software-defined networking architecture framework for...
TRANSCRIPT
Introduction Solutions Evaluation Summary
Software-Defined Networking ArchitectureFramework for Multi-Tenant Enterprise Cloud
Environments
Aryan TaheriMonfared
Department of Electrical Engineering and Computer ScienceUniversity of Stavanger
October 26, 2015
Introduction Solutions Evaluation Summary
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
Scope & Problem? & Solution!
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
Scope & Problem? & Solution!
Scope
Addressing challenges in ...1 ICT infrastructures of large-scale enterprises and NRENs.2 Cloud and data-intensive computing models.3 Rapidly growing service demands and business models.4 Focus: Networking Infrastructure and Services.
Introduction Solutions Evaluation Summary
Scope & Problem? & Solution!
Problems?
Challenges are ...1 Cloud computing characteristics introduce new challenges
to well-studied network functions.2 Significant increase in the data volume, velocity, and
variety.3 Network operation and maintenance have scalability and
efficiency issues:Rudimentary interfaces.Vertically integrated networking planes.Off-premises resources.
Introduction Solutions Evaluation Summary
Scope & Problem? & Solution!
Solutions!
3 Approaches ...1 Take advantage of data-intensive processing frameworks.2 Introduce new entities in Cloud model.3 Adapt new network architectures (e.g. SDN, NFV).
Introduction Solutions Evaluation Summary
Scope & Problem? & Solution!
Contributions:
A) Architectural improvements for network monitoring services:Data-intensive computing model.SDN mechanisms.
→ Advance the state-of-the-art in backbone and data centernetwork monitoring.
B) SDN architecture framework for large-scale infrastructure:
Re-implementation of traditional network functions usingnew mechanisms.Introduction of new functions to fulfill requirements of thenew computing model.
→ Enhance the efficacy, reliability, and manageability ofnetwork infrastructure.
Introduction Solutions Evaluation Summary
Cloud Networking
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
Cloud Networking
Virtual Networks in Cloud
Virtual Network (VN):VNs connect provisioned resources.Resources are VMs, containers, higher level services, etc.VNs are overlays on top of providers’ infrastructures.Providers establish and maintain VNs.
Introduction Solutions Evaluation Summary
Software-Defined Networking
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
Software-Defined Networking
Software-Defined Networking
Definition:New methods for network management and configuration.Abstractions between different layers of networking:→ Control plane: specification, distributed state, forwarding
Logically centralized controller (Network OS).Network programmability via controller.
Introduction Solutions Evaluation Summary
Software-Defined Networking
Network Operating System
Introduction Solutions Evaluation Summary
Software-Defined Networking
Control Plane Protocol
OpenFlowAn approach for forwarding abstraction.Separate forwarding plane from control plane physically.One control plane can manage multiple forwarding planes.
OpenFlow Switch Spec (+ OpenFlow Wire protocol)OF switch has a set of flow tables, and a group table.OF controller add/update/delete flow entries.Flow entry has a matching pattern, ordered actions,priority, counters.
Introduction Solutions Evaluation Summary
Software-Defined Networking
OpenFlow Rules
OFPST_FLOW rep l y (OF1. 3 ) ( x id =0x2 ) :# PRIORITY # MATCH # ACTION
i n _ p o r t =1 , d l_s rc = fa :16 :3 e :1 a :26 :5 c ac t ions= s e t _ f i e l d :0 x1−>tun_id ,go to_ tab le :10
i n _ p o r t =2 , d l_s rc = fa :16 :3 e : 9 0 : c1 :19 ac t ions= s e t _ f i e l d :0 x1−>tun_id ,go to_ tab le :10
d l_ type =0x88cc ac t ions=CONTROLLER:65535p r i o r i t y =8192 , tun_ id =0x1 ac t ions=goto_ tab le :20
tun_ id =0x1 , d l_ds t = fa :16 :3 e :6 a :3 e :13 ac t ions=output : 3 ,go to_ tab le :20
p r i o r i t y =8192 , tun_ id =0x1 ac t ions=drop
Introduction Solutions Evaluation Summary
Software-Defined Networking
Management Plane Protocol
Don’t forget the management plane!As important as control plane (e.g. OpenFlow).Configure several devices with single management plane.
Examples1 Open vSwitch DataBase (OVSDB) management protocol:
OF-Config can be implemented on top it.More than virtual entities (Pica8, HP).
