cs244
play

CS244 Advanced Topics in Networking Lecture 9: SDN (2) Network - PowerPoint PPT Presentation

Jan 10, 2024 •150 likes •485 views

CS244 Advanced Topics in Networking Lecture 9: SDN (2) Network Virtualization Nick McKeown Network Virtualization in Multi-tenant Datacenters, [ Teemu Koponen et al, 2014] Spring 2020 Context Teemu Koponen Early employee Nicira

  1. CS244 Advanced Topics in Networking Lecture 9: SDN (2) Network Virtualization Nick McKeown “Network Virtualization in Multi-tenant Datacenters,” [ Teemu Koponen et al, 2014] Spring 2020

  2. Context Teemu Koponen ▪ Early employee Nicira ▪ Sigcomm Rising Star Award, 2012 ▪ More recently, co-founder at Styra Teemu 2

  3. SDN: In the context of bigger networking industry changes

  4. Computer Industry Specialized App App App App App App App App App App App Applications Open Interface Specialized Windows Mac or or Linux (OS) OS Operating System Open Interface Specialized Hardware Microprocessor

  5. Networking Industry App App App App App App App App App App App Specialized Open Interface Features Control Control Beacon Flood NOX ONIX POX ONOS Trema ODL Ryu Plane 1 Plane 2 light Specialized Open Interface Operating System Switch Chips Specialized Hardware “Software is eating the world (of networking)”

  6. Network Function Virtualization (NFV) Public Internet Middlebox Firewalls Load-balancing NAT Boundary routers Middlebox Middlebox Middlebox Deep Packet Inspection DDoS Mitigation Packet Forwarding Packet Forwarding Packet Forwarding Packet Forwarding Packet Forwarding

  7. Network Function Virtualization (NFV) Public Internet Packet VM VM VM Forwarding Middlebox VM VM VM Firewalls Load-balancing NAT Boundary routers Deep Packet Inspection DDoS Mitigation Packet Forwarding Packet Forwarding Packet Forwarding Packet Forwarding Packet Forwarding

  8. With hindsight, Disaggregation, SDN and NFV were probably inevitable Part of a bigger trend towards the owners and operators of networks taking control of how they manage their networks

  9. Inevitable because… 1. Rise of Linux. 2. Rise of baremetal servers and data centers. 3. SDN: Rise of merchant switching silicon. 4. NFV: Rise of computer virtualization.

  10. Today

  11. Most networking equipment is disaggregating ▪ Intra- and inter-datacenter networks ▪ ISP routers and switches ▪ WiFi APs ▪ Cellular basestations (4G, 5G…) ▪ Optical and Metro Transport ▪ Residential broadband access ▪ Enterprise network equipment: switch, router, firewall

  12. Network Virtualization

  13. “Modularity based on abstraction is the way things are done!” Barbara Liskov (MIT) Turing Award Lecture 2009

  14. Abstractions in computer systems Virtual memory : Abstract illusion of infinite, private physical memory File system : Uniform illusion of read/write data store. Virtual Machine: User application cannot tell if it is running on a physical or virtual machine. …

  15. What is “network virtualization”? In this context : The abstraction (or illusion) of a physical network in which the user, application (and possibly the administrator too) cannot tell if the network is physical or virtual. Q: If true, what would be the benefits? 15

  16. Will Robert Brand: …does this kind of virtualization have any advantages in aggregate? That is, under NVP, are there positive or negative externalities to running diverse logical topologies in the same datacenter? 16

  17. Early attempts at network virtualization Example: VPN Web browser IP datagram IP Datagram Tunnel IP Datagram Hdr VPN Client VPN Server Public Internet Corporate HQ Q: To what extent is this virtualization? 17

