Embed Size (px)
Citation preview
SFA: Stateful Forwarding Abstraction in SDN Data Plane
Shuyong Zhu, Jun Bi*, Chen Sun
Tsinghua University, China
Open Networking Summit 2014
2014.03.03
Problem Statement
• “Traditional” SDN data plan paradigm, i.e., OpenFlow paradigm
• Powerful enough as abstraction of most data plan functions
• Simple enough for implementing an unified data plan device
• Other advantages……………………………..
Action
Problem Statement
• “Traditional” SDN data plan paradigm, i.e., OpenFlow paradigm
• However, could we still improve the paradigm towards improving programmability in data plan ?
• Limited support for stateful functions in this data plane paradigm – “Complex” data plan functions have to be implemented as APPs sitting on
top of the controller
– Scalability issue: controller has to maintain states in data plan, the communication bottleneck between control plan and data plan
– Feedback loop issue: processing delay between control plan and data plan
Action
Our Proposed Solution
• “Traditional” SDN data plan paradigm, i.e., OpenFlow paradigm
• “New” SFA paradigm (adding Abstraction for Stateful Forwarding)
Action
Action
Solution Design
• Adding new functional elements • FP (Forwarding Processor), in addition to normal FE (Forwarding
Engine)
• ST (State Table), in addition to normal FT (Flow Table)
Controller
State
table
Flow
Table
0
Flow
Table
1
Flow
Table
n
Perform
action
set
Packet
in
Switch
Packet
out
……
Datapath
FP
Input Output
• SFA architecture
Solution Implementation
• New functional elements • FP (Forwarding Processor): CPU, CPU+ASIC (for simple
functions such as table look-up), …., new silicon?
• ST (State Table): RAM, TCAM, ….
Controller
State
table
Flow
Table
0
Flow
Table
1
Flow
Table
n
Perform
action
set
Packet
in
Switch
Packet
out
……
Datapath
FP
Input Output
• SFA architecture
Solution Prototype
• New functional modules (Red: done, Blue: ongoing) • FP (Forwarding Processor): CPU, CPU+ASIC (for simple
functions such as table look-up), …., new silicon?
• ST (State Table): RAM, TCAM, ….
Controller
State
table
Flow
Table
0
Flow
Table
1
Flow
Table
n
Perform
action
set
Packet
in
Switch
Packet
out
……
Datapath
FP
Input Output
• SFA architecture
Solution Details
Definitions
• Concept of state − Critical information of flows or packets that influence subsequent
operations on those flows or packets in the same flow.
− Examples: Sequence number in AH/ESP, SA in IPSEC, State in stateful firewall, etc.
• Concept of SFA for SDN data plan − Abstraction for packet processing
− The datapath maintains states for flows or packets, and the state influences how subsequent packets in the flow will be processed.
− The state is updated according to: the current state, incoming packet, and internal /external event
Proposed SDN Device Architecture
• The new modules
are in orange
color in the picture
SFA Instruction Set
• Control instructions • to control the interaction between controller, flow table and FP
• GOTO, UPDATE_CONFIG, etc.
• State Operating instructions • for FP to operate the state table
• INIT, CLEAR, FIND, INSERT, UPDATE, ERASE, ISEMPTY, SIZE, etc.
• Processing instructions • to process flows or packets
• MATCH, ADD, DELETE, MODIFY, DROP, OUTPUT,PARSE,QUEUE, etc.
Forwarding Processor Controller
State
table
Flow
Table
0
Flow
Table
1
Flow
Table
n
Perform
action
set
Packet
in
Switch
Packet
out
……
Datapath
FP
Input Output
GOTO_FP GOTO
MATCH
ADD
• Control Instructions
• Processing Instructions
• State Operating Instructions
Use Case and Evaluation
• Using FP to maintain IPSEC sequence number and SA in data plane
SwitchSwitch
Controller
IPsecState
Table
Flow
Table
Controller
IPsec
State
Table
Flow
Table
SAD,sequence number
SAD,
sequence number
Based on “traditional”
SDN architecture
Based on SFA
Use Case and Evaluation
• SFA implemented based on Huawei POF open source code
• Packet forwarding latency
• Packet loss rate
10000 20000 30000 40000 500000
0.5
1
1.5
2x 10
6
Number of Packets
Forw
ard
ing L
ate
ncy (
ms)
SFA architecture
Traditional SDN architecture
0 1 2 3 40
0.2
0.4
0.6
0.8
1
Data input Rate (Mb/s)
Pac
ket
Loss
Rat
e
SFA architecture
Traditional SDN architecture
Conclusion
• Problem of current typical SDN data plan paradigm
• Proposed SFA paradigm • SFA solution: architecture, instruction set, etc.
• SFA Implementation and prototype
• SFA use case and preliminary evaluation
• Future Work • Implementation: CPU+FPGA
• Solution: Extending instruction set
• Use case and evaluation: more
Thank you!
![Software Defined Networking Reactive Stateful Firewall › sites › default › files › Software... · Networking (SDN) proposes new network architecture [1]to face the challenges](https://img.dokumen.tips/doc/110x75/5f16c26d3cb9d110ce3d0ec4/software-defined-networking-reactive-stateful-firewall-a-sites-a-default-a.jpg)
