Internet2SDNSupportTheProgrammableForwardingEnvironment*

JohnHicksMattZekauskas

2017Internet2TechnologyExchange

• Motivation• Wherewecamefrom• Overlaysetup• Onrampprocedure• Usecases• Future

Overview

[2 ]

• Weneedaprogrammablenetworkwherewe(andothers)cantakeriskswithoutimpactingproduction– Reducefrictionfromthoroughacceptancetestingfornewprojects– Useseparatehardwaretoimplementanoverlaynetwork– Supportdirectremoteaccessforcontrollers.

• Collocatecomputewithhardwarebasedswitching– SupportNFVandofSDNexploration– Allowforlocalcontrollers– SupportalternativenetworkapproacheslikeICN

Motivation

[3 ]

TheProgrammableForwardingEnvironment

• BuildaresearchinfrastructuretosupportSDNasanoverlaynetwork– Provideamoreagileplatformforthenetworkanddistributedsystemsresearchcommunityinanoverlay

• Supportmuchofthedisciplineresearchneedsinthecore– APIsfordynamicVLANgeneration

• ReceivedsupportfromtheGENIProjectOfficetoprovideOpenFlow 1.3capableoverlay

[4 ]

• Motivation• Wherewecamefrom• Overlaysetup• Onrampprocedure• Usecases• Future

Overview

[5 ]

Wherewecamefrom

• OperatingSDNNetworks– baseAL2SonOpenFlow– PossibletobuildandoperateareliableLayer2andLayer3networkontopofaSDN

substrate– PossibletosupportmultiplecontrollersconcurrentlyonanSDNsubstratethrough

softwarevirtualization– VendorimplementationsofOpenFlow 1.0werebuggyandincomplete– VendorimplementationsofOpenFlow 1.3wereveryslowtoappear,aswellasbuggyand

incomplete(especiallyforhardwaresupportingmany100GEinterfaces)– Buildinganetworksoftwarestackrequiresabsolutelyrigoroustesting– Supportingmultiplecontrollersconcurrentlyonaproductionnetworksoftwarestack:

• RequiressignificantFTEresources• Movesslowerthanresearchersareaccustomed

(Former)ControllingaSliceonInternet2

• Requestaslice(email:noc@internet2.edu)• ReceiveaquestionnairefromInternet2NOC• SubmitquestionnairetoInternet2• DownloadFSFW;tryyourcontrollerinthatenvironment

– http://globalnoc.iu.edu/sdn/fsfw.html/• Usemininet simulationofAL2Sforcorrectnesstesting• Submityourpackage

– Gooddocumentationacceleratesprocess!– Goodloggingacceleratesprocess!

• Internet2NOCtestsyourcontrolleronourtestbed (AKAiDREAM GENIenvironment)– Problems->Gobackonestep

• Internet2deploysyourcontrolleronInternet2Network

• Motivation• Wherewecamefrom• Overlaysetup• Onrampprocedure• Usecases• Future

Overview

[8 ]

• TheInternet2ProgrammableResearchEnvironmentconsistsofeightsitesontheAL2Sbackbone:– Seattle,LosAngeles,SaltLakeCity,KansasCity,Houston,Cleveland,Atlantaand

NewYork

[9 ]

Overlaysetup

• Eachsitecontains:– DellServer– Corsa Switch– Multiple10GEinterconnectsprovidedviaAL2S

– 10GEAL2Sportforonramp/offramp

[10 ]

Overlaysetup 3 Degree SDN Overlay Site

Overlay SDN Corsa DP2xxx

AL2S Juniper MX960

Internal Management

Network

Virtual Switch Virtual Switch

SDN Server Dell 630

controller VM controller VM

10G

10G 10G 10G 10G

1G

1G

1G

WAN

100G 100G 100G

2c 2d 2e 2f

2a

3b 3c 3d 3e

3g 3h 3i

1b 1c

2b

3f

10G

1a

3a

• AL2Scircuitsinterconnectsites,circuitsfollowphysicalinfrastructure– Butthisisnotrequired

• Eachslicegetsitsownsetoflogicalcircuits

• Tothecontrolplane,theselookjustlikedirect10GEadjacencies

• Eachslicehasitsowndedicatedmanagementnetwork.

