feasibility of ila as network virtualisation overlay in
play

Feasibility of ILA as Network Virtualisation Overlay in - PowerPoint PPT Presentation

Mar 07, 2024 •307 likes •614 views

Feasibility of ILA as Network Virtualisation Overlay in multi-domain, multi-tenant Cloud Tako Marks Bsc. 04-07-2017 System and Network Engineering University of Amsterdam 1 Introduction A Network Virtualisation Overlay (NVO) is a collection

  1. Feasibility of ILA as Network Virtualisation Overlay in multi-domain, multi-tenant Cloud Tako Marks Bsc. 04-07-2017 System and Network Engineering University of Amsterdam 1

  2. Introduction A Network Virtualisation Overlay (NVO) is a collection of virtual nodes and virtual links comprised of a subset of the underlying physical network resources. This allows for multiple customers (tenants) to share the same physical network infrastructure. Similar to how Virtual Machines are used to share Physical Servers. 2

  3. Introduction • Multi-domain • Instead of single infrastructure provider there are multiple • Each provider wants control over own subset of the overlay • Overlay should be able to traverse WAN links • Containers should be able to move between domains • Multi-tenant • Multiple tenants share physical infrastructure • By default tenants need to be isolated from each other • Allow custom ACL between tenants with minimal friction 3

  4. Problem Statement How to build shared virtual cloud based that spans multiple domains where a large number of organisations can work together on data processing and warehousing using containers. 4

  5. Possible solution • ILA : Identifier Locator Addressing • ILA is a Network Virtualisation Overlay based on IPv6 • Developed at Facebook, first draft RFC July 2015 • Initial inclusion in Linux kernel 4.3 (August 2015) • Only provides layer 3 connectivity • ILA advantages: • Each process, container or virtual machine can have an unique IPv6 address • Overlay addresses provide mobility using Identifier/Locator split 5

  6. Research Questions Is it feasible to use ILA in as a Network Virtualisation Overlay for a multi-domain, multi-tenant Cloud? • What are the requirements for Network Virtualisation Overlay in a multi-domain, multi-tenant environment? • What are possible ILA configurations that satisfy the multi-domain, multi-tenant environment requirements? • What would be a suitable control plane for ILA when used as a NVO in a multi-domain, multi-tenant environment? 6

  7. Related Work

  8. Identifier/Locator split concept Protocol Level Current identifier Identifier/Locator split Application FQDN / IP Address Identifier Transport IP Address (+port) Locator (+port) Network IP Address Locator Interface IP Address Locator • Impossible to replace IP addresses in protocols because of backwards compatibility. 7

  9. Identifier/Locator split concept Protocol Level Current identifier Identifier/Locator split Application FQDN / IP Address Identifier Transport IP Address (+port) Locator (+port) Network IP Address Locator Interface IP Address Locator • Impossible to replace IP addresses in protocols because of backwards compatibility. • Solution: Use transparent translation layer to give application layer the illusion that an identifier still has the same IP addresses semantics 7

  10. Previous Identifier/Locator split systems Throughout the years the discussion of overloaded IP address semantics has surfaced many times over 1 . • LISP was introduced first, primarily focused on IPv4 and routing table size • Recent efforts focus on IPv6, because the address space is so large it is easier to experiment with • ILNP, HIPv2 • ILA differs from these earlier approaches because it focuses on a single domain instead of global system 1 Examples are IEN1, RFC1498 and RFC2956 8

  11. ILA addressing • ILA’s overlay does not use any encapsulation but instead (ab)uses 2 Network Address Translation (NAT) to do this. • No overhead at transport layer, only minimal stateless translation at ILA hosts. • The NAT scheme does not break the re-instated end-to-end principle of IPv6. Phew! 2 Sorry Karst, we’re breaking the Internet again. . . 9

  12. ILA addressing • Translation done before packet is transmitted on the wire • Network only sees ILA addresses as destination • Locator is translated back to overlay SIR prefix at host 10

  13. ILA Identifier Types • Identifiers can be pseudo-random addresses assigned to new applications that need network access. But can also be part hierarchically assigned. • To support this multiple identifier types have been defined 3 : • Virtual Networking Identifiers that support this have a Virtual Network ID (VNID) encoded in the identifier space. 3 https://tools.ietf.org/html/draft-herbert-nvo3-ila-04 11

  14. ILA control plane • To do correct address translations from SIR address to the current locator of a identifier ILA hosts need to have a mechanism to exchange mappings. • ILA draft RFC leaves control plane unspecified. It is up to the implementors to find suitable choice. 12

  15. Approach

  16. Approach • Create minimal ILA overlay to test on. • Find possible ILA configurations that meet requirements • What are possible addressing schemes for envisioned overlay • Find suitable control plane that meets requirements • Comparison of existing control planes that handle mappings • Adapt/Extend most favourable option to suit ILA 13