  18. Early attempts at network virtualization Example: Slicing Each controller can read and/or write flow rules for its assigned portion of “header space” and topology Control Control Program Program CP 1a CP 1b CP 2a CP 3a CP 4a CP 2b CP 3b CP 4b Control Plane 4 Control Plane 1 Control Plane 2 Control Plane 3 (“Network OS”) (“Network OS”) (“Network OS”) (“Network OS”) OpenFlow OpenFlow OpenFlow OpenFlow Network Slicer (e.g. FlowVisor) Q: To what extent is this virtualization? Packet Forwarding Packet OpenFlow Forwarding Packet Forwarding Packet Forwarding Packet Forwarding 18

  19. Trends at the time of writing Data centers and clouds ☞ efficiency matters 1. VMs ☞ a vSwitch inside every server 2. SDN ☞ abstraction for control 3. 19

  20. Virtual vSwitch in every server Control Plane (“Network OS”) OpenFlow VM VM VM Packet NIC Forwarding vSwitch OS Q: How might the vSwitch help? 20

  21. SDN and Network Virtualization ( ) ( ) ( ) f View f View f View Control Control Control Programs Programs Programs Abstract Network View Network Virtualization Global Network Map Control Plane (“Network OS”) Packet Forwarding Packet Forwarding Packet Forwarding Packet Forwarding Packet Forwarding

  22. Another way to create a VPN Control Plane (“Network OS”) OpenFlow OpenFlow IP datagram VM VM VM VM VM VM Tunnel IP Datagram Hdr Packet Packet NIC NIC NIC Forwarding Forwarding vSwitch vSwitch OS OS Public Internet “If destination is remote, encapsulate in IPsec” Observation 1: Control Plane tells vSwitch how to process packets into/out of tunnel 22

  23. In a virtualized cloud service provider 192.5.0.0/24 192.5.1.0/24 Control Plane VM VM VM VM VM VM OpenFlow 128.30.2.200 171.64.74.155 128.30.2.109 171.64.74.157 OpenFlow Packet Packet 192.5.1.1 192.5.0.1 Forwarding Forwarding vSwitch vSwitch A mesh of tunnels between all physical servers. vSwitch translates addresses into and out of tunnels. Observation : Tenant workloads (VMs) are isolated from each other. Observation : VMs can move without changing address. VM VM VM VM VM VM 171.64.74.156 128.30.2.110 171.64.74.158 192.5.1.2 Packet Packet 192.5.0.2 Forwarding Forwarding vSwitch vSwitch 23

  24. PHY-0/24 PHY-1/24 VM VM VM VM VM VM V-0.200 V-1.155 V-1.157 V-0.109 Packet Packet PHY-1.1 PHY-0.1 Forwarding Forwarding vSwitch vSwitch PHY-1.1 PHY-0.2 V-0.109 IP datagram V-0.110 a t a D P I VM VM VM VM VM VM V-0.110 V-1.156 V-1.158 PHY-1.2 Packet Packet PHY-0.2 Forwarding Forwarding vSwitch vSwitch 24

  25. VM 171.64.74.160 “VIP-DIP Gateway” PHY-0/24 PHY-1/24 m PHY-0.1 PHY-GW r a g t a d a P I V-1.160 V-1.155 VM VM VM IP Data VM VM VM 171.64.74.155 171.74.74.157 Packet Packet PHY-1.1 PHY-0.1 Forwarding Forwarding vSwitch vSwitch VM VM VM VM VM VM 171.64.74.156 171.64.74.158 PHY-1.2 Packet Packet PHY-0.2 Forwarding Forwarding vSwitch vSwitch 25

  26. Adding a distributed, virtual firewall IPv6 Table ACL Table L2 Table Actions IPv4 Table Actions Actions Actions PHY-0/24 PHY-1/24 VM VM VM VM VM VM Firewall V-0.200 V-1.155 V-1.157 V-0.109 Packet Packet PHY-1.1 PHY-0.1 Forwarding Forwarding vSwitch IP Data vSwitch V-0.200 V-0.109 PHY-0.1 PHY-1.1 VM VM VM VM VM VM V-0.110 V-1.156 V-1.158 PHY-1.2 Packet Packet PHY-0.2 Forwarding Forwarding vSwitch vSwitch 26

