Upload File

sdn

2
Automatic Failure Recovery for Software-Defined Networks Maciej Ku´ zniar †* Peter Perešíni †* Nedeljko Vasi´ c Marco Canini Dejan Kosti´ c EPFL TU Berlin / T-Labs Institute IMDEA Networks <name.surname>@epfl.ch [email protected] [email protected] * These authors contributed equally to this work ABSTRACT Tolerating and recovering from link and switch failures are fundamental requirements of most networks, includ- ing Software-Defined Networks (SDNs). However, instead of traditional behaviors such as network-wide routing re- convergence, failure recovery in an SDN is determined by the specific software logic running at the controller. While this admits more freedom to respond to a failure event, it ultimately means that each controller application must in- clude its own recovery logic, which makes the code more difficult to write and potentially more error-prone. In this paper, we propose a runtime system that auto- mates failure recovery and enables network developers to write simpler, failure-agnostic code. To this end, upon de- tecting a failure, our approach first spawns a new controller instance that runs in an emulated environment consisting of the network topology excluding the failed elements. Then, it quickly replays inputs observed by the controller before the failure occurred, leading the emulated network into the for- warding state that accounts for the failed elements. Finally, it recovers the network by installing the difference ruleset between emulated and current forwarding states. Categories and Subject Descriptors C.2.4 [Distributed Systems]: Network operating systems; C.4 [Performance of Systems]: Reliability, availability, and serviceability Keywords Software Defined Network, Fault tolerance 1. INTRODUCTION To ensure uninterrupted service, Software-Defined Net- works (SDNs) must continue to forward traffic in the face of link and switch failures. Therefore, as with traditional net- works, SDNs necessitate failure recovery —adapting to fail- ures by directing traffic over functioning alternate paths. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third- party components of this work must be honored. For all other uses, contact the owner/author(s). HotSDN’13, August 16, 2013, Hong Kong, China. ACM 978-1-4503-2178-5/13/08. Conceptually, this requires computing the new forwarding state in response to a failure event, similarly to how a link- state routing protocol re-converges after detecting a failure. In an SDN however, this computation takes place at the SDN controller, based on its current view of the network. To achieve higher availability, this computation could be done in advance to determine backup paths for a range of failure scenarios. With the appropriate hardware support 1 , the backup paths can be preinstalled to enable switches to quickly adapt to failures based just on local state. Regardless of whether the recovered forwarding state is computed in response to a failure or precomputed in ad- vance, failure recovery requires the presence of extra soft- ware logic at the controller. In particular, in today’s modu- lar controller platforms such as POX, Floodlight, etc., each individual module (e.g., access control, routing) potentially needs to include its own failure recovery logic [6]. This leads to controller modules that are more difficult to develop, and potentially increases the chance of bugs [1]. Avoiding this problem by relying on simple recovery logic like timeouts or deleting rules forwarding to an inactive port is inefficient [6] and may introduce forwarding loops in the network [4]. In this paper, we propose AFRO (Automatic Failure Re- covery for OpenFlow), a system that provides automatic fail- ure recovery on behalf of simpler, failure-agnostic controller modules. Inspired by the successful implementation of such a model in other domains (e.g., in the large-scale comput- ing framework MapReduce [2]), we argue that application- specific functionality should be separated from the failure recovery mechanisms. Instead, a runtime system should be responsible for transparently recovering the network from failures. Doing so is critical for dramatically reducing the chance of introducing bugs and insidious corner cases, and increasing the overall chance of SDN’s success. AFRO extends the functionality of a basic controller pro- gram that is only capable of correctly operating over a net- work without failures and allows it to react to changes in the network topology. The intuition behind our approach is based on a straightforward recovery mechanism, or rather a solution that sidesteps the recovery problem altogether: After any topology change, we could wipe clean the entire network forwarding state and restart the controller. Then, the forwarding state gets recovered as the controller starts to install forwarding rules according to its control logic, ini- tial configuration and the external events that influence its execution. 1 In OpenFlow, the FastFailover group type is available since version 1.1 of the specification. 159

