networking+of+the+future:+ so2ware+deﬁned+network:+ day+8+ · splitload+between+s5+and+s6+ +...

Networking of the Future: So2ware Defined Network:

Day 8

Today’s Class •  Drawbacks of current Networking Paradigms

– MoCvaCon for SDN

•  SDN!!!!!

•  Whitebox Networking

•  OpenFlow: A common SDN API

•  SDN challenges and Use-‐cases

SDN EcoSystem Arista

OF + proprietary Underlay

VerCcal Stack

Broadcom

OF + proprietary Underlay

VerCcal Stack

HP

OF Underlay

VerCcal Stack

Cisco

OF + proprietary Underlay+Overlay

VerCcal Stack

FloodLight

OF Underlay+Overlay

Whitebox

Dell

OF Underlay

VerCcal Stack

HP

OF Underlay

VerCcal Stack

Alcatel

BGP Overlay

VerCcal Stack

Juniper

BGP+NetConf Overlay

VerCcal Stack

Networking Today:

•  Distributed, Cme-‐consuming and error prone – Think BGP, Distance-‐Vector

G H G H

128.35.8.*/24 128.35.6.*/24

128.35.9.*/24

128.35.7.*/24

128.35.6.*/24 128.35.9.*/24

128.35.6.*/24 128.35.9.*/24

MAC_A MAC_B MAC_Y

MAC_E MAC_Z

MAC_E MAC_Z

MAC_A MAC_B MAC_Y

Networking Today:

•  Distributed, Cme-‐consuming and error prone – Think BGP, Distance-‐Vector

G H G H

128.35.8.*/24 128.35.6.*/24

128.35.9.*/24

128.35.7.*/24

Distance Vector

Distance Vector

Spanning Tree

Spanning Tree

Spanning Tree

Spanning Tree

Split load between S5 and S6

Send traffic over the red link!!!

forwarding state

Ideally…

•  Managing network in a simple way •  Directly and explicitly apply policies to network

accurate network view

G H G H

Instead …

•  Managing network in a complex way •  No clear idea of the consequences

Split load between S5 and S6

How can I change distance vector? Is iBGP running in this network? Should I worry about spanning-‐tree?

Change weights

Forwarding tables

G H G H

How do you change BGP/ISP?

•  Router configuraCon files – Low level commands – Think assembly

!configures a link Interface vlan901 ip address 10.1.1.5 255.0.0.0 ospf cost 100 !configures a routing protocol Router ospf 1 router-id 10.1.2.23 network 10.0.0.0 0.255.255.255

Specify link costs *must be the same on both sides of a link

•  �

©2013 &B IG &SWITCH &NETWORKS , & INC . & & & & &WWW.BIGSWITCH.COM& 5

EVOLUTION(OF(NETWORK(PROVISIONING:(1996Q2013(

1996( 2014(

Terminal&Protocol:&Telnet( Terminal&Protocol:&SSH(

©2013 &B IG &SWITCH &NETWORKS , & INC . & & & & &WWW.BIGSWITCH.COM& 5

EVOLUTION(OF(NETWORK(PROVISIONING:(1996Q2013(

1996( 2014(

Terminal&Protocol:&Telnet( Terminal&Protocol:&SSH(

The End Results?

Can We make things Simple? Provide direct control?

Why don’t we have direct control? •  Networking today: VerCcal integrated stacks

–  Similar to PC in 1980s (or phones in the early 2000s) –  No choice on interface –  Stuck with proprietary interfaces (even if bad!)

IBM’s Mainframe Cisco Routers

D.B.

O.S

CPU

COBOL Apps. VLANS

Switch O.S.

ASIC

L3 RouCng

Motorola Razor

Space invaders

Mobile Os

CPU

sms

ImplicaCons on Networking…

•  Restricted to ill defined vendor CLI

•  Limited innovaCon

•  Lots of Bugs!!! – Huge operaCng costs (OpEx)

•  Monopolies – Huge Mark-‐ups (CapEx)

So2ware Defined Networking

•  SDN decouples the control algorithms form the hardware –  Introduces a nice API for communicaCng directly with the

switches.

•  Switch OperaCng System: exposes switch hardware primiCves

Network O.S.

ApplicaCons ApplicaCons ApplicaCons

Southbound API

SDN

Switch OperaCng System

Switch Hardware

Network O.S.

