dynamic vpn optimization by alto guidance
TRANSCRIPT
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Michael Scharf, Vijay Gurbani, Thomas Voith, Manuel Stein, W. Roome, Greg Soprovich, Volker Hilt
Oct. 10, 2013 - Second European Workshop on Software Defined Networks (EWSDN)
DYNAMIC VPN OPTIMIZATION BY ALTO GUIDANCE
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
AGENDA
VIRTUAL PRIVATE NETWORKS
ALTO VPN SERVICE
PROTOTYPE
CONCLUSIONS AND OUTLOOK
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
VIRTUAL PRIVATE NETWORKS PROVIDER PROVISIONED VPNS
• State-of-the-art VPN technologies [RFC 4026]
• Layer 2 VPN, e. g., VPLS [RFC 4762]
• Layer 3 VPN, e. g., BGP/MPLS IP VPNs [RFC 4364]
• Possibly with QoS guarantees
• “Cloud bursting” use case
• Interconnecting customer sites and data centers
• More dynamic than traditional VPN provisioning
New, IT-friendly APIs
Service provider MPLS/IP network
PE
PE
Provider edge (PE)
Customer site Customer site
Data center
Virtual private network (VPN)
Cloud bursting with VPNs
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
VIRTUAL PRIVATE NETWORKS SDN FRAMEWORK
SDN application SDN application
SDN application
SDN controller / orchestrator
Application
domain
Network
domain
Network. element
• Topology
• Resources
• Capabilities
• QoS needs
• Constraints
• Credentials
Info
• Triggers
• Events
• Logs/billing
• Configuration
• Routing
• Exceptions
Info
Co
ntr
ol
Co
ntr
ol
Existing
control/management Network element
ALTO scope Other SDN protocols
Southbound
API
North-
bound
API
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
VIRTUAL PRIVATE NETWORKS SDN FRAMEWORK WITH ALTO
SDN application SDN application
SDN application
SDN controller / orchestrator
Application
domain
Network
domain
Network. element
• Topology
• Resources
• Capabilities
• QoS needs
• Constraints
• Credentials
Info
• Triggers
• Events
• Logs/billing
• Configuration
• Routing
• Exceptions
Info
Co
ntr
ol
Co
ntr
ol
Existing
control/management Network element
ALTO scope Other SDN protocols
Southbound
API
North-
bound
API ALTO
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
AGENDA
VIRUAL PRIVATE NETWORKS
ALTO VPN SERVICE
PROTOTYPE
CONCLUSIONS AND OUTLOOK
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
• IETF Application-Layer Traffic Optimization (ALTO) for network awareness
• Standardized API between network and apps
• Exchange topology and status information
• Objective: Optimized resource selection
• Network map: Abstract the network topology
• Cost map: Optimized costs based on service provider preferences
• Benefit: Win-win situations for network and applications
• Application: Better performance with minimal overhead
• Network: Optimized traffic and policy compliance
• Bell Labs is a core contributor to standardization
• Co-chair of IETF ALTO WG and IRTF P2P RG
• Authoring key protocol extensions for clouds and CDNs
• Full standard-compliant ALTO server by Bell Labs (http://alto.alcatel-lucent.com:8000/directory)
ALTO VPN SERVICE IETF ALTO STANDARD
Cloud
ALTO server
Network and cost map
PID#2
PID#1
PID#3
3
9 5
CDN
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALTO VPN SERVICE EXAMPLE FOR ALTO MAPS
PID3
0.0.0.0/0
PID1
192.0.2.0/24
198.51.100.0/25 9
3 5
HTTP/1.1 200 OK
...
Content-Type: application/alto-costmap+json
{ "data" : { "map-vtag" : "1266506139",
"cost-mode" : "numerical", "cost-type" : "routingcost",
"map" : {
"PID1": { "PID1": 0, "PID2": 3, "PID3": 9 },
"PID2": { "PID1": 3, "PID2": 0, "PID3": 5 },
"PID3": { "PID1": 9, "PID2": 5, "PID3": 0 }
} } }
Cost map
ALTO client Info ALTO server
PID2
198.51.100.128/25
HTTP/1.1 200 OK
...
