Part2: Lecture 03! Network Virtualization and SDNs!

Part2: Lecture 03! Network Virtualization and SDNs!

Last time(s)?! Optical nets! Spectrum! Multiplexing! NSA/NSI! Lightpaths! NDL: network topology description!

! Connection provisioning! What do optical networks do?! Provide communication paths between locations! How do they do it? By managing:! Connection provisioning and connection recovery! Where do you put the intelligence?!

Network models! Application Presentation Management plane Session Transport Network Data Link Physical Control plane Routing plane OSI model Data plane

Management plane! Management plane The systems, interfaces, and protocols used to manage the network and its services.! Control plane Routing plane Data plane

Control planes! Management plane Control plane The logic and hardware required for the physical transfer of data in the network.! Routing plane Data plane This intelligence is typically realized in the form of various communication protocols.! Such protocols can be broadly classified into signaling, discovery protocols and routing.!

Data plane! Management plane Control plane Routing plane Data plane The logic and hardware required for the physical transfer of data in the network.!

Control planes!

Layers! An optical network consists of layers and partitions.!! Layers! A control plane will be concerned with the operation at a specific layer.! In the context of optical networks we are focusing on switching of OXCs (SONET/SDH) and PXCs (wavelengths).! Path Path Line Line Line Line Section Section Section Section Section Section Photonic Photonic Photonic Photonic Photonic Photonic

Layering:! G.805! An ITU-T recommendation that describes the layering concepts, independent from the underlying technology.!

G.805: transport networks functional models! link connection link connection subnetwork connection link connection tandem connection network connection Client layer Client layer link connection Adaptation Adaptation trail is equivalent to network connection Termination Termination Server layer Server layer

Partitions! A network can be partitioned (recursively) in smaller parts:! Topological partitions! Control domains! Control planes can operate:! Intradomain, within the same control domain;! Interdomain, to build an unified end-to-end control architecture across control domains.!

Partitioning:! information exchange! How do you transfer information between control domains?!

Control plane interfaces! The User-Network Interface (UNI)! This is the control interface between a node in the client network and a node in the optical network.!! The Interior Network- Network Interface (I-NNI)! This is the control interface between two subnetworks (or nodes) within the same control domain.! The Exterior Network- Network (E-NNI)! This is the control interface between two nodes in different control domains.!

Control plane abstraction! Control functionality can be distinct from the transport functionality, I.e is not implemented in the devices.!

Control plane functions! Neighbor discovery! "a function whereby a network element automatically determines the details of its connectivity to all its data plane neighbors. Neighbor discovery applies to both the UNI and the NNI.!! Routing! "Consists of two aspects: automatic topology and resource discovery.!! Signaling! "the syntax and the semantics of communication between control agents in establishing and maintaining connections.! Local resource management! "The representation and accounting of locally available resources controlled by a control agent.!

DCN! DCN - the Data Communication Network - is the infrastructure used for messaging between control plane agents in the network.! It is also used to provide connectivity between control plane agents.!! Communication is packet oriented, most often based on IP (v4 or v6).!! It can be:! in-fiber - if the network is associated with the optical data plane! out-of-fiber - if the network is based on a separate network technology (I.e. a separate IP network)!

Networks work! Packet switched networks! Circuit-switched networks!

Network virtualization!

Ossification of the Internet! Many aspects of networking are set in stone.! New protocols are difficult to implement.! Most changes are incremental updates.! There is no service tailored to application needs.!! Research community started in 2005 to think about it:! 1. T. Anderson, L. Peterson, S. Shenker, J. Turner, Overcoming the Internet impasse through virtualization, Computer 38 (4) (2005) 34 41.! 2. J. Turner, D. Taylor, Diversifying the internet, in: Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM 05), vol. 2, 2005.!

!! Network virtualization! A virtual network (VN) is a collection of virtual nodes and virtual links. Essentially, a virtual network is a subset of the underlying physical network resources.!!!!! A network environment supporting virtualization allows the coexistence of multiple virtual networks on the same physical substrate.!!

Virtualization in the network! Decoupling the services provided by a network from the physical infrastructure! Virtual network is a container of network services, provisioned by software! Faithful reproduction of services provided by a physical network! Analogy to a VM complete reproduction of physical machine (CPU, memory, I/O, etc.)! Slide courtesy of :! http://www.opennetsummit.org/pdf/2013/presentations/bruce_davie.pdf!

Slide courtesy of :! http://www.opennetsummit.org/pdf/2013/presentations/bruce_davie.pdf!

