Presentation is loading. Please wait.

Presentation is loading. Please wait.

A policy-based per-flow mobility management system design

Published byPhilomena Pitts Modified over 9 years ago

Similar presentations

Presentation on theme: "A policy-based per-flow mobility management system design"— Presentation transcript:

1 A policy-based per-flow mobility management system design
We proposed intelligent network infrastructure to provide best user experience in a heterogeneous environment. This infrastructure, leveraging SDN, NFV, and cloud-based technologies, supports user session continuity, through seamless per-flow handovers, while implementing dynamic policy management schemes. M. Kantor, G. Ormazabal, R. State, T. Engel IPTComm 2015, 6th October 2015, Chicago

2 Agenda Motivation Network architecture
OpenFlow-enabled Multi-Mode Terminal mobile device (OF-MMT) architecture Per-flow mobility management architecture Policy engine logic architecture End-to-end network connectivity Conclusions

3 Motivation (1) Seamless handover! Mobile devices
support a variety of network interfaces (Wi-Fi, 3G, WiMAX, LTE, ...) connect to several networks at the same time Diverse and heterogeneous network connectivity increase reliability and performance, using the links sequentially in parallel schedule intelligently applications smart selection of network access best user experience while consuming network services Mobile traffic is generated by devices that can support a variety of network interfaces (IFs), such as Wi-Fi, 3G, WiMAX, and LTE, and can connect to several networks at the same time. Such diverse and heterogeneous network connectivity may be used to increase both reliability and performance, using the links sequentially or in parallel; and intelligently schedule applications to obtain the best user experience while consuming network services. Seamless handover!

4 Motivation (2) Seamless handover requirements
routing / rerouting reconfiguration location management address management session identification session migration smart selection of network access Network Function Virtualization (NFV) + Software Defined Networking (SDN) Seamless handover execution is a complex task that requires addressing the following aspects: routing, rerouting, reconfiguration, location management, address management, session identification, session migration, smart selection of network access. In a convergent, heterogeneous network landscape, Network Function Virtualization (NFV), along with Software Defined Networking (SDN) technology can play a key role by allowing service differentiation at a very low granularity level. NFV eliminates the dependency between a network function (NF) and the hardware it is deployed on, by creating a standardized execution environment and management interfaces for the virtualized Network Functions (vNFs). In turn, SDN technology introduces network programmability, enabling a network operator dynamic reconfiguration. SDN shifts networks from IP-based to flow-based management and control.

5 Network Architecture The proposed system uses the SDN paradigm for connectivity support of multi-mode (multiple heterogeneous interfaces) mobile terminals, which are OpenFlow-enabled. The system works in a fully virtualized network environment, consisting a virtualized SDN domain controller located in the cloud, a distributed and virtualized decision making control middleware policy engine, and an SDN/NFV-enabled network infrastructure. Such an approach supports and simplifies connectivity management in a scalable fashion, for many types of mobile devices, and provides context-aware and real-time adaptation to the network conditions.

6 OF-MMT Architecture The mobile device architecture leverages SDN client capabilities, together with virtualization of the mobile de- vice. The proposed mobile device design intelligently combines the VMI, Open vSwitch, MIH client, local SDN controller, local policy engine, and SDN monitoring agent modules, along with the concept of physical and virtual interfaces, to enable a seamless per-flow handover. Virtual Mobile Instances (VMIs) provide resources for running applications in completely separate environments. Open vSwitch is a virtual switch for hypervisors providing network connectivity to virtual machines. It maintains a flow table that defines what to do with each flow. SDN monitoring agent is responsible for monitoring and collecting per-flow parameters, such as number of sent/received packets, drop count, port statistics, etc. MIH client monitors and provides interface information useful for handover decisions, about presence or absence of available wireless networks, from simple network discovery to more complex network information within a geographical area, such as available bandwidth, network type, cost, etc., obtained by querying the MIH Information Service (MIS) database. Local policy engine logic is responsible for taking local handover decisions on OF-MMT. The policies can be specified by the user, network, VMI, or as granular as on a per-application basis.

7 OF-MMT’s Open vSwitch Architecture
The proposed OF-MMT's Open vSwitch architecture consists of Open vSwitch integration and tunnel bridges, tap devices, and both virtual and physical interfaces. The VMIs' virtual interfaces (e.g., eth0 ) are connected via tap devices to the integration bridge. A tap device such as tap0, simulates a virtual network interface card. A pair of directly connected virtual Ethernet interfaces such as veth0, and tap0, is called a veth pair. An Ethernet frame sent from one end of a veth pair is received by the other veth end. Subsequently, each physical network interface (e.g., IF1) is attached to a separate tunnel bridge, identied as br-tun. Integration and tunnel bridges are connected through a virtual patch cable between internal Open vSwitch patch ports, which view them as normal switch ports. A local SDN controller, which manages Open vSwitch, consists of two modules: Tunnel Manager and SDN Flow Manager. These managers are responsible for setting up tunnels and managing flow entries into flow table, respectively. The tunnels are assigned to flows by SDN Flow Manager, and there is one to one correspondence between a tunnel and a flow.

