Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network  perf overhead.

Slides:



Advertisements
Similar presentations
IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
Advertisements

Lecture 2 - Networking Devices
Towards Software Defined Cellular Networks
Implementing Inter-VLAN Routing
An Overview of Software-Defined Network Presenter: Xitao Wen.
OpenFlow Costin Raiciu Using slides from Brandon Heller and Nick McKeown.
Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.
OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.
OpenFlow-Based Server Load Balancing GoneWild
SDN and Openflow.
Router Architecture : Building high-performance routers Ian Pratt
CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)
An Overview of Software-Defined Network
Data Plane Verification. Background: What are network policies Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must.
Class 3: SDN Stack Theophilus Benson. Outline Background – Routing in ISP – Cloud Computing SDN application stack revisited Evolution of SDN – The end.
Rbridges: Transparent Routing Radia Perlman
1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.
Spanning Tree and Multicast. The Story So Far Switched ethernet is good – Besides switching needed to join even multiple classical ethernet networks Routing.
Networking Components
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
OpenFlow Switch Limitations. Background: Current Applications Traffic Engineering application (performance) – Fine grained rules and short time scales.
An Overview of Software-Defined Network Presenter: Xitao Wen.
Basic Networking Components
And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.
Chapter 4: Managing LAN Traffic
LECTURE 9 CT1303 LAN. LAN DEVICES Network: Nodes: Service units: PC Interface processing Modules: it doesn’t generate data, but just it process it and.
G64INC Introduction to Network Communications Ho Sooi Hock Internet Protocol.
OpenFlow: Enabling Technology Transfer to Networking Industry Nikhil Handigol Nikhil Handigol Cisco Nerd.
Specialized Packet Forwarding Hardware Feature Specialized Packet Forwarding Hardware Operating System Operating System Operating System Operating System.
Software Defined-Networking. Network Policies Access control: reachability – Alice can not send packets to Bob Application classification – Place video.
VeriFlow: Verifying Network-Wide Invariants in Real Time
Aditya Akella (Based on slides from Aaron Gember and Nick McKeown)
Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.
CS3502: Data and Computer Networks Local Area Networks - 4 Bridges / LAN internetworks.
Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.
1 Liquid Software Larry Peterson Princeton University John Hartman University of Arizona
Defense by Amit Saha March 25 th, 2004, Rice University ANTS : A Toolkit for Building and Dynamically Deploying Network Protocols David Wetherall, John.
SHAWN CROWE LTEC /026 ASSIGNMENT #3 Networking Components.
Review: –Ethernet What is the MAC protocol in Ethernet? –CSMA/CD –Binary exponential backoff Is there any relationship between the minimum frame size and.
Ethernet (LAN switching)
15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
William Stallings Data and Computer Communications
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
SDN and Openflow. Motivation Since the invention of the Internet, we find many innovative ways to use the Internet – Google, Facebook, Cloud computing,
Virtual Machines Created within the Virtualization layer, such as a hypervisor Shares the physical computer's CPU, hard disk, memory, and network interfaces.
Networking Components WILLIAM NELSON LTEC HUB  Device that operated on Layer 1 of the OSI stack.  All I/O flows out all other ports besides the.
Rehab AlFallaj.  Network:  Nodes: Service units: PC Interface processing Modules: it doesn’t generate data, but just it process it and do specific task.
1 Transport Layer: Basics Outline Intro to transport UDP Congestion control basics.
Network Virtualization Sandip Chakraborty. In routing table we keep both the next hop IP (gateway) as well as the default interface. Why do we require.
.  Hubs send data from one computer to all other computers on the network. They are low-cost and low-function and typically operate at Layer 1 of the.
Fabric: A Retrospective on Evolving SDN Presented by: Tarek Elgamal.
SDN challenges Deployment challenges
Instructor Materials Chapter 1: LAN Design
Lecture 2: Leaf-Spine and PortLand Networks
Chapter 4 Data Link Layer Switching
Chapter 5: Inter-VLAN Routing
Introduction to Networking
Software Defined Networking (SDN)
Chapter 7 Backbone Network
LAN switching and Bridges
The Stanford Clean Slate Program
Software Defined Networking (SDN)
Software Defined Networking
ClosedFlow: OpenFlow-like Control over Proprietary Devices
LAN switching and Bridges
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