  17. Results

  18. Minimal ILA overlay setup • SIR addresses are inserted as destinations into routing table with Locator as next-hop. • Translation of address is done by the kernel by encap ila modprobe ila ip addr add dead:beef:0:1:8000::2 dev lo ip route add table local local 2001:610:158:2602:8000::2/128 encap ila dead:beef:0:1 dev lo ip route add dead:beef:0:1:8000::3 encap ila 2001:610:158:2603 via 2001:610:158:2601 dev ens3 14

  19. ILA Configuration Two different scenarios. • Single SIR for all domains • Multiple SIR, one SIR for each domain/provider For each scenario make sure ILA constraints are met. • Only one SIR can be used for each locator address • Make sure that identifier address does not overlap 15

  20. Single SIR prefix • Use VNID space to differentiate between projects and participating organisations. • First 18 bits project ID, second 10 bits participating Organisation • Gives 262k projects each with 1024 possible organisations • ACL can be done on project basis • Able to match on prefixes 4 • Only coordination needed for project ID & Organisation ID • Container mobility is guaranteed to work inter-domain 4 Similar to http://romana.io/ 16

  21. Multiple SIR prefix • Use SIR prefixes to differentiate organisations in overlay and VNID to differentiate between projects. • More space for project IDs (28 bits) • More ACL rules, separate rules for each organisation as they no longer share same prefix • Container mobility only works intra-domain when control plane includes announcement of SIR prefix with identifier mapping. 17

  22. Locator options • Locators can either be Locally Unique IPv6 (private range) addresses or globally unique unicast addresses • Locators need to be global unicast addresses to support multi-domain over WAN links. • No need to create tunnels between domains, piggyback on regular IPv6 routing • When SIR prefix is also global unicast subnet mobility also works for WAN connections. 18

  23. Existing control planes • Facebook uses distributed K/V store • ILNP created new RRTYPES in DNS to mapping • LISP+ALT creates a global overlay for exchanging mappings • LISP-DDT re-creates disjoint DNS-like tree to store mappings • MP-BGP enables to distribute VPN mappings over eBGP 19

  24. Existing control planes • Facebook uses distributed K/V store • ILNP created new RRTYPES in DNS to mapping • LISP+ALT creates a global overlay for exchanging mappings • LISP-DDT re-creates disjoint DNS-like tree to store mappings • MP-BGP enables to distribute VPN mappings over eBGP Control Plane Scope Organisation ACL Distributed K/V store Intra-Domain Flat Limited ILNP Global Hierarchical Limited LISP+ALT Global Flat Limited LISP-DDT Global Hierarchical Limited MP-BGP extensions Selective (global) Hierarchical Many Table 1: Existing control plane characteristics 19

  25. ILA BGP Control Plane • Scales very well when used properly • Able to use iBGP internally with route reflector and eBGP to other organisations. • Leveraging MP-BGP over eBGP to announce mappings gives each organisation control over which prefixes (for projects) to share. • Can re-use existing methods to filter incoming/outgoing routes/mappings. • Combined with firewall ACL gives great security possibilities • Already a draft extension to MP-BGP available 5 5 https://tools.ietf.org/html/draft-lapukhov-bgp-ila-afi-02 20

  26. Conclusion

  27. Conclusion • ILA is very flexible and can meet multi-domain, multi-tenant network overlay requirements • Initial addressing design complicated • Lot of implicit configuration in address choices • Single SIR configuration preferred • BGP suits multi-domain, multi-tenant environment best as control plane • Gives each provider control and flexibility in announcements • BGP is known to scale well 21

  28. Discussion / Future Work • Middleware to orchestration software still needs to be implemented. • Started work on implementing ILA MP-BGP extension for exaBGP daemon. • Integration with container orchestration could be done by extending network plugin project Calico 6 . • Use other ILA implementations with increased performance. • VPP/DPDK • eBPF/XDP 6 https://www.projectcalico.org/ 22

  29. Questions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS5412: OVERLAY NETWORKS Lecture IV Ken Birman Overlay Networks 2 We use the term overlay

CS5412: OVERLAY NETWORKS Lecture IV Ken Birman Overlay Networks 2 We use the term overlay

CS5412 Spring 2012 (Cloud Computing: Birman) 1 CS5412: OVERLAY NETWORKS Lecture IV Ken Birman Overlay Networks 2 We use the term overlay network when one network (or a network-like data structure) is superimposed upon an underlying

793 views • 57 slides
Network virtualisation using Crossbow Technology Uro Nedi, MSc OpenSolaris Contributor

Network virtualisation using Crossbow Technology Uro Nedi, MSc OpenSolaris Contributor

