Download - Deeply Programmable Network
Aki NakaoThe University of Tokyo
Keynote Speech ITU-T Kaleidoscope Conference in Kyoto
2013/4/23
"Deeply Programmable Network"Emerging Technologies for Network Virtualization
and Software Defined Network (SDN)
The University of Tokyo became an academic member of ITU-T in 2012
2
Interdisciplinary Initiative inInformation Studies (III)
• The latest graduate school of UTokyo established in 2000
• Multi-disciplinary graduate school including 50+ professors
3http://www.iii.u-tokyo.ac.jp/en/about.php#gakufu
5 Courses in the III Graduate School
• Socio-information and Communication Studies
• Cultural and Human Information Studies
• Emerging Design and Informatics
• Applied Computer Science
• International Master’s Doctoral Degree Program: Information, Technology, and Society in Asia (ITASIA)
4
I am in hereconductingresearch on computernetworks
Future Network Research Proliferating...
• Future Internet Architecture (FIA) in U.S.
• Global Initiative in Network Innovations (GENI) in U.S.
• Framework Programme 7 (FP7) in EU
• Horizon 2020 (2014-) in EU
• New Generation Network (NwGN) in Japan
One of the most active research areas for building sustainable communities through new ICT Infrastructures
5
Slides from Prof. Tomonori Aoyama
NWGN A B C D R&D Start
A: 1St ITU-T Kaleidoscope ConferenceB: ITU-T FG-FN Start (SG 13 WG5 Q.21)C: Y.3001 (First ITU-T Recommendation for Future Networks ) D: Y.3011 (Framework of Network Virtualization for Future Networks)
‘06 ‘07 ‘08 ‘09 ‘10 ‘11 ‘12 ‘13Roadmap of Future Network Standardization
6
Slides from Prof. Tomonori Aoyama
First ITU-‐T Kaleidoscope Academic Conference
A New Genera;on Network -‐ Beyond NGN -‐
May 12, 2008
Tomonori Aoyama
Keio University NICT
7
Slides from Prof. Tomonori Aoyama 8
Why Future Network is needed?Is the Internet of today full of problems?
9
Traffic Increase in Data Center Access
10 http://www.internetevolution.com/author.asp?section id=715&doc id=175123.
World-Wide Mobile Traffic Volume
11Ericsson Japan 「Traffic and Market Report」(2012/6)
Rapid Increase in Mobile “Data” Traffic
SPAM: The Most Annoying Problem of Today
• 95% of all email traffic
• As of August 2007, one in every 87 emails was a “phishing attack”
• Targeted attacks on rise20k-30k unique phishing
Source: APWG(Nick Feamster’s Talk @UTokyo) 12
Top-10 Spamming BotNetsBotNet Size # of Spams
Grum 600K 40B
Bobax 100K 27B
Pushdo 1.5M 19B
Rustock 2M 17B
Bagle 500K 14B
Mega-D 50K 11B
Maazben 300K 2.5B
Xarvester 60K 2.5B
Donbot 100K 800M
http://www.techrepublic.com/13
Mobile Botnet• Android phones are exploited as of 2012 (10k-30k devices)
• RootSmart backdoor (remotely controlling Android phones)
http://www.securelist.com/
Number of malware modifications for Android OS
14
How can we resolve newly observed, constantly arising problems in the current Internet?
In order to establish sustainable communities...
