Presentation is loading. Please wait.

Presentation is loading. Please wait.

Flexible and Scalable Systems for Network Management

Published byThomas Elliott Modified over 6 years ago

Similar presentations

Presentation on theme: "Flexible and Scalable Systems for Network Management"— Presentation transcript:

1 Flexible and Scalable Systems for Network Management
Arpit Gupta Adviser: Nick Feamster Readers: Nick Feamster, Jennifer Rexford, and Walter Willinger Examiners: Nick Feamster, Marshini Chetty, and Kyle Jamieson

2 Making the ‘Net’ Work Google Level3 Cogent Princeton Outages
Cyberattacks Cogent Network Operator Princeton Congestion

3 Monitor What’s Going On In the Network
Is video streaming traffic jittery? Receiving DNS responses from many distinct hosts? address protocol payload device location Traffic jitter distinct hosts volume delay loss asymmetry Metrics Google Flexible network monitoring is desired

4 React to Various Network Events
Forward video streaming traffic via Level3, rest via Cogent Drop the attack traffic before it reaches my network Attack Traffic Drop address protocol payload device location Traffic forward drop rate-limit modify Actions Video Streaming Traffic Google Level3 Drop Other Traffic Flexible network control is desired Cogent Attack Traffic

5 Filling the “Flexibility” And “Scalability” Gap
Congestion Mgmt. Censorship Avoidance Load Balance Traffic Scrubbing Limitless Creativity (Flexibility) Traffic Engineering DDoS Defense Abstractions Deployable Systems Gap Algorithms Limited Resources (Scalability) Network Devices

6 How to use programmable switches?
Main Challenge Network devices need to process packets for millions of unique flows in 2-3 ns Programmable Switches Routers CPUs Match Destination Address Actions route, drop State O(1 M) Speed O(ns) All Headers add, subtract, bit operations O(100 K) O(ns) Headers + Payload Any O(1 B) O(μs) Scalable Flexible How to use programmable switches?

7 Systems for Making the ‘Net’ Work
Flexible and scalable systems for network management Monitor Control Sonata SDX [SIGCOMM’18] [SOSR’18] [HotNets’16] [SIGCOMM’14] [NSDI’16] [SOSR’16] [SOSR’17]

8 Systems for Making the ‘Net’ Work
Flexible and scalable system for network control Monitor Control Sonata SDX [SIGCOMM’14] [NSDI’16] [SOSR’16] [SOSR’17]

9 Flexible (Interdomain) Network Control
Forward video streaming traffic via Level3, rest via Cogent Drop DNS responses to reflection attack victims Attack Traffic Drop Video Streaming Traffic Google Level3 Drop Other Traffic Cogent Attack Traffic

10 Interdomain Traffic Control (Today)
Networks’ routers use Border Gateway Protocol (BGP) for exchanging traffic with each other I have routes for IP prefix “10/8” Inflexible 10/8 Traffic How to enable flexible network control? Google Level3 I have routes for IP prefix “10/8” Cogent

11 Enabling Flexible Traffic Control
Replace all routers with programmable switches Programmable Switches How to enable incrementally deployable flexible traffic control? Google Level3 Cogent

12 Rise of Internet Exchange Points (IXPs)
Route Server BGP Session Switching Fabric Google Level3 Cogent

13 Software-Defined IXP (SDX)
SDX Controller Control Program Programmable Switch Google Level3 Incrementally deployable Cogent

14 Building SDX is Challenging
Programming abstraction How to let networks define flexible control programs for the shared SDX switch? Interoperation with BGP How to provide flexibility w/o breaking global routing? Scalability How to handle programs for hundreds of peers, half million prefixes and matches on multiple header fields?

15 Building SDX is Challenging
Programming abstraction How to let networks define flexible control programs for the shared SDX switch? Interoperation with BGP How to provide flexibility w/o breaking global routing? Scalability How to handle programs for hundreds of peers, half million prefixes and matches on multiple header fields?