2 OpenFlow-Config protocol3 NETCONF
Introduction Solutions Evaluation Summary
Software-Defined Networking
OVSDB Example
5476c254−6f4e−4a1a−be8e−b14837dd06b8Manager " tcp :192.168.10 .1 :6640"Br idge br−i n t
C o n t r o l l e r " tcp :192.168.10 .1 :6633"fa i l_mode : securePor t "em1"
I n t e r f a c e "em1"type : system
Por t br−i n tI n t e r f a c e br−i n t
Por t tap−wer23w2eqI n t e r f a c e tap−wer23w2eq
Por t tap−podf123pI n t e r f a c e tap−podf123p
Por t " gre −172.16.10.5"I n t e r f a c e " gre −172.16.10.5"
type : greopt ions : { key=f low , l o c a l _ i p ="172 .16 .10 .2 " ,
remote_ip ="172 .16 .10 .5 " ,tos= i n h e r i t }
ovs_vers ion : " 2 . 3 . 0 "
Introduction Solutions Evaluation Summary
Software-Defined Networking
Traditional vs SDN
Introduction Solutions Evaluation Summary
Network Function Virtualization
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
Network Function Virtualization
Network Function Virtualization
Definition:Network architecture.Utilizes virtualization for delivering network functions.Functions realized in software.Deployed on standard hardware.Decoupled from proprietary hardware.Evolve beyond HW life-cycles.
Introduction Solutions Evaluation Summary
Network Monitoring Services
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
Network Monitoring Services
Monitoring Service Distribution
Introduction Solutions Evaluation Summary
Overview
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
Overview
Contributions Overview
Introduction Solutions Evaluation Summary
Backbone Network Monitoring
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
Backbone Network Monitoring
Paper 2:
Real-Time Handling of NetworkMonitoring Data Using aData-Intensive Framework
Introduction Solutions Evaluation Summary
Backbone Network Monitoring
Simplified Backbone Network
Introduction Solutions Evaluation Summary
Backbone Network Monitoring
Data Characteristics
Sampling rate: 8Number of routers as data source: 2Average number of monitoring records: 22 M/dayAverage volume of monitoring records: 60 GB/dayAnonymized records.Possibly various protocols.
Introduction Solutions Evaluation Summary
Backbone Network Monitoring
ProblemsProper network operation requires efficient monitoring.Various monitoring instruments and protocols exist.Challenging characteristics of the monitoring data.Diverse query types are required:(e.g. exploratory ad-hoc vs. long-term planned)
ContributionsScalable and flexible storage.Real-time processing, long-term analysis.Protocol independent.
Introduction Solutions Evaluation Summary
Backbone Network Monitoring
Monitoring Components
Introduction Solutions Evaluation Summary
Backbone Network Monitoring
Results
Support various query types:ad-hoc, exploratory, long-term planned, trend discovery.
Long-term queries (150 days): ∼25min vs. not possible.Ad-hoc queries: 3-OM faster than traditional tools.One size doesn’t fit all.
Introduction Solutions Evaluation Summary
SDN Controlled Cloud Platform
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
SDN Controlled Cloud Platform
NREN Infrastructure (Zoom-in)
Introduction Solutions Evaluation Summary
SDN Controlled Cloud Platform
High-Level Data Center Architecture
Introduction Solutions Evaluation Summary
SDN Controlled Cloud Platform
Cloud Networking Details (Isolation Techniques)
Introduction Solutions Evaluation Summary
SDN Controlled Cloud Platform
Cloud Networking Details 2 (Internal Services)
Introduction Solutions Evaluation Summary
SDN Controlled Cloud Platform
So what?
ProblemsCurrent solutions are not scalable.Not flexible.No knowledge of multi-tenancy.
SolutionsAdapt SDN architecture.Use Cloud controller knowledge.
Introduction Solutions Evaluation Summary
SDN Controlled Cloud Platform
NREN Infrastructure with an SDN Controller
Introduction Solutions Evaluation Summary
SDN Controlled Cloud Platform
High-Level Data Center Architecture with an SDNController
Introduction Solutions Evaluation Summary
Tenant Virtual Network Monitoring
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
Tenant Virtual Network Monitoring
Paper 1:
Multi-Tenant NetworkMonitoring Based onSoftware-Defined Networking
Introduction Solutions Evaluation Summary
Tenant Virtual Network Monitoring
Monitoring Each Tenant Network Activity UsingTraditional Tools
Introduction Solutions Evaluation Summary
Tenant Virtual Network Monitoring
So what?
Challenges
Complex stakeholders relationship.Multi-tenancy, and elasticity.Unreliability of traditional tools in a heterogeneous infra.Growing demand for monitoring.
ApproachesAdapt traditional mechanisms:e.g. Use IP header, DL header, Virtual components
Use SDN mechanisms.