  27. In general Control Plane OpenFlow OF0 OF1 OFn VM VM VM VM VM VM Packet Packet Forwarding Forwarding Virtual middleboxes vSwitch vSwitch It is generically called: “Overlay network virtualization” Q : To what extent is this “network virtualization” ? VM VM VM VM VM VM Packet Packet Forwarding Forwarding vSwitch vSwitch 27

  28. NVP is proactive: Pushes rules and state top-down 3: Calculates forwarding pipeline model for each vSwitch and the state for each table. 2: Datacenter owner configures Pushes via OpenFlow and OVS control protocol. the networks: topologies and protocols. 1: Provide location, state and topology. Even as VMs move. OVS control protocol. 28

  29. Top-down proactive control Goals: ▪ Scale : Controller does not process packets ▪ Isolation : To continue if VMs, vSwitches fail ☞ controller is a distributed, resilient cluster Immense computational challenge! ▪ NVP is built on ONIX, a distributed SDN controller (used by Google) ▪ Each NVP/ONIX controller manages some slices (shards); and is responsible for others, if a controller fails. ▪ NVP uses Apache Zookeeper for ▪ Leader election: to coordinate global resources and load-balancing) and ▪ Label allocation: Logical egress port must be globally unique 29

  30. Scaling Challenges Margalit Ruth Glasgow: Technical question: The authors mention in the "Lessons Learned" that using OpenFlow requires O(n^2) operations to tailor flows for each hypervisor, vs the standard complexity of O(n) for the logical controller. Where do those numbers come from? Does the O(n) come from each VM having O(1) connections at once, and the O(n^2) from each hypervisor needing to always have a connection with each other hypervisor? A: Yes. Q: What did the authors plan for the next version of NVP? 30

  31. Neil Perry This came out in 2014 (NSDI '14). Have any "simpler" systems that achieve the same goals as this been put forward since? NVP seems very complicated and hard to implement (lots of room for mistakes). Ryan Smith: How can you implement a similar concept without using a centralized OpenFlow-like model to avoid the scaling penalty? 31

  32. End.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Welcome to CS244 Spring 2020! Class will start shortly CS244 Advanced Topics in Networking

Welcome to CS244 Spring 2020! Class will start shortly CS244 Advanced Topics in Networking

Welcome to CS244 Spring 2020! Class will start shortly CS244 Advanced Topics in Networking Lecture 8: SDN (1) Nick McKeown Ethane: Taking Control of the Enterprise [Martin Casado et al, 2007] OpenFlow: Enabling Innovation in Campus

801 views • 42 slides
Welcome to CS244 Spring 2020! Class will start shortly CS244 Advanced Topics in Networking

Welcome to CS244 Spring 2020! Class will start shortly CS244 Advanced Topics in Networking

Welcome to CS244 Spring 2020! Class will start shortly CS244 Advanced Topics in Networking Lecture 4: Congestion Control Nick McKeown Congestion Control and Avoidance [Van Jacobson and M. Karels, 1988] Spring 2020 Context Van

405 views • 26 slides
CS244 Online for COVID-19 This is the first time for us too, so please email us if you have ideas

CS244 Online for COVID-19 This is the first time for us too, so please email us if you have ideas

CS244 Online for COVID-19 This is the first time for us too, so please email us if you have ideas for how we can improve the online version of the class. Please turn on your video! We want us all to get to know each other and interact online

918 views • 45 slides
The Forwarding Plane: An Old New Frontier of Networking Research CS244, Spring 2019 Changhoon

The Forwarding Plane: An Old New Frontier of Networking Research CS244, Spring 2019 Changhoon

The Forwarding Plane: An Old New Frontier of Networking Research CS244, Spring 2019 Changhoon Kim chang@barefootnetworks.com 2 What is SDN in plain English? Ideally at the level for college freshmen Because, if you cant, you are

