Reclaiming the Brain: Useful OpenFlow Functions in the Data Plane - - PowerPoint PPT Presentation

reclaiming the brain useful openflow functions in the
SMART_READER_LITE
LIVE PREVIEW

Reclaiming the Brain: Useful OpenFlow Functions in the Data Plane - - PowerPoint PPT Presentation

Jun 18, 2023 48 likes •412 views

Reclaiming the Brain: Useful OpenFlow Functions in the Data Plane Liron Schiff (Tel Aviv Uni, Israel) Michael Borokhovich (UT Austin, United States) Stefan Schmid (TU Berlin & T-Labs, Germany) 1 My Talk in One Slide Separation of the

slide-1
SLIDE 1

Reclaiming the Brain: Useful OpenFlow Functions in the Data Plane

Liron Schiff (Tel Aviv Uni, Israel) Michael Borokhovich (UT Austin, United States) Stefan Schmid (TU Berlin & T-Labs, Germany)

1

slide-2
SLIDE 2

My Talk in One Slide

data plane ctrl plane

N S

Separation of the planes enables: simplified network management and operation faster innovation

2

slide-3
SLIDE 3

My Talk in One Slide

data plane ctrl plane

N S

Separation of the planes enables: simplified network management and operation faster innovation However: controller may miss certain data plane events indirection => latency

2

slide-4
SLIDE 4

My Talk in One Slide

data plane ctrl plane

N S

Separation of the planes enables: simplified network management and operation faster innovation However: controller may miss certain data plane events indirection => latency What functionality should be kept in data plane? — A big question!

2

slide-5
SLIDE 5

My Talk in One Slide

data plane ctrl plane

N S

Separation of the planes enables: simplified network management and operation faster innovation However: controller may miss certain data plane events indirection => latency What functionality should be kept in data plane? — A big question! In this talk: example of functions that can be kept in the data plane.

2

slide-6
SLIDE 6

SDN and OpenFlow

Actions Match Set VLAN = 11 Forward port 3 IP.src=10.0.*.* Drop TCP.port = 23 Send Controller IP.dst=192.*.*.* and VLAN=13 … …

Controller

3

OpenFlow OpenFlow

slide-7
SLIDE 7

OpenFlow in a Nutshell

Table 1

Packet In

Table 2

Table n

Packet Out

Switch pipeline Basic Actions Set a field Append a label Forward to a port/controller/flood Goto Table x

4

slide-8
SLIDE 8

OpenFlow in a Nutshell

Table 1

Packet In

Table 2

Table n

Packet Out

Failover Group

Action1 Port-1 Action2 Port-2 … … Action-k Port-k

Table 1

  • Gr1
  • Gr2

… …

Switch pipeline Basic Actions Set a field Append a label Forward to a port/controller/flood Goto Table x Advanced/optional Actions Link state based Round-robin selection

4

slide-9
SLIDE 9

OpenFlow in a Nutshell

Table 1

Packet In

Table 2

Table n

Packet Out

Failover Group

Action1 Port-1 Action2 Port-2 … … Action-k Port-k

Table 1

  • Gr1
  • Gr2

… …

Switch pipeline Basic Actions Set a field Append a label Forward to a port/controller/flood Goto Table x Advanced/optional Actions Link state based Round-robin selection

Round Robin Group

Action1 Action2 … Action-k 4

slide-10
SLIDE 10

Fast Failover - Adding Brains to the South

data plane ctrl plane

N S

Proactive reaction to link failures

Failover Group

Fwd Port 1 Fwd Port 3 … … Action-k Port-k 5

1 3

slide-11
SLIDE 11

Fast Failover - Adding Brains to the South

data plane ctrl plane

N S

Proactive reaction to link failures

Failover Group

Fwd Port 1 Fwd Port 3 … … Action-k Port-k 5

1 3

slide-12
SLIDE 12

Fast Failover - Adding Brains to the South

data plane ctrl plane

N S

Proactive reaction to link failures

Failover Group

Fwd Port 1 Fwd Port 3 … … Action-k Port-k

Non-trivial to use May quickly introduce loops May introduce high load Much better with Tags

