Aki NakaoThe University of Tokyo

Keynote Speech ITU-T Kaleidoscope Conference in Kyoto

2013/4/23

"Deeply Programmable Network"Emerging Technologies for Network Virtualization

and Software Defined Network (SDN)

The University of Tokyo became an academic member of ITU-T in 2012

2

Interdisciplinary Initiative inInformation Studies (III)

• The latest graduate school of UTokyo established in 2000

• Multi-disciplinary graduate school including 50+ professors

3http://www.iii.u-tokyo.ac.jp/en/about.php#gakufu

5 Courses in the III Graduate School

• Socio-information and Communication Studies

• Cultural and Human Information Studies

• Emerging Design and Informatics

• Applied Computer Science

• International Master’s Doctoral Degree Program: Information, Technology, and Society in Asia (ITASIA)

4

I am in hereconductingresearch on computernetworks

Future Network Research Proliferating...

• Future Internet Architecture (FIA) in U.S.

• Global Initiative in Network Innovations (GENI) in U.S.

• Framework Programme 7 (FP7) in EU

• Horizon 2020 (2014-) in EU

• New Generation Network (NwGN) in Japan

One of the most active research areas for building sustainable communities through new ICT Infrastructures

5

Slides from Prof. Tomonori Aoyama

NWGN A B C D R&D Start

A: 1St ITU-T Kaleidoscope ConferenceB: ITU-T FG-FN Start (SG 13 WG5 Q.21)C: Y.3001 (First ITU-T Recommendation for Future Networks ) D: Y.3011 (Framework of Network Virtualization for Future Networks)

‘06 ‘07 ‘08 ‘09 ‘10 ‘11 ‘12 ‘13Roadmap of Future Network Standardization

6

Slides from Prof. Tomonori Aoyama

First  ITU-­‐T  Kaleidoscope  Academic  Conference

     　　A  New  Genera;on  Network                                                    -­‐  Beyond  NGN  -­‐

                                                                 May  12,      2008

                                                       Tomonori    Aoyama

                                                             Keio  University                                                              NICT

7

Slides from Prof. Tomonori Aoyama 8

Why Future Network is needed?Is the Internet of today full of problems?

9

Traffic Increase in Data Center Access

10 http://www.internetevolution.com/author.asp?section id=715&doc id=175123.

World-Wide Mobile Traffic Volume

11Ericsson Japan 「Traffic and Market Report」(2012/6)

Rapid Increase in Mobile “Data” Traffic

SPAM: The Most Annoying Problem of Today

• 95% of all email traffic

• As of August 2007, one in every 87 emails was a “phishing attack”

• Targeted attacks on rise20k-30k unique phishing

Source: APWG(Nick Feamster’s Talk @UTokyo) 12

Top-10 Spamming BotNetsBotNet Size # of Spams

Grum 600K 40B

Bobax 100K 27B

Pushdo 1.5M 19B

Rustock 2M 17B

Bagle 500K 14B

Mega-D 50K 11B

Maazben 300K 2.5B

Xarvester 60K 2.5B

Donbot 100K 800M

http://www.techrepublic.com/13

Mobile Botnet• Android phones are exploited as of 2012 (10k-30k devices)

• RootSmart backdoor (remotely controlling Android phones)

http://www.securelist.com/

Number of malware modifications for Android OS

14

How can we resolve newly observed, constantly arising problems in the current Internet?

In order to establish sustainable communities...

15

16

CloudData Center 1

Cloud Data Center 2

The Internet

Future Network

Paradigm Shift in Programming Model

Open Programmability at Edges

Open Programmability within NetworkMultiple Isolated Programming Environments (Slices)

Cloud Data Center 2

CloudData Center 1

Multiple Flexibly & Deeply Programmable Networks

Network Virtualization Platform

cloud1

cloud2

ContentOriented

NW

CacheOriented

NW

FutureNW

SensorProcessing

ＮＷ

CloudAccessＮＷ

ID/LocNW

LegacyNW

TV Broadcast

NW

Slice 1 Slice 2 Slice N

“Slices”  accommodate  diverse  networksSlice  =  a  set  of  resources  reserved  across  mul7ple  network  domains  