15
16
CloudData Center 1
Cloud Data Center 2
The Internet
Future Network
Paradigm Shift in Programming Model
Open Programmability at Edges
Open Programmability within NetworkMultiple Isolated Programming Environments (Slices)
Cloud Data Center 2
CloudData Center 1
Multiple Flexibly & Deeply Programmable Networks
Network Virtualization Platform
cloud1
cloud2
ContentOriented
NW
CacheOriented
NW
FutureNW
SensorProcessing
NW
CloudAccessNW
ID/LocNW
LegacyNW
TV Broadcast
NW
Slice 1 Slice 2 Slice N
“Slices” accommodate diverse networksSlice = a set of resources reserved across mul7ple network domains
Smartphones
17
Multiple Flexibly & Deeply Programmable Networks
Network Virtualization Platform
cloud1
cloud2
ContentOriented
NW
CacheOriented
NW
FutureNW
SensorProcessing
NW
CloudAccessNW
ID/LocNW
LegacyNW
TV Broadcast
NW
Slice 1 Slice 2 Slice N
“Slices” accommodate diverse networksSlice = a set of resources reserved across mul7ple network domains
Objective: Enabling future network architecture that can be quickly and flexibly programmed to adapt to diverse demands
Smartphones
17
Three Emerging Areas of Studyin Future Network Research
• Network Virtualization (NV)
• Software Defined Network (SDN)
• Network Functions Virtualization (NFV)
• And more?
Deep Programmability in Network is a key...18
Deep Programmability
Flexible / Adaptive Communication Infrastructure
Problem:
Solution:
Inflexible Infrastructure cannot deal with constantly arising problems
“Deep Programmability” enables new network functionalities that can resolve the problems
Supporting multiple isolated new functionalities flexibly and dynamically
Network Virtualization Control Plane Programmability (SDN)
Data PlaneProgrammability(NFV)
19
Network VirtualizationIn computing, network virtualization is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization.
http://en.wikipedia.org/wiki/Network_virtualization
The advanced network virtualization applies the virtualization technology to the networks in a sense that the networks offer extra capabilities provided by software resources in the nodes. These capabilities are beyond the basic network capabilities, i.e., link and their selection. The extra involvement enables the nodes, and the network, to provide computation and data storage capabilities to the users. The ICT infrastructure in the new-generation networks, which install the advanced network virtualization, govern a collection of the resources ranging from links, networks, and node-software as a slice and create a virtualized network over the slice with dynamically controllable and programmable links and nodes.
http://nvlab.nakao-lab.org/nv-study-group-white-paper.v1.0.pdf 20
SDN?
21
SDN• Software Driven Network (IETF BoF)
?
21
SDN• Software Driven Network (IETF BoF)
• Software Defined Network
?
21
SDN• Software Driven Network (IETF BoF)
• Software Defined Network
• Some Definition Needed :-)
?
21
SDN• Software Driven Network (IETF BoF)
• Software Defined Network
• Some Definition Needed :-)
?
SDN decouples the system that makes decisions about where traffic is sent (the control plane) from the underlying system that forwards traffic to the selected destination (the data plane)......this technology simplifies networking and enables new applications, such as network virtualization...
Software-defined networking (SDN) is an approach to building computer networks that separates and abstracts elements of these systems
http://en.wikipedia.org/wiki/Software-defined_networking21
Standardization Activities
• ITU-T on Future Networks / Network Virtualization
• ETSI on Network Functions Virtualization (NFV)
• IETF BoF on Software Driven Networks (SDN)
• IRTF BoF on Network Virtualization
• ONF (Open Networking Foundation) on
Software Defined Networks (SDN) /OpenFlow
• OpenDaylight on Software Defined Networks (SDN)
22
Y.3001: Future networks: Objec7ves and design goals
• Defini7on of FN: – A network able to provide services, capabili7es, and facili7es difficult to
provide using exis7ng network technologies.• 4 Objec7ves of FNs:
– Service awareness : to provide services whose func7ons are designed to be appropriate to the needs of applica7ons and users
– Data awareness : to have architecture op7mized to handling enormous amounts of data in a distributed environment, and are recommended to enable users to access desired data safely, easily, quickly, and accurately, regardless of their loca7on
– Environmental awareness : to be environmentally friendly– Social and economic awareness : to consider social and economic issues to reduce
barriers to entry for the various actors involved in the network ecosystemService
awarenessData awareness
Social and economic awareness
Environmental awareness
Energy Consumption
Optimization
Service Universalization
Economic Incentives
Service Diversity
Functional Flexibility
Virtualization of Resources
Network ManagementMobility
Reliability and Security
Data Access
Identification
These objectives are not considered as primary or not realized to a satisfactory extent in current networks.