8 Per-flow Mobility Management Architecture
The general design of network assisted flow mobility management system is centered on the MCN network element, which keeps the location information of the mobile devices. The proposed per-flow mobility system assumes that flow handovers are initiated by the PE and executed by local SDN controller, with additional support from network infrastructure. The local SDN controller manages the associations between flows and tunnels, called flow bindings, to select the proper access technology to send the egress packets. The network-level component is required to manage and maintain physical IP addresses of the mobile devices, as well as to route physical packets in which the flow is tunneled.

9 Policy Engine Logic Architecture
The proposed control middleware design, along with corresponding network infrastructure enables to control, perform, and execute adaptive, context-aware, policy-based, and seamless per-flow handover decisions. A suitable policy vector, for taking a flow handover decision, depends on a number of factors related to network, user, terminal, application, and flow requirements and constraints. Signal strenght is the most important, the next one is the cost which location, time of day. Policy vector attributes are constantly monitored for optimal network connectivity. Based on the input from MIH client and associated attribute managers, the PE evaluates the defined policy vectors against a set of prescribed policies and takes the flow handover decision. The selected components (marked in red), i.e., Location [17], Cognitive Geographical, Network, Security, and System Managers, along with the newly proposed SDN Parameter and Flow Managers (marked in green), provide relevant inputs (described below) to the Policy Engine (PE) decision-making algorithm.

10 End-to-end Network Connectivity
SDN network attachment SDN network connectivity management Host-based mobility - tunnel establishment Per-application flow table Data transfer

11 SDN Network Attachment
Detection of a mobile device attachment Based on mobile device's physical interface MAC address OF-enabled switch  SDN domain controller: Packet-in message SDN device access control Authentication request: SDN Flow Manager  candidate network SDN domain controller Security Manager  MAC layer credential data Network authentication and IP address assignment Local SDN controller  DHCP request IP address for physical mobile device interface Before assigning IP address  interception for network authentication procedure Security Manager  IP layer credential data Binding cache entry created at candidate network SDN domain controller Mobile device’s physical interface routable IP address Mobile device's physical interface MAC address First-hop OF-enabled switch’ s identifier Binding entry lifetime Binding cache entry forwarded to the MCN The network side is expected to detect mobile device attachment. It is based on MAC address of the physical interface. Upon attachment detection, OF-enabled switch notifies the SDN domain controller about the event by sending Packet-in message. Then, SDN Flow Manager proceeds with the SDN device authentication process. Upon successful device authentication, local SDN controller initiates DHCP request for an IP address, which is intercepted by network authentication procedure. Upon succesfull network authentication, SDN domain controller creates the corresponding binding cache entry consisting of the OFMMT's physical interface assigned routable IP address, its MAC address, identifier of the first-hop OF-enabled switch to which the physical interface is attached, and a binding lifetime. Subsequently, it forwards the binding cache entry to the MCN.

12 Host-based Mobility – Tunnel Establishment
Virtual IP address assigned to VMI virtual interface Identifies the mobile device's VMI at the CN Remains constant independently of any IP readdressing of the mobile device's physical interfaces Tunneling mechanisms used to encapsulate VMI's applications generated packets Mapping virtual IP address to physical IP address Virtual IP address used as a source IP address Mobile device's physical interface IP stack hidden to the VMI's applications Tunnel-flow association I showed several slides the relation between virtual and physical interfaces. VMI segmented over virual environment with virtual IP addresses and there is a mapping between virtual and physical addresses. Applied overlay tunneling approach  full decoupling of the real mobile device physical interfaces and the VMIs virtual interfaces

13 Flows switched seamlessly without affecting any active TCP sessions
Per-application Flow Table Flow handover decision: PE Flow Manager  SDN Flow Manager SDN Flow Manager tasks Selection of the physical tunnel Binding creation between the flow identifier FID and the tunnel identifier TID Creation and management of per-application flow entry in flow table When PE decides that handover should be executed, the PE Flow Manager communicates the flow handover decision to the SDN Flow Manager, which selects the physical tunnel, creates a binding between the flow identifier FID and the tunnel identifier TID, and installs the flow entry in the flow table, identified by the respective FID. The SDN Flow Manager in the local SDN controller creates and installs per-application flow entries in flow tables, as well as modifies and removes flow entries. A flow entry specifies an action to be taken on the matched packets. The action results from the PE handover decision for that flow, determining the OF-MMT's physical interface to be used for egress traffic. Flows switched seamlessly between different physical access transport networks without affecting any active TCP sessions sourced by VMI's applications!