16 Programming Abstraction
How to express control programs for shared SDX switch without worrying about other’s programs? SDX Switch drop? fwd? Google Level3 sPort=53  drop Conflicting programs for DNS traffic Cogent sPort=53  fwd(Level3)

17 Virtual Switch Abstraction
Participants express flexible control programs for their own virtual switches SDX Switch Virtual Switch Virtual Switch Google Level3 Google Level3 sPort=53  drop Virtual Switch Cogent Cogent sPort=53  fwd(Level3)

18 Building SDX is Challenging
Programming abstraction How to let networks define flexible control programs for the shared SDX switch? Interoperation with BGP How to provide flexibility w/o breaking global routing? Scalability How to handle programs for hundreds of peers, half million prefixes and matches on multiple header fields?

19 Deliver HTTP traffic via Cogent
Simple Example SDX Google Level3 announces 10/8, 40/8 dPort = 80 → fwd(Cogent) Cogent announces 10/8, 40/8, 80/8 Deliver HTTP traffic via Cogent

20 Safe Interoperations with BGP
How to enable flexibility w/o breaking global routing? Not announced by Cogent dPort = 80, dIP = P SDX Google Cogent announces: 10/8, 40/8, 80/8 dPort = 80 → fwd(Cogent) Ensure packet P is not forwarded to Cogent

21 Naïve Solution: Program Augmentation
Google’s Program dPort = 80 → fwd(Cogent) BGP Prefix Announcements viewed by Google Announcements Level3 10/8, 40/8 Cogent 10/8, 40/8, 80/8 dPort = 80, dIP ∈ 10/8 → fwd(Cogent) dPort = 80, dIP ∈ 40/8 → fwd(Cogent) dPort = 80, dIP ∈ 80/8 → fwd(Cogent) Inflation by factor of three

22 Building SDX is Challenging
Programming abstraction How to let networks define flexible control programs for the shared SDX switch? Interoperation with BGP How to provide flexibility w/o breaking global routing? Scalability How to handle programs for hundreds of peers, half million prefixes and matches on multiple header fields?

23 Scalability Challenge
How to compile programs for hundreds of peers, half million prefixes and matches on multiple header fields? Programmable Switch Routers Match All Headers State O(100 K) Destination Address O (1 M) How to make the best use of programmable switch and routers?

24 Offload Complexity to the Packet
Google’s Program dPort = 80 → fwd(Cogent) BGP Prefix Announcements viewed by Google Announcements Level3 10/8, 40/8 Cogent 10/8, 40/8, 80/8 Metadata dPort = 80, dIP ∈ 10/8→ fwd(Cogent) Reachable via Cogent, Level3 dPort = 80, Cogent ∈ Metadata→ fwd(Cogent) Packet dIP in 10/8

25 Reachability Attributes
Set of valid next hops for each prefix Reachability Attributes BGP Announcements Prefix Attributes 10/8 Level3, Cogent 40/8 80/8 Cogent Announcements Level3 10/8, 40/8 Cogent 10/8, 40/8, 80/8

26 Encoding Reachability Attributes (Strawman)
Assign one bit for each SDX participant Level3 Cogent Reachability Attributes Reachability Bitmask Prefix Attributes 10/8 Level3, Cogent 40/8 80/8 Cogent Prefix Attributes 10/8 11 40/8 80/8 01

27 Complexity at SDX’s Switch
Assign one bit for each SDX participant Level3 Cogent dPort = 80 → fwd(Cogent) dPort = 80, Metadata=*1→ fwd(Cogent) Simplifies match rules at SDX

28 Only requires 33 bits for 500+ participants
Metadata Size Assign one bit for each SDX participant Level3 Cogent IXP participants. Strawman scales poorly! Hierarchical Encoding Divide reachability attributes into clusters Trades metadata size with additional match rules Only requires 33 bits for 500+ participants

29 500+ participants, 96 M routes for 300K IP prefixes
SDX’s Performance 68 M 3 orders of magnitude reduction Log Scale 62 K 65 K Reduces metadata size to 33 bits at the cost of additional 3K TCAM entries 500+ participants, 96 M routes for 300K IP prefixes

