虛擬化技術 Virtualization Techniques Network Virtualization Software Defined Netwrok
Software defined network Introduction Motivation Concept Character Open Flow Software defined network
Network Protocol and Model
Network Topologies Topologies Topology refers to the physical or logical layout of the computers in a particular network. Commonly used topologies are star, bus and ring.
Network Virtualization What is network virtualization ?
Network Virtualization What is network virtualization ? In computing, Network Virtualization is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Two categories : External network virtualization Combining many networks, or parts of networks, into a virtual unit. Internal network virtualization Providing network-like functionality to the software containers on a single system.
Network Virtualization Desirable properties of network virtualization : Scalability Easy to extend resources in need Administrator can dynamically create or delete virtual network connection Resilience Recover from the failures Virtual network will automatically redirect packets by redundant links Security Increased path isolation and user segmentation Virtual network should work with firewall software Availability Access network resource anytime
Network Virtualization External network virtualization in different layers : Layer 1 Seldom virtualization implement in this physical data transmission layer. Layer 2 Use some tags in MAC address packet to provide virtualization. Example, VLAN. Layer 3 Use some tunnel techniques to form a virtual network. Example, VPN. Layer 4 or higher Build up some overlay network for some application. Example, P2P.
Network Virtualization Internal network virtualization in different layers : Layer 1 Hypervisor usually do not need to emulate the physical layer. Layer 2 Implement virtual L2 network devices, such as switch, in hypervisor. Example, Linux TAP driver + Linux bridge. Layer 3 Implement virtual L3 network devices, such as router, in hypervisor. Example, Linux TUN driver + Linux bridge + iptables. Layer 4 or higher Layer 4 or higher layers virtualization is usually implemented in guest OS. Applications should make their own choice.
Network Virtualization Protocol approach Protocols usually used to approach data-path virtualization. Three implementations 802.1Q – implement hop to hop data-path virtualization MPLS ( Multiprotocol Label Switch ) – implement router and switch layer virtualization GRE (Generic Routing Encapsulation ) – implement virtualization among wide variety of networks with tunneling technique.
Network Virtualization 802.1Q Standard by IEEE 802.1 Not encapsulate the original frame Add a 32-bit field between MAC address and EtherTypes field ETYPE(2B): Protocol identifier Dot1Q Tag(2B): VLAN number, Priority code CE: Customer Edge router PE: Provider Edge router
Network Virtualization Example of 802.1Q VN 1 Source destination Physical Network VN 2 Source destination
Network Virtualization MPLS ( Multiprotocol Label Switch ) Also classified as layer 2.5 virtualization Add one or more labels into package Need Label Switch Router(LSR) to read MPLS header
Network Virtualization Example of MPLS VN 1 5 4 2 7 9 8 LSR Physical Network LER LER CE LSR CE LER CE VN 2 5 4 2 7 9
Network Virtualization GRE ( Generic Routing Encapsulation ) GRE is a tunnel protocol developed by CISCO Encapsulate a wide variety of network layer protocol Stateless property This means end-point doesn't keep information about the state Built Tunnel
Internal Network Virtualization A single system is configured with containers, such as the Xen domain, combined with hypervisor control programs or pseudo-interfaces such as the VNIC, to create a “network in a box”. This solution improves overall efficiency of a single system by isolating applications to separate containers and/or pseudo interfaces. Virtual machine and virtual switch : The VMs are connected logically to each other so that they can send data to and receive data from each other. Each virtual network is serviced by a single virtual switch. A virtual network can be connected to a physical network by associating one or more network adapters (uplink adapters) with the virtual switch.
Software defined network Introduction Motivation Concept Character Open Flow Software defined network
Problem with Internet Infrastructure Routing, management, mobility management, access control, VPN,…. Feature Feature Million of lines of source code Operating System Specialized Packet Forwarding Hardware Billions of gates Bloated Vertically integrated, complex, closed, proprietary Not suitable for experimental ideas Not good for network owners & users; Not good for researchers.
