architecture of dynamic vpns in openflow
play

Architecture of dynamic VPNs in OpenFlow Michiel Appelman - PowerPoint PPT Presentation

Aug 15, 2022 •165 likes •375 views

Architecture of dynamic VPNs in OpenFlow Michiel Appelman michiel.appelman@os3.nl Supervisor: Rudolf Strijkers rudolf.strijkers@tno.nl 1 Observations Network Management Systems are growing in complexity VPNs used to share network

  1. Architecture of dynamic VPNs in OpenFlow Michiel Appelman michiel.appelman@os3.nl Supervisor: Rudolf Strijkers rudolf.strijkers@tno.nl 1

  2. Observations • Network Management Systems are growing in complexity • VPNs used to share network resources and growing in numbers ➡ complex network management • Growing demand for application specific VPNs • Leading to “Dynamic VPNs” 2

  3. Dynamic VPNs • Requirements: • All VPN features • Automated VPN creation, modification and deletion • Manage member ports • Adapt Paths to Network Resources and DVPN Requirements 3

  4. Problem • To implement DVPNs in the network: • Solve complexity of network management • Allow for granular control over network resources 4

  5. Potential Solution • OpenFlow and SDN • Why the momentum? • State of the art • “Not supported” 5 OSI Reference Model — H. Zimmermann — 1980

  6. Research Questions • Can DVPNs be implemented using contemporary technologies? • Can DVPNs be implemented using OpenFlow? • What are the di ff erences? 6

  7. VPN Service • Provider Provisioned VPN • Layer 2 Ethernet broadcast domain • Transparent to Customer Customer Networks • No exchange of routing info C between provider and customer C CE CE PE PE P C PE CE Provider Network 7

  8. VPN Transport DVPN X DVPN X MAC PORT MAC PORT CE1 1 CE2 1 CE2 ??? CE1 PE1 PDU SA DA Hdr PDU SA DA PDU SA DA CE1 PE1 P PE2 CE2 Hdr PDU SA DA PDU SA DA • VPN “coloring” • Ethernet frame encapsulation 8

  9. VPN Transport • Additional requirements for Carrier DVPN service: • MAC Scalability • Tra ffi c Engineering (TE) • Load Sharing (ECMP) • Operations, Administration and Management (OAM) • Fast Failover • Rate Limiting of DVPN tra ffi c • Rate Limiting of BUM tra ffi c 9

  10. DVPN Provisioning • Base network to provide VPNs • Install routes between PEs • Automated VPN creation, modification and deletion: • Manage member ports • Adapt Paths to Network Resources and DVPN Requirements 10

  11. MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies E-VPN LDP VPLS FRR • Complex configuration MP-BGP RSVP-TE BFD • Requires custom NMS OSPF • Lack of defined API IP Addressing • Fast Failover using RSVP (another label) • E-VPN MAC learning (draft) 11

  12. MPLS Implementation • Provisioning of DVPNs through NMS • Needs topology information to provide paths • Installs paths in RSVP , end-points in VPLS DATA NMS Control Plane VPLS VPLS LDP LDP RSVP RSVP RSVP RSVP MPLS MPLS MPLS MPLS CE PE P P PE CE Forwarding Plane 12

  13. OpenFlow Implementation • SDN Architecture with OpenFlow 1.3 • Abstraction of the network APP APP APP APP • Centralized Applications ??? Northbound • MAC Learning CONTROLLER • Tra ffi c Engineering Southbound OpenFlow • ECMP • Fast Failover.. • MPLS labels • Rate Limiting per Flow 13

  14. OpenFlow Implementation • Provisioning of DVPNs through Applications • Has topology information available • Tra ffi c Engineering Application allows rerouting • Install Paths in all intermediate P’s DATA APPS CONTROLLER Control Plane CE PE P P PE CE Forwarding Plane 14

