network function control
play

Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, - PowerPoint PPT Presentation

Nov 04, 2022 •471 likes •925 views

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1 Network functions (NFs) Perform sophisticated stateful actions

  1. OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1

  2. Network functions (NFs) • Perform sophisticated stateful actions on packets/flows • Important goals: 1. Satisfy SLAs 2. Minimize costs 3. Act correctly 2

  3. NF trends • Network Functions Virtualization (NFV) WAN optimizer Caching proxy Intrusion detection system (IDS) 3

  4. NF trends • Network Functions Virtualization (NFV) → dynamically allocate NF instances Hypervisor 3

  5. NF trends • Network Functions Virtualization (NFV) → dynamically allocate NF instances • Software-defined Networking → dynamically reroute flows Hypervisor 3

  6. NF trends • Network Functions Virtualization (NFV) → dynamically allocate NF instances • Software-defined Networking → dynamically reroute flows Dynamic reallocation Hypervisor of packet processing e.g., elastic NF scaling 3

  7. Why NFV + SDN falls short Packet loss 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  8. Why NFV + SDN falls short Packet loss SLA: <1% 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  9. Why NFV + SDN falls short ? Packet loss SLA: <1% 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  10. Why NFV + SDN falls short ? Packet loss SLA: <1% 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  11. Why NFV + SDN falls short ? Packet loss 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  12. Why NFV + SDN falls short ? Packet loss 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  13. Why NFV + SDN falls short ? Packet loss 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  14. SLAs + cost + accuracy: What do we need? • Quickly move, copy, or share internal NF state alongside updates to network forwarding state • Guarantees: loss-free, order- preserving, …    … 1 2 3 … Also applies to other scenarios 5

  15. Outline • Motivation and requirements • Challenges • OpenNF architecture • Evaluation 6

  16. Challenges 1. Supporting many NFs with minimal changes 2. Dealing with race conditions 3. Bounding overhead 7

  17. OpenNF overview Control Application move/copy/share state OpenNF NF State Manager Flow Manager Controller export/import State 8

  18. NF state taxonomy State created or updated by an NF applies to either a single flow or a collection of flows Multi-flow state Per-flow state TcpAnalyzer Connection HttpAnalyzer ConnCount Connection TcpAnalyzer All-flows state HttpAnalyzer Statistics 9

  19. NF API: export/import state • Functions: get , put , delete put Per Scope Multi All Filter get NF No need to expose/change internal state organization! 10

  20. Control operations: move Control Application Flow Manager move (port=80, IDS 1 , IDS 2 ) NF State Manager IDS 1 IDS 2 11

  21. Control operations: move Control Application Flow Manager move (port=80, IDS 1 , IDS 2 ) NF State Manager get(per, port=80) [Chunk1] [Chunk2] IDS 1 IDS 2 11

  22. Control operations: move Control Application Flow Manager move (port=80, IDS 1 , IDS 2 ) NF State Manager get(per, port=80) [Chunk1] del(per, port=80) [Chunk2] IDS 1 IDS 2 11

  23. Control operations: move Control Application Flow Manager move (port=80, IDS 1 , IDS 2 ) NF State Manager get(per, port=80) put (per, Chunk1) [Chunk1] del(per, port=80) put (per, Chunk2) [Chunk2] IDS 1 IDS 2 11

  24. Control operations: move Control Application Flow Manager move (port=80, IDS 1 , IDS 2 ) forward(port=80, IDS 2 ) NF State Manager get(per, port=80) put (per, Chunk1) [Chunk1] del(per, port=80) put (per, Chunk2) [Chunk2] IDS 1 IDS 2 Also provide copy and share 11

  25. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check R1 B1 IDS 1 IDS 2 12

  26. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check R1 B1 IDS 1 IDS 2 12

  27. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check Missing R1 state B1 R2 IDS 1 IDS 2 12