30 SDX runs over commodity h/w switches
SDX’s Performance 68 M Log Scale 62 K 65 K Switch Constraint (100 K) SDX runs over commodity h/w switches 500+ participants, 96 M routes for 300K IP prefixes

31 How to Attach Metadata to the Packet?
SDX Controller What’s the Next Hop MAC Address for “20/8”? Metadata Packet dIP in 20/8 Metadata No changes required for border routers Border routers can match on O(1M) IP prefixes

32 SDX: Contributions SDX [SIGCOMM’14] Internet-2 Innovation Award
iSDX [NSDI’16] Community Award Virtual switch abstraction Abstractions Attribute encoding algorithms System Algorithms PathSets [SOSR’17] Best Paper Award Prototype with Quanta switches (5K lines of code) Open-sourced with Open Networking Foundation Used by DE-CIX, IX-BR, IIX, NSA; and Coursera assignment

33 Systems for Making the ‘Net’ Work
Flexible and scalable system for network monitoring Monitor Control Sonata SDX [SIGCOMM’18] [SOSR’18] [HotNets’16]

34 Building Sonata is Challenging
Programming abstractions How to let network operators express queries for a wide-range of monitoring tasks? Scalability How to execute multiple queries for high volume traffic in real time?

35 Building Sonata is Challenging
Programming abstractions How to let network operators express queries for a wide-range of monitoring tasks? Scalability How to execute multiple queries for high volume traffic in real time?

36 Use Case: Detect DNS Reflection Attacks
Src: DNS Dst: Victim Src: Victim Dst: DNS DNS 👺 Src: DNS Dst: Victim Src: Victim Dst: DNS Attacker Identify hosts that receive DNS responses from many distinct sources 😵 Victim

37 Packet as Tuple Treat packet as a tuple Packet
traversed path, queue size, number of bytes, … Metadata Header source/ destination address, protocol, ports, … Payload Treat packet as a tuple Packet = (path, qsize, nbytes,… sIP, dIP, proto, sPort, dPort, … payload)

38 Monitoring Tasks as Dataflow Queries
Detecting DNS Reflection Attack Identify if DNS responses from unique sources to a single host exceeds a threshold (Th) victimIPs = pktStream .filter(p => p.udp.sport == 53) .map(p => (p.dstIP, p.srcIP)) .distinct() .map((dstIP, srcIP) => (dstIP, 1)) .reduce(keys=(dstIP,), sum) .filter((dstIP, count) => count > Th) Express wide range of network monitoring tasks in fewer than 20 lines of code DNS responses from unique sources to a single host exceeds a threshold

39 Building Sonata is Challenging
Programming abstractions How to let network operators express queries for a wide-range of monitoring tasks? Scalability How to execute multiple queries for high volume traffic in real time?

40 Where to Execute Monitoring Queries?
CPUs Switches Match Headers + Payload Actions Any State O(Gb) Speed O(μs) Headers++ add, subtract, bit operations O(Mb) O(ns) Can we use both switches and CPUs? Gigascope [SIGMOD’03] NetQRE [SIGCOMM’17] Univmon [SIGCOMM’16] Marple [SIGCOMM’17]

41 PISA* Processing Model
Programmable Parser Persistent State Programmable Deparser Memory ALU Packet Header Vector ip.src= ip.dst= ... Stages *RMT [SIGCOMM’13]

42 Mapping Dataflow to Data plane
Model Pipeline Processing Unit Operators Match-Action Tables Structured Data Tuples Packets Which dataflow operators can be compiled to match-action tables?

