sdn(++) and interesting use-cases
DESCRIPTION
SDN(++) and Interesting Use-Cases. Lecture 18 Aditya Akella. Two Parts. SDN for L3-L7 services What is different? Why can’t we use SDN/ OpenFlow as is? New use cases Live Network Migration What else?. Toward Software-Defined Middlebox Networking. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/1.jpg)
1
SDN(++) and Interesting Use-Cases
Lecture 18Aditya Akella
![Page 2: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/2.jpg)
2
Two Parts• SDN for L3-L7 services– What is different?– Why can’t we use SDN/OpenFlow as is?
• New use cases– Live Network Migration– What else?
![Page 3: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/3.jpg)
3
Toward Software-Defined Middlebox NetworkingAaron Gember, Prathmesh Prabhu,
Zainab Ghadiyali, Aditya AkellaUniversity of Wisconsin-Madison
![Page 4: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/4.jpg)
4
Middlebox Deployment Models
• Arbitrary middlebox placement• New forms of middlebox deployment
(VMs, ETTM [NSDI 2011], CoMB [NSDI 2012])
![Page 5: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/5.jpg)
5
• Move between software-defined data centers
• Existing VM and network migration methods– Unsuitable for changing underlying substrate
Live Data Center Migration
Data Center A Data Center B
Programmatic control over middlebox state
![Page 6: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/6.jpg)
6
• Add or remove middlebox VMs based on load
• Clone VM (logic, policy, and internal state)– Unsuitable for scaling down or some scaling up
Middlebox Scaling
Fine-grained control
![Page 7: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/7.jpg)
7
Our Contributions• Classify middlebox state, and discuss what
should be controlled
• Abstractions and interfaces– Representing state– Manipulating where state resides– Announcing state-related events
• Control logic design sketches
![Page 8: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/8.jpg)
8
Controller
Middlebox
App App
Middlebox
SDN-like Middleboxes
IPS
Software-Defined Middlebox Networking
Today
![Page 9: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/9.jpg)
9
Controller
Key Issues
Middlebox
1. How is the logic divided?
2. Where is state manipulated?
3. What interfaces
are exposed?
App App
Middlebox
![Page 10: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/10.jpg)
10
• Configuration input
Middlebox State
State: ESTABSeq #: 3423
Server: BCPU: 50%
Hash: 34225Content: ABCDE
Significant state diversity
+ detailed internal records
Balance Method:Round Robin
Cache size: 100
Src: HostAServer: B
Proto: TCPPort: 22
![Page 11: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/11.jpg)
11
Balance Method:Round Robin
Cache size: 100
Src: HostAServer: B
Proto: TCPPort: 22
Classification of State
State: ESTABSeq #: 3423
Server: BCPU: 50%
Hash: 34225Content: ABCDE
Action Supporting Tuning
Internal & dynamic Many forms
Only affects performance,
not correctness
![Page 12: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/12.jpg)
12
PolicyLanguage
Src: HostAServer: B
Proto: TCPPort: 22
State: ESTABSeq #: 3423
Server: BCPU: 50%
Hash: 34225Content: ABCDE
How to Represent State?
Unknown structure
Significant diversity
May be shared
Per flow
SharedCommonality among middlebox operations
1000101
1101010
0101001
1111000
1010110
![Page 13: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/13.jpg)
13
State Representation
• Key: protocol header field/value pairs identify traffic subsets to which state applies
• Action: transformation function to change parts of packet to new constants
• Supporting: binary blob
Key Action Supporting
Binary Blob
Field1 = Value1…
FieldN = ValueN
Offset1 → Const1…
OffsetN → ConstN
• Only suitable for per-flow state• Not fully vendor independent
![Page 14: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/14.jpg)
14
Controller
Middlebox
How to Manipulate State?