  15. Research Answers • Can DVPNs be implemented using contemporary technologies? • Yes, but management is complex and lacks control • Can DVPNs be implemented using OpenFlow? • Yes, using MPLS labels and custom applications • What are the di ff erences? 15

  16. Comparison MPLS OpenFlow/SDN Tagging of VPN Tra ffi c VPLS MPLS MAC Scalability yes yes Topology Discovery OSPF centralized Path Provisioning RSVP / LDP centralized Tra ffi c Engineering RSVP centralized ECMP yes yes, using Groups BUM limiting dependent on HW per flow BUM tra ffi c handling flood controller Exchange C-MACs E-VPN (draft) centralized Tra ffi c Rate Limiting dependent on HW per flow Fast Failover FRR and BFD yes, using Groups* OAM LSP Ping centralized 16

  17. MPLS Pro’s Con’s • Known technology • Large protocol stack • No consistent management interface • Complex NMS • E-VPN in draft 17

  18. OpenFlow Pro’s Con’s • Learn from MPLS • No forwarding plane monitoring • MAC Exchange on PEs • No Northbound standard • Rate Limiting per Flow • Reimplement intelligence 18

  19. Conclusion • MPLS lacks in manageability • SDN architecture solves complexity • OpenFlow missing essential carrier function 19

  20. Questions? 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

UNINETT OpenFlow testbed UNINETT OpenFlow testbed Terena Network Architecture Workshop,

UNINETT OpenFlow testbed UNINETT OpenFlow testbed Terena Network Architecture Workshop,

UNINETT OpenFlow testbed UNINETT OpenFlow testbed Terena Network Architecture Workshop, 13-14/11-2013 Terena Network Architecture Workshop, 13-14/11-2013 Olav Kvittem, Martin Osmundsvg, Otto Wittner, Gurvinder Singh UNINETT Aryan

366 views • 7 slides
Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC can be used with VPNs Identify areas where extensions to IPSEC could be useful Bryan Gleeson, Page-1 VPN Reference Model CE CE PE

352 views • 9 slides
OpenFlow and Software Defjned Networks Outline o The history of OpenFlow o What is OpenFlow? o

OpenFlow and Software Defjned Networks Outline o The history of OpenFlow o What is OpenFlow? o

OpenFlow and Software Defjned Networks Outline o The history of OpenFlow o What is OpenFlow? o Slicing OpenFlow networks o Software Defjned Networks o Industry interest Original Question How can researchers on college campuses test out new

718 views • 35 slides
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to Provide Security Monitoring as a Service in Clouds?) Seungwon Shin Guofei Gu SUCCESS Lab SUCCESS Lab Texas A&M University Texas A&M

314 views • 6 slides
Dynamic agent architecture for Dynamic agent architecture for open e- -commerce commerce open

Dynamic agent architecture for Dynamic agent architecture for open e- -commerce commerce open

Dynamic agent architecture for Dynamic agent architecture for open e- -commerce commerce open e Universit de Montral Nader Troudi ntroudi@newtrade.com & Peter Kropf kropf@IRO.UMontreal.ca 05/02/2003 AgentCities ID3 Plan

352 views • 21 slides
Flexible NFV WAN interconnections with Neutron BGP VPN Thomas Morin Orange OpenStack Summit,

Flexible NFV WAN interconnections with Neutron BGP VPN Thomas Morin Orange OpenStack Summit,

Flexible NFV WAN interconnections with Neutron BGP VPN Thomas Morin Orange OpenStack Summit, May 2018, Vancouver BC 2 Agenda BGP VPNs as a key building block for Telcos 1-slide reminder on BGP VPNs Why we like dynamic routing in

650 views • 17 slides
TouSIX First OpenFlow European IXP Marc Bruyre, CNRS 2 TouSIX First OpenFlow European IXP

TouSIX First OpenFlow European IXP Marc Bruyre, CNRS 2 TouSIX First OpenFlow European IXP