Upload: maheshwar-bhat

Post on 16-Aug-2015

217 views

Category:

Documents


2 download

Report

DESCRIPTION

SDN

TRANSCRIPT

Automatic Failure Recovery for Software-Dened NetworksMaciej Ku zniarPeter PereniNedeljko Vasi cMarco CaniniDejan Kosti cEPFLTU Berlin / T-LabsInstitute IMDEA [email protected]@[email protected] authors contributed equally to this workABSTRACTTolerating and recovering fromlink and switch failuresare fundamental requirements of most networks, includ-ingSoftware-DenedNetworks (SDNs). However, insteadof traditional behaviors suchas network-wide routing re-convergence, failurerecoveryinanSDNis determinedbythespecicsoftwarelogicrunningatthecontroller. Whilethisadmitsmorefreedomtorespondtoafailureevent, itultimatelymeansthateachcontrollerapplicationmustin-clude its ownrecoverylogic, whichmakes thecode morediculttowriteandpotentiallymoreerror-prone.Inthis paper, we propose aruntimesystemthat auto-mates failure recoveryandenables networkdevelopers towritesimpler, failure-agnosticcode. Tothisend, uponde-tectingafailure,ourapproachrstspawnsanewcontrollerinstance that runs in an emulated environment consisting ofthe network topology excluding the failed elements. Then, itquicklyreplaysinputsobservedbythecontrollerbeforethefailureoccurred,leadingtheemulatednetworkintothefor-wardingstatethat accountsforthe failedelements. Finally,it recoversthenetworkbyinstallingthedierencerulesetbetweenemulatedandcurrentforwardingstates.Categories and Subject DescriptorsC.2.4 [DistributedSystems]: Network operating systems;C.4[Performance of Systems]: Reliability, availability,andserviceabilityKeywordsSoftwareDenedNetwork,Faulttolerance1. INTRODUCTIONTo ensure uninterruptedservice, Software-DenedNet-works (SDNs) must continue to forwardtrac in the face oflinkandswitchfailures. Therefore, aswithtraditionalnet-works, SDNsnecessitatefailurerecoveryadaptingtofail-ures bydirecting trac over functioning alternate paths.Permissiontomakedigital orhardcopiesofpart orall ofthisworkforpersonal orclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmade ordistributedforprot orcommercialadvantageand thatcopiesbearthisnoticeand the full citationon the rst page. Copyrightsfor third-party components of this work must be honored. For all other uses, contactthe owner/author(s).HotSDN13, August 16, 2013, Hong Kong, China.ACM 978-1-4503-2178-5/13/08.Conceptually, thisrequirescomputingthenewforwardingstateinresponsetoafailureevent,similarlytohowalink-stateroutingprotocolre-convergesafterdetectingafailure.InanSDNhowever, this computationtakes place at theSDNcontroller,basedonitscurrentviewofthenetwork.Toachievehigheravailability, thiscomputationcouldbedoneinadvancetodeterminebackuppathsforarangeoffailurescenarios. Withtheappropriatehardwaresupport1,thebackuppathscanbepreinstalledtoenableswitchestoquicklyadapttofailuresbasedjustonlocalstate.Regardless of whether therecoveredforwardingstateiscomputedinresponse toafailure or precomputedinad-vance, failurerecoveryrequiresthepresenceof extrasoft-warelogicatthecontroller. Inparticular,intodaysmodu-larcontrollerplatformssuchasPOX,Floodlight, etc.,eachindividualmodule(e.g.,accesscontrol,routing)potentiallyneeds to include its own failure recovery logic [6]. This leadsto controller modules that are more dicult to develop, andpotentiallyincreasesthechanceof bugs[1]. Avoidingthisproblemby relyingonsimplerecoverylogicliketimeouts ordeleting