Why?! Sharing the network! Different controllers for different users/traffic! Isolation (bandwidth, table space, flow space)! Abstracting the topology! One big virtual switch! Many virtual switches to one physical switch! Arbitrary network topologies! While presenting a familiar abstraction! A network! Slide courtesy of :! http://www.opennetsummit.org/pdf/2013/presentations/bruce_davie.pdf!

Network sharing! User groups! Virtualized data center/services! Virtualized Network Backbone!

Why sharing the network?! Multiple administrative groups! Different departments on a campus! Multiple customers! Tenants in a shared data center! Researchers on a shared infrastructure! Experiments vs. operational network! Support research without breaking real services! Expanding a network s footprint! Lease components in another carrier s network! Multiple services or applications in one domain!

! Challanges! The network security issues for a shared infrastructure:!! 1. Access control! Legitimate users need to authenticated and authorized to access the portion of the network/resources they have been assigned;! 2. Path isolation! Mapping of users and resources has to be done effectively to avoid interference! 3. Services! The right services have to available to the right users!

Why Abstract the Topology?! Partial deployment! Tunnel through components you don t control! Simplicity! Hide inessential details, churn, migration,! Privacy! Hide internal details of the network! Scalability! Present a smaller topology and fewer events! Experimentation! Try topologies that don t really exist!!

Benefits! Rapid innovation: network services now delivered at software! Speeds!! New forms of network control: API to NV controller allows creation and management of virtual networks under software control! Snapshot, rollback etc.! Vendor choice: decoupled networking services from underlying hardware! Simplified programming: expose abstractions that make sense to programmers! Simplified operations: network state managed like a VM provision centrally in SW, snapshot, rollback, etc.!

Types of VNE! Four main types of VNEs:! - VLANs Virtual Local Area Networks! - VPNs Virtual Private Networks! - Overlay Networks! - Active Networks and Programmable Networks!

VLANs " "! They create a single broadcast domain that groups hosts with a common interest.!! Pros:! Configured via software they are easy to manage! Provide isolation and are cost effective.!

802.1Q VLAN frame format! type preamble dest. address source address data (payload) CRC 802.1 frame type preamble dest. source address address data (payload) CRC 802.1Q frame 2-byte Tag Protocol Identifier (value: 81-00) Recomputed CRC Tag Control Information (12 bit VLAN ID field, 3 bit priority field like IP TOS)

VPNs!

Basic VPN component! Customer edges (CEs) are connected to one or more provider edges (PEs).!! A service provider (SP) manages and provisions the VPN:! PPVPN - Provider Provisioned VPN.!!! VPNs can operate at different layers:! Layer1 VPNs! Layer2 VPNs! Layer3 VPNs! Higher level VPNs! Know more: Provider Provisioned VPNs terminology RFC 4026 March 2005

Overlay networks! An overlay network is a virtual network that creates a virtual topology on top of the physical topology of another network.! Nodes in an overlay network are connected through virtual links which correspond to paths in the underlying network. Overlays are typically implemented in the application layer.!

Overlay Network! Nodes are connected by logical/virtual links! Logical Network Layer implemented on top of the physical network! Uses different addresses for routing messages!!

Digression into p2p nets!

! Architecture! Unstructured p2p! Structured p2p! No structure for the overlay network.! Specific topology that is easy search through!

DHTs and p2p! Distributed Hash Table is distributed over the nodes in the P2P network in order to locate content.!! The DHT stores the location (IP address of peer in charge) of the content across the network.! No need for an indexer or central server.!! Notable DHTs:! Chord! Pastry! Tapestry! Kademlia!

! DHT identifiers! In Chord there is an m -bit identifier. Related to an identifier circle.!! Given m:! Assign integer identifier to each peer in range [0,2 m-1 ]! Require each key to be an integer in same range! To get integer key, hash original key! e.g., key = hash( Led Zeppelin IV )! 3! m=2! 0! 1! 2!

Assigning keys to peers! Assign integer to each peer! Convert each key to an integer! Put (key,value) pair in the peer that is closest to the key! Given key k the key will be stored at successor(k)! Closest is the immediate successor of the key (equal or follows).! First node clockwise from k.!! e.g.,m=4; peers: 1,3,4,5,8,10,12,14;! key = 13, then successor peer = 14! key = 15, then successor peer = 1! Chord uses SHA-1 hash codes instead of integers!