Content-Type: application/alto-networkmap+json
{ "data" : { "map-vtag" : "1266506139",
"map" : {
"PID1" : { "ipv4" : [ "192.0.2.0/24", "198.51.100.0/25“ ] },
"PID2" : { "ipv4" : [ "198.51.100.128/25" ] },
"PID3" : { "ipv4" : [ "0.0.0.0/0" ] }
} } }
Network map
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALTO VPN SERVICE MOTIVATION AND REQUIREMENTS • Differences between VPNs and public Internet
• Addressing – VPN sites may not have meaningful address
• Overlay over the MPLS/IP core, not only using BGP/ISIS/OSPF/… routing
• No connectivity to sites not already attached to the VPN
• Topology is customer-specific and must only exposed to authorized users
• Better ALTO guidance possible due to controlled environment (typically single AS)
• Benefits of ALTO guidance
• Avoid the overhead and issues of per-application measurements
• Expose information not measurable (e. g., cost to unconnected VPN sites)
• More details on use cases and requirements: draft-scharf-alto-vpn-service-01
CE
Data center 3
Data center 1
CE VPN
MPLS/IP
CE
Data center 2
ALTO client
ALTO server
PID#2 PID#1
PID#3
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
In-band
User applications
Out-of-band
Management applications
ALTO VPN SERVICE TWO DIFFERENT USE CASES
Service provider network
PE
PE
Provider edge (PE)
Customer site Customer site
Customer site
Virtual private network (VPN)
ALTO server is attached
to VPN
In-band ALTO access
PE
PE
Provider edge (PE)
Customer site Customer site
Customer site
Virtual private network (VPN)
ALTO server stand-alone
Service provider network
Out-of-band ALTO access
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
AGENDA
PROTOTYPE
ALTO VPN SERVICE
VIRUAL PRIVATE NETWORKS
CONCLUSIONS AND OUTLOOK
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
PROTOTYPE SYSTEM ARCHITECTURE
CE
Data center 3
Data center 1
CE VPN
MPLS/IP
CE
Data center 2
ALTO server ALTO server
Northbound OSS interface
ALTO server
Network Management System (NMS)
ALTO protocol
Provisioning
NMS adapter
VPN application
SNMP, ...
PID#2 PID#1
PID#3
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
VPN topology view Constraint-based scale-out
• Topology scale-out of an MPLS-based L3VPN in a test-bed with three MPLS/IP routers
• Bandwidth information from ISIS-TE, RSVP-TE, and SNMP
• Delay information from active VPN OAM delay measurements
PROTOTYPE WEB PORTAL SCREENSHOTS
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
PROTOTYPE … NOT SOFTWARE ONLY ;)
Network management
5620 SAM, 5650 CPAM
Routing monitor
7701 CPAA
MPLS/IP Router 1
7750 SR-c4
MPLS/IP Router 2
7750 SR-c4
MPLS/IP Router 3
7750 SR-7
Servers
External/web gateways
Network/delay emulation
Networking
components
IT demo
components
Bell Labs ALTO server
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
AGENDA
CONCLUSION AND OUTLOOK
ALTO VPN SERVICE
VIRUAL PRIVATE NETWORKS
PROTOTYPE
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
CONCLUSION AND OUTLOOK ALTO VPN SERVICE
• Dynamic control and management of VPNs (L2VPN, L3VPN, …)
• New use cases such as “cloud bursting”
• New interfaces between NMS and IT applications
• ALTO VPN service
• Support of scale-out of VPNs to new sites by topology awareness
• Standardization of ALTO protocol extensions required
• Proof-of-concept prototype for optimized VPN site selection
• Using a carrier-grade NMS with existing northbound interfaces
• Demonstration in a test-bed with MPLS/IP routers
• Open issues and next steps
• Tests in larger and more complex VPN scenarios
• Quantification of the benefits of the ALTO VPN service