rules forwardingto aninactive port is inecient [6]andmayintroduceforwardingloopsinthenetwork[4].Inthispaper,weproposeAFRO(AutomaticFailureRe-covery for OpenFlow), a system that provides automatic fail-urerecoveryonbehalfofsimpler,failure-agnosticcontrollermodules. Inspiredbythesuccessfulimplementationofsuchamodel inotherdomains(e.g., inthelarge-scalecomput-ingframeworkMapReduce[2]), wearguethatapplication-specicfunctionalityshouldbeseparatedfromthefailurerecoverymechanisms. Instead,aruntimesystemshouldberesponsible for transparentlyrecoveringthenetworkfromfailures. Doingsoiscritical for dramaticallyreducingthechanceof introducingbugsandinsidiouscornercases, andincreasingtheoverallchanceofSDNssuccess.AFRO extends thefunctionalityofabasiccontrollerpro-gramthatisonlycapableofcorrectlyoperatingoveranet-workwithout failures andallows it toreact tochangesinthe networktopology. Theintuitionbehindourapproachisbasedonastraightforwardrecoverymechanism, or ratherasolutionthat sidesteps therecoveryproblemaltogether:Afteranytopologychange, wecouldwipecleantheentirenetworkforwardingstateandrestartthecontroller. Then,theforwardingstategetsrecoveredasthecontrollerstartstoinstallforwardingrulesaccordingtoitscontrollogic,ini-tial congurationandtheexternaleventsthatinuenceitsexecution.1In OpenFlow, the FastFailover group type is available sinceversion1.1ofthespecication.159However, becauseall rulesinthenetworkneedtobere-installed,such a simplemethod isinecient andhas signi-cant disadvantages. First, a large number of packets may bedroppedorredirectedinsidethePacketInmessagestothecontroller,whichcouldbeoverwhelmed. Second,therecov-eryspeedwill beadverselyaectedbyseveral factors, in-cluding the timeto resetthe networkandcontroller,aswellas theoverheadof computing, transmittingandinstallingthenewrules.Toovercometheseissues,wetakeadvantageofthe soft-ware partinSDN.Sinceallthecontroldecisionsaremadein software running at the controller, AFRO repeats (or pre-dicts)thesedecisionsbysimplyrunningthesamesoftwarelogicinanemulatedenvironmentof theunderlyingphysi-cal network[3, 7]. Duringnormal execution, AFROsimplylogsatraceoftheeventsobservedatthecontrollerthatin-uenceitsexecution(forexample, PacketInmessages). Incase of a network failure, AFRO replays at accelerated speedtheeventspriortothefailurewithinanisolatedinstanceofthe controller with its environmentexcept it pretends thatthenetworktopologyneverchangedandallfailedelementsneverexistedsincethebeginning. Finally, AFROrecoversthe actual network forwarding state by transitioning it to therecoveredforwardingstateoftheemulatedenvironment.2. AUTOMATING FAILURE RECOVERYAFRO worksintwooperationmodes: recordmode,whenthe networkisnot experiencing failures,andrecoverymode,whichactivatesafterafailureisdetected. Thenetworkandcontroller start inacombinedcleanforwardingstatethatlaterisgraduallymodiedbythecontrollerinresponsetoPacketInevents. Inrecordmode, AFROrecordsall Pack-etInarrivingatthecontrollerandkeepstrackofcurrentlyinstalledrules bylogging FlowModandFlowRemmessages.When a network failure is detected, AFRO enters the recov-erymode. Recoveryinvolvestwomainphases: replayandreconguration.Duringreplay,AFROcreatesacleancopyoftheoriginalcontroller, whichwecall ShadowController. ShadowCon-troller hasthesamefunctionalityas theoriginal one, butit starts withacleanstateandfromthebeginningworksonaShadow