Smartphones

17

Multiple Flexibly & Deeply Programmable Networks

Network Virtualization Platform

cloud1

cloud2

ContentOriented

NW

CacheOriented

NW

FutureNW

SensorProcessing

ＮＷ

CloudAccessＮＷ

ID/LocNW

LegacyNW

TV Broadcast

NW

Slice 1 Slice 2 Slice N

“Slices”  accommodate  diverse  networksSlice  =  a  set  of  resources  reserved  across  mul7ple  network  domains  

Objective: Enabling future network architecture that can be quickly and flexibly programmed to adapt to diverse demands

Smartphones

17

Three Emerging Areas of Studyin Future Network Research

• Network Virtualization (NV)

• Software Defined Network (SDN)

• Network Functions Virtualization (NFV)

• And more?

Deep Programmability in Network is a key...18

Deep Programmability

Flexible / Adaptive Communication Infrastructure

Problem:

Solution:

Inflexible Infrastructure cannot deal with constantly arising problems

“Deep Programmability” enables new network functionalities that can resolve the problems

Supporting multiple isolated new functionalities flexibly and dynamically

Network Virtualization Control Plane Programmability (SDN)

Data PlaneProgrammability(NFV)

19

Network VirtualizationIn computing, network virtualization is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization.

http://en.wikipedia.org/wiki/Network_virtualization

The advanced network virtualization applies the virtualization technology to the networks in a sense that the networks offer extra capabilities provided by software resources in the nodes. These capabilities are beyond the basic network capabilities, i.e., link and their selection. The extra involvement enables the nodes, and the network, to provide computation and data storage capabilities to the users. The ICT infrastructure in the new-generation networks, which install the advanced network virtualization, govern a collection of the resources ranging from links, networks, and node-software as a slice and create a virtualized network over the slice with dynamically controllable and programmable links and nodes.

http://nvlab.nakao-lab.org/nv-study-group-white-paper.v1.0.pdf 20

SDN?

21

SDN• Software Driven Network (IETF BoF)

?

21

SDN• Software Driven Network (IETF BoF)

• Software Defined Network

?

21

SDN• Software Driven Network (IETF BoF)

• Software Defined Network

• Some Definition Needed :-)

?

21

SDN• Software Driven Network (IETF BoF)

• Software Defined Network

• Some Definition Needed :-)

?

SDN decouples the system that makes decisions about where traffic is sent (the control plane) from the underlying system that forwards traffic to the selected destination (the data plane)......this technology simplifies networking and enables new applications, such as network virtualization...

Software-defined networking (SDN) is an approach to building computer networks that separates and abstracts elements of these systems

http://en.wikipedia.org/wiki/Software-defined_networking21

Standardization Activities

• ITU-T on Future Networks / Network Virtualization

• ETSI on Network Functions Virtualization (NFV)

• IETF BoF on Software Driven Networks (SDN)

• IRTF BoF on Network Virtualization

• ONF (Open Networking Foundation) on

Software Defined Networks (SDN) /OpenFlow

• OpenDaylight on Software Defined Networks (SDN)

22

Y.3001:  Future  networks:  Objec7ves  and  design  goals

• Defini7on  of  FN:  – A  network  able  to  provide  services,  capabili7es,  and  facili7es  difficult  to  

provide  using  exis7ng  network  technologies.• 4  Objec7ves  of  FNs:

– Service  awareness  :    to  provide  services  whose  func7ons  are  designed  to  be  appropriate  to  the  needs  of  applica7ons  and  users  

– Data  awareness  :  to  have  architecture  op7mized  to  handling  enormous  amounts  of  data  in  a  distributed  environment,  and  are  recommended  to  enable  users  to  access  desired  data  safely,  easily,  quickly,  and  accurately,  regardless  of  their  loca7on

– Environmental  awareness  :    to  be  environmentally  friendly– Social  and  economic  awareness  :  to  consider  social  and  economic  issues  to  reduce  

barriers  to  entry  for  the  various  actors  involved  in  the  network  ecosystemService  

awarenessData  awareness

Social  and  economic  awareness

       

Environmental                awareness

Energy Consumption

Optimization

Service Universalization

Economic Incentives

Service Diversity

Functional Flexibility

Virtualization of Resources

Network ManagementMobility

Reliability and Security

Data Access

Identification

These objectives are not considered as primary or not realized to a satisfactory extent in current networks.