These objectives are the candidate characteristics that clearly differentiate FNs
Target Date: roughly 2015-2020
(Slides from Nozomu Nishinaga and Takashi Egawa). 23
Y.3011: Framework of network virtualiza7on for future networks
§ Definition of “network virtualization": Ø A technology that enables the creation of logically isolated network partitions over
shared physical networks so that heterogeneous collection of multiple virtual networks can simultaneously coexist over the shared networks. This includes the aggregation of multiple resources in a provider and appearing as a single resource.
§ MotivationØ Key technology for Service
Awareness of FNs§ Diverse services § Heterogeneous network
architectures § Problem spaces & design goals
Ø Coexistence of multiple networks Ø Simplified access to resources Ø Flexibility in provisioningØ EvolvabilityØ Design goals
§ Isolation, network abstraction, topology awareness and quick reconfigurability, performance, programmability, management, mobility, wireless
LINP
3 Manager
Virtual Networks
Various Services
LINP1 LINP2
LINP2 M
anager
Virtual Resources
Manager
LINP1 M
anager
LINP3
Physical NW 1
Physical NW 2
Physical NW 3
Physical NW 4
Physical N
W 4 M
anager
Physical N
W 3 M
anager
Physical N
W 2 M
anager
Physical N
W 1 M
anager
VirtualResources
(Slides from Nozomu Nishinaga and Takashi Egawa). 24
ETSI NFV 25
Network Functions Virtualisation• Replaces proprietary hardware with software equivalents running on
high volume industry standard servers, and using IT virtualisation techniques
• Enables a wide variety of eco-systems and encourages openness.• Provides opportunities for pure software players.• Facilitates innovation towards new network functions and services
that are only practicable in a purely software network environment.• Applicable to any data plane packet processing and control plane
functions, in fixed or mobile networks• Enables new ways to implement resilience, service assurance, test
and diagnostics and security surveillance• But Network Functions Virtualisation will only scale if management
and configuration of functions can be automated• NFV aims to l ultimately transform the way network operators
architect and operate their networks, but change can be incremental
"Network Functions Virtualisation", NFV ETSI Industry Specification Group, OFC - NFOEC, Mar.17-21, 2013
ETSI NFV 26
Network Functions Virtualisation: VisionNetwork Func7ons Virtualisa7on
ApproachClassical Network Appliance
Approach
BRAS
FirewallDPI
CDN
Tester/QoE
monitor
WAN
Accelera7onMessage
Router
Radio/Fixed Access
Network Nodes
CarrierGrade NAT
Session Border
Controller
PE RouterSGSN/GGSN
• Fragmented non-commodity hardware.• Physical install per appliance per site.• Hardware development large barrier to entry for new
vendors, constraining innovation & competition.High volume Ethernet switches
High volume standard servers
High volume standard storage
Orchestrated,automatic & remote install.
Competitive &
Innovative O
pen Ecosystem
IndependentSoaware Vendors
"Network Functions Virtualisation", NFV ETSI Industry Specification Group, OFC - NFOEC, Mar.17-21, 2013
Open Networking Foundation
• Industry organization dedicated to the development, standardization, and promotion of Open Software Defined Networking.