  28. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check Missing R2 R1 state B1 IDS 1 IDS 2 12

  29. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check Missing R2 R1 state B1 IDS 1 IDS 2 12

  30. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check Missing Missing R2 R1 state updates B1 R3 IDS 1 IDS 2 12

  31. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check Missing Missing R2 R1 state updates B1 R3 IDS 1 IDS 2 Loss-free: All state updates should be reflected in the transferred state, and all packets should be processed 12

  32. NF API: observe/prevent updates using events NF R1 Only need to change an NF’s receive packet function! 13

  33. Use events for loss-free move R1 IDS 1 IDS 2 14

  34. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 R1 NoProc IDS 1 IDS 2 14

  35. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 NoProc IDS 1 IDS 2 R1 14

  36. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 NoProc R2 IDS 1 IDS 2 R1 14

  37. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 3. Buffer events at controller NoProc IDS 1 IDS 2 R1 R2 14

  38. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 3. Buffer events at controller 4. put on IDS 2 R1 NoProc IDS 1 IDS 2 R2 14

  39. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 3. Buffer events at controller 4. put on IDS 2 5. Flush packets in events to IDS 2 R1,R2 R1 NoProc IDS 1 IDS 2 14

  40. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 3. Buffer events at controller 4. put on IDS 2 5. Flush packets in events to IDS 2 R1,R2 R1 NoProc 6. Update IDS 1 IDS 2 forwarding 14

  41. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 3. Buffer events at controller 4. put on IDS 2 5. Flush packets in events to IDS 2 R1,R2,R3 R1,R2 R1 NoProc 6. Update IDS 1 IDS 2 forwarding 14

  42. Implementation • Controller ( 3.8K lines of Java ) • Communication library (2.6K lines of C) • Modified NFs (3-8% increase in code) Bro IDS iptables Squid Cache PRADS 15

  43. Evaluation: benefits for elastic scaling • Bro IDS processing 10K pkts/sec – At 180 sec: move HTTP flows (489) to new IDS – At 360 sec: move back to old IDS • SLAs: 260ms to move (loss-free) • Accuracy: same log entries as using one IDS – VM replication: incorrect log entries • Cost: scale in after state is moved – Wait for flows to die: scale in delayed 25+ minutes 16

  44. Conclusion • Realizing SLAs + cost + accuracy requires quick, safe control of internal network function state • OpenNF provides flexible and efficient control with few modifications to NFs Learn more and try it! http://opennf.cs.wisc.edu 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash,

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash,

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1 Network functions (NFs) Perform sophisticated stateful actions

770 views • 76 slides
Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert

Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1 Network functions (NFs) Perform sophisticated stateful actions

1.16k views • 88 slides
OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash,

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash,

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1 Network functions (NFs) Perform sophisticated stateful actions

361 views • 32 slides
Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport

Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport

Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport Deniz Gurkan, Nicholas Bastin, Stuart Baxley University of Houston Funded by the U.S. Department of Energy and the U.S. Department of Homeland

541 views • 15 slides
Value function and optimal trajectories for a control problem with supremum cost function and

Value function and optimal trajectories for a control problem with supremum cost function and

Value function and optimal trajectories for a control problem with supremum cost function and state constraints Hasnaa Zidani ENSTA ParisTech, University of Paris-Saclay joint work with: A. Assellaou, &amp; O. Bokanowski, &amp; A. Desilles

448 views • 41 slides
1 b. Implement the function using a minimal network of 4:1 multiplexers. The truth table using a ,

1 b. Implement the function using a minimal network of 4:1 multiplexers. The truth table using a ,

CSE140 Exercise Solutions m (0 , 2 , 4 , 6 , 7) + d (1). I. Given a three-input Boolean function f ( a, b, c ) = a. Implement the function using a minimal network of 2:4 decoders and OR gates. Standard solution : Use a as the enable signal,