Introduction Solutions Evaluation Summary
Tenant Virtual Network Monitoring
Monitoring Components
Introduction Solutions Evaluation Summary
Tenant Virtual Network Monitoring
High-Level View with Per-Tenant Monitoring
Introduction Solutions Evaluation Summary
Virtual Network Flavor
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
Virtual Network Flavor
Paper 4:
Virtual Network Flavors:Differentiated TrafficForwarding for Cloud Tenants
Introduction Solutions Evaluation Summary
Virtual Network Flavor
Virtual Machine Flavors
As you know ...Virtual Machines have flavors.VM flavor specifies the VM properties.# vCPU, Memory, Block Device, vNIC Rx/Tx Ratio
However ...Virtual Networks don’t have flavors.Not possible to specify VN properties.
Introduction Solutions Evaluation Summary
Virtual Network Flavor
Under and Overlays Controlled by an SDN Controller
Introduction Solutions Evaluation Summary
Virtual Network Flavor
Virtual Network Flavor
ContributionsDefining Flavors and delivering QoS for VNs.Overlay traffic classification and steering in the underlay.Differentiated forwarding of overlays across the underlay.Exploiting meters, queues, and path diversity.Reflecting flavors in DSCP/Flow Label fields.
Traffic Engineering Strategy1 Path Length: # hops2 Meters: Per-flow, fine-grained, OpenFlow3 Queues: Per-port, better guarantees, OpenFlow, OVSDB4 Meters and Queues
Introduction Solutions Evaluation Summary
Virtual Network Flavor
VN Flavor & Evaluation Scheduling
VN Flavor Specifies ...Coarse-grained traffic classes.End-to-end priority.Maximum throughput.
Evaluation Scheduling MethodsUse to resemble realistic workload scenariosVNs evaluation concurrency (c: false/true)VMs evaluation concurrency (i: false/true)
Introduction Solutions Evaluation Summary
Virtual Network Flavor
CDF of the 90th percentile TCP throughput for each classindependent of the scheduling approach.
0
0.2
0.4
0.6
0.8
1
100 200 300 400 500 600 700 800
CD
F
Rate (Mbps)
Class 3Class 2Class 1Class 4
Introduction Solutions Evaluation Summary
Monitoring Service Orchestration and Transport
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
Monitoring Service Orchestration and Transport
Paper 5:
On the Feasibility of DeepPacket Inspection forMulti-Tenant Data CenterNetworks
Introduction Solutions Evaluation Summary
Monitoring Service Orchestration and Transport
Payload Analysis in DC Network
ProblemsPacket payload analysis is costly.Not feasible in a multi-tenant DC network.No choke-point.Customers and providers need it.
ApproachUse commodity devices (networking, compute).Distribute the service.Orchestrate distributed components.
Introduction Solutions Evaluation Summary
Monitoring Service Orchestration and Transport
Monitoring Components
Introduction Solutions Evaluation Summary
Monitoring Service Orchestration and Transport
Monitoring Service Orchestration and Transport
Introduction Solutions Evaluation Summary
Monitoring Service Orchestration and Transport
Monitoring Service Orchestration and Transport
ContributionsFind switches and monitoring hosts for designated flows
Avoid network congestionMinimize service overhead
→ Combinatorial optimization problemProgram the network
Fast path calculation algorithmSDN programming
Results27000 hosts, 2800 switches.
⇒ 10% of network traffic processed by 0.5% of hosts and20% switches.
Introduction Solutions Evaluation Summary
Monitoring Service Orchestration and Transport
Monitoring Service Design
Introduction Solutions Evaluation Summary
Monitoring Service Orchestration and Transport
Path Finding Evaluation
0.1
1
10
100
1000
10000
100000
0 5 10 15 20 25 30 35 40 45 50
Pair p
er
second
K (Number of ports)
Numeric with subpathsNumeric without subpaths
YKSP with subpathsYKSP without subpaths
Introduction Solutions Evaluation Summary
Monitoring Service Orchestration and Transport
Monitoring Switches & Hosts for Various Inputs
Monitoring Switches Monitoring Hosts
520
540
560
580
600
620
640
0 1 2 3 4 5 6 7
#M
onS
w
Inputs
Late AcceptanceSimulated Annealing
Tabu Search
0
50
100
150
200
250
300
350
400
0 1 2 3 4 5 6 7
#M
onH
ost
Inputs
Late AcceptanceSimulated Annealing
Tabu Search
Introduction Solutions Evaluation Summary
Tenant Controlled Virtual Networks
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
Tenant Controlled Virtual Networks
Paper 3:
Flexible Building Blocks forSoftware Defined NetworkFunction Virtualization
Introduction Solutions Evaluation Summary
Tenant Controlled Virtual Networks
Virtual Networks Controlled by Tenants
ProblemsCompute resources are controlled by tenants.Network resources are not.VNs have limited functionality.Proprietary APIs.
