distribute cloud computing to the edge? Hagen Woesner Dagstuhl - PowerPoint PPT Presentation

How to distribute cloud computing to the edge? Hagen Woesner Dagstuhl Seminar on Distributed Cloud Computing Feb 9-11, 2015

Introduction BISDN GmbH Berlin Institute for SDN • We do SDN as method, not as product. • Open Source e x tensible d ata p ath d aemon xDPd – Targeted at portability rather than performance • Intel dpdk, NetFPGA10G, EZchip, OCTEON I&II, soon OF-DPA. – Built on r evised o pen f low l ibrary (rofl) – OF 1.0, 1.2, 1.3 pipeline written once (in ANSI C), runs everywhere. • Currenly building SDN/NFV prototypes for customers – T-Labs, T-Systems, Nokia • Contributing to EU FP7 projects UNIFY, PRISTINE

Problem Statement How to distribute cloud computing to the edge? from RAD white paper [1] Customer premises are often the most suitable location for functions of traffic monitoring, QoS and security: • Loopbacks – verification of connectivity to that site. • End-to-End QoS/QoE Monitoring – more accurate measurements if implemented at the customer premises. • End-to-End Security – Encryption necessitates implementation at the customer site – Similarly, blocking malicious traffic

VPN2GO use case (see James‘ talk earlier today) Physical and logical network topology ep0 DHCP Later exts. ep1 unused MGT VM VPN2GO VM Local eth0 DHCP client Uplink hosts VPN2GO hosts OpenFlow Orchestrator eth1 DHCP server Home LAN web service controller ge0p0 n/a WAN ep0 ep1 eth0 eth1 ge0p1 n/a LAN ge0p2 n/a LAN OpenFlow Logical Switch Logical Switch ge0p3 n/a LAN datapath (L2) (L2) ge0p4 n/a LAN (xdpd) ge0p5 n/a MGT ge0p1 ge0p3 ge0p5 ge0p0 ge0p2 ge0p4 WAN LAN FW Uplink Net Internet UDP/500 (IKE) UDP/4500 (NAT traversal) Configuration (web browser)

VPN2GO DEMO VPN2GO SETUP 10.10.10.1 Base box 172.30.0.11 10.10.10.2 GW mgt SWAN VM VM T-Labs TSYS 10.10.10.3 Portal NAT/ dom-0 VPN2GO 10.10.10.4 FW Gateway Berlin WebRTC backend 172.30.0.16 10.10.10.5

Network Function Forwarding Graph (NF-FG) jointly describing compute and network • Typically, some json/xml/yang encoded graph containing SAPs and NFs. • Service Access Point (SAP) – Flowspace on a port • MAC address, IP address • Network Function (NF) – A name of a network function – NF1: „WAN gateway with DHCP server on port 2, NAT, IPSec, web server , REST“ SAP – SAP NF2: „L2 learning switch “ – CtlApp: configuration interface for NF1 and NF2, multi-tenant capable SAP SAP CF-Or CtlApp SAP 2 SAP 3 2 1 1 NF1 NF2 SAP 4 5 SAP 6

Universal Node Architecture • Compute and networking concerns jointly handled by Local Orchestrator • Complete view on the node resources, their topology, usage constraints, etc. • Opportunities for UN local optimizations based on platform low-level topology • Also allocates resources for the networking setup (e.g. additional processing cores for tunneling, load-balancing) • LO, Controller Adaptation and Controllers for compute, networking, storage, WiFi, other resources. • ( ~SFA Aggregate Managers) 2015-01-19 WP5 Y1 Review 8

Universal Node Architecture VNF Execution Environment multiple technologies • Full VMs with e.g. KVM • Containers with e.g. Docker • Simple processes • (VNFs as LSIs) Flexibility for developers & arch support (NPU) Virtual Switching Engine (VSE) • Multiple Logical Switch Instances providing traffic steering and isolation • VNFs as LSIs 2015-01-19 WP5 Y1 Review 9

The UN in the UNIFY Architecture • The Universal Node is essentially a UNIFY domain used by an upper-level UNIFY domain (recursion at the Sl-Or ref. point) • NF-FG based interface • Sub-graph extracted by CA • Target for deployment of Monitoring Functions Observability Points and Universal Node Observabilit Monitoring Functions y Points 2015-01-19 WP5 Y1 Review 10

Hierarchical Orchestration Global network Global orchestrator controller NF-FG Regional network Regional orchestrator Regional orchestrator controller NF-FG City network City orchestrator City orchestrator controller NF-FG UN orchestrator UN orchestrator Server Server Server orchestrator UN network orchestrator orchestrator controller Softswitch Switch VMs Switch VMs VMs Server Server Server Single server UN Distributed UN Prototype #2 Prototype #1 (partially) and #3 (future)

And now? • So the north/south bound interface is open for discussion – Most likely, this will be an NF-FG in json • Both ways, actually. – BUT: how to expose NF functionality from south to north? • The PROGRAMMABILITY question – What resources is the CtlApp exposing? • In our case, L3 addresses (IP/Port combinations)

Backup

Cavium OCTEON III (78XX) OK, this is a classical network processor, but: what‘s that switch in there?

Freescale P4080 • This one is used in embedded systems

Intel xl710 This is actually a NIC, with a switch on it, of course.

Chelsio T5 This is a NIC, too. http://www.chelsio.com/nic/terminator-5-asic/

References • [1] RAD White paper: Distributed Network Functions Virtualization An Introduction to D-NFV, Yuri Gittik, Head of Strategic Marketing March 2014, available from http://www.rad.com (after registration)