Roberto di LalloGabriele Lospoto

Massimo RimondiniGiuseppe Di Battista

• Federated networks:independent but collaborating partners that share resources; promising approach but limited technological progress.• Software-Defined Networking (SDN): established approach, mostly applied within data centers; most adopted specification:OpenFlow.

• Leverage SDN on Customer Premises Equipment (CPE) to support connectivity between the private networks of federated partners.• Use simple Network Address and Port Translation (NAPT) to comply with standard IP-based Internet routing. Machines in Customer Site 1 (with a private IP addressing plan),

attached to ISP1, may want to communicate with machines in Customer Site 3 (with another private IP addressing plan), attached to ISP2.

CustomerSite 1

CustomerSite 2

CustomerSite 3

CustomerSite 4

CPE1

CPE2

CPE3

CPE4

ISP1 ISP2C1C2

Each ISP runs an IP backbone and has an SDN controller that a) knows customers' private address spaces, b) has a pool of public IPs, and c) manages CPEs. Controllers can speak with each other.

1) [Optional: Controllers exchange customers' locations and private IP address spaces (IP_Map)].2)

C1 C2

Pkt(src [pvt_IP:pvt_PORT],dst[pvt_IP:pvt_PORT])

IP_Map

PacketInFind_Ctrl

CPE1 CPE3

Bind_SignalingMap_Request

Map_Reply

FlowModification

Barrier Reply

ACK

Barrier RequestFlowModification

Pkt(src [pbl_IP:pbl_PORT],dst[pbl_IP:pbl_PORT])

Ctrl_IP2A (TCP/UDP) data packet is received by CPE1, which sends it to controller C1. The latter picks a public IP used to map the

packet's source IP, and locates the recipient's controller C2 [Optional: using Find_Ctrl to query a directory service].

3) C1 notifies C2 of the binding between the source private IP and the public IP. C1 asks C2 (Map_Request) for another mapping to be used for the destination IP.

4) C2 installs IP address translation rules on CPE3 (FlowModification), waits for confirmation (Barrier Request), and acknowledges C1 (Map_Reply or ACK). C1 then installs IP translation rules on CPE1.

5) Data packets can travel from Customer 1 to Customer 3 without further involving the controllers. Translations for packets traveling in the opposite direction can be set up similarly.

3

1

4

5

[1] “Cloud federation in a layered service model,” Journal of Computer and System Sciences, vol. 78, no. 5, 2012.[2] P. Sun, L. Vanbever, and J. Rexford, “Scalable programmable inbound traffic engineering,” SOSR 2015.[3] NoviFlow, Inc. NoviNID 106 OpenFlow 1.3 CPE Switch http://noviflow.com/products/novinid/[4] University of Twente SimpleWeb PCAP Traces http://www.simpleweb.org/wiki/Traces

Unlike standard NAPT......we alter source AND destination IP/port...and restore them at the remote end (like tunnels, without encapsulation)No need for "NAT traversal/punching"

Queue-based simulation to assess end-to-end connection establishment latency, using data from [4] and Pareto service times. Functional tests in Mininet + Open vSwitch.3 address mapping strategies:• Client Port Preservation (CPP): map source IP only, unless port collisions occur• Lazy Address and Port Selection (LAPS): map also port• Client Announces Port Selection (CAPS): IP/port mappings decided by the sender's controller (fewer messages needed)

{dilallo,lospoto,rimondini,gdb}@ing.uniroma3.it

SDN controllerprototype:goo.gl/7DP2NM

0%10%20%30%40%50%60%70%80%90%

100%

1 10 100 1000 10000

Perc

enta

nge

of c

onne

ctio

ns

Connection establishment latency (ms)

CPP StrategyCAPS StrategyLAPS Strategy

Overlapping customer address spaces, inter-controllersignaling protocol + cache, other port mapping strategies, PoC

(described only for IPs: TCP/UDPport handling is analogous)