TouSIX First OpenFlow European IXP Marc Bruyre, CNRS 2 TouSIX First OpenFlow European IXP What is an IXP ? Today IXP switching fabric Operator-oriented OpenFlow IXP fabric The Toulouse IXP : TouIX Migrating TouIX in TouSIX TouSIX-Manager

850 views • 41 slides
Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes

Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes

Dynamic IPv6 Prefix Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes Weber Network Security Consultant @ TV Rheinland i-sec GmbH Firewall VPN/Crypto Routing/Switching Mail

453 views • 30 slides
Applying F(I)MEA Technique for SDN/OpenFlow Security Analysis Green Kim greenkim@konkuk.ac.kr

Applying F(I)MEA Technique for SDN/OpenFlow Security Analysis Green Kim greenkim@konkuk.ac.kr

Applying F(I)MEA Technique for SDN/OpenFlow Security Analysis Green Kim greenkim@konkuk.ac.kr Contents 1. Introduction 1.1 Motivation 1.2 Related Works Analysis 1.2.1 OpenFlow: A Security Analysis 1.2.2 OpenFlow Vulnerability Assessment

345 views • 30 slides
Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations

Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations

Virtual Private Networking Outline Introduction Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations Encryption November 25 - 2004 Future of VPNs VPN - Definition a way to provide

595 views • 11 slides
Networking and OpenFlow Jeffrey Dalla Tezza and Nate Schloss Agenda What is SDN SDN Today

Networking and OpenFlow Jeffrey Dalla Tezza and Nate Schloss Agenda What is SDN SDN Today

Software Defined Networking and OpenFlow Jeffrey Dalla Tezza and Nate Schloss Agenda What is SDN SDN Today What is OpenFlow Why OpenFlow Whats next for SDN Our OpenFlow Demonstration Software Defined Networking

274 views • 26 slides
SSL VPNs: An IETF Perspective IETF 72, Dublin Paul Hoffman, VPNC Overview Why this might be

SSL VPNs: An IETF Perspective IETF 72, Dublin Paul Hoffman, VPNC Overview Why this might be

SSL VPNs: An IETF Perspective IETF 72, Dublin Paul Hoffman, VPNC Overview Why this might be interesting Intro to SSL VPN technologies Where SSL VPNs use IETF technologies, and where they make up their own Some lessons learned

436 views • 14 slides
Requ quirement ments for or Requ quirement ments for or Mult ulticas icast in L3 VPNs

Requ quirement ments for or Requ quirement ments for or Mult ulticas icast in L3 VPNs

IETF 64 th 2005-11-10 Vancouver Requ quirement ments for or Requ quirement ments for or Mult ulticas icast in L3 VPNs Mult ulticas icast in L3 VPNs draft-ietf-l3vpn-ppvpn-mcast-reqts-02 Thomas Morin (France Telecom) Renaud Moignard

423 views • 15 slides
Optimizing Rules Placement in OpenFlow networks: Trading routing for better efficiency NGUYEN

Optimizing Rules Placement in OpenFlow networks: Trading routing for better efficiency NGUYEN

Optimizing Rules Placement in OpenFlow networks: Trading routing for better efficiency NGUYEN Xuan-Nam , Damien Saucez, Chadi Barakat, Thierry Turletti DIANA INRIA Sophia Antipolis, France Motivation Today With SDN/OpenFlow Manual

394 views • 6 slides
OpenFlow Workshop APAN FIT Workshop Hong Kong APAN FIT Workshop Hong Kong Chris Small

OpenFlow Workshop APAN FIT Workshop Hong Kong APAN FIT Workshop Hong Kong Chris Small

OpenFlow Workshop APAN FIT Workshop Hong Kong APAN FIT Workshop Hong Kong Chris Small Indiana University Feb 22 2011 Sections Sections OpenFlow concepts, hardware and software l h d d f OpenFlow use cases Network Operators

910 views • 73 slides
The Beacon OpenFlow Controller www.beaconcontroller.net David Erickson Stanford Motivation

The Beacon OpenFlow Controller www.beaconcontroller.net David Erickson Stanford Motivation

