software-defined networking architecture framework for...

Introduction Solutions Evaluation Summary

Software-Defined Networking ArchitectureFramework for Multi-Tenant Enterprise Cloud

Environments

Aryan TaheriMonfared

Department of Electrical Engineering and Computer ScienceUniversity of Stavanger

October 26, 2015

Outline1 Introduction

Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services

2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks

3 EvaluationOverview

4 Summary

Scope & Problem? & Solution!

4 Summary

Addressing challenges in ...1 ICT infrastructures of large-scale enterprises and NRENs.2 Cloud and data-intensive computing models.3 Rapidly growing service demands and business models.4 Focus: Networking Infrastructure and Services.

Problems?

Challenges are ...1 Cloud computing characteristics introduce new challenges

to well-studied network functions.2 Significant increase in the data volume, velocity, and

variety.3 Network operation and maintenance have scalability and

efficiency issues:Rudimentary interfaces.Vertically integrated networking planes.Off-premises resources.

Solutions!

3 Approaches ...1 Take advantage of data-intensive processing frameworks.2 Introduce new entities in Cloud model.3 Adapt new network architectures (e.g. SDN, NFV).

Contributions:

A) Architectural improvements for network monitoring services:Data-intensive computing model.SDN mechanisms.

→ Advance the state-of-the-art in backbone and data centernetwork monitoring.

B) SDN architecture framework for large-scale infrastructure:

Re-implementation of traditional network functions usingnew mechanisms.Introduction of new functions to fulfill requirements of thenew computing model.

→ Enhance the efficacy, reliability, and manageability ofnetwork infrastructure.

Cloud Networking

4 Summary

Cloud Networking

Virtual Networks in Cloud

Virtual Network (VN):VNs connect provisioned resources.Resources are VMs, containers, higher level services, etc.VNs are overlays on top of providers’ infrastructures.Providers establish and maintain VNs.

Software-Defined Networking

4 Summary

Definition:New methods for network management and configuration.Abstractions between different layers of networking:→ Control plane: specification, distributed state, forwarding

Logically centralized controller (Network OS).Network programmability via controller.

Network Operating System

Control Plane Protocol

OpenFlowAn approach for forwarding abstraction.Separate forwarding plane from control plane physically.One control plane can manage multiple forwarding planes.

OpenFlow Switch Spec (+ OpenFlow Wire protocol)OF switch has a set of flow tables, and a group table.OF controller add/update/delete flow entries.Flow entry has a matching pattern, ordered actions,priority, counters.

OpenFlow Rules

OFPST_FLOW rep l y (OF1. 3 ) ( x id =0x2 ) :# PRIORITY # MATCH # ACTION

i n _ p o r t =1 , d l_s rc = fa :16 :3 e :1 a :26 :5 c ac t ions= s e t _ f i e l d :0 x1−>tun_id ,go to_ tab le :10

i n _ p o r t =2 , d l_s rc = fa :16 :3 e : 9 0 : c1 :19 ac t ions= s e t _ f i e l d :0 x1−>tun_id ,go to_ tab le :10

d l_ type =0x88cc ac t ions=CONTROLLER:65535p r i o r i t y =8192 , tun_ id =0x1 ac t ions=goto_ tab le :20

tun_ id =0x1 , d l_ds t = fa :16 :3 e :6 a :3 e :13 ac t ions=output : 3 ,go to_ tab le :20

p r i o r i t y =8192 , tun_ id =0x1 ac t ions=drop

Management Plane Protocol

Don’t forget the management plane!As important as control plane (e.g. OpenFlow).Configure several devices with single management plane.

Examples1 Open vSwitch DataBase (OVSDB) management protocol:

OF-Config can be implemented on top it.More than virtual entities (Pica8, HP).

2 OpenFlow-Config protocol3 NETCONF

OVSDB Example

5476c254−6f4e−4a1a−be8e−b14837dd06b8Manager " tcp :192.168.10 .1 :6640"Br idge br−i n t

C o n t r o l l e r " tcp :192.168.10 .1 :6633"fa i l_mode : securePor t "em1"

I n t e r f a c e "em1"type : system

Por t br−i n tI n t e r f a c e br−i n t

Por t tap−wer23w2eqI n t e r f a c e tap−wer23w2eq

Por t tap−podf123pI n t e r f a c e tap−podf123p

Por t " gre −172.16.10.5"I n t e r f a c e " gre −172.16.10.5"

type : greopt ions : { key=f low , l o c a l _ i p ="172 .16 .10 .2 " ,

remote_ip ="172 .16 .10 .5 " ,tos= i n h e r i t }

ovs_vers ion : " 2 . 3 . 0 "

Traditional vs SDN

Network Function Virtualization

4 Summary

Network Function Virtualization

Definition:Network architecture.Utilizes virtualization for delivering network functions.Functions realized in software.Deployed on standard hardware.Decoupled from proprietary hardware.Evolve beyond HW life-cycles.