Networkanemulatedcopyoftheactualnet-workthatismodiedbyremovingfailedelementsfromitstopology. Then, AFROfeedstheShadowController withrecordedPacketInmessagesprocessedbytheoriginal con-troller beforethefailureoccurred. Whenreplayends, theShadowControllerandShadowNetworkcontainanewfor-wardingstate.Atthispoint, recongurationtransitionstheactual net-workfromthe current statetothe newone. Thistransitionrequiresmakingmodicationstoboththecontrollerinter-nal stateaswell asforwardingrulesintheswitches. First,AFRO computes a minimal set of rule changes. Then, it usesan ecient, yet consistent method to update all switches. Fi-nally, it replaces the controller state with the state of ShadowController and ends the recovery procedure. In case anotherfailure is detected during recovery, the system needs to inter-rupttheaboveprocedureandrestartwithanotherShadowNetworkrepresentingthecurrenttopology.2.1 ReplayReplay needstobequickandecient. WhileAFROisreacting to the failure, the network is vulnerable and its per-formanceissuboptimal evenif thereisfastfailoverimple-mented. Further,consecutivefailuresmaycauseissuesthatevenfailover cannot handle. Toimprovethe replay per-formance, weusetwoorthogonal optimizations. First, welterPacketInmessagesand chooseonly those necessary toreachtherecoveredforwardingstate. Then, weparallelizethereplaybasedonpacketindependence.2.2 Network RecongurationAfter thereplayends, AFROneeds toecientlyapplythechangeswithoutputtingthenetworkinaninconsistentstate. The recongurationrequires twosteps: (i) modifyingrulesintheswitches, and(ii)migratingthecontrollertoanewstate.For rules in the switches we need a consistent and propor-tional updatemechanism. Ifthesizeofanupdateismuchbigger thanthesizeof arequiredcongurationchange, itosetstheadvantagesof AFRO. Thereforeweproposeus-ing a two-phase commit mechanism of per-packet consistentupdatesthat is verysimilar totheonepresentedas opti-mizationin[5]. Westartmodifyingrulesthatwill notbeusedanduseabarriertowaituntil switchesapplyanewconguration. At this point we installrulesthat direct traf-ctothepreviouslyinstalled,newrules.The transitionbetweenthe oldandnewcontroller canbedoneeitherbyexposinganinterfacetopasstheentirestatebetweenthetwocontrollers, or byreplacingtheoldonealtogether. Inthesecondcase, theShadowControllersimplytakes over the connections to realswitches andtakesresponsibilityoftheoriginalcontroller.2.3 PrototypeWeimplementedaprototypeof AFROworkingwithaPOXcontrollerplatform. POXallowsprogrammerstoex-tendthe controller functionalitybyaddingnewmodules.Therefore, it is possible tointroduce AFROrequiringnomodicationstocontrollerlogic.3. REFERENCES[1] M.Canini,D.Venzano,P.Peresni,D.Kostic,andJ.Rexford.ANICEWaytoTestOpenFlowApplications.InNSDI,2012.[2] J.DeanandS.Ghemawat.MapReduce: SimpliedDataProcessingonLargeClusters. CommunicationsoftheACM,51(1),2008.[3] N.Handigol,B.Heller,V.Jeyakumar,B.Lantz,andN.McKeown.ReproducibleNetworkExperimentsUsingContainer-BasedEmulation.InCoNEXT,2012.[4] P.Peresni,M.Kuzniar,N.Vasic,M.Canini,andD.Kostic.OF.CPP:ConsistentPacketProcessingforOpenFlow.InHotSDN,2013.[5] M.Reitblatt,N.Foster,J.Rexford,C.Schlesinger,andD.Walker.AbstractionsforNetworkUpdate.InSIGCOMM,2012.[6] S.Sharma,D.Staessens,D.Colle,M.Pickavet,andP.Demeester.EnablingFastFailureRecoveryinOpenFlowNetworks.InDRCN,2011.[7] A.Wundsam,D.Levin,S.Seetharaman,andA.Feldmann.OFRewind: EnablingRecordandReplayTroubleshootingforNetworks.InUSENIXATC,2011.160