• Today: only control some state– Constrains flexibility and sophistication
• Manipulate all state at controller– Removes too much functionality from middleboxes
![Page 15: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/15.jpg)
15
State Manipulation
• Control over state placement1. Broad operations interface2. Expose state-related events
Controller
IPS 1 IPS 2 Create and update state
Determine wherestate resides
![Page 16: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/16.jpg)
16
Action
*
KeySrcIP = 10.10.0.0/16DPort = 22
KeySrcIP = 10.10.54.41DstIP = 10.20.1.23SPort = 12983DPort = 22
State = ESTAB
Supporting
Operations Interface
get ( , )FilterSrcIP = 10.10.54.41
add ( , )ActionDROP
KeyDstIP = 10.20.1.0/24
Source Destination Proto Other Action
* 10.20.1.0/24 TCP * DROP
remove( , )Filter…
• Need atomic blocks of operations• Potential for invalid manipulations of state
![Page 17: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/17.jpg)
17
Firewall
Events Interface
• Triggers– Created/updated state– Require state to
complete operation• Contents– Key– Copy of packet?– Copy of new state?
Controller
Balance visibility and overhead
![Page 18: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/18.jpg)
18
Conclusion• Need fine-grained, centralized control over
middlebox state to support rich scenarios• Challenges: state diversity, unknown semantics
get/add/remove ( , )…
ActionOffset1 → Const1
…
KeyField1 = Value1
…
Supporting
Binary Blob
![Page 19: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/19.jpg)
19
Open Questions
• Encoding supporting state/other action state?• Preventing invalid state manipulations?• Exposing events with sufficient detail?• Maintaining operation during state changes? • Designing a variety of control logics?• Providing middlebox fault tolerance?
![Page 20: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/20.jpg)
20
Related Work• Simple Middlebox COntrol protocol [RFC 4540]
• Modeling middleboxes [IEEE Network 2008]
• Stratos – middleboxes in clouds [UW-Madison TR]
• ETTM – middleboxes in hypervisors [NSDI 2011]
• COnsolidated MiddleBoxes [NSDI 2012]
• Efficiently migrating virtual middleboxes [SIGCOMM 2012 Poster]
• LIve Migration of Entire network [HotNets 2012]
![Page 21: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/21.jpg)
Live Migration of an Entire Network (and its Hosts)
Eric Keller, Soudeh Ghorbani, Matthew Caesar, Jennifer Rexford
HotNets 2012
![Page 22: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/22.jpg)
23
Widely supported to help:• Consolidate to save energy• Re-locate to improve performance
Virtual Machine Migration
Hypervisor
Apps
OS
Hypervisor
Apps
OS
Apps
OS
Apps
OS
Apps
OS
Apps
OS
![Page 23: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/23.jpg)
24
Many VMs working together
But Applications Look Like This
![Page 24: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/24.jpg)
25
Networks have increasing amounts of state
And Rely on the Network
Configuration Learned Software-Defined
![Page 25: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/25.jpg)
26
Joint (virtual) host and (virtual) network migration
Ensemble Migration
No re-learning,No re-configuring,No re-calculating
Capitalize on redundancy
![Page 26: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/26.jpg)
27
Some Use Cases
![Page 27: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/27.jpg)
28
• Customer driven – for cost, performance, etc.• Provider driven – offload when too full
1. Moving between cloud providers
![Page 28: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/28.jpg)
29
• Reduce energy consumption(turn off servers, reduce cooling)
2. Moving to smaller set of servers
![Page 29: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/29.jpg)
30
• Migrate ensemble to infrastructure dedicated to testing (special equipment)
3. Troubleshooting
![Page 30: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/30.jpg)
31
Automated migration according to some objectiveand easy manual input
Goal: General Management Tool
Monitoring
Objective
Migration
Ensemble Migration
Automation
manual
![Page 31: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/31.jpg)
32
LIve Migration of Ensembles
Migration Primitives
Migration Orchestration
Tenant Control
LIMENetwork Virtualization
API to operator/ automation
Software-defined networkVirtualized servers
Tenant Control
virtual topology Migration is transparent
![Page 32: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/32.jpg)
33
Why Transparent?