Problem: No Abstractions for Control Plane Addition of a new function to the network Highly complex distributed system problem Networks too difficult to program and to reason about No good abstractions and interfaces Forwarding OS Distributed Network Functions Forwarding OS Router/Switch/Appliance Forwarding OS Router/Switch/Appliance Router/Switch/Appliance
Software-Defined Network with key Abstractions in the Control Plane Network Virtualization Well-defined API Routing Traffic Engineering Other Applications Network Map Abstraction Network Operating System Forwarding Separation of Data and Control Plane Forwarding Forwarding Forwarding
Software defined network Introduction Motivation Concept Character Open Flow Software defined network
Concept In SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications. By Open Networking Foundation white paper
Traditional network node: Router Router can be partitioned into control and data plane Management plane/ configuration Control plane / Decision: OSPF (Open Shortest Path First) Data plane / Forwarding Adjacent Router Router Management/Policy plane Configuration / CLI / GUI Static routes Control plane OSPF Neighbor table Link state database IP routing table Forwarding table Data plane Routing Switching
Traditional network node: Switch Typical Networking Software Management plane Control Plane – The brain/decision maker Data Plane – Packet forwarder
SDN entity SDN Protocol – Open Flow A commonly protocol used to manage software defined network
SDN Software Defined Networking SDN Principles Separate Control plane and Data plane entities Execute or run Control plane software on general purpose hardware Decouple from specific networking hardware Use commodity servers Have programmable data planes Maintain, control and program data plane state from a central entity An architecture to control not just a networking device but an entire network
Software defined network Introduction Motivation Concept Character Open Flow Software defined network
Key Characters for SDN Success Architecture for a Network Operating System with a service/application oriented namespace Resource virtualization and aggregation pooling to achieve scaling Appropriate abstractions to foster simplification Decouple topology, traffic and inter-layer dependencies Dynamic multi-layer networking
Software defined network Introduction Motivation Concept Character Open Flow Software defined network
What is OpenFlow OpenFlow is like an x86 instruction set for the network Provides open interface to “black box” networking node (ie. Routers, L2/L3 switch) to enable visibility and openness in network Separation of control plane and data plane. The datapath of an OpenFlow Switch consists of a Flow Table, and an action associated with each flow entry The control path consists of a controller which programs the flow entry in the flow table OpenFlow is based on an Ethernet switch, with an internal flow-table, and a standardized interface to add and remove flow entries
Components of OpenFlow Network Controller OpenFlow Protocol Messages Controlled channel Flow Table Flow entry Processing Pipeline Processing Packet Matching Instructions & Action Set
Controller: Centralized V.S. Distributed
OpenFlow Protocol Messages Controller-to-Switch : initiated by the controller and used to directly manage or inspect the state of the switch EX: Features, Config, Modify State, Read-State, Packet-Out, Barrier. Asynchronous : Asynchronous messages are sent without the controller soliciting them from a switch EX: Packet-in, Flow Removed / Expiration, Port-status, Error Symmetric: Symmetric messages are sent without solicitation, in either direction EX: Hello, Echo, Experimenter / Vendor
Secure Channel (SC) SC is the interface that connects each OpenFlow switch to controller A controller configures and manages the switch via this interface. Receives events from the switch Send packets out the switch SC establishes and terminates the connection between OpneFlow Switch and the controller using the procedures Connection Setup Connection Interrupt The SC connection is a TLS connection. Switch and controller mutually authenticate by exchanging certificates signed by a site-specific private key.
Flow Table / Entry A flow table consists of flow entries Match fields to match against packets. These consist of the ingress port and packet headers, and optionally metadata specified by a previous table Counters to update for matching packets instructions to modify the action set or pipeline processing Match Fields Counters Instructions In Port Src MAC Dst MAC Eth Type Vlan Id IP Tos IP Proto IP Src IP Dst TCP Src Port TCP Dst Port Layer 2 Layer 3 Layer 4 Forward packet to port(s) Encapsulate and forward to controller Drop packet Send to normal processing pipeline 1. Packet 2. Byte counters
Matching Fields & List of Counters Figure From OpenFlow Switch Specification
Pipeline Processing
Packet Matching
Flowchart how to parsed for matching Eth Type (commonly) Vlan: 0x88a8, 0x8100 MPLS: 0x8847, 0x8848 ARP: 0x0806 IP: 0x0800
Instructions & Action Set Each flow entry contains a set of instructions that are executed when a packet matches the entry An Action set is associated with each packet. Its empty by default Action set is carried between flow tables A flow entry modifies action set using Write Action or Clear-Action instruction Processing stops when the instruction does not contain Goto-Table and the actions in the set are executed
Dynamic load balancing Usage: Load Balancing Current methods use uniform distribution of traffic Not based on network congestion and server load More adaptive algorithms can be implemented by using OpenFlow Monitor the network traffic Program flows based on demand and server capacity Network Operating System Program Flow Entries Data Forwarding (OpenFlow Switch) Collect Statistics Observe load patterns Dynamic load balancing using Open Flow
Summary SDN is an architecture of which OpenFlow is just a part Clearly separation of control and data plane functionalities Provides high level abstractions Network topology Application API Standard vendor-agnostic interface to program the hardware Scalability concerns SDN is not a magic wand to solve the current problems Many vendors are evaluating the direction SDN will take
References "OpenFlow: Enabling Innovation in Campus Networks“ N. McKeown, T. Andershnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turneron, H. Balakris ACM Computer Communication Review, Vol. 38, Issue 2, pp. 69-74 April 2008 OpenFlow Switch Specication V 1.1.0. Richard Wang, Dana Butnariu, and Jennifer Rexford OpenFlow-based server load balancing gone wild, Workshop on Hot Topics in Management of Internet, Cloud, and Enterprise 66 IP Infusion Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change without notice © 2011 IP Infusion Inc. gone wild, Workshop on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services (Hot-ICE), Boston, MA, March 2011. Saurav Das, Guru Parulkar, Preeti Singh, Daniel Getachew, Lyndon Ong, Nick McKeown, Packet and Circuit Network Convergence with OpenFlow, Optical Fiber Conference (OFC/NFOEC'10), San Diego, March 2010 Nikhil Handigol, Srini Seetharaman, Mario Flajslik, Nick McKeown, Ramesh Johari, Plug-n-Serve: Load-Balancing Web Traffic using OpenFlow, ACM SIGCOMM Demo, Aug 2009. NOX: Towards an Operating System for Networks https://sites.google.com/site/routeflow/home http://www.openflow.org/ http://www.opennetsummit.org/ https://www.opennetworking.org/ http://conferences.sigcomm.org/sigcomm/2010/papers/sigcomm/p195.pdf http://searchnetworking.techtarget.com/
Q & A