These objectives are the candidate characteristics that clearly differentiate FNs

Target Date: roughly 2015-2020

(Slides from Nozomu Nishinaga and Takashi Egawa). 23

Y.3011:  Framework  of  network  virtualiza7on  for  future  networks

§ Definition of “network virtualization": Ø A technology that enables the creation of logically isolated network partitions over

shared physical networks so that heterogeneous collection of multiple virtual networks can simultaneously coexist over the shared networks. This includes the aggregation of multiple resources in a provider and appearing as a single resource.

§ MotivationØ Key technology for Service

Awareness of FNs§ Diverse services § Heterogeneous network

architectures § Problem spaces & design goals

Ø Coexistence of multiple networks Ø Simplified access to resources Ø Flexibility in provisioningØ EvolvabilityØ Design goals

§ Isolation, network abstraction, topology awareness and quick reconfigurability, performance, programmability, management, mobility, wireless

LINP

3 Manager

Virtual Networks

Various Services

LINP1 LINP2

LINP2 M

anager

Virtual Resources

Manager

LINP1 M

anager

LINP3

Physical NW 1

Physical NW 2

Physical NW 3

Physical NW 4

Physical N

W 4 M

anager

Physical N

W 3 M

anager

Physical N

W 2 M

anager

Physical N

W 1 M

anager

VirtualResources

(Slides from Nozomu Nishinaga and Takashi Egawa). 24

ETSI  NFV 25

Network Functions Virtualisation• Replaces proprietary hardware with software equivalents running on

high volume industry standard servers, and using IT virtualisation techniques

• Enables a wide variety of eco-systems and encourages openness.• Provides opportunities for pure software players.• Facilitates innovation towards new network functions and services

that are only practicable in a purely software network environment.• Applicable to any data plane packet processing and control plane

functions, in fixed or mobile networks• Enables new ways to implement resilience, service assurance, test

and diagnostics and security surveillance• But Network Functions Virtualisation will only scale if management

and configuration of functions can be automated• NFV aims to l ultimately transform the way network operators

architect and operate their networks, but change can be incremental

"Network Functions Virtualisation", NFV ETSI Industry Specification Group, OFC - NFOEC, Mar.17-21, 2013

ETSI  NFV 26

Network Functions Virtualisation: VisionNetwork  Func7ons  Virtualisa7on  

ApproachClassical  Network  Appliance

Approach

BRAS

FirewallDPI

CDN

Tester/QoE

monitor

WAN

Accelera7onMessage

Router

Radio/Fixed  Access

Network  Nodes

CarrierGrade  NAT

Session  Border

Controller

PE  RouterSGSN/GGSN

• Fragmented non-commodity hardware.• Physical install per appliance per site.• Hardware development large barrier to entry for new

vendors, constraining innovation & competition.High  volume  Ethernet  switches

High  volume  standard  servers

High  volume  standard  storage

Orchestrated,automatic & remote install.

Competitive &

Innovative O

pen Ecosystem

IndependentSoaware  Vendors

"Network Functions Virtualisation", NFV ETSI Industry Specification Group, OFC - NFOEC, Mar.17-21, 2013

Open Networking Foundation

• Industry organization dedicated to the development, standardization, and promotion of Open Software Defined Networking.

• Founded in 2011

• 23 Founding members

• 90 + members- Who’s  who  in  networking  and  telecommunications

2

Drive SDN Standards

Collaborate with the

innovators

Gain visibility in the

community

Influence the future of

networking

2

ONF

27Introduction to Open Networking FoundationMarc Cohn, Chairman Market Education Committee (MEC) Ciena Corporation mcohn@ciena.com April 2, 2013

4

• 6Wind • A10 Networks • ADVA Optical • Alcatel-Lucent • Aricent • Argela/Turk Telekom • Big Switch Networks • Broadcom • Brocade • Centec Networks • Ceragon • China Mobile • Ciena • Cisco • Citrix • CohesiveFT • Colt • CompTIA • Cyan Optics • Dell/Force10 • Deutsche Telekom • Ericsson • ETRI • Extreme Networks