The Beacon OpenFlow Controller www.beaconcontroller.net David Erickson Stanford Motivation Back to circa 2008-2009 The OpenFlow controller world == NOX Single threaded event based C++ with SWIG glue to Python Python apps C++

513 views • 18 slides
Online Payroll Services PAYROLL Controlled Transmit your payroll direct deposit

Online Payroll Services PAYROLL Controlled Transmit your payroll direct deposit

Online Payroll Services PAYROLL Controlled Transmit your payroll direct deposit Authorization Direct Deposit Payroll process electronic file Direct Deposit Employee Exempt and nonexempt Printed or online compensation pay

1.05k views • 39 slides
CONTRACT SUPPORT Patty Kay Danon, Director Agency Contract Support June 11, 2015 AGENCY

CONTRACT SUPPORT Patty Kay Danon, Director Agency Contract Support June 11, 2015 AGENCY

HEALTH & HUMAN SERVICES AGENCY CONTRACT SUPPORT Patty Kay Danon, Director Agency Contract Support June 11, 2015 AGENCY CONTRACT SUPPORT (ACS) History Agency Contract Support was established in 2001, in accordance with Health and

381 views • 11 slides
The role of psychologists in the mental health care of Veterans April 2017 The Canadian

The role of psychologists in the mental health care of Veterans April 2017 The Canadian

The role of psychologists in the mental health care of Veterans April 2017 The Canadian Psychological Association (CPA) is the national association of Canada's scientists and practitioners of psychology. Approximately 18,000 psychologists are

315 views • 5 slides
THE OFFICE OF STUDENT INVOLVEMENT HELLO! We are the Office of Student Involvement within the

THE OFFICE OF STUDENT INVOLVEMENT HELLO! We are the Office of Student Involvement within the

THE OFFICE OF STUDENT INVOLVEMENT HELLO! We are the Office of Student Involvement within the Division of Student Affairs. We work for YOU! Patrick Wallace Associate Director Campus Center Oversees daily operations of the Nice to Campus

561 views • 14 slides
H3C IMC Product Training APR Nico Wang 2010 May Content Next Generation Management Concept

H3C IMC Product Training APR Nico Wang 2010 May Content Next Generation Management Concept

H3C IMC Product Training APR Nico Wang 2010 May Content Next Generation Management Concept IMC Platform Introduction IMC Configuration Guide Traditional Management Model In the 1980s, the network management standards defined by

421 views • 39 slides
V2X Technology Date: 11 th May 2013 What is V2X? V2X V2X - Vehicle to Vehicle or Vehicle to

V2X Technology Date: 11 th May 2013 What is V2X? V2X V2X - Vehicle to Vehicle or Vehicle to

V2X Technology Date: 11 th May 2013 What is V2X? V2X V2X - Vehicle to Vehicle or Vehicle to Infrastructure communication using wireless technology V2I V2V Vehicle to Vehicle to Vehicle Infrastructure Page 2 CONTENTS 1 Why V2X? 5

660 views • 16 slides
National Spatial Data: Unlocking the potential through inno Unlocking the potential through inno

National Spatial Data: Unlocking the potential through inno Unlocking the potential through inno

National Spatial Data: Unlocking the potential through inno Unlocking the potential through inno novation, automation & efficiency novation, automation & efficiency out us.. out us.. Our History Our History Founded in 1969

446 views • 18 slides
On Fusion Nuclear Technology Development Requirements and the Role of CTF tow ard DEMO Mohamed

On Fusion Nuclear Technology Development Requirements and the Role of CTF tow ard DEMO Mohamed

On Fusion Nuclear Technology Development Requirements and the Role of CTF tow ard DEMO Mohamed Abdou With input from A. Ying, M. Ulrickson, D. K. Sze, S. Willms, F. Najmabadi, J. Sheffield, M. Sawan, C. Wong, R. Nygren, P. Peterson, S.

1.04k views • 51 slides

More recommend