![Page 33: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/33.jpg)
34
Separate Out FunctionalityTenant Control
Network Virtualization
Tenant Control
virtual topology
![Page 34: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/34.jpg)
35
Separate Out Functionality
Migration Primitives
Migration Orchestration
Tenant Control
Network Virtualization
Tenant Control
virtual topology
![Page 35: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/35.jpg)
36
Multi-tenancy
Migration Primitives
Migration Orchestration
Tenant Control
Network Virtualization
Tenant Control
virtual topology
InfrastructureOperator
Tenants
![Page 36: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/36.jpg)
37
Can we base it off of VM migration?• Iteratively copy state• Freeze VM• Copy last delta of state• Un-freeze VM on new server
How to Live Migrate an Ensemble
![Page 37: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/37.jpg)
38
Applying to Ensemble
Iterative copy
![Page 38: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/38.jpg)
39
Applying to Ensemble
Freeze and copy
![Page 39: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/39.jpg)
40
Applying to Ensemble
Resume
![Page 40: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/40.jpg)
41
Applying to Ensemble
Resume
Complex to implementDowntime potentially large
![Page 41: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/41.jpg)
42
Applying to Whole Network
Iterative copy
![Page 42: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/42.jpg)
43
Applying to Whole Network
Freeze and copy
![Page 43: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/43.jpg)
44
Applying to Whole Network
Resume
![Page 44: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/44.jpg)
45
Applying to Whole Network
Resume
Lots of packet lossLots of “backhaul” traffic
![Page 45: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/45.jpg)
46
Applying to Each Switch
Iterative copy
![Page 46: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/46.jpg)
47
Applying to Each Switch
Freeze and copy
![Page 47: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/47.jpg)
48
Applying to Each Switch
Resume
![Page 48: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/48.jpg)
49
Applying to Each Switch
Resume
Bursts of packet lossEven more “backhaul” traffic
Long total time
![Page 49: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/49.jpg)
50
• Clone the network• Migrate the VMs individually (or in groups)
A Better Approach
![Page 50: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/50.jpg)
51
Clone the Network
Copystate
![Page 51: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/51.jpg)
52
Clone the Network
Cloned Operation
![Page 52: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/52.jpg)
53
Clone the Network
MigrateVMs
![Page 53: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/53.jpg)
54
Clone the Network
MigrateVMs
![Page 54: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/54.jpg)
55
• Minimizes backhaul traffic• No packet loss associated with the network
(network is always operational)
Clone the Network
![Page 55: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/55.jpg)
56
• Same guarantees as migration-free
• Preserve application semantics
Consistent View of a Switch
Migration Primitives
Migration Orchestration
Network Virtualization
Switch_A_0 Switch_A_1
Switch_A
Application view
Physical reality
![Page 56: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/56.jpg)
57
Sources of Inconsistency
Switch_A_0 Switch_A_1
Apps
OS
Packet 0 Packet 1
R1R2
R1R2
Migration-free: packet 0 and packet 1 traverse same physical switch
VM(end host)
![Page 57: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/57.jpg)
58
1. Local Changes on Switch
Switch_A_0 Switch_A_1
(e.g. delete rule after idle timeout)
Apps
OS
Packet 0 Packet 1
R1R2
R1R2
VM(end host)
![Page 58: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/58.jpg)
59
2. Update from Controller
Switch_A_0 Switch_A_1
Apps
OS
Packet 0 Packet 1
R_newR1R2
R1R2
Install(R_new)
(e.g. rule installed at different times)
VM(end host)
![Page 59: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/59.jpg)
60
3. Events to Controller
Switch_A_0 Switch_A_1
Apps
OS
Packet 0Packet 1
R1R2
R1R2
Packet-in(pkt 0)
Packet-in(pkt 1)(received at controller first)
(e.g. forward and send to controller)
VM(end host)
![Page 60: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/60.jpg)
61
Consistency in LIME
Migration Primitives
Migration Orchestration
Network Virtualization
Switch_A_0 Switch_A_1
Switch_A
*Restrict use of some features* Use a commit protocol
* Emulate HW functions* Combine information
![Page 61: SDN(++) and Interesting Use-Cases](https://reader036.vdocuments.site/reader036/viewer/2022081512/56816930550346895de079db/html5/thumbnails/61.jpg)
62
• LIME is a general and efficient migration layer• Hope is future SDN is made migration friendly
• Develop models and prove correctness?– end-hosts and network– “Observational equivalence”
• Develop general migration framework– Control over grouping, order, and approach?
Conclusions and Future work