595 views • 58 slides
Class will start shortly CS244 Online for COVID-19 This is the first time for us too, so please

Class will start shortly CS244 Online for COVID-19 This is the first time for us too, so please

Class will start shortly CS244 Online for COVID-19 This is the first time for us too, so please email us if you have ideas for how we can improve the online version of the class. Please turn on your video! We want us all to get to know each

483 views • 16 slides
Towards a Fully Encrypted Internet CS244 | Zakir Durumeric 2013 Snowden Revelations Explicit

Towards a Fully Encrypted Internet CS244 | Zakir Durumeric 2013 Snowden Revelations Explicit

Towards a Fully Encrypted Internet CS244 | Zakir Durumeric 2013 Snowden Revelations Explicit evidence that intelligence agencies are globally wiretapping Internet backbone connections Massive collection of web tra ffi c, emails, instant

512 views • 50 slides
CS244 Advanced Topics in Networking Lecture 7: Programmable Forwarding Nick McKeown Processing

CS244 Advanced Topics in Networking Lecture 7: Programmable Forwarding Nick McKeown Processing

CS244 Advanced Topics in Networking Lecture 7: Programmable Forwarding Nick McKeown Processing in Hardware for SDN Forwarding Metamorphosis: Fast Programmable Match-Action [Pat Bosshart et al. 2013] Spring 2020 Context + Others from TI

907 views • 38 slides
CS244 Advanced Topics in Networking Lecture 10: Buffer Sizing Nick McKeown Sizing Router

CS244 Advanced Topics in Networking Lecture 10: Buffer Sizing Nick McKeown Sizing Router

CS244 Advanced Topics in Networking Lecture 10: Buffer Sizing Nick McKeown Sizing Router Buffers [Appenzeller, et al. 2004] Spring 2020 Context Guido Appenzeller At the time: CS PhD student Founded Big Switch Networks CTO

880 views • 40 slides
CS244 Advanced Topics in Networking Lecture 6: Switching Nick McKeown High-speed switch

CS244 Advanced Topics in Networking Lecture 6: Switching Nick McKeown High-speed switch

CS244 Advanced Topics in Networking Lecture 6: Switching Nick McKeown High-speed switch scheduling for local-area networks [Tom Anderson, Susan Owicki, James Saxe, Chuck Thacker. 1993] Spring 2020 Context Tom Anderson James B. Saxe At

783 views • 40 slides
Architecture and Principles 1. End to end arguments in system design (1981) Sachin Katti

Architecture and Principles 1. End to end arguments in system design (1981) Sachin Katti

CS244 Lecture 3 Architecture and Principles 1. End to end arguments in system design (1981) Sachin Katti End-to-End Arguments in System Design [Saltzer, Reed, Clark 1981] End-to-end in a nutshell The function in question can completely

465 views • 7 slides
Packets Example Packets Networking Sirindhorn International Institute of Technology Thammasat

Packets Example Packets Networking Sirindhorn International Institute of Technology Thammasat

Networking Packets Terminology Example: IP Packet Size Packets Example Packets Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2 September 2013 Common/Reports/packets.tex, r676

668 views • 29 slides
IoT Updates with IPv6 Multicast Brett Sheffield, Librecast Project @brett sheffield #FOSDEM2020

IoT Updates with IPv6 Multicast Brett Sheffield, Librecast Project @brett sheffield #FOSDEM2020

IoT Updates with IPv6 Multicast Brett Sheffield, Librecast Project @brett sheffield #FOSDEM2020 Before we begin... Multicast IP Multicast will play a prominent role on the Internet in the coming years. It is a requirement, not an option,

1.22k views • 95 slides
Testing and Configuration for VMM1 on the mini-MMFE at Brookhaven National Lab Sarah Jones

Testing and Configuration for VMM1 on the mini-MMFE at Brookhaven National Lab Sarah Jones

Testing and Configuration for VMM1 on the mini-MMFE at Brookhaven National Lab Sarah Jones (Arizona), Jessica Metcalfe (BNL), Charlie Armijo (Arizona) Testing the mini-MMFE USB connection 2 Timing Example for New Setup At peak, ramp