• Founded in 2011
• 23 Founding members
• 90 + members- Who’s who in networking and telecommunications
2
Drive SDN Standards
Collaborate with the
innovators
Gain visibility in the
community
Influence the future of
networking
2
ONF
27Introduction to Open Networking FoundationMarc Cohn, Chairman Market Education Committee (MEC) Ciena Corporation [email protected] April 2, 2013
4
• 6Wind • A10 Networks • ADVA Optical • Alcatel-Lucent • Aricent • Argela/Turk Telekom • Big Switch Networks • Broadcom • Brocade • Centec Networks • Ceragon • China Mobile • Ciena • Cisco • Citrix • CohesiveFT • Colt • CompTIA • Cyan Optics • Dell/Force10 • Deutsche Telekom • Ericsson • ETRI • Extreme Networks
• F5 Networks/ LineRate Systems
• Facebook • France Telecom
Orange • Freescale Semi • Fujitsu • Gigamon • Google • Goldman Sachs • Hitachi • HP • Huawei • IBM • Infinera • Infoblox • Intel • Intune Networks • IP Infusion • Ixia • Juniper Networks • KDDI • Korea Telecom • Lancope
• Level3 Comms • LSI • Luxoft • Marvell • Mellanox • Metaswitch Networks • Microsoft • Midokura • NCL Comms K.K. • NEC • Netgear • Netronome • Netscout Systems • Nokia Siemens Netw. • NoviFlow • Oracle • Overture Networks • NTT Communications • Pica8 • Plexxi • Qosmos • Radware • Riverbed Technology
• Samsung • SK Telecom • Spirent • Sunbay AG • Swisscom • Tail-f Systems • Tekelec • Telecom Italia • Telefonica • Tencent • Texas Instruments • Thales • Tiera • Transmode • TW Telecom • Vello Systems • Verisign • Verizon • VMware/Nicira • Xpliant • Yahoo! • ZTE
ONF Members (March, 2013)
ONF
28
Introduction to Open Networking FoundationMarc Cohn, Chairman Market Education Committee (MEC) Ciena Corporation [email protected] April 2, 2013
Deep Programmability within Network
30
• Control-Plane Programmability • Route Control• Access Control• Network Management
• Data-Plane Programmability• Packet Data Processing
• Cache• Transcode• DPI
• Handling New Protocols• IPvN (N>6)• New Layer2• Content Centric Network (CCN)
• Meta-Control-Plane Programmability• Defining new proprietary APIs
Target Scope of OpenFlow/
SDN
OpenFlow/SDNwith external processorsand NFV
Irrelevant withOpenFlow
(+processors)
Scope of Deeply
ProgrammableNetwork(DPN)
DeeperProgrammability
Out of scopeof OpenFlow(Included in
OpenDayLight?)
Deeply Programmable Network(DPN)
31
Programmability for Data Plane
Programmabilityfor Control Planevia a given API
Programmabilityfor defining an APIfor C/D planes
DPNSDN
NFVEdge DataProcessing
Missing Pieces for Deep Programmability
• Network Virtualization
• Software Defined Network (SDN)
• Network Functions Virtualization (NFV)
• Programmability for in-network processing
• Programmability for new non-IP protocols
• Programmability for C/D Plane APIs in SDN
• Accommodation of multiple isolated deeply
programmable environments32
missingpieces
Further study/research and standardization needed...
Deeply Programmable Network Research in Japan
33
VNode
34
The University of Tokyo Confidential
VNode Project in Japan• VNode Infrastructure Enabling Deeply Programmable Network (Project Leader: Aki Nakao)• 2008-2010 Collaborative Research (NICT/Utokyo/NTT/NEC/Hitachi/Fujitsu)• 2011-2014 Collaborative Research (Utokyo/NTT/NEC/Hitachi/Fujitsu/KDDI)
35
R&D on Network Virtualiza;on Technology to Support New-‐Genera;on Network
Authen7ca7on
DataReplica7on
Virtualiza;on Network for Service A
サービスB向け仮想ネットワーク
サービスC向け仮想ネットワーク
New-‐Genera;onContents Distribu;on
Applica;on
New-‐Genera;onSensor NetworkApplica;on
New-‐Genera;onValue-‐addedApplica;on
Ultra-‐low Consump;onPower-‐oriented Network
Applica;on
Subject A: R&D on integrated-‐management network virtualiza;on plaSorm
Subject B: R&D on service composable network plaSorm
Monitoring Cash Compression Encryp7on Sta7s7csLoca7on
InfoQoS
Broadcast
Subject C: R&D on network services and applica;ons in NWGN
Develop a technology comprising the service-‐oriented virtualiza7on pladorm that provides integrated management for various resources including online network, calcula7on and storage and that also can flexibly customize communica7on method, speed, quality and func7ons to establish the new-‐genera7on network pladorm.
