memcached Traffic Using SDN
Software Defined Networking (SDN)
NFP: Enabling Network Function Parallelism in NFV
Northbound API Dan Shmidt | January 2017
Software Defined Networking (SDN)
Software Defined Networking
NFP: Enabling Network Function Parallelism in NFV
Bridges and Extended LANs
Programmable Networks
Yotam Harchol The Hebrew University of Jerusalem
OpenSec:Policy-Based Security Using Software-Defined Networking
Chapter 5 Network Layer: The Control Plane
Control-Data Plane Separation
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

THE HEBREW UNIVERSITY OF JERUSALEM OpenBox: A Software-Defined Framework for Developing, Deploying, and Managing Network Functions Yotam Harchol The Hebrew University of Jerusalem Joint work with Anat Bremler-Barr and David Hay Accepted to ACM SIGCOMM 2016 A preliminary version of this work was published in ACM SIGCOMM HotMiddleboxes This research was supported by the European Research Council ERC Grant agreement no , the Israeli Centers of Research Excellence (I-CORE) program (Center No. 4/11), and the Neptune Consortium.

Network Function Virtualization Network Functions (e.g., middleboxes): Expensive HW No scalability or provisioning Separate management 2 Admins want: Cheap HW Scalability Auto provisioning Central management Network Function Virtualization (NFV): Make middleboxes virtual (SW VMs) Deploy on general purpose servers, scale and provision Steer traffic correctly using SDN or other techniques

Software-Defined Networks SDN so far: Control the forwarding But the network is not only forwarding! 3

Software-Defined Solutions 4 SDN Controller OpenBox Controller OBI Forwarding plane (switches, routers): -High cost -Limited management -No multi-tenancy -Limited functionality and limited innovation -Complex distributed algorithms Forwarding plane (switches, routers): -High cost -Limited management -No multi-tenancy -Limited functionality and limited innovation -Complex distributed algorithms Solution: SDN / OpenFlow Network Functions (Middleboxes): -Higher cost -Limited and separate management -Limited provisioning and scalability -No multi-tenancy -Limited functionality and limited innovation -Similar processing steps, no re-use Network Functions (Middleboxes): -Higher cost -Limited and separate management -Limited provisioning and scalability -No multi-tenancy -Limited functionality and limited innovation -Similar processing steps, no re-use Our solution: OpenBox

OpenBox OpenBox: A new protocol Decouples network function control from their data plane Unifies data plane of multiple network functions Benefits: Easier, unified control Better performance Scalable Flexible Multi-tenancy Innovation 5 OpenBox Controller OpenBox Applications Control Plane Data Plane OpenBox Service Instances OpenBox Protocol Northbound API

A Different View of Middleboxes Previous works: Middlebox = monolithic closed unit – Middlebox Traffic Steering (e.g., SIMPLE [Sigcomm ‘13], Stratos) – Middlebox Virtualization (e.g., ComB [NSDI ’12]) – Middlebox State Management (e.g., OpenNF [Sigcomm ‘14]) – Middlebox Runtime Platform (e.g., xOMB [ANCS ‘12], SDM [INFOCOM ‘14]) OpenBox: Middlebox = logical application – Most processing steps are shared among many types of middlebox applications – Some steps can be done once for multiple applications 6 OpenBox Controller OpenBox Applications

What Network Functions Do? 7 Firewall: Read Packets Header Classifier Drop Alert Output Load Balancer: Read Packets Header Classifier Rewrite Header Output Intrusion Prevention System: Read Packets Header Classifier Drop Alert DPI Output

What Network Functions Do? 8 Read Packets Header Classifier DPI Classification VLAN Pop VLAN Push Rewrite Header Header Modification Begin Transaction Rollback Transaction Commit Transaction Transactions Gzip Decompress Gzip Compress De/compression HTML Normalizer JavaScript Normalizer XML Normalizer Normalization Store Packet Restore Packet Caching Alert Log Reporting Output Drop Terminals FIFO Queue Front Drop Queue RED Queue Leaky Bucket Queue Management

OpenBox Data Plane 9 Read Packets Header Classifier DPI Classification VLAN Pop VLAN Push Rewrite Header Header Modification Begin Transaction Rollback Transaction Commit Transaction Transactions Gzip Decompress Gzip Compress De/compression HTML Normalizer JavaScript Normalizer XML Normalizer Normalization Store Packet Restore Packet Caching Alert Log Reporting Output Drop Terminals FIFO Queue Front Drop Queue RED Queue Leaky Bucket Queue Management OpenBox Service Instance Virtual or Physical Provides data plane services to realize the logic of network functions Controlled by the logically-centralized OpenBox controller

Network Function  OpenBox Application Each application defines: – A graph (DAG) of processing blocks – Configuration for each processing blocks Northbound API allows: – Specifying processing blocks and config – Reacting to events in the network (e.g., change configuration and placement according to load information) – Injecting new modules to OBI (when supported by OBI) 10 OpenBox Protocol OpenBox Service Instances OpenBox Controller OpenBox Applications Control Plane Data Plane NB API

(Logically-)Centralized Control Aggregates multiple OpenBox applications – Creates a Virtual Processing Graph that aggregates multiple processing graphs – Based on order and priority of applications, and location in network Provides a central management – Network-wide view of NFs – Multiple tenants run multiple applications for multiple policies in the same network – Applications do not share data Automatic scaling, provisioning, and placement based on load information from data plane 11 OpenBox Protocol OpenBox Service Instances OpenBox Controller OpenBox Applications Control Plane Data Plane NB API