• F5 Networks/ LineRate Systems

• Facebook • France Telecom

Orange • Freescale Semi • Fujitsu • Gigamon • Google • Goldman Sachs • Hitachi • HP • Huawei • IBM • Infinera • Infoblox • Intel • Intune Networks • IP Infusion • Ixia • Juniper Networks • KDDI • Korea Telecom • Lancope

• Level3 Comms • LSI • Luxoft • Marvell • Mellanox • Metaswitch Networks • Microsoft • Midokura • NCL Comms K.K. • NEC • Netgear • Netronome • Netscout Systems • Nokia Siemens Netw. • NoviFlow • Oracle • Overture Networks • NTT Communications • Pica8 • Plexxi • Qosmos • Radware • Riverbed Technology

• Samsung • SK Telecom • Spirent • Sunbay AG • Swisscom • Tail-f Systems • Tekelec • Telecom Italia • Telefonica • Tencent • Texas Instruments • Thales • Tiera • Transmode • TW Telecom • Vello Systems • Verisign • Verizon • VMware/Nicira • Xpliant • Yahoo! • ZTE

ONF Members (March, 2013)

ONF

28

Introduction to Open Networking FoundationMarc Cohn, Chairman Market Education Committee (MEC) Ciena Corporation mcohn@ciena.com April 2, 2013

OpenDayLight

29

http://www.opendaylight.org

Deep Programmability within Network

30

• Control-Plane Programmability • Route Control• Access Control• Network Management

• Data-Plane Programmability• Packet Data Processing

• Cache• Transcode• DPI

• Handling New Protocols• IPvN (N>6)• New Layer2• Content Centric Network (CCN)

• Meta-Control-Plane Programmability• Defining new proprietary APIs

Target Scope of OpenFlow/

SDN

OpenFlow/SDNwith external processorsand NFV

Irrelevant withOpenFlow

(+processors)

Scope of Deeply

ProgrammableNetwork(DPN)

DeeperProgrammability

Out of scopeof OpenFlow(Included in

OpenDayLight?)

Deeply Programmable Network（DPN)

31

Programmability for Data Plane

Programmabilityfor Control Planevia a given API

Programmabilityfor defining an APIfor C/D planes

DPNSDN

NFVEdge DataProcessing

Missing Pieces for Deep Programmability

• Network Virtualization

• Software Defined Network (SDN)

• Network Functions Virtualization (NFV)

• Programmability for in-network processing

• Programmability for new non-IP protocols

• Programmability for C/D Plane APIs in SDN

• Accommodation of multiple isolated deeply

programmable environments32

missingpieces

Further study/research and standardization needed...

Deeply Programmable Network Research in Japan

33

VNode

34

The University of Tokyo Confidential

VNode Project in Japan• VNode Infrastructure Enabling Deeply Programmable Network (Project Leader: Aki Nakao）• 2008-2010 Collaborative Research (NICT/Utokyo/NTT/NEC/Hitachi/Fujitsu)• 2011-2014 Collaborative Research (Utokyo/NTT/NEC/Hitachi/Fujitsu/KDDI)

35

R&D  on  Network  Virtualiza;on  Technology  to  Support  New-­‐Genera;on  Network

Authen7ca7on

DataReplica7on

Virtualiza;on  Network  for  Service  A

サービスB向け仮想ネットワーク

サービスC向け仮想ネットワーク

New-­‐Genera;onContents  Distribu;on

Applica;on

New-­‐Genera;onSensor  NetworkApplica;on

New-­‐Genera;onValue-­‐addedApplica;on

Ultra-­‐low  Consump;onPower-­‐oriented  Network

Applica;on

Subject  A:  R&D  on  integrated-­‐management  network  virtualiza;on  plaSorm

Subject  B:  R&D  on  service  composable  network  plaSorm

Monitoring Cash Compression Encryp7on Sta7s7csLoca7on  

InfoQoS

Broadcast

Subject  C:  R&D  on  network  services  and  applica;ons  in  NWGN

Develop  a  technology  comprising  the  service-­‐oriented  virtualiza7on  pladorm  that  provides  integrated  management  for  various  resources  including  online  network,  calcula7on  and  storage  and  that  also  can  flexibly  customize  communica7on  method,  speed,  quality  and  func7ons  to  establish  the  new-­‐genera7on  network  pladorm.