ContributionsNew approach for network virtualization.Dedicated networking components for each tenant.Direct and full control.Standard/Open protocols.
Introduction Solutions Evaluation Summary
Tenant Controlled Virtual Networks
Traditional VMs connectivity
Introduction Solutions Evaluation Summary
Tenant Controlled Virtual Networks
Tenant Controlled Virtual Networks
Introduction Solutions Evaluation Summary
Tenant Controlled Virtual Networks
Evaluation – Reachability Time
⇒ Start-up time increased for the first few VMs.
Introduction Solutions Evaluation Summary
Tenant Controlled Virtual Networks
Evaluation – TCP Bandwidth
⇒ Throughput is decreased ∼ 12%.
Introduction Solutions Evaluation Summary
Overview
Outline1 Introduction
Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services
2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks
3 EvaluationOverview
4 Summary
Introduction Solutions Evaluation Summary
Overview
Implementation & Deployment & Operation
Implementation6 modules for OpenDaylight SDN controller.2 extensive evaluation frameworks for OpenStack.Automated topology generation.Open Source: https://github.com/aryantaheri
Testbeds’ Purposes
1 Feasibility Analysis2 Development
3 Prototyping4 Production Evaluation
Infrastructure Operation & Maintenance
Monitor Configure Deploy
Introduction Solutions Evaluation Summary
Thank you!
Questions? & Answers!
Introduction Solutions Evaluation Summary
NREN Infrastructure with an SDN Controller
Introduction Solutions Evaluation Summary
Introduction Solutions Evaluation Summary
SDN Controller
Introduction Solutions Evaluation Summary
Network Operating System
Introduction Solutions Evaluation Summary
High-Level Data Center Architecture with an SDNController
Introduction Solutions Evaluation Summary
Underlay and Overlays Controlled by an SDNController
Introduction Solutions Evaluation Summary
Testbed
Introduction Solutions Evaluation Summary
VN Flavor – Programming Endpoints
Classifying OverlaysMarking Tunnel Packets
Introduction Solutions Evaluation Summary
DPI – Evaluation
Numeric Path Finder Algorithm# calculated paths per second# calculated sub-paths after finding a limited number ofpaths
Optimization SolverInputs:topology, traffic characteristics, monitored traffic, resource cost
Service costResources usage stats (switch, host)Resource utilization stats (reuse frequency)Switch distribution and aggregated layer usageMonitoring switch-host distance stats
Introduction Solutions Evaluation Summary
DPI – Monitoring Paths
Introduction Solutions Evaluation Summary
DNB – Internal Structure
Introduction Solutions Evaluation Summary
DNB – Internal Structure
Introduction Solutions Evaluation Summary
DNB – Logical Overlay Networks
Introduction Solutions Evaluation Summary
DNB – PacketFlow
Introduction Solutions Evaluation Summary
DNB – Reachability Time
DNB DNB/CNB
Introduction Solutions Evaluation Summary
DNB – TCP Bandwidth
Introduction Solutions Evaluation Summary
Future Directions I
GeneralInter-Data Center Virtual Networks.Integration of contributions as a unified solution.Enterprise security enforcement and incident responseusing SDN.Tor implementation.Extend evaluations.
Introduction Solutions Evaluation Summary
Future Directions II
Backbone Monitoring
Study streaming solutions and impacts.Packet capture and payload analysis.Porting existing software (Suricata/Snort).Automatic trend discovery and scheduled jobs.Feedback to SDN controller.
Introduction Solutions Evaluation Summary
Future Directions III
Tenant VN MonitoringAlerting, billing, accounting.Live migration and automated quarantine mechanisms.Integration with real-time processing framework.
Introduction Solutions Evaluation Summary
Future Directions IV
VN FlavorInter-DC VN flavor.VN Embedding algorithm (transit switch access).Integration with tenant-dedicated network switches.
Introduction Solutions Evaluation Summary
Future Directions V
DPIFocus on processing.Distributed processing logic (single tenant/flow distributedon several processing node).Templates for traffic flows (reduce optimization time).Integration with real-time processing framework.
Introduction Solutions Evaluation Summary
Future Directions VI
Tenant Controlled VNTenant transport network enhancement.Implementation in the kernel TCP/IP stack.Inter-DC architecture.