HELLO TH THERE ipsum dolor sit amet lorem ipsum lorem ipsum dolor - - PowerPoint PPT Presentation

hello th there
SMART_READER_LITE
LIVE PREVIEW

HELLO TH THERE ipsum dolor sit amet lorem ipsum lorem ipsum dolor - - PowerPoint PPT Presentation

Oct 26, 2023 491 likes •753 views

Rese Re search Project 2 Sup Supervision System and Network Engineering Aren Vijn & Joris Claassen Lorem ipsum dolor sit amet, consectetur lorem ipsum dolor Lorem ipsum dolor sit amet conse lorem HELLO TH THERE ipsum dolor sit amet

slide-1
SLIDE 1

HELLO TH THERE

Lorem ipsum dolor sit amet, consectetur lorem ipsum dolor Lorem ipsum dolor sit amet conse lorem ipsum dolor sit amet lorem ipsum lorem ipsum dolor sit amet lorem ipsum dolor sit amet lorem ipsum dolor sit amet Lorem ipsum dolor sit amet, consectetur lorem ipsum dolor Lorem ipsum dolor sit amet conse lorem ipsum dolor sit amet lorem ipsum lorem ipsum dolor sit amet lorem ipsum

Siem Hermans, Jeroen Schutrup Re Rese search Project 2

System and Network Engineering

Software Defined Internet Exchanges A feasibility evaluation at the AMS-IX

Sup Supervision

Arïen Vijn & Joris Claassen

slide-2
SLIDE 2

2

Research Question

What is the feasibility of transitioning the AMS-IX to an Industrial Scale Software Defined Internet Exchange Point?

slide-3
SLIDE 3

3

The Amsterdam Internet Exchange*

*Not only situated in Amsterdam

New York

San Fran.

Amsterdam Kenya

Hong Kong

Carribean

Chicago

  • Providing peering services
  • Saves costs
  • Resilience
  • Common shared Layer 2 Ethernet platform
  • Built on top of MPLS/VPLS
slide-4
SLIDE 4

4

Technical concepts

SDX basics

  • BGP Tra

raff ffic c deli livery ry

  • Routing on prefix
  • No end-to-end policies
  • Indirect policies
  • SDX

SDX leverages s Ope penFlow

  • Fabric is perceived as a

single entity

  • Use

Use Cas Cases

  • Application specific peering
  • (D)DoS mitigation
  • Et cetera.
  • Primarily helpful for inbound

traffic engineering

slide-5
SLIDE 5

5

Sounds familiar...

slide-6
SLIDE 6

6

Sounds familiar...

RFC 5575 - Dissemination of Flow Specification Rules

slide-7
SLIDE 7

7

Sounds familiar...

……so why not FlowSpec?

  • Not transparent to the participant
  • Adoption is limited due to ossification of the Internet
  • Scalability issues at large scale
  • TCAM allocation for ACL / PBR rules is limited

RFC 5575 - Dissemination of Flow Specification Rules

slide-8
SLIDE 8

8

Related Work

  • Feamster et al. SDX: A Software Defined Internet Exchange". In: Open Networking

Summit (2013)

  • Gup

Gupta et et al.

  • al. An

An Ind ndustrial-Scale Soft Software Def Defined Internet Exc Exchange Po Point". In: 13 13th USENIX Sym Symposi sium on n Net etworked Sys Systems s Des Design an and d Implementation (NSDI 16 16), 20 2016, 16, pp pp. . 1-14 14. Sources

slide-9
SLIDE 9

9

Growth pattern

  • Original paper tests up to 500 participants
  • AMS-IX is continuously growing
  • Growing closer towards 800 unique participants
  • Scalability is an important factor for feasibility
slide-10
SLIDE 10

10

Technical concepts

iSDX controller

  • Traditional route server
  • Every participant calculates its
  • wn forwarding entries
  • Configuration conflicts are

resolved by Refmon

slide-11
SLIDE 11

Methodology

11

Controller enhancements

  • Enh

Enhancements ts

  • Bypass the route server
  • Fixing program breaking bugs
  • Addition of Redis
  • Da

Data ta set set: : AMS-IX RIB dump

  • IPv4 ~150k unique prefixes
  • IPv6 ~17k unique prefixes
slide-12
SLIDE 12

Methodology

12

Controller enhancements

  • Lim

Limita tati tions

  • iSDX requires multiple tables
  • Switch platform (MLXe)
  • OpenFlow (OF) 1.0 switch
  • NetIron 5.9, OF 1.3 compliant
  • No support for Virtual Chassis
  • Futu

uture: : Brocade SLX

  • Fallb

llback: Open vSwitch

  • Enh

Enhancements ts

  • Bypass the route server
  • Fixing program breaking bugs (3)

