network services interface (nsi): enabling multi-domain sdnnv/nvs2013/nvs3-is5-monga.pdf ·...
TRANSCRIPT
Network Services Interface (NSI): Enabling multi-domain SDN Inder Monga
Chief Technologist and Area Lead
NSI co-chair, OGF
The 3rd International Symposium on Network Virtualization
September 6th, 2013
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Service Plane Concepts
Network Service Interface (NSI)
Multi-Domain SDN
1
2
3
9/6/13 Inder Monga, Tokyo 2013 2
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Introducing the Service Plane Concept
Data Plane!
bits in/out!
provision, monitor !& troubleshoot!!
Control Plane!
Routing, topology &!signaling!
Management Plane!
programmatic!Interface, abstract topology!end-to-end view!
Service Plane!
1
9/6/13 Inder Monga, Tokyo 2013 3
AAA
Policy
SLA/ SLE
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
• …is an architectural framework
• offers programmatic access
• multiplexing a menu of network services
• using a simple, abstract, model
• over a multi-domain network
NSI…
9/6/13 Inder Monga, Tokyo 2013 4
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Network Virtualization
Service Plane meets SDN: a provider view
Global Network View
Network OS
Abstract Network View
9/6/13 Inder Monga, Tokyo 2013 5
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Management Plane!
Network Applica7ons
Network Applica7ons
Network Applica7ons
Service Plane!
User/Client Applica7ons
User/Client Applica7ons
User/Client Applica7ons
User/Client Applica7ons
User/Client Applica7ons
Network Service Interface
Control Plane!
Data Plane!
User/Client Applica7ons
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Network Resource Manager (NRM) NRM
NSI 101
Requesting Agent (RA)
Provider Agent (PA)
Network Services Interface
Network Services Agent (NSA) NSA
NSA
NSI Network Service Domain
2
9/6/13 Inder Monga, Tokyo 2013 6
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
NSI Protocol Structure
Message Transport Layer
Message Transport Layer
NSI 2.0 à WS/SOAP
Transport layer can be changed
Provider Agent (PA) Requesting Agent (RA)
Message Handler Message Handler Multiple sessions and services multiplexed between 2 NSAs
NSI-Connection Service
State Machines ReserveHeld
ReserveChecking
ReserveFailed
<rsv.fl<rsv.fl
<rsv.cf<rsv.cf
<rsvcommit.cf<rsvcommit.cf
>rsv.rq>rsv.rq
>rsvcommit.rq>rsvcommit.rq
ReserveCommitti
ng
ReserveAborting
ReserveTimeout
(reserve_timeout)
<rsvTimeout.nt
>rsvabort.rq>rsvabort.rq
>rsvabort.rq>rsvabort.rq
<rsvabort.cf<rsvabort.cf
>rsvcommit.rq<rsvcommit.fl
>rsvabort.rq>rsvabort.rq
Reserved
<rsvcommit.fl<rsvcommit.fl
uPA only
Initial
>rsv.rq>rsv.rq
Releasing
Provisioning>prov.rq
>prov.rq
>rel.rq>rel.rq
<rel.cf<rel.cf
<prov.cf<prov.cf
Scheduled
Provisioned
State Machines ReserveHeld
ReserveChecking
ReserveFailed
<rsv.fl<rsv.fl
<rsv.cf<rsv.cf
<rsvcommit.cf<rsvcommit.cf
>rsv.rq>rsv.rq
>rsvcommit.rq>rsvcommit.rq
ReserveCommitti
ng
ReserveAborting
ReserveTimeout
(reserve_timeout)
<rsvTimeout.nt
>rsvabort.rq>rsvabort.rq
>rsvabort.rq>rsvabort.rq
<rsvabort.cf<rsvabort.cf
>rsvcommit.rq<rsvcommit.fl
>rsvabort.rq>rsvabort.rq
Reserved
<rsvcommit.fl<rsvcommit.fl
uPA only
Initial
>rsv.rq>rsv.rq
Releasing
Provisioning>prov.rq
>prov.rq
>rel.rq>rel.rq
<rel.cf<rel.cf
<prov.cf<prov.cf
Scheduled
ProvisionedReservation, Provisioning,
Scheduling of point-to-point network connections
Protocol Messages Protocol Messages Message exchange with service attributes
Client API Aggregator Fn (including PCE, Topology)
Multiple clients and NSA’s interact to create a multi-domain end-to-end service
ReserveHeld
ReserveChecking
ReserveFailed
<rsv.fl<rsv.fl
<rsv.cf<rsv.cf
<rsvcommit.cf<rsvcommit.cf
>rsv.rq>rsv.rq
>rsvcommit.rq>rsvcommit.rq
ReserveCommitti
ng
ReserveAborting
ReserveTimeout
(reserve_timeout)
<rsvTimeout.nt
>rsvabort.rq>rsvabort.rq
>rsvabort.rq>rsvabort.rq
<rsvabort.cf<rsvabort.cf
>rsvcommit.rq<rsvcommit.fl
>rsvabort.rq>rsvabort.rq
Reserved
<rsvcommit.fl<rsvcommit.fl
uPA only
Initial
>rsv.rq>rsv.rq
Reservation State machine
9/6/13 Inder Monga, Tokyo 2013 7
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
NSI Fundamental Design Principles
1. NSI interface can support multiple services Examples: • Pt-Pt Connection Service (NSI-CS) • Topology Service (NSI-TS) • Discovery Service (NSI-DS) • Switching Service (NSI-SS) • Monitoring Service • Protection Service • Verification Service • Etc.
