distribute cloud computing to the edge? Hagen Woesner Dagstuhl - - PowerPoint PPT Presentation

How to

distribute cloud computing

to the edge?

Hagen Woesner Dagstuhl Seminar on Distributed Cloud Computing Feb 9-11, 2015

Introduction BISDN GmbH

Berlin Institute for SDN

• We do SDN as method, not as product.
• Open Source extensible datapath daemon xDPd

– Targeted at portability rather than performance

• Intel dpdk, NetFPGA10G, EZchip, OCTEON I&II, soon OF-DPA.

– Built on revised openflow library (rofl) – OF 1.0, 1.2, 1.3 pipeline written once (in ANSI C), runs everywhere.

• Currenly building SDN/NFV prototypes for customers

– T-Labs, T-Systems, Nokia

• Contributing to EU FP7 projects UNIFY, PRISTINE

Problem Statement

How to distribute cloud computing to the edge?

Customer premises are often the most suitable location for functions of traffic monitoring, QoS and security:

• Loopbacks

– verification of connectivity to that site.

• End-to-End QoS/QoE Monitoring

– more accurate measurements if implemented at the customer premises.

• End-to-End Security

– Encryption necessitates implementation at the customer site – Similarly, blocking malicious traffic

from RAD white paper [1]

OpenFlow datapath (xdpd) Logical Switch (L2) Logical Switch (L2) MGT VM VPN2GO VM WAN LAN Uplink Net

ge0p0 ge0p1 ge0p5 ge0p2 ge0p3 ge0p4 eth1 eth0 ep0 ep1

Configuration (web browser) FW Internet

ep0 DHCP Later exts. ep1 unused eth0 DHCP client Uplink eth1 DHCP server Home LAN ge0p0 n/a WAN ge0p1 n/a LAN ge0p2 n/a LAN ge0p3 n/a LAN ge0p4 n/a LAN ge0p5 n/a MGT

UDP/500 (IKE) UDP/4500 (NAT traversal)

VPN2GO use case (see James‘ talk earlier today)

Physical and logical network topology

hosts OpenFlow controller hosts VPN2GO web service

Local Orchestrator

Base box

VPN2GO DEMO

VPN2GO SETUP

SWAN VM dom-0

VPN2GO Gateway

T-Labs Portal Berlin

10.10.10.1 10.10.10.4 WebRTC backend 10.10.10.3 10.10.10.2

TSYS NAT/ FW

172.30.0.16 10.10.10.5

mgt VM

GW

172.30.0.11

Network Function Forwarding Graph (NF-FG)

jointly describing compute and network

• Typically, some json/xml/yang encoded graph containing SAPs and NFs.
• Service Access Point (SAP)

– Flowspace on a port

• MAC address, IP address
• Network Function (NF)

– A name of a network function – NF1: „WAN gateway with DHCP server on port 2, NAT, IPSec, web server, REST“ – NF2: „L2 learning switch“ – CtlApp: configuration interface for NF1 and NF2, multi-tenant capable

NF2 NF1

SAP SAP SAP SAP SAP SAP

1 2 1

2 3 4 5 6

SAP

CtlApp

SAP CF-Or

Universal Node Architecture

2015-01-19 WP5 Y1 Review 8

• Compute and networking concerns

jointly handled by Local Orchestrator

• Complete view on the node resources,

their topology, usage constraints, etc.

• Opportunities for UN local optimizations

based on platform low-level topology

• Also allocates resources for the networking

setup (e.g. additional processing cores for tunneling, load-balancing)

• LO, Controller Adaptation and

Controllers for compute, networking, storage, WiFi, other resources.

• ( ~SFA Aggregate Managers)

Universal Node Architecture

2015-01-19 WP5 Y1 Review 9

Virtual Switching Engine (VSE)

• Multiple Logical Switch Instances

providing traffic steering and isolation

• VNFs as LSIs

VNF Execution Environment multiple technologies

• Full VMs with e.g. KVM
• Containers with e.g. Docker
• Simple processes
• (VNFs as LSIs)

Flexibility for developers & arch support (NPU)

The UN in the UNIFY Architecture

• The Universal Node is

essentially a UNIFY domain used by an upper-level UNIFY domain (recursion at the Sl-Or ref.

point)

• NF-FG based interface
• Sub-graph extracted by CA
• Target for deployment of

Observability Points and Monitoring Functions

WP5 Y1 Review 10

Universal Node

Observabilit y Points Monitoring Functions

2015-01-19

Global orchestrator Regional orchestrator Regional orchestrator City orchestrator City orchestrator Single server UN Global network controller Regional network controller City network controller UN network controller NF-FG NF-FG NF-FG Distributed UN

UN orchestrator

Server Server

• rchestrator

Server Server

• rchestrator

Server Server orchestrator

UN orchestrator Prototype #2 Prototype #1 (partially) and #3 (future)

VMs Softswitch VMs Switch VMs Switch

Hierarchical Orchestration

And now?

• So the north/south bound interface is open for

discussion

– Most likely, this will be an NF-FG in json

• Both ways, actually.

– BUT: how to expose NF functionality from south to north?

• The PROGRAMMABILITY question

– What resources is the CtlApp exposing?

• In our case, L3 addresses (IP/Port combinations)

Backup

Cavium OCTEON III (78XX)

OK, this is a classical network processor, but: what‘s that switch in there?

Freescale P4080

• This one is used in

embedded systems

Intel xl710

This is actually a NIC, with a switch on it, of course.

Chelsio T5

http://www.chelsio.com/nic/terminator-5-asic/ This is a NIC, too.

References

• [1] RAD White paper: Distributed Network Functions Virtualization An

Introduction to D-NFV, Yuri Gittik, Head of Strategic Marketing March 2014, available from http://www.rad.com (after registration)