43 Compiling Individual Operators
Stream of elements Elements satisfying predicate (p) filter(p) Input Output pvictimIPs = pktStream .filter(p => p.udp.sport == 53) .map(p => (p.dstIP, p.srcIP)) .distinct() .map((dstIP, srcIP) => (dstIP, 1)) .reduce(keys=(dstIP,), sum) .filter((dstIP, count) => count > Th) Match Action p udp.sport == 53 1 2 3 4 5 6 7

44 Compiling Individual Operators
Stream of elements Result of applying function f over all elements reduce(f) Input Output Memory pvictimIPs = pktStream .filter(p => p.udp.sport == 53) .map(p => (p.dstIP, p.srcIP)) .distinct() .map((dstIP, srcIP) => (dstIP, 1)) .reduce(keys=(dstIP,), sum) .filter((dstIP, count) => count > Th) Match Action * idx = hash(m.dstIP) 1 2 3 4 5 6 7 Match Action * stateful[idx] += 1

45 Programmable Deparser
Compiling a Query Programmable Parser State Programmable Deparser Filter Map D1 D2 Map R1 R2 Filter Stages

46 Query Partitioning Decisions
pvictimIPs = pktStream .filter(p => p.udp.sport == 53) .map(p => (p.dstIP, p.srcIP)) .distinct() .map((dstIP, srcIP) => (dstIP, 1)) .reduce(keys=(dstIP,), sum) .filter((dstIP, count) => count > Th) pvictimIPs = pktStream .filter(p => p.udp.sport == 53) .map(p => (p.dstIP, p.srcIP)) .distinct() .map((dstIP, srcIP) => (dstIP, 1)) .reduce(keys=(dstIP,), sum) .filter((dstIP, count) => count > Th) pvictimIPs = pktStream .filter(p => p.udp.sport == 53) .map(p => (p.dstIP, p.srcIP)) .distinct() .map((dstIP, srcIP) => (dstIP, 1)) .reduce(keys=(dstIP,), sum) .filter((dstIP, count) => count > Th) pvictimIPs = pktStream .filter(p => p.udp.sport == 53) .map(p => (p.dstIP, p.srcIP)) .distinct() .map((dstIP, srcIP) => (dstIP, 1)) .reduce(keys=(dstIP,), sum) .filter((dstIP, count) => count > Th) Query Planner Resources? Reduce Load? Tuples

47 Query Partitioning ILP
Programmable Parser Persistent State Programmable Deparser Constraints PHV Size Memory ALU Number of Actions Stateful Memory Total Stages Packet Header Vector Stages Goal: Minimize tuples sent to stream processor

48 How Effective is Query Partitioning?
O(1 B) Log Scale 8 Tasks, 100 Gbps Workload

49 How Effective is Query Partitioning?
O(1 B) O(100 M) Log Scale Only one order of magnitude reduction 8 Tasks, 100 Gbps Workload

50 Query Partitioning Limitations
distinct reduce Filter Map D1 D2 Map R1 R2 Filter How can we reduce the memory footprint of stateful operators?

51 Observations: Possible to Reduce Memory Footprint
Detecting DNS Reflection Attack Only consider first 8 bits victim = pktStream .map(dIP => dIP/8) .filter(p => p.udp.sPort == 53) .map(p => (p.dIP, p.sIP)) .distinct() Queries at coarser levels have smaller memory footprint

52 Observations: Possible to Preserve Query Accuracy
Detecting DNS Reflection Attack victim = pktStream .map(dIP => dIP/8) .filter(p => p.udp.sPort == 53) .map(p => (p.dIP, p.sIP)) .distinct() Hierarchical packet field Query accuracy is preserved if refined with hierarchical packet fields

53 Iterative Query Refinement
map(dIP=>dIP/8) Window Packet Stream t+W Map Filter Map D1 D2 Map R1 R2 Filter PISA Target First, execute query at coarser level

54 Iterative Query Refinement
Smaller memory footprint Detection Delay Smaller memory footprint at the cost of additional detection delay Map Filter Map D1 D2 Map R1 R2 Filter Filtered Packet Stream t+2W Filter Filter Map D1 D2 Map R1 R2 Filter PISA Target Then, execute query at finer level(s)

55 Query Planning Problem
Goal Minimize tuples sent to the stream processor Given Queries, packet traces Determine Which packet field to use for iterative refinement? What levels to use for iterative refinement? What’s the partitioning plan for each refined query? Augment partitioning ILP to compute both refinement and partitioning plans

56 Up to 4 orders of magnitude reduction
Sonata’s Performance O(1 B) O(100 M) Log Scale O(100 K) Up to 4 orders of magnitude reduction 8 Tasks, 100 Gbps Workload

