Panopticon: Reaping the benefits of Incremental SDN Deployment in Enterprise Networks

Panopticon: Reaping the benefits of Incremental SDN Deployment in Enterprise Networks Dan Levin withmarco Canini, Stefan Schmid, Fabian Schaffert, Anja Feldmann

Enterprise Network Management Policy changes Heterogeneity Resource allocagon Scheduled maintenance Device life cycle management TroubleshooGng

SDN Interface Control Programs Control Programs Global Network View Control Programs Controller Platform SoIware Defined Networking OSPF ISIS RIP EIGRP

Principled Network Policy Orchestra;on Consistent Network Updates [ReitblaN 12] Modular Policy ComposiGon [Monsanto 13] Network Invariants StaGc Checking [Kazemian 12] Automated Dataplane TroubleshooGng [Zeng 12] And more All leverage an exis;ng SDN deployment

The SDN Deployment Problem SDN is not a feature to be switched on Chicken and egg: Building confidence Deployment must be Incremental

Key QuesGons 1. How can we incrementally deploy the SDN interface into enterprise networks? 2. What benefits can be realized from a hybrid SDN deployment? 3. What limita;ons or performance costs?

PANOPTICON Incrementally Deployable SDN Architecture SystemaGc approach to operate a hybrid network as a (nearly) full SDN Prototype ImplementaGon Planning tool

Key QuesGons 1. How can we incrementally deploy the SDN interface into enterprise networks? 2. What benefits can be realized from a hybrid SDN deployment? 3. What limitagons or performance costs?

The ExisGng Network A B SDN- controlled C SDNc Ports D E F

Network Topology Traffic EsGmates Planning Strategy Hybrid SDN Deployment Path Delay Link UGlizaGons Resource

The Hybrid SDN Deployment ( ) B C A D E F

Key QuesGons 1. How can we incrementally deploy the SDN interface into enterprise networks? 2. What benefits can be realized from a hybrid SDN deployment? 3. What limitagons or performance costs?

Main benefits of SDN= Principled orchestragon B of C the network policy A D E F

Realizing the Benefits of SDN Insight #1: 1 SDN switch Policy enforcement IDS B C Middlebox traversal A D E Access control F

2. Realizing the Benefits of SDN Insight #1: 1 SDN switch Policy enforcement B C A Insight #2: 2 SDN switches Fine- grained control D E F Traffic load- balancing

Insight #1: 1 SDN switch Policy enforcement Insight #2: 2 SDN switches Fine- grained control Ensure that all traffic to/from an SDN- controlled port always traverses at least one SDN switch SDN Waypoint Enforcement Legacy devices must direct traffic to SDN switches

The PANOPTICON SDN Architecture Conceptually group SDN ports in Cell Blocks B C A D E F

The PANOPTICON SDN Architecture Traffic restricted to Solitary Confinement Trees B C A D F Per- port spanning trees that ensure waypoint enforcement E

The PANOPTICON SDN Architecture Traffic 1. One restricted VLAN ID to Solitary Confinement Trees per SDNc port B C A D 2. Reuse VLAN ID space across cell blocks E F 3. SCTs can be pre- installed

PANOPTICON A B Logical SDN A B C D E F C D E F

PANOPTICON App 1 App 2 App 3 SDN PlaQorm A Logical SDN B C D E F PANOPTICON provides the abstrac;on of a (nearly) fully- deployed SDN in a par;ally upgraded network PANOPTICON

Evalua;on Simula;on EmulaGon Testbed How many SDNc ports do I get as the deployment grows? How will PanopGcon Affect Network Traffic? Prototype ImplementaGon See our Paper TCP Performance under Waypoint Enforcement Fault Tolerance

SimulaGon Methodology Topology: Real Enterprise Network 1296 Access Switches 412 Distrib. Switches B C 1296 SDNc Port Candidates A D Workload: Packet- level Traces Traffic Matrix Map randomly, but preserve prefix locality F Scale up traffic demands: max link ugl at 50% Each src- dst pair consumes avg. 10 fwd rules E

