Administrivia - Computer Science sn624/552-F18/lectures/09-sdn-cp.pdf¢  RCP RCP RCP RCP tells routers

  • View
    1

  • Download
    1

Embed Size (px)

Text of Administrivia - Computer Science sn624/552-F18/lectures/09-sdn-cp.pdf¢  RCP RCP RCP RCP...

  • Administrivia • Paper assignments for reviews 2 and 3 are out

    • MUD: send me your top 1—3 questions on this lecture

    • Gear up for course project: Sample ideas are out • Do make friends with & team up with the others in this room • Do brainstorm your own ideas with your friends and with me • Do check with me about the “significant programming” requirement • Do make the best use of office hours starting today

  • Lecture 9, Computer Networks (198:552)

    Software-Defined Networking: Principles

  • Traditional IP routers

    Switching fabric

    Processor

    Net interface

    Net interface

    Net interface

    Net interface

    Data plane

    Control plane

    BGP OSPF

    Management plane

    • Management plane • Network-wide views • Configure routers

    • Control plane • Track topology • Compute routes • Install forwarding rules

    • Data plane • Forward, filter, buffer,

    drop, mark, rate-limit • Traffic statistics

  • Problems with traditional routers • Management decisions tied to distributed protocols • Ex: Set OSPF link weights to force traffic through desired path • Ex: Non-deterministic network state after a link failure

    • Data and control plane controlled by vendors: proprietary interfaces

    ? X

  • Traditional IP network

    Data plane

    Data plane

    Data plane

    Management plane

    Data plane

    Control plane

    Control plane

    Control plane

    Control plane

  • SDN (1/2): Centralized control plane

    Data plane

    Data plane

    Data plane

    SDN controller

    Data plane

    Control planes lifted from switches … into a logically centralized controller … running in a compute cluster

  • SDN (2/2): Open interface to data plane

    Data plane

    Data plane

    Data plane

    SDN controller

    Data plane

  • Some immediate consequences…

  • (1) Simpler switches

    Data plane

    Data plane

    Data plane

    Small set of hardware instructions.

    SDN controller

    Data plane

  • Data plane primitive: Match-action rules • Match arbitrary bits in the packet header

    • Match on any header, or new header • Allows any flow granularity

    • Actions • Forward to port(s), drop, send to controller, count, • Overwrite header with mask, push or pop, … • Forward at specific bit-rate

    • Prioritized list of rules

    HeaderData Match: 1000x01xx01001x

    Action: fwd(port 2)

    Priority: 65500

  • (2) Network programming abstractions

    Data plane

    Data plane

    Data plane

    Application

    SDN controller

    Application Application Write modular apps and compose them

    Data plane

  • (3) Unified network operating system

    Data plane

    Data plane

    Data plane

    Application Network Operating System

    Application Application

    Separate distributed system concerns from management policy

    Data plane Persist app state Graceful failover Replication for perf

  • Composition of Policies

  • Combining many networking tasks

    SDN controller

    Route + Monitor + FW + LB

    Monolithic application

    Hard to program, test, debug, reuse, port, …

  • Modular controller applications

    SDN controller

    Each module partially specifies the handling of the traffic

    LBRouteMonitor FW

  • Network policy as a function • Located packet: headers + switch + port

    • Policy: function of a located packet • To a set of located packets: multicast, drop, forward

    • Function can modify packets • Headers and location

    dstip == 1.2.3.4 & srcport == 80 à port = 3, dstip = 10.0.0.1

    1 3

    2

    Match Action

  • Parallel composition (+)

    SDN controller

    Route on dst prefix

    Monitor on source IP +

    dstip == 1.2/16 à fwd(1) dstip == 3.4.5/24 à fwd(2)

    srcip == 5.6.7.8 à count srcip == 5.6.7.9 à count

    srcip == 5.6.7.8, dstip == 1.2/16 à fwd(1), count srcip == 5.6.7.8, dstip == 3.4.5/24 à fwd(2), count srcip == 5.6.7.9, dstip == 1.2/16 à fwd(1), count srcip == 5.6.7.9, dstip == 3.4.5/24 à fwd(2), count

  • Example: Server load balancer • Spread client traffic over server replicas • Public IP address for the service • Split traffic based on client IP • Rewrite the server IP address