[11 ]

Internal- Whatitlookslike

• Eachslicegetsadedicatedprivatemanagementnetwork

• Avirtualbastionserverisprovidedforaccessifneeded

• BastionprovideslimitedNATsupporttoallowOpenFlow connectionstoremotecontrollers

• Sliceusersnowhavechoicetoruncontrolleronournetworkorintheirlab.

[12 ]

Slicemanagementnetwork

• Motivation• Wherewecamefrom• Overlaysetup• Onrampprocedure• Usecases• Future

Overview

[13 ]

Ageneralcustomerconnectionscenario

[14 ]

Onrampprocedure

• Determinethetopologyofthedesiredslice(whichnodestoinclude)

• Determinewheretheprojectsdataplanewithconnecttotheoverlay(e.g.AL2Scircuitsbetweenthehomeinstitutionorprojectrelatedfacilitiesandthenearestoverlaynode)

• Determineiftheprojectcontrollerwillbeinternalorexternaltotheoverlay

• DeterminetheOpenflow rulesneededintheproject(usedtoseeiftheCorsa implementationofOF1.3iscompatiblewiththeproject’sneeds)

[15 ]

Collectinformation:

• ContacttheGRNOCtorequesta‘slice’ontheoverlaynetworkwiththefollowinginformation:– Providethetopology(nodes&links)– Includethelocationsofyourexternaldataplaneconnections– ProvideOFrulesneededfortheproject– Controllerinformation:• Internal– WewillprovidetheaddressandporttoconnecttoyourVM• External– IPaddressofthecontroller

[16 ]

Maketherequest:

• PIand/orCo-PI• Shortabstractoftheprojectincludingdesiredoutcomes• Indicateiftheprojectisfunded• Ifso,bywhomandprovidegrant#ifapplicable

• Durationoftheproject

[17 ]

Maketherequest(cont.):

• TheInternet2NOCwillprovidesupportfortheinitialsetupandtoensurethatthecomponentsareconfigureproperly.However,onceinitialconnectivityisestablishedtheInternet2NOCwillonlyinterveneoninfrastructureand/orsecurityrelatedissues.TheInternet2NOCwillnot,forthemostpart,helpwithdebuggingcontrollerapplications.

• Ifcustomersfeelthatthereisaninfrastructurerelatedissue,theyareencouragedtoopenaticketwiththeInternet2NOC.Theticketshouldreferencetheoverlayprojectandhaveadescriptionoftheissue

[18 ]

Ongoingsupport:

• Motivation• Wherewecamefrom• Overlaysetup• Onrampprocedure• Usecases• Future

Overview

[19 ]

• SOS isaparadigmfornetworkservicesdeliverythatenablesoperatorstodelivernetworkserviceswithoutanysetuprequirementsonusermachines

• SOS utilizesOpenFlow toredirectapplicationspecifictraffictoapplicationspecificserviceagents

• SOSalsorewritespacketheadersforaservicetoremainseamlesstousers• TheSOSserviceoptimizeslargevolumeTCPdownloadsacrossalarge

delay-bandwidth-productwideareanetwork• SOSserviceagentsonbothendsoftheconnection– seamlesslyterminateauserTCPconnection– launchesasetofparallelTCPconnections– leveragesmultiplepathswhenavailabletomaximizethroughput

SteroidOpenFlow Services(SOS)

[20 ]

[21 ]

SOS

[22 ]

SOS

[23 ]

SDX

• End-to-EndNetworktroubleshootingrequiresthevisibilityonahop-by-hopbasis

• End-to-Endtroubleshootingshouldalsobeabletolookat“flowsofinterest”in“virtualpaths”.

• ThisdemoistheanexplorationintousingSDNTrace,perfSONAR,andothertoolstolookatthese“virtualpaths”onanetworkhop-by-hop.

• Theexplorationwillvalidatethe“virtualpath”bystartingaclientanddynamicallyplacingthetoolsinthe“virtualpath”.

[24 ]

SDNTrace

[25 ]

SDNTrace

• Motivation• Wherewecamefrom• Overlaysetup• Onrampprocedure• Usecases• Future

Overview

[26 ]

• Continuetosupportresearchers• Ifyouhaveaprojectthatcouldusethisprogrammableresearchenvironment– letusknow!

• LookingforSDNprojectsusingtechnologyotherthanOpenFlow• Looktowardmoreautomaticslicecreating(basedonexperience)• Possiblydeploy100Gpathondesignatednodesforhighbandwidthapplications

Future- nextsteps

[27 ]