ASIC

ApplicaCons ApplicaCons

Current Switch VerCcal stack

SDN Decouples

stack

WHAT’S(INSIDE(A(SWITCH?(

©2014 &B IG &SWITCH &NETWORKS , & INC . & & & & &WWW.BIGSWITCH.COM& 9&

ApplicaRon&

Network&OS&

Hardware&Driver&

Box&

Silicon&

Commodity parts!!!! HP, Dell brand OEM

Why Can we have a nice API?

Layer 3: (Distance vector) 1. Matches on IP address 2. Forwards on interface(link)

Layer 2: (Spanning Tree) 1. Matches on MAC address 2. Forwards on a port

OR 2. Floods the packet

Layer 2.5: (VLAN) 1.  Matches on VLAN 2.  2. Floods the packet

HP

RIP VLAN SPT

HP Magic Protocols

Cisco

RIP VLAN SPT

Cisco Magic Protocols

Juniper

RIP VLAN SPT

Juniper Magic Protocols

SPT = Spanning Tree RIP = Distance Vector

All switches match on Same part of packets

and perform same ac5on

ImplicaCons of SDN Current Networking SDN Enabled Environment

Controller (N. O.S.)

ApplicaCons ApplicaCons Distance Vector++

Southbound API

Switch O.S Switch HW



Global View

ProgrammaCc Control

Network O.S.

ASIC

ApplicaCons Distance Vector

Network O.S.

ASIC

ApplicaCons Distance Vector

Network O.S.

ASIC

ApplicaCons Distance vector

ImplicaCons Of SDN Current Networking SDN Enabled Environment


ApplicaCons ApplicaCons Distance vector

Southbound API




•  Distributed protocols •  Each switch has a brain •  Hard to achieve opCmal

soluCon •  Network configured indirectly

•  Configure protocols •  Hope protocols converge

•  Global view of the network •  ApplicaCons can achieve opCmal

•  Southbound API gives fine grained control over switch

•  Network configured directly •  Allows automaCon •  Allows definiCon of new interfaces

Network O.S.

ASIC


Network O.S.

ASIC


Network O.S.

ASIC


SDN Stack

•  Southbound API: decouples the switch hardware from control funcCon

–  Data plane from control plane

•  Switch OperaCng System: exposes switch hardware primiCves

Controller (Network O.S.)


Southbound API

SDN

Switch OperaCng System

Switch Hardware

SDN Timeline

2007 2008 2009 2010 2011 2012 2013 2014

OpenFlow incepCon

OpenFlow Campus Deployments

HP switches Use OpenFlow

Nicira Acquired For 1.2 Billion

Google’s B4

2014

Facebook makes SDN switches

Microso2’s SWAN

ONUG formed

ONF formed

ONUG Board & Members Include … •  Fidelity •  Bloomberg •  Bank of America •  JPMorgan Chase •  Gap Inc •  CiC •  UBS •  FedEx •  Cigna •  Credit Suisse •  Pfizer

29

SecCon2: WhiteBox Networking

Networking with Linux

Controller (Network O.S.)


Southbound API

SDN

LINUX!!!!!! Switch Hardware

32

SecCon 3: Southbound API: OpenFlow

OpenFlow •  Developed in Stanford

–  Standardized by Open Networking FoundaCon (ONF) –  Current Version 1.4

•  Version implemented by switch vendors: 1.3

•  Allows control of underlay + overlay –  Overlay switches: OpenVSwitch/Indigo-‐light PC

How SDN Works: OpenFlow



Southbound API

Switch H.W

Switch O.S

Switch H.W

Switch O.S

OpenFlow OpenFlow

OpenFlow: Anatomy of a Flow Table Entry

Switch Port

MAC src

MAC dst

Eth type

VLAN ID

IP Src

IP Dst

IP Prot

L4 sport

L4 dport

Match AcCon Counter

1.  Forward packet to zero or more ports 2.  Encapsulate and forward to controller 3.  Send to normal processing pipeline 4.  Modify Fields

When to delete the entry

VLAN pcp

IP ToS

Priority Time-‐out

What order to process the rule

# of Packet/Bytes processed by the rule

OpenFlow: Types of Messages §  Asynchronous (Controller-‐to-‐Switch)