Develop  a  service  plaSorm  that  can  develop  and  implement  various  applica;ons  with  use  of  mixing  service  parts  the  network  virtualiza;on  plaSorm  provides.

Develop  typical  network  applica7ons  that  were  not  easy  to  build  in  the  past  internet  environment  but  would  appear  in  the  NWGN  era  by  u7lizing  resources  in  the  network.

Develop  a  new-­‐genera7on  network  virtualiza7on  pladorm  that  can  simultaneously  provide  mul7ple  networks  being  customized  by  service  and  that  substan7ally  enhances  its  safety,  reliability,  flexibility  etc.  to  realize  high  func7onality,  large  capacity  and  ultra-­‐low  consump7on.

Network  PlaSorm

Electric  Packet  Network

LightpathNetwork

Calculator  Resource

StorageResource

Electric  Packet  Network

LightpathNetwork

Calculator  Resource

StorageResource

Virtualiza;on  Gateway

Virtualiza;on  Gateway

Virtualiza;on  Gateway

Server

Terminal　Cloud

Virtualiza;on  Gateway

Network  Service  Management

Network  Service  Management

Network  Service  Virtualiza;on  Integrated  Management

Service  Component  Management  &  Implementa;on

Service  Programming

Virtualized  Node

Virtualized  NodeVirtualized  Node

Virtualized  Node

Network  Virtualiza;on  PlaSorm

Network  Applica;on

36

New-­‐Genera;onTrustable  Network

Applica;on

(Slide  from  NICT)

VNode Infrastructure (extended to US!)

Fukuoka

Hiroshima

Okayama

Osaka

Sendai

NICT  Koganei

USA TH SG HK

International Circuit

40Gx240G40G

10G10G

10G

Wireless Testbed

Sapporo

40G

10G

1G

Example

10Gx210Gx2

10G

10G

1G

10G

Tokyo

Nagoya

Kanazawa

•7 VNodes, 4 Network Connectors, 11 Access Gateways •Deep Programmability for Experimenting with Arbitrary Protocols (Non-

AGW

AGW

AGW AGW AGW

AGW

AGW

AGW

AGW

AGW

AGW

AGW

NTT  Yokosuka

International CircuitTokyo Area

NICT  Otemachi NICT  Hakusan UTokyo

VN

VN

VN

NC

NCNC

VN

NC

AccessGatewayVNode

Network Connector

KR

VNVN

VN

AGW

VN

37

•Slice-Around-The-World Project (A VNode in U of Utah)

NC

Utah

JGN-X

ProtoGENI

NC10

VNode

FukuokaHokuriku Salt Lake City

Osaka Nagoya

Tokyo1

Houston

Packet Cache Slice

Data Plane Federation (VNode / GENI)

I2

Okayama

Tokyo2

NC7

VNode Front-End (Network Connector)

LA

TransPAC3 JP-US circuit

ProtoGENIVNode

JGN-X DCN

Internet2ION

TransPAC3DCN

Emulab UEN

JGN-X

IDC IDCIDC

Internet2

LandSat Slice

Aki  Nakao,  Plenary  Talk  @GENI  Engineering  Conference  GEC15,  2012

pc412

pc551

pc415

pc350

pc256

pc331

University  of  UtahprotoGENI

VNode

Hakusan

OtemachiNagoyaOsaka

HokurikuKyusyuV

File  Server

File  Download

Data  TrafficHash  Traffic

vlan3130

VNode and GENI Packet Cache Demo

NC10

1.5Mb/s

300kb/s

PRESTAPRESTA

Ingress  Cache Egress  Cachedata  sync.

FLARE

40

41

DeeplyProgrammable

Node

DPNSDN  +  Data  Plane  Programmability

SDNControl  Plane  

Programmability

New  Protocol  Capability

Network  Virtualiza;on

FLARE

FLARE Node Implementation• Multiple, isolated, deeply programmable environments• Hybrid of many-core processors + x86 processors• 1U / 1U Mini Form Factor• 4 x 10G, 2x10G + 8x1G (20G non-block switching)• Control Plane & Data Plane Linux Programmability • Achieve both programmability and performance