(3)

  • Addition of Redis (4)

(4)

  • Da

Data ta set set: : AMS-IX RIB dump

  • IPv4 ~150k unique prefixes
  • IPv6 ~17k unique prefixes
slide-13
SLIDE 13

Methodology

13

Sc Scen enario io #1 #1 - Validation

  • Up to four outbound policies for 10% of

the total participants. Up to 800 peers. Scen Scenario io #2 #2 - Policy expansion

  • Up to sixteen outbound policies for 10, 30
  • r 50% of the total participants. Up to 800

peers. Scen Scenario io #3 #3 - Granular policies

  • Up to four prefix based outbound policies

for 10% of the total prefixes. Up to 800 peers.

Test scenarios

slide-14
SLIDE 14

Results

14

Scenario #1 – Validation

  • Repro

roducti tion of

  • f re

resu sults ts

  • Matches original iSDX scalability

findings

  • Linear growth pattern perceived as

participants increase

  • Maximum supported flows heavily

dependent on switch platform

  • Brocade MLXe supports 128,000

flows per chassis

  • New Brocade SLX platform
  • More capable Merchant Silicon

(Broadcom Tomahawk, Jericho)

slide-15
SLIDE 15

Results

15

Scenario #2 – Policy Validation

  • Grow

rowth th patt pattern

  • Similar growth pattern

perceived as in Scenario #1

  • Amount of flows exceeds

current hardware platform Scalability is heavily tied to constraints set by the IXP (Tolerated amount of policies, port ranges, et cetera.)

slide-16
SLIDE 16

Results

16

Scenario #3 – Granular policies

Impact

  • Defining policies on

destination prefix heavily impacts scalability

  • Aggregation is possible but not

performed by iSDX

  • Total amount of policies for

AMS-IX scale exceeds 140 million flow entries

  • Exceeds capabilities of an

any current hardware platform

slide-17
SLIDE 17

17

Technical concepts

iSDX Fabric

X

slide-18
SLIDE 18

Results

18

MAC compression

iSDX on

  • n the

he fab abric ic

  • Abstracts ASes from ports
  • Scales up to 28 ASes in one

MAC

  • Embeds Next-Hop ASes in MAC address
  • Overriding BGP behavior
  • iSDX design choice
slide-19
SLIDE 19

19

Infrastructural impact

  • iSDX was

as des esig igned for

  • r vi

virtu rtual l chas hassis is infr nfrastru tructu ture res (Brocade VCS, Cisco VSS/VPC, Juniper VC)

  • AM

AMS-IX IX ha has s MPL PLS/VPLS mult lti-hop infr nfrastr truct cture

  • Implementation is still feasible
  • OpenFlow pipeline on the edges
  • Normal MPLS traffic forwarding
  • MAC learning via VPLS infrastructure
slide-20
SLIDE 20

Conclusion

20

  • Sca

Scala labil ility

  • Compression of flows has limitations
  • Defining fine-grained policies is still limited by hardware at this kind of scale
  • iSDX as a concept is feasible
  • Scalability is feasible if the AMS-IX heavily constrains boundaries
  • Affects neutrality of the IXP
  • Dep

Deplo loyment t impact

  • Allows for gradual transition to iSDX design
  • iSDX can be deployed alongside current MPLS/VPLS infrastructure
slide-21
SLIDE 21

Future work

21

Mov

  • vin

ing forw

  • rward

rd

  • Rewrite controller software
  • Improve robustness
  • Include support for IPv6
  • Include multi-threading in the Fabric Manager (Refmon)
  • More efficient policy distribution over PE switches
  • Allow for extended scalability in multi-hop configurations
  • Include MPLS state in iSDX controller
  • Omit the need for a second lookup
  • Include support for defining policies per port
  • Work in process:

ENDEAVOUR project at the University of Louvain (prof. M. Canini)

slide-22
SLIDE 22

Thank you

siem.hermans@os3.nl jeroen.schutrup@os3.nl github.com/jeroen92/sdx-ixp

Re Rese search Project 2

System and Network Engineering

Thank you

slide-23
SLIDE 23

Questions?

siem.hermans@os3.nl jeroen.schutrup@os3.nl github.com/jeroen92/sdx-ixp

Re Rese search Project 2

System and Network Engineering

slide-24
SLIDE 24