§  Send-‐packet: to send packet out of a specific port on a switch §  Flow-‐mod: to add/delete/modify flows in the flow table §  Read-‐state: to collect staCsCcs about flow table, ports and individual flows §  Features: sent by controller when a switch connects to find out the features supported by a switch §  ConfiguraCon: to set and query configuraCon parameters in the switch

§  Asynchronous (iniCated by the switch) §  Packet-‐in: for all packets that do not have a matching rule, this event is sent to controller §  Flow-‐removed: whenever a flow rule expires, the controller is sent a flow-‐removed message §  Port-‐status: whenever a port configuraCon or state changes, a message is sent to controller §  Error: error messages

§  Symmetric (can be sent in either direcCon without solicitaCon) §  Hello: at connecCon startup §  Echo: to indicate latency, bandwidth or liveliness of a controller-‐switch connecCon §  Vendor: for extensions (that can be included in later OpenFlow versions)

37

SecCon 4: SDN Use Cases + Challenges

38

SDN Use Cases •  Network VirtualizaCon (VMWare, Azure) •  Port tapping (Big Switch’s BigTap) •  Access control (Big Switch’s SNAC) •  WAN Traffic Engineering (Google B4) •  DDoS DetecCon (Defense4All) •  Network OrchestraCon (OpenStack, VMWare)

39

SDN Use Cases •  Network VirtualizaCon (VMWare, Azure) •  Port tapping (Big Switch’s BigTap)

–  Cheaper more flexible version of Cisco’s port span –  Cisco’s port span: limited to 2 per switch. –  BigSwitch: limited to the number of ports on the switch

•  Access control (Big Switch’s SNAC) •  WAN Traffic Engineering (Google B4)

–  New funcConality –  Drive network uClizaCon up 80-‐90% –  Huge cost savings –  Dynamically adjust to failures

•  DDoS DetecCon (Defense4All) •  Network OrchestraCon (OpenStack, VMWare)

40

SDN Use Cases §  WAN-‐Traffic engineering

§  Google’s B4 (SIGCOMM 2013) §  Microso2’s SWAN (SIGCOMM 2013)

§  Network FuncCon VirtualizaCon: Service Chaining §  SIMPLIFY/FlowTags (SIGCOMM 2013, NSDI 2014) §  Slick (ONS 2013)

§  Network virtualizaCon §  Nicira, Azure, Google, §  VL2 & Portland (SIGCOMM 2009) §  CloudNaaS (SoCC 2011)

§  Seamless workload (VM) mobility §  (CrossRoads (NOMS 2012))

§  Data Center Traffic engineering §  RouCng elephant flows differently (Hedera – NSDI 2010) §  RouCng predictable traffic (MicroTE – CoNext 2011)

§  Port-‐Mirroring §  BigTap §  OpenSafe (INM/WREN 2011)

41

SecCon 5: Challenges

Controller Availability

42



Controller Availability

43



Controller Availability “control a large force like a small force: divide and conquer”

-‐-‐Sun Tzu, Art of war

44

•  How many controllers? •  How do you assign switches to controllers? •  More importantly: which assignment reduces

processing Cme •  How to ensure consistency between

controllers







SDN Reliability/Fault Tolerance

45



Controller: Single point of control •  Bug in controller takes the whole

network down

ExisCng network survives failures or bugs in code for any one devices

SDN Reliability/Fault Tolerance

46



Controller: Single point of control •  Bug in controller takes the whole

network down •  Single point of failure

ExisCng network survives failures or bugs in code for any one devices

SDN Security Controller: Single point of control • Compromise controller

47



If one device in the current networks are compromised the network may sCll be safe

SDN Security Controller: Single point of control • Compromise controller • Denial of Service ayack the control channel

48



Data-‐Plane LimitaCons •  Limited Number of TCAM entries

–  How to fit network in limited entries?

•  Limited control channel capacity –  Need to rate limit control messages

•  Limited switch CPU –  Limit control messages and acCons that use

CPU



Switch H.W

O.S

Conclusion

•  SDN à Ongoing Networking paradigm shi2 – Decouple Control from Data – MoCvaCng factors:

•  Lower cost: CapEx & OpEx •  New funcConality: e.g. Google’s B4

•  Whitebox Networking: commodity switches – Whitebox = bare-‐hardware + .O.S. –  Bare-‐metal = hardware.

networking+of+the+future:+ so2ware+deﬁned+network:+ day+8+ · splitload+between+s5+and+s6+ +...

Documents