407 views • 12 slides
SLAC Control Network SLAC Control Network Campaign 1 12/13/01,12/17/01 01/18/02 Purpose

SLAC Control Network SLAC Control Network Campaign 1 12/13/01,12/17/01 01/18/02 Purpose

SLAC Control Network SLAC Control Network Campaign 1 12/13/01,12/17/01 01/18/02 Purpose Purpose To tie SLAC control points to existing coordinate system &amp; datum. (ie. NAD 83 CA State Plane Zone 3, UTM Zone 10, WGS84) Network

372 views • 14 slides
Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function

Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function

Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function Offloading Mario Almeida, Liang Wang*, Jeremy Blackburn, Konstantina Papagiannaki, Jon Crowcroft* Telefonica Research, ES University of

903 views • 26 slides
Network Layer: Control Plane Goal: understand principles behind network control plane

Network Layer: Control Plane Goal: understand principles behind network control plane

Network Layer: Control Plane Goal: understand principles behind network control plane traditional (intra-domain) routing algorithms SDN controllers and their instantiation, implementation in the Internet: OSPF, RIP, OpenFlow, ODL

1.31k views • 75 slides
Maria Bulatova, Daria Kolistratova Background Network Function (NF) a component of a network

Maria Bulatova, Daria Kolistratova Background Network Function (NF) a component of a network

Maria Bulatova, Daria Kolistratova Background Network Function (NF) a component of a network infrastructure with well defined interfaces and behavior ( routing, network address translation (NAT), firewall, etc.). Traditional NFs:

224 views • 19 slides
Eliminating Adverse Control Plane Interactions in Independent Network Systems Matthew K.

Eliminating Adverse Control Plane Interactions in Independent Network Systems Matthew K.

Eliminating Adverse Control Plane Interactions in Independent Network Systems Matthew K. Mukerjee Computer Science PhD Thesis Defense May 1st, 2018 Network Control CDN server selection Routing Congestion Control VM migration Network

1.71k views • 131 slides
CONTROL YOUR CARGO. CONTROL YOUR NETWORK. CONTROL YOUR BRAND. APRIL 2019

CONTROL YOUR CARGO. CONTROL YOUR NETWORK. CONTROL YOUR BRAND. APRIL 2019

CONTROL YOUR CARGO. CONTROL YOUR NETWORK. CONTROL YOUR BRAND. APRIL 2019 annika@sensortransport.com THE PROBLEM Status of Cargo Status of Shipment $100 BILL LOST ANNUALLY FROM DAMAGE Manual Delivery AND THEFT THE SOLUTION A

2.74k views • 9 slides
Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control Systems Research Philipp Mieden &amp; Rutger Beltman, 2020 Supervisor: Bartosz Czaszynski, Deloitte Industrial Network VS Corporate Network 2

379 views • 35 slides
Function Approximation for (on policy) Prediction and Control Lecture 8, CMU 10-403 Katerina

Function Approximation for (on policy) Prediction and Control Lecture 8, CMU 10-403 Katerina

Carnegie Mellon School of Computer Science Deep Reinforcement Learning and Control Function Approximation for (on policy) Prediction and Control Lecture 8, CMU 10-403 Katerina Fragkiadaki Used Materials Disclaimer : Much of the material

642 views • 41 slides
The Gas Network Control Problem and How to Approach It Felix Hennings Combinatorial Optimization

The Gas Network Control Problem and How to Approach It Felix Hennings Combinatorial Optimization

The Gas Network Control Problem and How to Approach It Felix Hennings Combinatorial Optimization @ Work 2020 The Gas Network Control Problem General description Optimization of short-term transient gas network control of large real-world

917 views • 39 slides
Unemployment Duration and Re-employment Wages: A Control Function Approach Marta C. Lopes 1 1

Unemployment Duration and Re-employment Wages: A Control Function Approach Marta C. Lopes 1 1