NSA
NSA
9/6/13 Inder Monga, Tokyo 2013 8
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Design Principles (contd.)
2. Designed for flexible, multi-domain, service chaining
C
Domain C
B
Domain B Domain A
A
NSI Topology
Supports Tree and Chain model of service chaining
Fits in well with Cloud/Compute model of provisioning as well as Network/GMPLS model
9/6/13 Inder Monga, Tokyo 2013 9
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Design Principles (contd.)
3. Principles of Abstraction applied – to network layers, technologies and domains
EP a
Node
EP b
EP c
EP d
EP fNode
EP g
EP h
Inter-‐Network representation of network resources
EP e
Intra-‐network representation of network resources
STP -‐ Service Termination PointTF -‐ Transfer FunctionSDP -‐ Service Demarcation Point
Host
STP a/STP b
Network X STP e
STP d
STP gNetwork W
NetworkY
STP c/STP f
TFTF
Dynamic Connection
STP h/STP j
Network W Network Z
EP j
EP k
Host
STP k
SDP
SDP
SDP
EP -‐ Edge pointLink Node
EP a
Node
EP b
EP c
EP d
EP fNode
EP g
EP h
Inter-‐Network representation of network resources
EP e
Intra-‐network representation of network resources
STP -‐ Service Termination PointTF -‐ Transfer FunctionSDP -‐ Service Demarcation Point
Host
STP a/STP b
Network X STP e
STP d
STP gNetwork W
NetworkY
STP c/STP f
TFTF
Dynamic Connection
STP h/STP j
Network W Network Z
EP j
EP k
Host
STP k
SDP
SDP
SDP
EP -‐ Edge pointLink Node
Service Termination Points (STP) and Service Demarcation Points (SDP) are abstract and technology independent
9/6/13 Inder Monga, Tokyo 2013 10
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Design Corollaries
a. User-driven composition of services is enabled by NSI
11
Atomic Service (AS1)
Atomic Service (AS2)
Atomic Service (AS3)
Atomic Service (AS4)
Composite Service (S2 = AS1 + AS2)
Composite Service (S3 = AS3 + AS4)
Composite Service (S1 = S2 + S3)
Ser
vice
Abs
tract
ion
Incr
ease
s S
ervi
ce U
sage
Sim
plifi
es
1+1
b. Network model -driven design (NML@OGF) helps scale across multi-vendor equipment
topology protection monitoring
[note for later: service composition can be applied to flows, circuits, or any network service construct]
9/6/13 Inder Monga, Tokyo 2013
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
NSI is part of SDN: Aligned architecturally
NSI model 1. One NSA/network
2. Tree/Chain model of NSA interaction
3. b/w NSAs/domains
4. Resource policies enforced by NRM
5. Provisioning of end-to-end services
6. Inherits same challenges
SDN model 1. One logical Controller
2. Multiple hierarchical controller model (tree)
3. Required b/w controllers
4. Flowvisor, AM, other policy mechanisms
5. Provisioning of end-to-end data flows
6. Inherits same challenges
Architecture/Function 1. Logically Centralized
2. Hierarchical/nested support
3. Trust in control plane
4. Policy Management central to operation
5. Control and Management functions
6. Control plane challenges: Security, partitioning
9/6/13 Inder Monga, Tokyo 2013 12
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Multi-domain SDN
SDN, so far, has been conceived as control plane within a single domain ex. a data center, a service provider network, a campus network
Multi-domain aspects have not been explicitly addressed OR
Multi-domain aspects have been left to IP routing
=> End-to-end flow issues of today, ex. QoS, packet loss, are NOT solved by SDN (by default), as traffic transits multiple domains
Two questions and a possible answer: • Why is multi-domain important? • What does multi-domain SDN mean? • How does NSI, a multi-domain protocol, fit in this picture?