Develop a service plaSorm that can develop and implement various applica;ons with use of mixing service parts the network virtualiza;on plaSorm provides.
Develop typical network applica7ons that were not easy to build in the past internet environment but would appear in the NWGN era by u7lizing resources in the network.
Develop a new-‐genera7on network virtualiza7on pladorm that can simultaneously provide mul7ple networks being customized by service and that substan7ally enhances its safety, reliability, flexibility etc. to realize high func7onality, large capacity and ultra-‐low consump7on.
Network PlaSorm
Electric Packet Network
LightpathNetwork
Calculator Resource
StorageResource
Electric Packet Network
LightpathNetwork
Calculator Resource
StorageResource
Virtualiza;on Gateway
Virtualiza;on Gateway
Virtualiza;on Gateway
Server
Terminal Cloud
Virtualiza;on Gateway
Network Service Management
Network Service Management
Network Service Virtualiza;on Integrated Management
Service Component Management & Implementa;on
Service Programming
Virtualized Node
Virtualized NodeVirtualized Node
Virtualized Node
Network Virtualiza;on PlaSorm
Network Applica;on
36
New-‐Genera;onTrustable Network
Applica;on
(Slide from NICT)
VNode Infrastructure (extended to US!)
Fukuoka
Hiroshima
Okayama
Osaka
Sendai
NICT Koganei
USA TH SG HK
International Circuit
40Gx240G40G
10G10G
10G
Wireless Testbed
Sapporo
40G
10G
1G
Example
10Gx210Gx2
10G
10G
1G
10G
Tokyo
Nagoya
Kanazawa
•7 VNodes, 4 Network Connectors, 11 Access Gateways •Deep Programmability for Experimenting with Arbitrary Protocols (Non-
AGW
AGW
AGW AGW AGW
AGW
AGW
AGW
AGW
AGW
AGW
AGW
NTT Yokosuka
International CircuitTokyo Area
NICT Otemachi NICT Hakusan UTokyo
VN
VN
VN
NC
NCNC
VN
NC
AccessGatewayVNode
Network Connector
KR
VNVN
VN
AGW
VN
37
•Slice-Around-The-World Project (A VNode in U of Utah)
NC
Utah
JGN-X
ProtoGENI
NC10
VNode
FukuokaHokuriku Salt Lake City
Osaka Nagoya
Tokyo1
Houston
Packet Cache Slice
Data Plane Federation (VNode / GENI)
I2
Okayama
Tokyo2
NC7
VNode Front-End (Network Connector)
LA
TransPAC3 JP-US circuit
ProtoGENIVNode
JGN-X DCN
Internet2ION
TransPAC3DCN
Emulab UEN
JGN-X
IDC IDCIDC
Internet2
LandSat Slice
Aki Nakao, Plenary Talk @GENI Engineering Conference GEC15, 2012
pc412
pc551
pc415
pc350
pc256
pc331
University of UtahprotoGENI
VNode
Hakusan
OtemachiNagoyaOsaka
HokurikuKyusyuV
File Server
File Download
Data TrafficHash Traffic
vlan3130
VNode and GENI Packet Cache Demo
NC10
1.5Mb/s
300kb/s
PRESTAPRESTA
Ingress Cache Egress Cachedata sync.