Unemployment Duration and Re-employment Wages: A Control Function Approach Marta C. Lopes 1 1 NovaSBE, Universidade Nova de Lisboa 23 rd London Stata User Group Meeting September 7, 2017 Marta C. Lopes (NovaSBE) A Control Function Approach

669 views • 38 slides
Zoning and Land Use: What You Need to Know (the devils in the details!) Presented By: Michael

Zoning and Land Use: What You Need to Know (the devils in the details!) Presented By: Michael

Zoning and Land Use: What You Need to Know (the devils in the details!) Presented By: Michael Homier Foster Swift Collins &amp; Smith, PC 1700 E. Beltline Ave NE, Suite 200 Grand Rapids, MI 49525 (616) 7262230 mhomier@fosterswift.com

705 views • 41 slides
Insights into the Policy and Legislation on Land Reform in Zimbabwe Sam Zhou 6/06/03

Insights into the Policy and Legislation on Land Reform in Zimbabwe Sam Zhou 6/06/03

Insights into the Policy and Legislation on Land Reform in Zimbabwe Sam Zhou 6/06/03 Pretoria, R.S.A, 6 November 2002 1 Discussion Outline n Introductory statement n Summary of background issues on Land Policy and Legislation in Zimbabwe. n

417 views • 12 slides
Data driving improvements in integrated care: a one system approach Presented by Ray Messom

Data driving improvements in integrated care: a one system approach Presented by Ray Messom

Data driving improvements in integrated care: a one system approach Presented by Ray Messom CEO Wentwest Western Sydney PHN Consumer 2 Healthcare is data-driven, but human to the core. Data drives outcomes. But its the people

251 views • 23 slides
Improving Care Transitions: Creating Your Evidence-Based Approach Jack Chase, MD Medical

Improving Care Transitions: Creating Your Evidence-Based Approach Jack Chase, MD Medical

Improving Care Transitions: Creating Your Evidence-Based Approach Jack Chase, MD Medical Director of Care Coordination, Director of Operations, San Francisco Health Network Primary Care UCSF Family Medicine Inpatient Service San Francisco

685 views • 49 slides
Cooperative Strategies for Groundwater Sarah Rountree Schlessinger Texas Water Foundation April

Cooperative Strategies for Groundwater Sarah Rountree Schlessinger Texas Water Foundation April

Cooperative Strategies for Groundwater Sarah Rountree Schlessinger Texas Water Foundation April 10, 2019 Questions How does Texas manage groundwater? How do we cooperate/coordinate across boundaries? What challenges and

368 views • 14 slides
More and Better Disciples Matthew 28:16-20 Matthew 5:16 In the same way, let your light shine

More and Better Disciples Matthew 28:16-20 Matthew 5:16 In the same way, let your light shine

More and Better Disciples Matthew 28:16-20 Matthew 5:16 In the same way, let your light shine before men, that they may see your good deeds and praise your Father in heaven. Matthew 16:24 Then Jesus said to his disciples, If anyone would

435 views • 26 slides
ASTM E 1527 13 Changes and Implications www.gaiatech.com 1 A Really Brief History: The Path

ASTM E 1527 13 Changes and Implications www.gaiatech.com 1 A Really Brief History: The Path

ASTM E 1527 13 Changes and Implications www.gaiatech.com 1 A Really Brief History: The Path to Revisions In keeping with ASTM practice to regularly evaluate the standards, a Task Group was formed in 2009 to evaluate the 05 standard

406 views • 11 slides
Agile data science. Is that a thing yet? Hercules Konstantopoulos http://drhercules.me

Agile data science. Is that a thing yet? Hercules Konstantopoulos http://drhercules.me

Agile data science. Is that a thing yet? Hercules Konstantopoulos http://drhercules.me Senior Data Scientist, Atlassian @StarfishDataSci YOW! Data, 7 May 2019 I studied here! I worked here! I grew up here! I worked

265 views • 25 slides

More recommend