Programmable Networks: Active Networks + SDN

How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network  perf overhead – Overlay nodes – software routing  perf overhead Middleboxes: ops can introduce what-ever – Must be placed in a specific location – Must determine apriori what type of MB you want

In the ideal work Ideal Anyone can introduce services – So, like overlay Can achieve Data-plane throughput – So, like MB Can introduce anything – So like Overlay Problem: – How to run untrusted code in your environment – We want flexible but need to deal with security, performance, safety

Enter Active Networks Motivated by advances in RPC Goal: run mobile code in network – Code  implementation of a new service Active Extensions: User ships code to network devices – All packets use the code – No change to packet format Active Packets: Each packet carries the code or pointer to the code – Very fine-grain control – Packet is larger – A lot of redundant data

REALITY, MERGE BOTH: The How? Entities are a set of pre-installed modules. The Active packet include the graph of which entities to use. Active Packet! Type:Serv 1 Type:Serv5 Type:Serv6 Type:Serv 1 Type:Serv5 Type:Serv6 IP Header TCP Header Network Router Serv 1 Serv 2 Serv 5 Serv 6 Serv 7

REALITY, MERGE BOTH: The Why? Promotes more modularity and reuse – Entities can be smaller; since packet can be used to stitch together multiple entities. Reduces waste of N/W – A flow  multiple packets – If each Packet carries code  lot of n/w wasted Lots of Waste CPU, load/unloading code Wasted n/w b/w because of code in pkt

REALITY, MERGE BOTH: End-to-End Picture Network Router Active Packet! Type: serv1 Serv 1 Global Entity Store Serv 1 Serv 2 Serv 3 Signs code with special Key, so routers know to trust the code The type is an MD5 hash Of the code. This way pkts are treated by the exact code you downloaded from store

REALITY, MERGE BOTH: End-to-End Picture Network Router Active Packet! Type: serv1 Serv 1

REALITY, MERGE BOTH: End-to-End Picture Network Router Active Packet! Type: serv1 Serv 1

REALITY, MERGE BOTH: End-to-End Picture Network Router Active Packet! Type: serv1 Serv 1

REALITY, MERGE BOTH: End-to-End Picture Network Router Active Packet! Type: serv1 Serv 1 Each router caches the code so that it can be used for Next packet. Packet only caries a pointer to the code.

Active Packet: Capsules Recall: OSI  layering – A.P.  just random modules no need to stick to layers

Routers: Active Nodes A VM (JVM? Language level safety) – Protect code from each other – Prevent for interfering with each other A Trusted Operating system – Allow sharing of resources – Need Some that interfaces directly with H/W Network Router Linux OS JVM Serv 1

Challenges: Performance Traffic must be similar + bursty – Or else caching wouldn’t work Network has diff types of nodes – Not all can run code at line rate Think: Core V Edge Only run on edge nodes

What impacts Performance of Node

Code distribution – Caching of code minimizes this Random management tasks – Cleanup memory (GBC), run normal protocols Running code Main performance bottle-neck

Challenges: Security one code changing with another code's state – No sharing of state due to sandbox. Node O.S. maybe corrupted by code – Sandbox prevents this. Sending bad/malicious code to a node – The person signing should catch bad code – (Think Apple’s App store) Pkt/Capsule using the wrong code at node – Wrong code will have diff finger print, – so finger print in pkt would make finger print of code at node Network Router Linux OS JVM Serv Good Serv 1 Good Serv 1 Bad Serv 1 Bad Serv 1

Challenges: Resource Sharing code using too much resource on a node – Limit resource consumption (also limit code size) – Kill code if it runs for too long code using too much resource across a set of nodes: Tricky – – Use TTL to prevents loops. If I make copies – then they all get the same TTL – Divide TTL when making copies Doesn't work for multicast. an app sending too many capsules/pkts – Similiar to today's internet.