Network Monitoring Services

4 Summary

Network Monitoring Services

Monitoring Service Distribution

Overview

4 Summary

Overview

Contributions Overview

Backbone Network Monitoring

4 Summary

Paper 2:

Real-Time Handling of NetworkMonitoring Data Using aData-Intensive Framework

Simplified Backbone Network

Data Characteristics

Sampling rate: 8Number of routers as data source: 2Average number of monitoring records: 22 M/dayAverage volume of monitoring records: 60 GB/dayAnonymized records.Possibly various protocols.

ProblemsProper network operation requires efficient monitoring.Various monitoring instruments and protocols exist.Challenging characteristics of the monitoring data.Diverse query types are required:(e.g. exploratory ad-hoc vs. long-term planned)

ContributionsScalable and flexible storage.Real-time processing, long-term analysis.Protocol independent.

Monitoring Components

Results

Support various query types:ad-hoc, exploratory, long-term planned, trend discovery.

Long-term queries (150 days): ∼25min vs. not possible.Ad-hoc queries: 3-OM faster than traditional tools.One size doesn’t fit all.

SDN Controlled Cloud Platform

4 Summary

NREN Infrastructure (Zoom-in)

High-Level Data Center Architecture

Cloud Networking Details (Isolation Techniques)

Cloud Networking Details 2 (Internal Services)

So what?

ProblemsCurrent solutions are not scalable.Not flexible.No knowledge of multi-tenancy.

SolutionsAdapt SDN architecture.Use Cloud controller knowledge.

NREN Infrastructure with an SDN Controller

High-Level Data Center Architecture with an SDNController

Tenant Virtual Network Monitoring

4 Summary

Paper 1:

Multi-Tenant NetworkMonitoring Based onSoftware-Defined Networking

Monitoring Each Tenant Network Activity UsingTraditional Tools

So what?

Challenges

Complex stakeholders relationship.Multi-tenancy, and elasticity.Unreliability of traditional tools in a heterogeneous infra.Growing demand for monitoring.

ApproachesAdapt traditional mechanisms:e.g. Use IP header, DL header, Virtual components

Use SDN mechanisms.

High-Level View with Per-Tenant Monitoring

Virtual Network Flavor

4 Summary

Paper 4:

Virtual Network Flavors:Differentiated TrafficForwarding for Cloud Tenants

Virtual Machine Flavors

As you know ...Virtual Machines have flavors.VM flavor specifies the VM properties.# vCPU, Memory, Block Device, vNIC Rx/Tx Ratio

However ...Virtual Networks don’t have flavors.Not possible to specify VN properties.

Under and Overlays Controlled by an SDN Controller

ContributionsDefining Flavors and delivering QoS for VNs.Overlay traffic classification and steering in the underlay.Differentiated forwarding of overlays across the underlay.Exploiting meters, queues, and path diversity.Reflecting flavors in DSCP/Flow Label fields.

Traffic Engineering Strategy1 Path Length: # hops2 Meters: Per-flow, fine-grained, OpenFlow3 Queues: Per-port, better guarantees, OpenFlow, OVSDB4 Meters and Queues

VN Flavor & Evaluation Scheduling

VN Flavor Specifies ...Coarse-grained traffic classes.End-to-end priority.Maximum throughput.

Evaluation Scheduling MethodsUse to resemble realistic workload scenariosVNs evaluation concurrency (c: false/true)VMs evaluation concurrency (i: false/true)

CDF of the 90th percentile TCP throughput for each classindependent of the scheduling approach.

100 200 300 400 500 600 700 800

Rate (Mbps)

Class 3Class 2Class 1Class 4

Monitoring Service Orchestration and Transport

4 Summary

Paper 5:

On the Feasibility of DeepPacket Inspection forMulti-Tenant Data CenterNetworks

Payload Analysis in DC Network

ProblemsPacket payload analysis is costly.Not feasible in a multi-tenant DC network.No choke-point.Customers and providers need it.

ApproachUse commodity devices (networking, compute).Distribute the service.Orchestrate distributed components.