3
9/6/13 Inder Monga, Tokyo 2013 13
ESnet USA
Chicago
New York BNL-T1
Internet2 USA
Harvard
CANARIE Canada
UVic SimFraU
TRIUMF-T1 UAlb UTor
McGilU
Seattle
TWAREN Taiwan
NCU NTU
ASGC Taiwan
ASGC-T1
KERONET2 Korea
KNU
LHCONE VPN domain
End sites – LHC Tier 2 or Tier 3 unless indicated as Tier 1
Regional R&E communication nexus
Data communication links, 10, 20, and 30 Gb/s
See http://lhcone.net for details.
NTU Chicago
NORDUnet Nordic
NDGF-T1a NDGF-T1a NDGF-T1c
DFN Germany
DESY GSI DE-KIT-T1
GARR Italy
INFN-Nap CNAF-T1 RedIRIS Spain
PIC-T1
SARA Netherlands
NIKHEF-T1
RENATER France
GRIF-IN2P3
Washington
CUDI Mexico
UNAM
CC-IN2P3-T1 Sub-IN2P3
CEA
CERN Geneva
CERN-T1
SLAC
GLakes
NE
MidW SoW
Geneva
KISTI Korea
TIFR India
India
Korea
FNAL-T1
MIT
Caltech UFlorida
UNeb PurU
UCSD UWisc
UltraLight UMich
Amsterdam
GÉANT Europe
Source: Bill Johnston, ESnet
Science is a networked multi-domain activity Dedicated ‘Overlay Network’ for LHCONE: Includes 30 Nations, 40+ Global Networks
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Cloud experience depends on a Multi-Domain Network: orchestration is needed end-to-end
This is the cloud that everyone thinks about!
Wide Area Network
Public Cloud Provider (s)
User experience = Σ (Application + Data center + Campus + WAN)
Cloud Consumers
Private Cloud
Private Cloud
Wide Area Network Wide Area Network
Site/Campus network
Site/Campus network
Site/Campus network
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
What does multi-domain SDN mean?
• Multi-domain: transiting multiple administrative domains
• Multi-domain SDN: Controlling network flows across multiple resource/administrative domains
• One argument: NSI is multi-domain SDN.. • ..but that is only part of the larger SDN picture. • How does NSI integrate with the OpenFlow-based SDN?
• The challenge we want solved is ‘How to provide a consistent end-to-end service and programmability for multi-domain SDN networks?’
9/6/13 Inder Monga, Tokyo 2013 16
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Multi-domain SDN models
9/6/13 Inder Monga, Tokyo 2013 17
OF Ctrl OF Ctrl
NSA
1. Simplest case: Use SDN to provision multi-domain VLAN/Circuit
NSA Multi-domain conversation Cons: No multi-domain flow management
2. Create multi-domain virtual topology and flowspace partition manage using OpenFlow/SDN (slice)
OF Ctrl NSA NSA
Multi-domain conversation
Cons: service providers do not want to allow flow programmability in their switches by third party controllers (trust and security issues)
Cons: flowspace separation is static and not programmable
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Multi-domain SDN models
18
OF Ctrl OF Ctrl NSA
3. Leverage NSI multi-domain conversation to exchange flow-rules, exchange topology, and apply policies
NSA
Multi-domain flow rule conversation leverage multiple service conversations
TBD: Multi-domain policy conversation and negotiation
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Combine NSI (service plane) and SDN (control plane) technologies hierarchically
NSA
NSA
SDN
NSA
NSA
SDN
NSA
NSA
Network Virtualization and Policy Layer
Multi-domain virtual network view
9/6/13 Inder Monga, Tokyo 2013 19
SDN Controller for Software Switch Software Switch abstraction (MD-NV)
NSA
NSA
NSA
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Summary
• Service Plane is the right ‘level’ for users to interact with the network • Application of policy, AAA for effective resource management and
multi-tenant separation, Service Level Experience (SLE)
• NSI and SDN concepts are architecturally well aligned
• Combination of SDN and NSI will enable global scalability and new network services
• Just as SDN was targeted towards single domain, NSI has been designed for multi-domain
9/6/13 Inder Monga, Tokyo 2013 20
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Questions?
Contact:
imonga at es dot net
Twitter: esnetupdates, indermo
http://www.es.net/inder
9/6/13 Inder Monga, Tokyo 2013 21
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
Sensitive Elephants, Robust Mice
Effect of 0.0046% packet loss (1 out of 22000 packets) on data transfer rates for elephant and mouse flows.1
As measured recently by ESnet research scientist Brian Tierney.
1
80x reduction in data transfer rate at DOE-
relevant distances (ANL to NERSC) and speeds
(10Gpbs).
Negligible.
9/6/13 Inder Monga, Tokyo 2013 22
Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science
A small amount of packet loss makes a huge difference in end-to-end TCP performance
9/6/13 Inder Monga, Tokyo 2013 23