SDN 25 SDN 30 SDN 35 SDN 45 SDN 65 SD 80 - NordCap · SDN 25 SDN 30 SDN 35 SDN 45 SDN 65 SD 80 SD 125 SD 210 Automatic cubers Automatic Kegeleisbereiter 090091.05 - REV. 03/2008

A. PENSKORAN USIA CALON PESERTA DIDIK … SDN Gegerkalong KPAD Sukasari 2 SDN Isola 1 Sukasari 3 SDN Gegerkalong Girang Sukasari 4 SDN Cirateun Kulon Sukasari 5 SDN Sukarasa 3 Sukasari

SDN interfaces and performance analysis of SDN components

dispendiksurabaya.files.wordpress.com · SDN Klampis Ngasem I SDN Klakahrejo I SDN Ketabang I SDN Kendangsari I SDN Kendangsari Ill SDN Keputih 245 SDN Kertajaya IV SDN Rungkut Menanggal

dispendiksurabaya.files.wordpress.com · sdn alon-aloncontong 1/87 keterangan jam 08.00 wib s.d 10.00 wib sdn sdn son son son sdn sdn sdn sdn sdn sdn sdn son sdn sdn sdn sdn sdn son

dispendiksurabaya.files.wordpress.com · gunung anyar rungkut sdn gundih sdn banyu urip ix sdn kaliasin v sdn kandangan ill sdn kandangan i sdn klakah rejo 1 sds pancasila 45 sdn

SDN-IP helps migrate your network to SDN - ONOS · Seamless Interworking of SDN and IP SDN-IP helps migrate your network to SDN • Allows an SDN network to seamlessly connect to

LEGENDA Æc...RENGGIANG SDN 4 DENDANG SDN 5 DENDANG SDN 6 DENDANG SDN 1 DENDANG SDN 7 DENDANG SDN 8 DENDANG SDN 9 DENDANG SMPN 1 DENDANG SDN I2 DENDANG SDN 3 …

SDN & NFV Introduction (SDN NFV Day ITB 2016)

dispendiksurabaya.files.wordpress.com · rungkut menangga sdn kalisari 11/513 kalisari 1/242 sdn kejawan putih 1/243 kalijudan 1/239 sdn kalijudan 11/559 sdn manyar sabrangan i sdn

dispendiksurabaya.files.wordpress.com · SDN Balas Klumprik 1/434 SDN Balas Klum rik 1/434 SDN Balas Klumprik 1/434 SDN Balas Klumprik 1/434 SDN Balon sari 1/50 SDN Balon sari 1/50

Big Data + SDN SDN Abstractions

NASSER PROPERTY DEVELOPMENT SDN . RÄKOMESKO PALM OIL SDN . TENGGARÄ SDN . BHD . BHD . BHD . LTL ETÄCO ENGINEERING SDN . LIBERTHREE GROUP SDN . BHD . MALAYSIAN EMPOWERED

SDN : What We’ve Learned Martìn Casado I’ve. Outline SDN : a History SDN : a Definition SDN : What I’ve Learned

Stiekes - IEEE SDN Now - Why SDN

dispendiksurabaya.files.wordpress.com · sdn kedung cowek i no. 253 sdn kenjeran 248 sdn bui-ak rukem il sdn kedung cowek 11/254 sdn komplek kenjeran 11/506 sdn sukolilo 250 sdn tanah

LEGENDA Æcsdm.data.kemdikbud.go.id/upload/files/Peta Sebaran SP Kec_Manggar.pdf · renggiang sdn 3 manggar sdn 4 manggar sdn 5 manggar sdn 23 manggar sdn 2 manggar sdn 24 manggar

LEGENDA Æc - Kemdikbud...RENGGIANG SDN 3 MANGGAR SDN 4 MANGGAR SDN 5 MANGGAR SDN 23 MANGGAR SDN 2 MANGGAR SDN 24 MANGGAR SDN 27 SMANGGAR SDN 25 MANGGAR SDN 28 M ANGGAR SDN 6 M ANGGAR

BELITUNG - Kemdikbudsdm.data.kemdikbud.go.id/upload/files/Peta Sebaran SP Kec...RENGGIANG SDN 7 DAMAR SDN 6 DAMAR SDN 5 DAMAR SDN 8 DAMAR SDN 1 DAMAR SDN 2 DAMAR SDN 3 DAMAR SDN 4