57 Sonata: Contributions
Sonata [SIGCOMM’18] Dataflow queries over packet fields Abstractions Query Planning Algorithms (Partitioning and Refinement) System Algorithms Prototype with Barefoot switches and Apache Spark stream processor (9K lines of code) Used by AT&T and Princeton course assignment

58 Programmable Switches
Summary Flexible and scalable systems for nw. management SDX for programmatic control Flexible: match-action rules over virtual SDX switch Scalable: 3 orders of magnitude state reduction Sonata for network monitoring Flexible: dataflow queries over packet tuples Scalable: 4 orders of magnitude workload reduction Programmable Switches

59 Lessons Learned Resource Pooling Modular & Extensible Design
SDX: Router + Programmable switches Sonata: CPU + Programmable switches Modular & Extensible Design SDX: OF 1.0  OF 1.3 Sonata: fixed-function  PISA switches Deployment Location Selection Minimize deployment threshold for operators

60 Future Directions Close the loop Monitor Control Network-wide
Q1 Q2 Q3 … Robust Intelligent

Download ppt "Flexible and Scalable Systems for Network Management"

Similar presentations

Using Network Virtualization Techniques for Scalable Routing Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton University.

Using Network Virtualization Techniques for Scalable Routing Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton University.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
SDN Applications Jennifer Rexford Princeton University.

SDN Applications Jennifer Rexford Princeton University.
Composing Software Defined Networks

Composing Software Defined Networks
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
SDX: A Software-Defined Internet Exchange

SDX: A Software-Defined Internet Exchange
Jennifer Rexford Princeton University

Jennifer Rexford Princeton University
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.

Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—4-1 Implementing Inter-VLAN Routing Deploying Multilayer Switching with Cisco Express Forwarding.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—4-1 Implementing Inter-VLAN Routing Deploying Multilayer Switching with Cisco Express Forwarding.
Programming Abstractions for Software-Defined Networks Jennifer Rexford Princeton University.

Programming Abstractions for Software-Defined Networks Jennifer Rexford Princeton University.
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
1 Design and implementation of a Routing Control Platform Matthew Caesar, Donald Caldwell, Nick Feamster, Jennifer Rexford, Aman Shaikh, Jacobus van der.

1 Design and implementation of a Routing Control Platform Matthew Caesar, Donald Caldwell, Nick Feamster, Jennifer Rexford, Aman Shaikh, Jacobus van der.
SDX: A Software Defined Internet Exchange Arpit Gupta, Laurent Vanbever, Muhammad Shahbaz, Sean P. Donovan, Brandon Schlinker Nick Feamster, Jennifer Rexford,

SDX: A Software Defined Internet Exchange Arpit Gupta, Laurent Vanbever, Muhammad Shahbaz, Sean P. Donovan, Brandon Schlinker Nick Feamster, Jennifer Rexford,
Putting the “Inter” in “Internet” Jennifer Rexford Princeton University 1.

Putting the “Inter” in “Internet” Jennifer Rexford Princeton University 1.
Hash, Don’t Cache: Fast Packet Forwarding for Enterprise Edge Routers Minlan Yu Princeton University Joint work with Jennifer.

Hash, Don’t Cache: Fast Packet Forwarding for Enterprise Edge Routers Minlan Yu Princeton University Joint work with Jennifer.
Building Compilers for Reconfigurable Switches Lavanya Jose, Lisa Yan, Nick McKeown, and George Varghese 1 Research funded by AT&T, Intel, Open Networking.

Building Compilers for Reconfigurable Switches Lavanya Jose, Lisa Yan, Nick McKeown, and George Varghese 1 Research funded by AT&T, Intel, Open Networking.
Computer Networks Layering and Routing Dina Katabi

Computer Networks Layering and Routing Dina Katabi
Internet Traffic Management Prafull Suryawanshi Roll No - 04IT6008.

Internet Traffic Management Prafull Suryawanshi Roll No - 04IT6008.
Cellular Core Network Architecture

Cellular Core Network Architecture

Similar presentations

Ads by Google