Resource Constraints Flow Table Capacity (100K entries) Link CapaciGes A B C D E F # Supported VLANs (256, 512, 1024)

How many SDNc ports do I get? Switch Placement HeurisGc 1. RAND - Lower Baseline 2. VOL - HeurisGc 3. OpGmal (tech report) A Accomodate as many SDNc Ports as possible B subject to resource C constraints D Repeat experiments with 10 different seeds for each random parameter. E F

How many SDNc ports do I get? Random Baseline Deployment Strategy

Feasibility with VOL heurisgc 2% of network switches (33 SDN switches) 100% SDN- controlled ports Op;mis;c Condi;ons Conserva;ve Condi;ons

How will PanopGcon affect my traffic? Recall: Baseline traffic scaled so that max- u;lized link is 50%

How will PanopGcon affect my traffic?

How will PanopGcon affect my traffic? 33 SDN switches (2% of network) 90th path stretch < 1.9x max u;l. < 60%

Key EvaluaGon Results Op;mis;cally at 2% deployed SDN switches Conserva;vely at 10% deployed SDN switches Every access port controlled via SDN Moderate Path Stretch Moderate increase in link uglizagon Traffic EmulaGon: results support simulagons Testbed: validate system and fault- tolerance

Summary SDN ARCHITECTUREOperate the network as a (nearly) full SDN Planning TOOLDetermine the pargal SDN deployment hnps://panopgsim.badpacket.in App 1 App 2 App 3 SDN PlaQorm A B C D E F PANOPTICON

Packet Forwarding Inter- Switch Fabric provides transit between SCTs B C A D E F

Current Hybrid Networks? SDN Legacy PlaQorm Mgmt Dual- stack approach

Current Hybrid Networks? SDN Legacy PlaQorm Mgmt App 1 App 2 SDN Platform App 3 Legacy Mgmt Dual- stack approach Edge- only approach

The edge is legacy access switches

Hybrid SDN Use Cases Automated Planned Maintenance Tool Lightweight IP Subnet Mobility ACL refactorizagon Middle- box Traversal

Use Case: Planned Maintenance Operator says: You re Going down for service... A B C D E F...and, could the rest of you switches cooperate to minimize the disrupgon?

Use Case: Planned Maintenance 3) Update forwarding rules to re-route green flow A 1) Operator signals intent to our application, to remove switch for maintenance. B C D 4) 2) Gratuitous Install forwarding ARP for rules destination for green flow C. E F

Use Case Testbed Evalua;on 2x NEC IP8800 (OF 1.0) 1x Cisco C3550XL 3x Cisco C2960G TCP ConnecGon 2x HP 5406zl Recovery Time 1x Pica8 3290 LocaGons of port- down events along one path traversing SDN switch.

Use Case Testbed Evalua;on 2x NEC IP8800 (OF 1.0) 1x Cisco C3550XL 3x Cisco C2960G 2x HP 5406zl 1x Pica8 3290

Google B4 FuncGonally Equivalent Deployment

How will PanopGcon affect my traffic?

How will PanopGcon affect my traffic?

How will PanopGcon affect my traffic? 33 SDN switches 90 th stretch < 1.9x & max u;l. < 60%

SDN Interface f( View ) Control Programs f( View Control Programs Global Network View ) Controller Platform f( View ) Control Programs Ctrl Ctrl Ctrl Ctrl Ctrl Ctrl Ctrl Ctrl Ctrl

SimulaGon Methodology Real network topology 1296 Access / 412 Distribu;on / 3 Core Traffic esgmates from LBNL packet traces Map randomly while preserving prefix locality Scale traffic projecgon so that the most uglized link is 50% SDN deployment strategies: RANDOM vs. VOL VOL: iteragvely upgrade switch that forwards most traffic

Benefits of Hybrid Deployment? B C Harvest A unuglized network capacity D E F

SDN Interface Control Programs Control Programs Global Network View Controller Platform Control Programs