42

43

Ethernet Switch

0

2.5

5.0

7.5

10.0

1  core 2  cores 3  cores 4  cores 5  cores

9.99.99.99.99.9 9.99.99.9

7.8

4.2

pkt_size=512Bpkt_size=1514B

(Gbps)

EtherSwitch

FromGxIO(xgbe1)

ToGxIO(xgbe2)

FromGxIO(xgbe2)

ToGxIO(xgbe1)

Switching Performance

OpenFlow Switch

OFSwitch

FromIO(xgbe1)

ToIO(xgbe2)

FromIO(xgbe2)

ToIO(xgbe1)

Data Plane

Control Planeofprotocoldpctl

tunnel

NOXController

0

2.5

5.0

7.5

10.0

1  core 2  cores 3  cores 4  cores 5  cores

9.99.99.9

7.9

4.2

6.7

5.13.8

2.71.5

pkt_size=512Bpkt_size=1514B

(Gbps)

Switching Performance44

L2 ProgrammabilityExtended (96bit) MAC switching

(Gbps)

Switch Performance

0

2.5

5.0

7.5

10.0

1  core 2  cores 3  cores 4  cores 5  cores

9.99.99.99.99.7 9.99.98.7

6.1

3.2

pkt_size=512Bpkt_size=1514B

ExMACSwitch

FromGxIO(xgbe1)

ToGxIO(xgbe2)

FromGxIO(xgbe2)

ToGxIO(xgbe1)

Window-based Arbitrary Bit Matching

46

Arbitrary bit matching as in openflow pattern matcheris costly due to expensive memory operation per packet

window

Set a window to minimize per-packet memory operationsImprove performance while keeping flexibility

Leon Lee, Ping Du and Akihiro Nakao, "Ouroboros: SDN Beyond Flow-Tuple Matching," IEICE NS Technical Report, Mar. 2013

47

Purpose: Specific Real-time audio/video traffic control, based on “stream”, not “flow”

(e.g. based on RTP SSRC field to enable routing according to the streaming-video IDs )

Benefit: Application/Content specific routing Solution: Use window to extract information included in RTP headers

RTP

SSRCPayload  type……..

RTP-SSRC Matching

48

Purpose: Device/application/content specific traffic engineering

Benefits: More specific recognition for packets bound to overly used TCP port (e.g., 80)Traffic engineering for data transmitted from specific devices

80

8080

HTTP

CCAV ….

Proposal:After attach/detach trailers, establish control in intermediate FLARE switches

Trailer Matching

Trailer Matching

49Leon Lee, Ping Du and Akihiro Nakao, "Ouroboros: SDN Beyond Flow-Tuple Matching," IEICE NS Technical Report, Mar. 2013

Trailer is an extra section attached at the end of each packet

End/Edge nodes are responsible for attaching and detaching Trailers

Headers                                                                        Packet  content                                                                                                  Trailer

Host1 Host2

Packet

Packet .

Packet

.

FLARE

Packet . Packet .

FLARE at ITPro EXPO 2012Beyond OpenFlow/SDN

50

11

MPLS 2012(with Cisco & Juniper)

Living&Lab&Data&Plane&

102�

105� 106� 107�

1� 2�

1� 2� 1� 2� 1� 2�

402�Fiber&Port&&

005&Patch&Panel&

F�

F�F�

F�

F�

Fiber&Port&&

1� 2�

F�

005#�

Living#Lab#Control#Plane#

102�

105� 106� 107�

7� 8�

1� 2� 3� 4� 5� 1� 2�

402�Blue#RJ45#ports#(CAT6)##

9�

6�

Blue#RJ45#ports#(CAT6)##

S�

F�

F�F�

F�

1�

S�

F�

FC�

F�S� J� G�

005##L2#SW#�

LivingLab

52

Living with Deeply Programmable FLARE

53

Conclusion• Deep Programmability refers to the extensive programmability

including Control-plane, Data-plane (including non-IP handling), (re)defining APIs in SDN, etc.

• Network virtualization is key to accommodating multiple slices with security-, performance-, namespace-isolated programmability

• Standardization for Deeply Programmable Network (DPN) should collectively concepts of Network Virtualization, SDN, NFV, OpenDayLight/OpenFlow, etc is crucial for future network

• Sustainable communities can be realized through developing flexible and adaptive “Deeply Programmable” future network infrastructure against constantly arising problems