Board of Directors · 2018-11-27 · Sdn Bhd, Central Spectrum Sdn Bhd, Cekal Tulin Development Sdn Bhd, JAKS-KDEB Consortium Sdn Bhd, Hydrovest Sdn Bhd and Perangsang Hotel & Properties

2015 COSCUP SDN Workshop -- SDN Quick Start

Tenaga...Kecamatan Temon Wates Panjatan Nama Sekolah SDN Panginan SDN Karangwuluh SDN Demen SDN 3 Glagah ... SON Kamal SDN Jambon SON Sokaraja SDN Donomulyo SDN Borosuci SDN Banjarharjo

covid19.hukumonline.com...Kepulauan Seribu Selatan Tanjung Priok Sekolah SDN Petojo Utara 13 SDN Duri Pulo 07 SDN Gambir 01 SMA Negeri 24 SDN Kampung Bali 01 SDN Kampung Bali 03 …

Data Center SDN - Open Networking Foundation · Data Center SDN ONF SDN Solutions Showcase Theme Demonstrations . ... NEC NetCracker Orchestrator . SDN Solutions Showcase, October

Carrier/WAN SDN - Open Networking Foundation · Carrier/WAN SDN Multi-Layer SDN Apps . Carrier/WAN SDN ... Multi-Layer App Platform (MAP) ALU Huawei SDN Controller ALU ALU Huawei

Open Fabric SDN The Comprehensive SDN approach...Open Fabric SDN – The Comprehensive SDN approach Jake Howering, Director SDN Product Line Management Bithika Khargharia, PhD, Senior

IJM CORPORATION BERHAD...Nilai Cipta Sdn Bhd Associate Deltabumi Sdn Bhd IJM Properties Sdn Bhd Subsidiaries Chen Yu Land Sdn Bhd IJM Management Services Sdn Bhd Jalinan Masyhur Sdn

MALAYSIA - Kemdikbudsdm.data.kemdikbud.go.id/upload/files/KEC_malinau_UTARA.pdf · sdn 001 sdn 002 malinau utara sdn 003 sd n04 m ali ut r sdn 005 sdn 006 malinau utara sd n07 m ali

2017 - warisantc.com.my AR 2017.pdf · Shiseido Malaysia Sdn Bhd Tung Pao Sdn Bhd MUV Solutions Sdn Bhd Wacoal Malaysia Sdn Bhd Warisan TC Management Services Sdn Bhd Tan Chong Apparels

© Jurubina Experto Sdn. Bhd. · PDF file© Jurubina Experto Sdn. Bhd. © Jurubina Experto Sdn. Bhd. © Jurubina Experto Sdn. Bhd

dispendiksurabaya.files.wordpress.com€¦ · son lidah kulon iv / 467 sdn manukan wetan 1 1114 sdn krembangan selatan ix sdn kedung cowek i no. 253 sdn sidosermo 1 1427 sdn kedurus

SDN 25 SDN 30 SDN 35 SDN 45 SDN 65 SD 80 - NordCap · table of contents page inhaltsverzeichnis seite general information and installation 1 allgemeines und installation 14 introduction

Open Source SDN Platform Toward 5G · The History of Samsung SDN Open Source SDN and NFV Overview Open Source SDN Controller Projects 03 SDN toward 5G Infrastructure The Introduction

CGE SYSTEMS SDN BHD Systems Sdn Bhd - Company Profile.… · CGE SYSTEMS SDN BHD COMPANY PROFILE ... 4.1.12 Ansell Malaysia Sdn Bhd ... Genting Sanyen Utilities & Services Sdn Bhd

manbaululum.or.idmanbaululum.or.id/wp-content/uploads/2019/02/... · SDN Dawuan 1 SDN 1 Duren SDN Karangsambung 1 SDN 3 Pasindangan SDN Tobat 1 SDIT Al-Azhar 3 Sl Al Farabi SDN Kesambi