Naïve Graph Merge 12 Firewall: Read Packets Header Classifier Drop Alert Output Intrusion Prevention System: Read Packets Header Classifier Drop Alert DPI Output Header Classifier Drop Alert (IPS) DPI Output Read Packets Header Classifier Drop Alert (Firewall) Concatenated Processing Graph: Performance ≈ Diameter of Graph

Graph Merge Algorithm 13 Firewall: Read Packets Header Classifier Drop Alert Output Intrusion Prevention System: Read Packets Header Classifier Drop Alert DPI Output Input Graphs:

Graph Merge Algorithm 14 Firewall: Read Packets Header Classifier Drop Alert Output Intrusion Prevention System: Read Packets Header Classifier Drop Alert DPI Output Step 1: Normalize graphs to trees Output Alert Output Drop Output

Graph Merge Algorithm 15 Read Packets Header Classifier Drop Alert (Firewall) Header Classifier Drop Alert (IPS) DPI Output Step 2: Concatenate graphs Alert (IPS) Alert (IPS) Output Drop Output Header Classifier Drop Alert (IPS) DPI Output Alert (IPS) Alert (IPS) Output Drop Output

Graph Merge Algorithm 16 Read Packets Header Classifier Drop Alert (Firewall) Header Classifier Drop Alert (IPS) DPI Output Step 3: Merge classifiers Alert (IPS) Alert (IPS) Output Drop Output Header Classifier Drop Alert (IPS) DPI Output Alert (IPS) Alert (IPS) Output Drop Output

Graph Merge Algorithm 17 Read Packets Header Classifier Drop Alert (Firewall) Header Classifier Drop Alert (IPS) DPI Output Step 3: Merge classifiers Alert (IPS) Alert (IPS) Output Drop Output Drop Alert (IPS) DPI Output Alert (IPS) Alert (IPS) Output Drop Output

Graph Merge Algorithm 18 Read Packets Header Classifier Drop Alert (Firewall) Drop Alert (IPS) DPI Output Step 3: Merge classifiers Alert (IPS) Alert (IPS) Output Drop Output Drop Alert (IPS) DPI Output Alert (IPS) Alert (IPS) Output Drop Output Alert (Firewall) Alert (Firewall) Alert (Firewall)

Graph Merge Algorithm 19 Read Packets Header Classifier Drop Alert (Firewall) Drop Alert (IPS) DPI Output Step 4: Remove redundant block copies (and rewire connectors accordingly) Alert (IPS) Alert (IPS) Output Drop Output Drop Alert (IPS) DPI Output Alert (IPS) Alert (IPS) Output DPI Drop Output Alert (Firewall) Alert (Firewall) Alert (Firewall)

Graph Merge Algorithm 20 Merged Processing Graph: Read Packets Header Classifier Drop Alert (IPS) DPI Output Alert (Firewall) Shorter Diameter

OpenBox Protocol: Connection Setup 21 Hello SetParametersRequest SetParametersResponse AddCustomModuleRequest AddCustomModuleResponse BarrierRequest SetProcessingGraphRequest SetProcessingGraphResponse BarrierRequest Controller Service Instance

OpenBox Protocol – Block Definition 22

OpenBox Protocol: Block Hierarchy 23 HeaderClassifier TCAMClassifier TrieClassifier Controller Service Instance Hello … Supported blocks: HeaderClassifier: [TCAMClassifier, TrieClassifier] Hello … Supported blocks: HeaderClassifier: [TCAMClassifier, TrieClassifier] SetProcessingGraphRequest … Use TCAMClassifier in graph SetProcessingGraphRequest … Use TCAMClassifier in graph

Distributed Data Plane OpenBox Service Instance Software OpenBox Service Instance Hardware (TCAM) E.g., an OpenFlow switch with encapsulation features Header Classifier Alert Payload Classifier Rewrite Header Metadata

Extensible Data Plane OpenBox Service Instance Software OpenBox Service Instance Hardware Implementation Header Classifier Alert Payload Classifier Rewrite Header Media Encoder OpenBox Controller A new software module can be injected from control plane without modifying or re-deploying software in data plane

Scalable & Reliable Data Plane Easy provisioning of new OBIs by simply running more VMs (VNFs) – Even for hardware-assisted tasks, can use software VMs as a backup for peak times OBIs can report load information to controller, to allow centralized control over provisioning Increases reliability – quickly respond to crashes 26 OBI

Implementation 27 Java-based Controller Generic Python wrapper for execution engines Click-based execution engine

Performance Improvement 28 VM1 Firewall VM2 IPS VM1 Firewall1 VM2 Firewall2 VM1 OBI1 VM2 OBI2 Without OpenBox With OpenBox

Conclusions Network functions are currently a real challenge in datacenter, operator, and enterprise networks OpenBox decouples the data plane processing from network function logic and: – Reduces costs of management – Enhances performance – Improves scalability – Increases reliability – Provides multi-tenancy – Allows easier innovation and lets new players into the game 29 OpenBox Protocol OpenBox Service Instances OpenBox Controller OpenBox Applications Control Plane Data Plane NB API

THANK YOU! Questions? 30

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.