programmable networks: active networks + sdn. how to introduce new services overlays: user can...
TRANSCRIPT
![Page 1: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/1.jpg)
Programmable Networks: Active Networks + SDN
![Page 2: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/2.jpg)
How to Introduce new services
• Overlays: user can introduce what-ever– Ignores physical network perf overhead– Overlay nodes – software routing perf overhead
• Middleboxes: ops can introduce what-ever– Must be placed in a specific location– Must determine apriori what type of MB you want
![Page 3: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/3.jpg)
In the ideal work Ideal
• Anyone can introduce services– So, like overlay
• Can achieve Data-plane throughput– So, like MB
• Can introduce anything– So like Overlay
• Problem:– How to run untrusted code in your environment– We want flexible but need to deal with security, performance, safety
![Page 4: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/4.jpg)
Enter Active Networks• Motivated by advances in RPC• Goal: run mobile code in network
– Code implementation of a new service
• Active Extensions: User ships code to network devices– All packets use the code– No change to packet format
• Active Packets: Each packet carries the code or pointer to the code– Very fine-grain control– Packet is larger – A lot of redundant data
![Page 5: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/5.jpg)
REALITY, MERGE BOTH: The How?
• Entities are a set of pre-installed modules. • The Active packet include the graph of which
entities to use.Active Packet!
Type:Serv 1Type:Serv5Type:Serv6
IP Header
TCP HeaderNetwork Router
Serv 1 Serv 2
Serv 5Serv 6
Serv 7
![Page 6: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/6.jpg)
REALITY, MERGE BOTH: The Why?
• Promotes more modularity and reuse– Entities can be smaller; since packet can be used
to stitch together multiple entities.
• Reduces waste of N/W – A flow multiple packets– If each Packet carries code lot of n/w wasted
• Lots of Waste CPU, load/unloading code• Wasted n/w b/w because of code in pkt
![Page 7: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/7.jpg)
REALITY, MERGE BOTH: End-to-End Picture
Network Router Network RouterActive Packet!
Type: serv1
Serv 1
Global Entity Store
Serv 1 Serv 2 Serv 3
Signs code with specialKey, so routers know to trust the code
The type is an MD5 hashOf the code. This way pkts are treated by the exact code you downloaded from store
![Page 8: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/8.jpg)
REALITY, MERGE BOTH: End-to-End Picture
Network Router Network Router
Active Packet!
Type: serv1
Serv 1
![Page 9: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/9.jpg)
REALITY, MERGE BOTH: End-to-End Picture
Network Router Network Router
Active Packet!
Type: serv1
Serv 1Serv 1
![Page 10: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/10.jpg)
REALITY, MERGE BOTH: End-to-End Picture
Network Router Network Router
Active Packet!
Type: serv1
Serv 1Serv 1
![Page 11: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/11.jpg)
REALITY, MERGE BOTH: End-to-End Picture
Network Router Network Router
Active Packet!
Type: serv1
Serv 1Serv 1 Serv 1
Each router caches the code so that it can be used for Next packet.Packet only caries a pointer to the code.
![Page 12: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/12.jpg)
Active Packet: Capsules
• Recall: OSI layering– A.P. just random modules no need to stick to
layers
![Page 13: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/13.jpg)
Routers: Active Nodes
• A VM (JVM? Language level safety)– Protect code from each other– Prevent for interfering with each other
• A Trusted Operating system– Allow sharing of resources– Need Some that interfaces directly with H/W
Network Router
Linux OS
JVM JVM
Serv 1 Serv 1
![Page 14: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/14.jpg)
Challenges: Performance
• Traffic must be similar + bursty– Or else caching wouldn’t work
• Network has diff types of nodes– Not all can run code at line rate
• Think: Core V Edge• Only run on edge nodes
![Page 15: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/15.jpg)
What impacts Performance of Node
![Page 16: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/16.jpg)
What impacts Performance of Node
• Code distribution– Caching of code minimizes this
• Random management tasks– Cleanup memory (GBC), run normal protocols
• Running code Main performance bottle-neck
![Page 17: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/17.jpg)
Challenges: Security• one code changing with another code's state
– No sharing of state due to sandbox.
• Node O.S. maybe corrupted by code– Sandbox prevents this.