14 SDN Network Connectivity Management
Routable IP address assigned to physical interface IP address from mobile device’s network of the initial attachment (home domain) Several collaborating SDN domains at least one SDN domain controller per SDN domain network path between mobile devices  SDN domain controller(s) communication between SDN domain controllers  through east/westbound interface SDN domain controller  no location information outside of its own controlled domain Mobility Control Node (MCN) keeps the current location information of mobile devices randevouz point when both mobile devices are moving concurrently supports inter-domain path computation between OF-MMT and CN Inter-domain route distribution traditional routing protocols, BGP and OSPF, may be leveraged and extended The MCN is obtaining all necessary information because it has to update binding entry by sending binding update. MCN is used for inter-domain path computation. New domain SDN controller does not know the details of other domains.

15 Data Transfer Forwarding of flow packets in mobile device
realized by the Open vSwitch kernel module follows the installed flow entry packets encapsulated in the selected tunnel sent through mobile device's physical interface towards the corresponding VMI in CN Forwarding of flow packets in the network packets transmitted through the network path

16 Conclusions Context-aware per-flow mobility-enabled architecture involving novel network tools afforded by SDN/NFV technology SDN architecture complemented with a control middleware abstracting networking complexity, and providing a policy-based decision making system Policies taking into account context information, providing granular network access control, on a per-application basis Provisioning of mobility capabilities by using physical to virtual address encapsulation (tunneling) Mobility execution by a simple flow table entry update Proposed approach providing user and mobile device independence, from network and access technologies

17 Thank you!

18 Flowchart

19 General Open vSwitch Architecture

Download ppt "A policy-based per-flow mobility management system design"

Similar presentations

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Mobility Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101

Mobility Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101
Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??

Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.

IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
International Standards Organization Open Systems Interconnect (OSI) Reference Model Advanced Computer Networks.

International Standards Organization Open Systems Interconnect (OSI) Reference Model Advanced Computer Networks.
Jacob Boston Josh Pfeifer. Definition of HyperText Transfer Protocol How HTTP works How Websites work GoDaddy.com OSI Model Networking.

Jacob Boston Josh Pfeifer. Definition of HyperText Transfer Protocol How HTTP works How Websites work GoDaddy.com OSI Model Networking.
A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.

A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.
Protocols and the TCP/IP Suite

Protocols and the TCP/IP Suite
IP layer restoration and network planning based on virtual protection cycles 2000 IEEE Journal on Selected Areas in Communications Reporter: Jyun-Yong.

IP layer restoration and network planning based on virtual protection cycles 2000 IEEE Journal on Selected Areas in Communications Reporter: Jyun-Yong.
Inside the Internet. INTERNET ARCHITECTURE The Internet system consists of a number of interconnected packet networks supporting communication among host.

Inside the Internet. INTERNET ARCHITECTURE The Internet system consists of a number of interconnected packet networks supporting communication among host.
1 Version 3.0 Module 9 TCP/IP Protocol and IP Addressing.

1 Version 3.0 Module 9 TCP/IP Protocol and IP Addressing.
CS335 Networking & Network Administration Tuesday, April 20, 2010.

CS335 Networking & Network Administration Tuesday, April 20, 2010.
Mobile IP.

Mobile IP.
COS 461: Computer Networks

COS 461: Computer Networks
Institute of Technology Sligo - Dept of Computing Chapter 11 Layer 3 Protocols Paul Flynn.

Institute of Technology Sligo - Dept of Computing Chapter 11 Layer 3 Protocols Paul Flynn.
1 Version 3.0 Module 10 Routing Fundamentals and Subnetting.

1 Version 3.0 Module 10 Routing Fundamentals and Subnetting.
A Study of MPLS Department of Computing Science & Engineering DE MONTFORT UNIVERSITY, LEICESTER, U.K. By PARMINDER SINGH KANG

A Study of MPLS Department of Computing Science & Engineering DE MONTFORT UNIVERSITY, LEICESTER, U.K. By PARMINDER SINGH KANG
Copyright © 2012, QoS-aware Network Operating System for Software Defined Networking with Generalized OpenFlows Kwangtae Jeong, Jinwook Kim.

Copyright © 2012, QoS-aware Network Operating System for Software Defined Networking with Generalized OpenFlows Kwangtae Jeong, Jinwook Kim.

Similar presentations

Ads by Google