ContributionsFind switches and monitoring hosts for designated flows

Avoid network congestionMinimize service overhead

→ Combinatorial optimization problemProgram the network

Fast path calculation algorithmSDN programming

Results27000 hosts, 2800 switches.

⇒ 10% of network traffic processed by 0.5% of hosts and20% switches.

Monitoring Service Design

Path Finding Evaluation

100000

0 5 10 15 20 25 30 35 40 45 50

Pair p

second

K (Number of ports)

Numeric with subpathsNumeric without subpaths

YKSP with subpathsYKSP without subpaths

Monitoring Switches & Hosts for Various Inputs

Monitoring Switches Monitoring Hosts

0 1 2 3 4 5 6 7

Inputs

Late AcceptanceSimulated Annealing

Tabu Search

0 1 2 3 4 5 6 7

Inputs

Late AcceptanceSimulated Annealing

Tabu Search

Tenant Controlled Virtual Networks

4 Summary

Paper 3:

Flexible Building Blocks forSoftware Defined NetworkFunction Virtualization

Virtual Networks Controlled by Tenants

ProblemsCompute resources are controlled by tenants.Network resources are not.VNs have limited functionality.Proprietary APIs.

ContributionsNew approach for network virtualization.Dedicated networking components for each tenant.Direct and full control.Standard/Open protocols.

Traditional VMs connectivity

Evaluation – Reachability Time

⇒ Start-up time increased for the first few VMs.

Evaluation – TCP Bandwidth

⇒ Throughput is decreased ∼ 12%.

Overview

4 Summary

Overview

Implementation & Deployment & Operation

Implementation6 modules for OpenDaylight SDN controller.2 extensive evaluation frameworks for OpenStack.Automated topology generation.Open Source: https://github.com/aryantaheri

Testbeds’ Purposes

1 Feasibility Analysis2 Development

3 Prototyping4 Production Evaluation

Infrastructure Operation & Maintenance

Monitor Configure Deploy

Thank you!

Questions? & Answers!

NREN Infrastructure with an SDN Controller

SDN Controller

Network Operating System

High-Level Data Center Architecture with an SDNController

Underlay and Overlays Controlled by an SDNController

Testbed

VN Flavor – Programming Endpoints

Classifying OverlaysMarking Tunnel Packets

DPI – Evaluation

Numeric Path Finder Algorithm# calculated paths per second# calculated sub-paths after finding a limited number ofpaths

Optimization SolverInputs:topology, traffic characteristics, monitored traffic, resource cost

Service costResources usage stats (switch, host)Resource utilization stats (reuse frequency)Switch distribution and aggregated layer usageMonitoring switch-host distance stats

DPI – Monitoring Paths

DNB – Internal Structure

DNB – Logical Overlay Networks

DNB – PacketFlow

DNB – Reachability Time

DNB DNB/CNB

DNB – TCP Bandwidth

Future Directions I

GeneralInter-Data Center Virtual Networks.Integration of contributions as a unified solution.Enterprise security enforcement and incident responseusing SDN.Tor implementation.Extend evaluations.

Future Directions II

Backbone Monitoring

Study streaming solutions and impacts.Packet capture and payload analysis.Porting existing software (Suricata/Snort).Automatic trend discovery and scheduled jobs.Feedback to SDN controller.

Future Directions III

Tenant VN MonitoringAlerting, billing, accounting.Live migration and automated quarantine mechanisms.Integration with real-time processing framework.

Future Directions IV

VN FlavorInter-DC VN flavor.VN Embedding algorithm (transit switch access).Integration with tenant-dedicated network switches.

Future Directions V

DPIFocus on processing.Distributed processing logic (single tenant/flow distributedon several processing node).Templates for traffic flows (reduce optimization time).Integration with real-time processing framework.

Future Directions VI

Tenant Controlled VNTenant transport network enhancement.Implementation in the kernel TCP/IP stack.Inter-DC architecture.

software-defined networking architecture framework for...

Documents

advanced networking technologies · pdf fileadvanced...

software-deﬁned networking architecture

the open group architecture framework (togaf)...

proposed architecture framework

the open group architecture framework (togaf) · the open...

computer networking: network design & architecture

openstack scale-out networking architecture

sdn architecture issue 1 - open networking...

sdn architecture issue 1 - open networking...

the open group architecture framework (togaf) ›...

service-oriented networking architecture

delay/disruption-tolerant networking architecture &...

architecture framework standardization

mef architecture framework - part 1: generic framework

the linux networking architecture

architecture framework for intelligent l ......electrical &...

architecture content framework

hybrid architecture framework

reference architecture framework

hp networking secure virtualisation framework