Network virtualisation using Crossbow Technology Uro Nedi, MSc OpenSolaris Contributor Crossbow Technical Background Network Machines Network in a Bo x 2 Crossbow Features Virtualization > IP Instances > NIC

259 views • 15 slides
CompSci 356: Computer Network Architectures Lecture 24: Overlay Networks Chap 9.4 Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 24: Overlay Networks Chap 9.4 Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 24: Overlay Networks Chap 9.4 Xiaowei Yang xwy@cs.duke.edu Overview What is an overlay network? Examples of overlay networks End system multicast Unstructured Gnutella,

972 views • 61 slides
Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function

Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function

Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function Offloading Mario Almeida, Liang Wang*, Jeremy Blackburn, Konstantina Papagiannaki, Jon Crowcroft* Telefonica Research, ES University of

903 views • 26 slides
Peer-to-peer overlay networks Structured overlay network: Chord Basics Issue Large-scale

Peer-to-peer overlay networks Structured overlay network: Chord Basics Issue Large-scale

Peer-to-peer overlay networks Structured overlay network: Chord Basics Issue Large-scale distributed computer systems are spread across Each peer is assigned a unique m -bit identifier id . the Internet, yet their constituents need to

229 views • 3 slides
L2 Overlay L2 Overlay

L2 Overlay L2 Overlay

L2 Overlay L2 Overlay July 30, 2019 A. Gerrard, What Is Kubernetes?

536 views • 24 slides
Virtualisation Tom Spink Introduction Virtualisation is the process of creating a virtual version

Virtualisation Tom Spink Introduction Virtualisation is the process of creating a virtual version

Virtualisation Tom Spink Introduction Virtualisation is the process of creating a virtual version of a physical object. In computing, hardware virtualisation is the process of creating a virtual version of real hardware. This virtual

1.07k views • 18 slides
RMLL 2009 Network virtualisation using Netkit and Dynamips Cedric Foll 07.08.09 Cedric Foll

RMLL 2009 Network virtualisation using Netkit and Dynamips Cedric Foll 07.08.09 Cedric Foll

RMLL 2009 Network virtualisation using Netkit and Dynamips Cedric Foll 07.08.09 Cedric Foll cedric.foll@(laposte.net|education.gouv.fr) Network and security architect and Chef Security Officer (CSO) of French Ministry of Education Teacher

408 views • 21 slides
Tomography-based Overlay Network Monitoring Yan Chen, David Bindel, and Randy H. Katz UC

Tomography-based Overlay Network Monitoring Yan Chen, David Bindel, and Randy H. Katz UC

Tomography-based Overlay Network Monitoring Yan Chen, David Bindel, and Randy H. Katz UC Berkeley Motivation Infrastructure ossification led to thrust of overlay and P2P applications Such applications flexible on paths and targets,

624 views • 15 slides
Routing on Overlay Networks EECS 228 Abhay Parekh parekh@eecs.berkeley.edu October 28, 2002

Routing on Overlay Networks EECS 228 Abhay Parekh parekh@eecs.berkeley.edu October 28, 2002

Routing on Overlay Networks EECS 228 Abhay Parekh parekh@eecs.berkeley.edu October 28, 2002 What is an overlay network? A network defined over another set of networks The overlay addresses its own nodes A Links on one layer are

567 views • 38 slides
Overlay-based IP Routing Richard Hartmann Chair for Network Architectures and Services

Overlay-based IP Routing Richard Hartmann Chair for Network Architectures and Services

Overlay-based IP Routing Richard Hartmann Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen November 10, 2010 Richard Hartmann: Overlay-based IP Routing 1 Outline Motivation

571 views • 19 slides
Mechanical Support for Efficient Dissemination on the CAN Overlay Network - Francesco Bongiovanni

Mechanical Support for Efficient Dissemination on the CAN Overlay Network - Francesco Bongiovanni

Mechanical Support for Efficient Dissemination on the CAN Overlay Network - Francesco Bongiovanni - INRIA Sophia Antipolis OASIS team Work done in collaboration with Dr. Ludovic Henrio 12 October 2011 Introduction Mechanizing formal proofs

656 views • 62 slides
Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis Roger Dingledine The

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis Roger Dingledine The

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis Roger Dingledine The Free Haven Project http://freehaven.net/tor/ July 29, Black Hat 2004 Talk Outline Motivation: Why anonymous communication? Personal privacy

788 views • 57 slides
Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project

Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project

Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project http://tor.freehaven.net/ http://tor.eff.org/ December 28, 21C3 2004 Talk Outline Motivation: Why anonymous communication? Personal privacy

1.03k views • 55 slides
A Novel Approach for Cooperative Overlay-Maintenance in Multi-Overlay Environments 1 Wu-Chun

