Architecture of dynamic VPNs in OpenFlow Michiel Appelman - - PowerPoint PPT Presentation

architecture of dynamic vpns in openflow
SMART_READER_LITE
LIVE PREVIEW

Architecture of dynamic VPNs in OpenFlow Michiel Appelman - - PowerPoint PPT Presentation

Aug 15, 2022 165 likes •375 views

Architecture of dynamic VPNs in OpenFlow Michiel Appelman michiel.appelman@os3.nl Supervisor: Rudolf Strijkers rudolf.strijkers@tno.nl 1 Observations Network Management Systems are growing in complexity VPNs used to share network

slide-1
SLIDE 1

Architecture of dynamic VPNs in OpenFlow

Michiel Appelman michiel.appelman@os3.nl

Supervisor: Rudolf Strijkers rudolf.strijkers@tno.nl

1

slide-2
SLIDE 2

Observations

  • Network Management Systems are growing in complexity
  • VPNs used to share network resources and growing in numbers

➡ complex network management

  • Growing demand for application specific VPNs
  • Leading to “Dynamic VPNs”

2

slide-3
SLIDE 3

Dynamic VPNs

  • Requirements:
  • All VPN features
  • Automated VPN creation, modification and deletion
  • Manage member ports
  • Adapt Paths to Network Resources and DVPN Requirements

3

slide-4
SLIDE 4

Problem

  • To implement DVPNs in the network:
  • Solve complexity of network management
  • Allow for granular control over network resources

4

slide-5
SLIDE 5

Potential Solution

  • OpenFlow and SDN
  • Why the momentum?
  • State of the art
  • “Not supported”

OSI Reference Model — H. Zimmermann — 1980

5

slide-6
SLIDE 6

Research Questions

  • Can DVPNs be implemented using contemporary technologies?
  • Can DVPNs be implemented using OpenFlow?
  • What are the differences?

6

slide-7
SLIDE 7

VPN Service

  • Provider Provisioned VPN
  • Layer 2 Ethernet broadcast domain
  • Transparent to Customer
  • No exchange of routing info

between provider and customer

CE C CE C Customer Networks CE C Provider Network PE PE PE P

7

slide-8
SLIDE 8

VPN Transport

  • VPN “coloring”
  • Ethernet frame encapsulation

SA

CE1 PE1 P PE2 CE2

DA PDU SA DA PDU SA DA PDU SA DA PDU Hdr SA DA PDU Hdr MAC PORT CE1 1 MAC PORT CE2 1 CE1 PE1 CE2 ??? DVPN X DVPN X

8

slide-9
SLIDE 9

VPN Transport

  • Additional requirements for Carrier DVPN service:
  • MAC Scalability
  • Traffic Engineering (TE)
  • Load Sharing (ECMP)
  • Operations, Administration and Management (OAM)
  • Fast Failover
  • Rate Limiting of DVPN traffic
  • Rate Limiting of BUM traffic

9

slide-10
SLIDE 10

DVPN Provisioning

  • Base network to provide VPNs
  • Install routes between PEs
  • Automated VPN creation, modification and deletion:
  • Manage member ports
  • Adapt Paths to Network Resources and DVPN Requirements

10

slide-11
SLIDE 11

MPLS Implementation

  • MPLS with VPLS
  • Paths and VPN Coloring
  • Protocol Stack Dependencies
  • Complex configuration
  • Requires custom NMS
  • Lack of defined API
  • Fast Failover using RSVP (another label)
  • E-VPN MAC learning (draft)

11

LDP OSPF MP-BGP RSVP-TE BFD FRR E-VPN VPLS IP Addressing

slide-12
SLIDE 12

MPLS Implementation

  • Provisioning of DVPNs through NMS
  • Needs topology information to provide paths
  • Installs paths in RSVP

, end-points in VPLS

12

VPLS RSVP MPLS RSVP MPLS RSVP MPLS RSVP MPLS VPLS

CE PE P P PE CE Forwarding Plane Control Plane

NMS DATA LDP LDP

slide-13
SLIDE 13

OpenFlow Implementation

13

  • SDN Architecture with OpenFlow 1.3
  • Abstraction of the network
  • Centralized Applications
  • MAC Learning
  • Traffic Engineering
  • ECMP
  • Fast Failover..
  • MPLS labels
  • Rate Limiting per Flow

CONTROLLER APP APP APP APP

Northbound Southbound OpenFlow ???

slide-14
SLIDE 14

OpenFlow Implementation

  • Provisioning of DVPNs through Applications
  • Has topology information available
  • Traffic Engineering Application allows rerouting
  • Install Paths in all intermediate P’s

14

CE PE P P PE CE Forwarding Plane Control Plane

CONTROLLER DATA APPS

slide-15
SLIDE 15

Research Answers

  • Can DVPNs be implemented using contemporary technologies?
  • Yes, but management is complex and lacks control
  • Can DVPNs be implemented using OpenFlow?
  • Yes, using MPLS labels and custom applications
  • What are the differences?

15

slide-16
SLIDE 16

Comparison

16

MPLS OpenFlow/SDN Tagging of VPN Traffic VPLS MPLS MAC Scalability yes yes Topology Discovery OSPF centralized Path Provisioning RSVP / LDP centralized Traffic Engineering RSVP centralized ECMP yes yes, using Groups BUM limiting dependent on HW per flow BUM traffic handling flood controller Exchange C-MACs E-VPN (draft) centralized Traffic Rate Limiting dependent on HW per flow Fast Failover FRR and BFD yes, using Groups* OAM LSP Ping centralized

slide-17
SLIDE 17

MPLS

Pro’s Con’s

  • Known technology
  • Large protocol stack
  • No consistent management

interface

  • Complex NMS
  • E-VPN in draft

17

slide-18
SLIDE 18

OpenFlow

Pro’s Con’s

  • Learn from MPLS
  • MAC Exchange on PEs
  • Rate Limiting per Flow
  • No forwarding plane

monitoring

  • No Northbound standard
  • Reimplement intelligence

18

slide-19
SLIDE 19

Conclusion

  • MPLS lacks in manageability
  • SDN architecture solves complexity
  • OpenFlow missing essential carrier function

19

slide-20
SLIDE 20

Questions?

20