FLARE
40
41
DeeplyProgrammable
Node
DPNSDN + Data Plane Programmability
SDNControl Plane
Programmability
New Protocol Capability
Network Virtualiza;on
FLARE
FLARE Node Implementation• Multiple, isolated, deeply programmable environments• Hybrid of many-core processors + x86 processors• 1U / 1U Mini Form Factor• 4 x 10G, 2x10G + 8x1G (20G non-block switching)• Control Plane & Data Plane Linux Programmability • Achieve both programmability and performance
42
43
Ethernet Switch
0
2.5
5.0
7.5
10.0
1 core 2 cores 3 cores 4 cores 5 cores
9.99.99.99.99.9 9.99.99.9
7.8
4.2
pkt_size=512Bpkt_size=1514B
(Gbps)
EtherSwitch
FromGxIO(xgbe1)
ToGxIO(xgbe2)
FromGxIO(xgbe2)
ToGxIO(xgbe1)
Switching Performance
OpenFlow Switch
OFSwitch
FromIO(xgbe1)
ToIO(xgbe2)
FromIO(xgbe2)
ToIO(xgbe1)
Data Plane
Control Planeofprotocoldpctl
tunnel
NOXController
0
2.5
5.0
7.5
10.0
1 core 2 cores 3 cores 4 cores 5 cores
9.99.99.9
7.9
4.2
6.7
5.13.8
2.71.5
pkt_size=512Bpkt_size=1514B
(Gbps)
Switching Performance44
L2 ProgrammabilityExtended (96bit) MAC switching
(Gbps)
Switch Performance
0
2.5
5.0
7.5
10.0
1 core 2 cores 3 cores 4 cores 5 cores
9.99.99.99.99.7 9.99.98.7
6.1
3.2
pkt_size=512Bpkt_size=1514B
ExMACSwitch
FromGxIO(xgbe1)
ToGxIO(xgbe2)
FromGxIO(xgbe2)
ToGxIO(xgbe1)
Window-based Arbitrary Bit Matching
46
Arbitrary bit matching as in openflow pattern matcheris costly due to expensive memory operation per packet
window
Set a window to minimize per-packet memory operationsImprove performance while keeping flexibility
Leon Lee, Ping Du and Akihiro Nakao, "Ouroboros: SDN Beyond Flow-Tuple Matching," IEICE NS Technical Report, Mar. 2013
47
Purpose: Specific Real-time audio/video traffic control, based on “stream”, not “flow”
(e.g. based on RTP SSRC field to enable routing according to the streaming-video IDs )
Benefit: Application/Content specific routing Solution: Use window to extract information included in RTP headers
RTP
SSRCPayload type……..
RTP-SSRC Matching
48
Purpose: Device/application/content specific traffic engineering
Benefits: More specific recognition for packets bound to overly used TCP port (e.g., 80)Traffic engineering for data transmitted from specific devices
80
8080
HTTP
CCAV ….
Proposal:After attach/detach trailers, establish control in intermediate FLARE switches
Trailer Matching
Trailer Matching
49Leon Lee, Ping Du and Akihiro Nakao, "Ouroboros: SDN Beyond Flow-Tuple Matching," IEICE NS Technical Report, Mar. 2013
Trailer is an extra section attached at the end of each packet
End/Edge nodes are responsible for attaching and detaching Trailers
Headers Packet content Trailer
Host1 Host2
Packet
Packet .
Packet
.
FLARE
Packet . Packet .
FLARE at ITPro EXPO 2012Beyond OpenFlow/SDN
50
11
MPLS 2012(with Cisco & Juniper)
Living&Lab&Data&Plane&
102�
105� 106� 107�
1� 2�
1� 2� 1� 2� 1� 2�
402�Fiber&Port&&
005&Patch&Panel&
F�
F�F�
F�
F�
Fiber&Port&&
1� 2�
F�
005#�
Living#Lab#Control#Plane#
102�
105� 106� 107�
7� 8�
1� 2� 3� 4� 5� 1� 2�
402�Blue#RJ45#ports#(CAT6)##
9�
6�
Blue#RJ45#ports#(CAT6)##
S�
F�
F�F�
F�
1�
S�
F�
FC�
F�S� J� G�
005##L2#SW#�
LivingLab
52
Living with Deeply Programmable FLARE
53
Conclusion• Deep Programmability refers to the extensive programmability
including Control-plane, Data-plane (including non-IP handling), (re)defining APIs in SDN, etc.
• Network virtualization is key to accommodating multiple slices with security-, performance-, namespace-isolated programmability
• Standardization for Deeply Programmable Network (DPN) should collectively concepts of Network Virtualization, SDN, NFV, OpenDayLight/OpenFlow, etc is crucial for future network
• Sustainable communities can be realized through developing flexible and adaptive “Deeply Programmable” future network infrastructure against constantly arising problems