332 views • 10 slides
TCP as a Reliable Transport How things can go wrong Lost packets Corrupted packets

TCP as a Reliable Transport How things can go wrong Lost packets Corrupted packets

TCP as a Reliable Transport How things can go wrong Lost packets Corrupted packets Reordered packets Malicious packets Requirements for Reliability Error Detection Receiver Feedback Retransmission Requirements

457 views • 23 slides
Network Layer Understand principles behind network layer services: network layer service

Network Layer Understand principles behind network layer services: network layer service

Chapter 4: Network Layer Chapter goals: Network Layer Understand principles behind network layer services: network layer service models CS 3516 Computer Networks CS 3516 Computer Networks forwarding versus routing how a

628 views • 18 slides
Service time evaluation for network protocols and routers Computer Networking Communication

Service time evaluation for network protocols and routers Computer Networking Communication

Service time evaluation for network protocols and routers Computer Networking Communication relies on a protocol stack with n layers. Layer k of an host: - communicates with layer k of remote hosts - exploits the service provided by layer k-1 -

281 views • 26 slides
The Internet Today Niko Matsakis Outline Summaries of: End-to-End Arguments in System

The Internet Today Niko Matsakis Outline Summaries of: End-to-End Arguments in System

The Internet Today Niko Matsakis Outline Summaries of: End-to-End Arguments in System Design The Design Principles of the DARPA Internet Protocols Criticisms and Commentary Conclusion The End-to-End Argument E2E

753 views • 49 slides
Reliable Byte-Stream (TCP) re-orders messages delivers duplicate copies of a given

Reliable Byte-Stream (TCP) re-orders messages delivers duplicate copies of a given

End-to-End Protocols Underlying best-effort network drop messages Reliable Byte-Stream (TCP) re-orders messages delivers duplicate copies of a given message limits messages to some finite size delivers messages after

303 views • 5 slides
Module 5: Implementing Data Integrity Overview Types of Data Integrity Enforcing Data

Module 5: Implementing Data Integrity Overview Types of Data Integrity Enforcing Data

Module 5: Implementing Data Integrity Overview Types of Data Integrity Enforcing Data Integrity Defining Constraints Types of Constraints Disabling Constraints Using Defaults and Rules Deciding Which Enforcement Method

260 views • 23 slides
Systems: A ZFS Case Study Yupu Zhang , Abhishek Rajimwale Andrea C. Arpaci-Dusseau, Remzi H.

Systems: A ZFS Case Study Yupu Zhang , Abhishek Rajimwale Andrea C. Arpaci-Dusseau, Remzi H.

End-to-end Data Integrity for File Systems: A ZFS Case Study Yupu Zhang , Abhishek Rajimwale Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau University of Wisconsin - Madison 2/26/2010 1 End-to-end Argument Ideally, applications should

759 views • 29 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro,

Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro,

Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge Software is vulnerable use of unsafe languages is prevalent most

288 views • 25 slides
PAYE Modernisation Thesaurus Webinar December 2019 Overview PAYE Modernisation Update

PAYE Modernisation Thesaurus Webinar December 2019 Overview PAYE Modernisation Update

PAYE Modernisation Thesaurus Webinar December 2019 Overview PAYE Modernisation Update Data Integrity Project myAccount Enhancements 2019 Employment Detail Summary Employee Statement of Liability Transition 2019/2020

707 views • 70 slides
Lecture 07: Race Conditions, Deadlock, Data Integrity The job - list - broken and job - list -

Lecture 07: Race Conditions, Deadlock, Data Integrity The job - list - broken and job - list -

Lecture 07: Race Conditions, Deadlock, Data Integrity The job - list - broken and job - list - fixed examples from the prior slide deck highlight a key issue that comes with the introduction of signals and signal handling. Neither job -

377 views • 10 slides

More recommend