    • Then, route to the replica

    clients

    1.2.3.4

    load balancer

    server replicas

    10.0.0.1

    10.0.0.2

    10.0.0.3

  • Sequential composition (>>)

    SDN controller

    RoutingLoad Balancer >>

    dstip==10.0.0.1 à fwd(1) dstip==10.0.0.2 à fwd(2)

    srcip==0*, dstip==1.2.3.4 à dstip=10.0.0.1 srcip==1*, dstip==1.2.3.4 à dstip=10.0.0.2

    srcip==0*, dstip==1.2.3.4 à dstip = 10.0.0.1, fwd(1) srcip==1*, dstip==1.2.3.4 à dstip = 10.0.0.2, fwd(2)

  • Implications & Challenges

  • What does SDN make possible/easy? • Expressing forwarding intent directly • Example path: sw==S1àfwd(4) + sw==S2àfwd(1) + sw==S3àfwd(7)

    • Reading state: Measurement through counters • Measure exactly the traffic you care about • Can modify forwarding to make measurements more accurate!

    • Deterministically and swiftly handle data plane failures • Google’s B4: Failover to pre-computed outcomes

    S1 S2 S34 3 1 2 7

  • What does SDN make possible/easy? • Network policy verification • Correctness: Reachability, loop-freedom, SLO violations, etc. • Performance

    • Better router data plane design • Decouple evolution of router instruction sets and network policy

    • Apply the SDN philosophy to system design as a whole • Stateful “network functions” that reside in the core of the network • Operating systems • End host NICs •

  • Technical challenges of SDN • Scalability: controller responsible for many routers • Response time: Delays between controller and routers • Reliability: surviving failures of the controller & data plane • Consistency: • Ensuring multiple controllers behave consistently • Ensuring controller policy is faithfully implemented

    • Security: • Entire network may be owned if the controller is vulnerable

    • Interoperability: legacy routers and neighboring domains

  • Routing Control Platform (RCP) Usenix NSDI ’05

    Caesar et al.

  • Separating interdomain routing from routers • Compute interdomain routes for the routers • Input: BGP-learned routes from neighboring ASes • Output: forwarding-table entries for each router

    • Backwards compatibility with legacy routers • RCP speaks to routers using iBGP protocol • Installing

    • Routers still run intradomain routing protocol • So the routers can reach the RCP • To reduce overhead on the RCP

    RCP

    Autonomous System

  • Example: DoS blackholing

    • Filtering attack traffic • Measurement system detects an attack • Identify entry point and victim of attack • Drop offending traffic at the entry pointRCPnull

    route

    DoS attack

  • Example: Maintenance dry-out

    • Planned maintenance on an edge router • Drain traffic off of an edge router • Before bringing it down for maintenance

    d

    egress 1

    egress 2

    RCP use egress 2

  • Example: Egress selection

    •Customer-controlled egress selection • Multiple ways to reach the same destination • Giving customers control over the decision

    egress 1

    egress 2

    data center 1

    data center 2

    hot-potato routing

    RCP use egress 1

    customer sites

  • Example: Better BGP security

    • Enhanced interdomain routing security • Anomaly detection to detect bogus routes • Prefer “familiar” routes over unfamiliar

    d???? egress 1

    egress 2

    RCP use egress 2

    d

  • Example: Saving router memory • Reduce memory requirements on routers • Strip BGP route attributes (except prefix and next-hop) • Combine related prefixes into a single route

    RCP BGP with other ASes

    12.0.0.0/16 à nh 1 12.1.0.0/16 à nh 1

    12.0.0.0/15 à nh 1

  • Discussion of RCP • Centralizing control logic allows formalizing correctness properties • … even if the existing solutions don’t actually uphold them! • e.g., loop freedom, same egress router throughout path within AS

    • Reliability, consistency, and performance from the start • Network partitions & RCP—network partitions • RCP replica failures • Processing high rates of route computations (e.g., IGP changes)

    • Performance metrics & testing methodology • Message processing: delay, throughput, memory • Real-time convergence delays: may be less than iBGP-mesh • Other metrics?

  • OpenFlow: Enabling Innovation in Campus Networks

    ACM CCR ‘08 McKeown et al.

  • Program networks using simple rules • Goals: high-performance low-cost progra