Query! O(N) messages! on average to resolve! query, when there! are N peers! 1111 I am 0001 0011 Who s responsible for key 1110? 1110 1110 0100 1100 1110 1110 1110 0101 1010 1110 1000 Queries for content are passed around the circle.!

Query with shortcuts! 1 Who s responsible for key 1110? 3 15 12 10 8 5 4 each peer keeps track of IP addresses of predecessor, successor, short cuts.! reduced from 6 to 2 messages.!

Content delivery networks (Akamai)!

Pause!

VXLAN!

! Virtual Extensible LAN.!! High scalability:! From 4096 VLAN ID (12 bits) to 16Millions VNID (VXLAN Network Identifier).! Better utilization of network paths relying on L3 routing.! Interesting that this is supported by software switches too (Open vswitch)!!

! VTEPs! VXLAN is a Layer 2 overlay scheme over a Layer 3 network.! It uses VXLAN tunnel endpoint (VTEP) devices to map tenants' end devices to VXLAN segments and to perform VXLAN encapsulation and de-encapsulation.!!

VXLAN packet format! It uses MAC Address-in-User Datagram Protocol (MAC-in-UDP).!

Network Virtualization History! Dedicated overlays for incremental deployment! Mbone (multicast) and 6bone (IPv6)! Overlays for improving the network! Resilient Overlay Networks (RON)! Shared experimental testbeds! PlanetLab, Emulab, Orbit,! Virtualizing the network infrastructure! Overcoming Internet impasse through virtualization! Later testbeds like GENI, VINI,!

Three main components:!! GENI racks: virtualized computation and storage resources.! Software-defined networks (SDNs): virtualized, programmable network resources.! WiMAX: virtualized cellular wireless communication (at selected campuses).! GENI!

ExoGENI!

Test Time!

Programmable networks!

Programmable networks! A. T. Campbell, H. G. De Meer, M. E. Kounavis, K. Miki, J. B. Vicente, and D. Villela, A survey of programmable networks, SIGCOMM Comput. Commun. Rev., vol. 29, no. 2, p. 7, Apr. 1999.!

Programmability and virtualization! Are programmable networks VNEs?!! Maybe not directly, but programmability can ensure the coexistence of multiple networks.!! The key is to separate the control plane from the data plane:! Control plane à control software! Data planeà the network hardware!

Active networks (I)! Allows packets flowing through the network to modify the network behaviour.!!

! Software Defined Networking! A short intro based on the course of prof. Jennifer Rexford! http://www.cs.princeton.edu/courses/archive/fall13/ cos597e/syllabus.html! 60

SDN and Network Virtualization!

! SDN and network Network virtualization!= SDN! Predates SDN! Doesn t require SDN! virtualization! Easier to virtualize an SDN switch! Run separate controller per virtual network! Partition the space of all flows! Leverage open interface to the hardware!

Software Defined Networks! control plane: distributed algorithms! data plane: packet processing! 63

Software Defined Networks! decouple control and data planes 64

Software Defined Networks! decouple control and data planes! by providing open standard API! 65

Simple, Open Data-Plane API" Prioritized list of rules! Pattern: match packet header bits! Actions: drop, forward, modify, send to controller! Priority: disambiguate overlapping patterns! Counters: #bytes and #packets! 1. src=1.2.*.*, dest=3.4.5.* à drop 2. src = *.*.*.*, dest=3.4.*.* à forward(2) 3. src=10.1.2.3, dest=*.*.*.* à send to controller

(Logically) Centralized Controller! Controller Platform 67

Protocols è Applications! Controller Application Controller Platform 68

Seamless Mobility! See host sending traffic at new location! Modify rules to reroute the traffic!

Server Load Balancing" Pre-install load-balancing policy! Split traffic based on source IP! 10.0.0.1 src=0*,! dst=1.2.3.4! 10.0.0.2 src=1*,! dst=1.2.3.4!

Example SDN Applications! Seamless mobility and migration! Server load balancing! Dynamic access control! Using multiple wireless access points! Energy-efficient networking! Adaptive traffic monitoring! Denial-of-Service attack detection! Network virtualization! See http://www.openflow.org/videos/!

A Major Trend in Networking! Entire backbone runs on SDN Bought for $1.2 x 10 9 (mostly cash)

Home reading! For the test on May 09 read:! MPLS: the magic begind the myth!

Literature! Towards a diversified internet! by Turner et al.!!! A survey of network virtualization by Chowdhuri et al.!! Chapter 27 Network and Information Infrastructure Virtualization! Chapter 5 Modern Optical Control Planes!