• Sending bad/malicious code to a node– The person signing should catch bad code – (Think Apple’s App store)
• Pkt/Capsule using the wrong code at node– Wrong code will have diff finger print, – so finger print in pkt would make finger print of code at node
Network Router
Linux OS
JVM JVM
Serv 1
100010011001000
100011011101000
GoodServ 1
BadServ 1
![Page 18: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/18.jpg)
Challenges: Resource Sharing
• code using too much resource on a node – Limit resource consumption (also limit code size)– Kill code if it runs for too long
• code using too much resource across a set of nodes: Tricky – – Use TTL to prevents loops.
• If I make copies – then they all get the same TTL
– Divide TTL when making copies • Doesn't work for multicast.
• an app sending too many capsules/pkts– Similiar to today's internet.
![Page 19: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/19.jpg)
Limitation of API
• Fixed assumption that code must work around:– 1. format of IP– 2. resource limits (TTL & size & time)– 3. code distribution – 4. how code types are computed and calculated
![Page 20: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/20.jpg)
Limitation in terms of Architecture
• Things that can't be easily specified:– FW --> since it should work for all flows just not
the flows with the type specified.
– Web-Cache/transcoders --> code is short lived.
![Page 21: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/21.jpg)
Why this Never took off?
• Performance.– Still relatively slow– only at edge
• Complex changes to routers– Routers should run JVM
• Only a few types of networks– ISP and maybe Enterprise networks– So very limited use-cases
![Page 22: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/22.jpg)
A New Problem
![Page 23: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/23.jpg)
A New Problem
Operator’s Goal
NetworkReality
Interface vlan901
ip address 10.1.1.5 255.0.0.0
ospf cost 100
ip access-group 9 out
!Router ospf 1router-id 10.1.2.23network 10.0.0.0 0.255.255.255
!
access-list 9 10.1.0.0 0.0.255.255
23
![Page 24: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/24.jpg)
Old Solution: Programmable NetworksEthane
Sw1Sw2
Sw3Packet
![Page 25: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/25.jpg)
Ethane Drawbacks
• Require complex hardware– Each switch needs to encrypt/decrypt packets
• Performance issues– The controller is involved with every packet
![Page 26: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/26.jpg)
Practical Solution: SDN (e.g. OpenFlow)
If (port == 80) Then Drop
If (port == 22) Then send on if 2
![Page 27: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/27.jpg)
OpenFlow API (0.9)
• Match– IP– Mac– Port– VLAN– TOS
• Action:– Forward/flood on specific interfaces– Drop packet– Rewrite ip or mac headers
Layer 3: (OSPF)1. Matches on IP address2. Forwards on a port
Layer 2: (Spanning Tree)1. Matches on MAC address2. Forwards on a port
OR2. Floods the packet
Layer 3.5: (Firewall/ACL)1. Matches on IP address
OR2. Matches on a port3. Drops or forwards the pkt
Layer 2.5: (Spanning Tree)1. Matches on VLAN2. 2. Floods the packet
![Page 28: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/28.jpg)
OpenFlow API
Layer 3: (OSPF)1. Matches on IP address2. Forwards on a port
Layer 2: (Spanning Tree)1. Matches on MAC address2. Forwards on a port
OR2. Floods the packet
Layer 3.5: (Firewall/ACL)1. Matches on IP address
OR2. Matches on a port3. Drops or forwards the pkt
Layer 2.5: (VLAN)1. Matches on VLAN2. 2. Floods the packet
HP
ACL OSPF VLAN SPT
HP Magic Protocols
Cisco
ACL OSPF VLAN SPT
Cisco Magic Protocols
Juniper
ACL OSPF VLAN SPT
Juniper Magic Protocols
![Page 29: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/29.jpg)
OpenFlow API
Simple Firmware patch
HP
ACL OSPF VLAN SPT
HP Magic Protocols
Cisco
ACL OSPF VLAN SPT
Cisco Magic Protocols
Juniper
ACL OSPF VLAN SPT
Juniper Magic Protocols
OpenFlow Switch
ACL OSPF VLAN SPT
![Page 30: Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network perf overhead](https://reader035.vdocuments.site/reader035/viewer/2022062322/56649e9e5503460f94b9f637/html5/thumbnails/30.jpg)
Lesson• A rigid network is impractical
– Doesn’t support new services
• Programmable Networks allow great flexibility– Allows anyone to introduce new services– Into which ever nodes they have access to
• But this flexibility introduces new challenges– Security, performance, Resource control
• For Technological adoption– Minimal overhead for transition is good– New h/w is hard to get created