Limitation of API Fixed assumption that code must work around: – 1. format of IP – 2. resource limits (TTL & size & time) – 3. code distribution – 4. how code types are computed and calculated

Limitation in terms of Architecture Things that can't be easily specified: – FW --> since it should work for all flows just not the flows with the type specified. – Web-Cache/transcoders --> code is short lived.

Why this Never took off? Performance. – Still relatively slow– only at edge Complex changes to routers – Routers should run JVM Only a few types of networks – ISP and maybe Enterprise networks – So very limited use-cases

A New Problem

Operator’s Goal Network Reality Interface vlan901 ip address ospf cost 100 ip access-group 9 out ! Router ospf 1 router-id network ! access-list

Old Solution: Programmable Networks Ethane Sw1 Sw2 Sw3 Packet

Ethane Drawbacks Require complex hardware – Each switch needs to encrypt/decrypt packets Performance issues – The controller is involved with every packet

Practical Solution: SDN (e.g. OpenFlow) If (port == 80) Then Drop If (port == 22) Then send on if 2

OpenFlow API (0.9) Match – IP – Mac – Port – VLAN – TOS Action: – Forward/flood on specific interfaces – Drop packet – Rewrite ip or mac headers Layer 3: (OSPF) 1. Matches on IP address 2. Forwards on a port Layer 3: (OSPF) 1. Matches on IP address 2. Forwards on a port Layer 2: (Spanning Tree) 1. Matches on MAC address 2. Forwards on a port OR 2. Floods the packet Layer 2: (Spanning Tree) 1. Matches on MAC address 2. Forwards on a port OR 2. Floods the packet Layer 3.5: (Firewall/ACL) 1.Matches on IP address OR 1.Matches on a port 2.Drops or forwards the pkt Layer 3.5: (Firewall/ACL) 1.Matches on IP address OR 1.Matches on a port 2.Drops or forwards the pkt Layer 2.5: (Spanning Tree) 1.Matches on VLAN 2.2. Floods the packet Layer 2.5: (Spanning Tree) 1.Matches on VLAN 2.2. Floods the packet

OpenFlow API Layer 3: (OSPF) 1. Matches on IP address 2. Forwards on a port Layer 3: (OSPF) 1. Matches on IP address 2. Forwards on a port Layer 2: (Spanning Tree) 1. Matches on MAC address 2. Forwards on a port OR 2. Floods the packet Layer 2: (Spanning Tree) 1. Matches on MAC address 2. Forwards on a port OR 2. Floods the packet Layer 3.5: (Firewall/ACL) 1.Matches on IP address OR 1.Matches on a port 2.Drops or forwards the pkt Layer 3.5: (Firewall/ACL) 1.Matches on IP address OR 1.Matches on a port 2.Drops or forwards the pkt Layer 2.5: (VLAN) 1.Matches on VLAN 2.2. Floods the packet Layer 2.5: (VLAN) 1.Matches on VLAN 2.2. Floods the packet HP ACL OSPF VLAN SPT HP Magic Protocols Cisco ACL OSPF VLAN SPT Cisco Magic Protocols Juniper ACL OSPF VLAN SPT Juniper Magic Protocols

OpenFlow API Simple Firmware patch HP ACL OSPF VLAN SPT HP Magic Protocols Cisco ACL OSPF VLAN SPT Cisco Magic Protocols Juniper ACL OSPF VLAN SPT Juniper Magic Protocols OpenFlow Switch ACL OSPF VLAN SPT

Lesson A rigid network is impractical – Doesn’t support new services Programmable Networks allow great flexibility – Allows anyone to introduce new services – Into which ever nodes they have access to But this flexibility introduces new challenges – Security, performance, Resource control For Technological adoption – Minimal overhead for transition is good – New h/w is hard to get created