A Novel Approach for Cooperative Overlay-Maintenance in Multi-Overlay Environments 1 Wu-Chun

A Novel Approach for Cooperative Overlay-Maintenance in Multi-Overlay Environments 1 Wu-Chun Chung, National Tsing Hua University 2010/11/30 A Novel Approach for Cooperative Overlay-Maintenance in Multi-Overlay Environments Chin-Jung Hsu, CS,

902 views • 35 slides
Overlay Analysis as a Method Understanding Overlay Analysis

Overlay Analysis as a Method Understanding Overlay Analysis

Synthesis Presentation Using Overlay Analysis as a Tool to Identify Restoration Opportunities for Coho Salmon TRFRP Campbell Creek Pilot Project April 26 2018 SLIDE 2 Welcome everyone and thank you for attending this webinar. My name is

314 views • 17 slides
This is a digital document from the collections of the Wyoming Water Resources Data System (WRDS)

This is a digital document from the collections of the Wyoming Water Resources Data System (WRDS)

This is a digital document from the collections of the Wyoming Water Resources Data System (WRDS) Library. For additional information about this document and the document conversion process, please contact WRDS at wrds@uwyo.edu and include the

566 views • 20 slides
Starting Your Own CmPS Team A presentation by Laura Gary and Michelle Vecchio-Weinmeister Who

Starting Your Own CmPS Team A presentation by Laura Gary and Michelle Vecchio-Weinmeister Who

Starting Your Own CmPS Team A presentation by Laura Gary and Michelle Vecchio-Weinmeister Who Are We? Goals for this session: Empower you to begin your own CmPS team Provide you with helpful resources Build connections Future Problem

589 views • 29 slides
internet Els Vrindts Inspection Service Consumption Products Federal Public Service for Health,

internet Els Vrindts Inspection Service Consumption Products Federal Public Service for Health,

FPS HEALTH, FOOD CHAIN S AFETY AND ENVIRONMENT 1 Distributing cosmetics through the internet Els Vrindts Inspection Service Consumption Products Federal Public Service for Health, Food Chain Safety and Environment Belgium FPS HEALTH,

313 views • 20 slides
@ FPS Friday, 11 March 2016 Programme Time Activity 3.30 p.m. to 3.45 p.m. Registration 3.45

@ FPS Friday, 11 March 2016 Programme Time Activity 3.30 p.m. to 3.45 p.m. Registration 3.45

@ FPS Friday, 11 March 2016 Programme Time Activity 3.30 p.m. to 3.45 p.m. Registration 3.45 p.m. to 4.45 p.m. What is model drawing? Using the Model Approach 4.45 p.m. to 5.00 p.m. Q & A session Types of Models Part - whole

599 views • 48 slides
ISN in a Nutshell 21st APAN Meeting Tokyo, Japan January 25, 2006 Ben Teitelbaum

ISN in a Nutshell 21st APAN Meeting Tokyo, Japan January 25, 2006 Ben Teitelbaum

ISN in a Nutshell 21st APAN Meeting Tokyo, Japan January 25, 2006 Ben Teitelbaum http://people.internet2.edu/~ben/ Bens avatar (talk given remotely, voice-only) What if SIP.edu Succeeded? SIP.edus Big Goals Better than POTS

318 views • 11 slides
SUSE Manager 4 2019 Fall Expert Day North America Why Do I Need SUSE Manager? 11 118 118 8

SUSE Manager 4 2019 Fall Expert Day North America Why Do I Need SUSE Manager? 11 118 118 8

Expert Days Fall 2019 SUSE Manager 4 2019 Fall Expert Day North America Why Do I Need SUSE Manager? 11 118 118 8 SUSE Manager Manage 119 SUSE Manager HEALTH MONITORING Best-in-class open source infrastructure management solution

802 views • 24 slides
Avaya Today: Credible, Predictable & Innovative 3.2 17 9 141 5.5 121K billion years

Avaya Today: Credible, Predictable & Innovative 3.2 17 9 141 5.5 121K billion years

Avaya Today: Credible, Predictable & Innovative 3.2 17 9 141 5.5 121K billion years years million million customers Market share Gartner Magic Gartner Magic Unified Contact Center In 175 countries Leader in CC Quadrant

674 views • 20 slides
Hands on Virtualization with Ganeti Lance Albertson Peter Krenesky http://is.gd/osbganeti

Hands on Virtualization with Ganeti Lance Albertson Peter Krenesky http://is.gd/osbganeti

Hands on Virtualization with Ganeti Lance Albertson Peter Krenesky http://is.gd/osbganeti http://is.gd/osbganetipdf About us OSU Open Source Lab Server hosting for Open Source Projects Open Source development projects Lance / Lead Systems

1.45k views • 127 slides

More recommend