Tag

5

1 3

slide-13
SLIDE 13

Fast Failover - Adding Brains to the South

data plane ctrl plane

N S

Proactive reaction to link failures

Failover Group

Fwd Port 1 Fwd Port 3 … … Action-k Port-k

Non-trivial to use May quickly introduce loops May introduce high load Much better with Tags

Tag

5

1 3

slide-14
SLIDE 14

Fast Failover - Adding Brains to the South

data plane ctrl plane

N S

Proactive reaction to link failures

Failover Group

Fwd Port 1 Fwd Port 3 … … Action-k Port-k

Non-trivial to use May quickly introduce loops May introduce high load Much better with Tags

Tag

5

1 3

slide-15
SLIDE 15

Functions in the South

Reduce interactions with the control plane Make data plane more robust Monitoring functions: Topology snapshot Blackhole detection Critical node detection Communication functions: Anycast

N S

6

slide-16
SLIDE 16

How it is possible? SmartSouth template.

SmartSouth — in-band graph DFS traversal State of each node stored in the packet: parent current neighbor the node traverses Implemented using a simple match-action paradigm Uses Fast Failover technique.

7

payload

par, cur par, cur par, cur

slide-17
SLIDE 17

How it is possible? SmartSouth template.

Pseudocode —> Match&Action tables

payload

par, cur par, cur par, cur

8

Algorithm 1 Algorithm SmartSouth – Template

Input: current node: vi, input port: in, packet global params: pkt.start, packet tag array: {pkt.vj}j∈[n] Output: output port: out 1: if pkt.start = 0 then 2: pkt.start ← 1 3:

  • ut ← 1

4: else 5: if pkt.vi.cur = 0 then 6: pkt.vi.par ← in; out ← 1; First visit() 7: else if in = pkt.vi.cur then 8:

  • ut ← pkt.vi.cur + 1; V isit from cur()

9: else 10:

  • ut ← in; V isit not from cur()

11: goto 26 12: if out = ∆i + 1 then 13:

  • ut ← pkt.vi.par

14: goto 22 15: while out failed or out = pkt.vi.par do 16:

  • ut ← out + 1

17: if out = ∆i + 1 then 18:

  • ut ← pkt.vi.par

19: goto 22 20: Send next neighbor() 21: goto 23 22: Send parent() 23: pkt.vi.cur ← out 24: if out = 0 then 25: Finish() 26: return out

slide-18
SLIDE 18

How it is possible? SmartSouth template.

Pseudocode —> Match&Action tables

payload

par, cur par, cur par, cur

if pkt.vi.cur = 0 then pkt.vi.par ← in; out ← 1; Fi else if in = pkt.vi.cur then

  • ut ← pkt.vi.cur + 1; V isit

else

∆i 1 ∆i 1 ∆i Table C ⇤ ⇤ pkt.vi.par in, Table 1 1 1 ⇤ Table 2 2 2 ⇤ Table 3 3 3 ⇤ Table 4 . . . . . . . . . . . . Flow Table B Match Instructions in pkt.vi.cur pkt.vi.par

9

slide-19
SLIDE 19

How it is possible? SmartSouth template.

Pseudocode —> Match&Action tables

payload

par, cur par, cur par, cur

if pkt.vi.cur = 0 then pkt.vi.par ← in; out ← 1; Fi else if in = pkt.vi.cur then

  • ut ← pkt.vi.cur + 1; V isit

else

∆i 1 ∆i 1 ∆i Table C ⇤ ⇤ pkt.vi.par in, Table 1 1 1 ⇤ Table 2 2 2 ⇤ Table 3 3 3 ⇤ Table 4 . . . . . . . . . . . . Flow Table B Match Instructions in pkt.vi.cur pkt.vi.par

9

15: while out failed 16:

  • ut ← out + 1

h i Gr 1 hsb 1, pkt.vi.cur 1, pkt.start 1, Fwd 1i Gr 2 hsb 1, pkt.vi.cur 2, pkt.start 1, Fwd 2i . . . . . . Group Actions Gr 0.1 hsb 1, Fwd Route(1)i

Flow Table 1 Match Instructions sb Gr 1, Table 2 1 Drop Flow Table 2 Match Instructions sb Gr 2, Table 3 1 Drop

port 1 port 2

slide-20
SLIDE 20

Functions in the South: Topology Snapshot

g i v e m e a s n a p s h

  • t

N S

Fault tolerant No connectivity assumption Requires a single connection to controller Unlike built-in “Topology service” in OpenFlow

10

slide-21
SLIDE 21

Functions in the South: Topology Snapshot

g i v e m e a s n a p s h

  • t

N S

Fault tolerant No connectivity assumption Requires a single connection to controller Unlike built-in “Topology service” in OpenFlow During the DFS traversal, topology information is written to the packet header

snapshot data

par, next par, next par, next

10

slide-22
SLIDE 22

Functions in the South: Blackhole Detection

I s t h e r e a b l a c k h

  • l

e ?

N S

Detects connectivity loss regardless of the cause physical failure configuration errors unsupervised carrier network errors

11

slide-23
SLIDE 23

Functions in the South: Blackhole Detection

I s t h e r e a b l a c k h

  • l

e ?

N S

Detects connectivity loss regardless of the cause physical failure configuration errors unsupervised carrier network errors Two possible implementations:

11

slide-24
SLIDE 24

Functions in the South: Blackhole Detection

I s t h e r e a b l a c k h

  • l

e ?

N S

Detects connectivity loss regardless of the cause physical failure configuration errors unsupervised carrier network errors Two possible implementations: DFS traversal with TTL (log n) DFS traversals (binary search)

TTL

par, next par, next par, next

11

DFS failed DFS failed Blackhole found

slide-25
SLIDE 25

Functions in the South: Blackhole Detection

I s t h e r e a b l a c k h

  • l

e ?

N S

General counters - access only by controller Our counters: access during packet processing counter value can be written to packet or metadata implemented using Round-Robin action group

Round Robin Group

Action1 Action2 … Action-k

Table 1

Table 2 1

  • 2

K

.

Smart “In-band” Counters

12

slide-26
SLIDE 26

Functions in the South: Blackhole Detection

I s t h e r e a b l a c k h

  • l

e ?

N S

Install SmartCounter for each port Only two DFS traversals required: First - back&forth on each link

Blackhole detection with SmartCounters

13

3 3 1

slide-27
SLIDE 27

Functions in the South: Blackhole Detection

I s t h e r e a b l a c k h

  • l

e ?

N S

Install SmartCounter for each port Only two DFS traversals required: First - back&forth on each link

Blackhole detection with SmartCounters

13

3 3 1 Second - find port with counter value 1

3 3 3 3 3 1 3

slide-28
SLIDE 28

Functions in the South: Critical Node Detection

are you critical?

N

  • Checks if a node is critical for connectivity

Non-critical node may be removed for maintenance energy conservation Cheaper than Snapshot

are you critical?

Y e s

14

slide-29
SLIDE 29

Functions in the South: Critical Node Detection

are you critical?

N

  • Checks if a node is critical for connectivity

Non-critical node may be removed for maintenance energy conservation Cheaper than Snapshot

are you critical?

Y e s

One DFS traversal with root = v If v non-critical: it is parent for exactly one node

14

slide-30
SLIDE 30

Functions in the South: Critical Node Detection

are you critical?

N

  • Checks if a node is critical for connectivity

Non-critical node may be removed for maintenance energy conservation Cheaper than Snapshot

are you critical?

Y e s

One DFS traversal with root = v If v non-critical: it is parent for exactly one node

14

Else: it is parent for more than 1 node

slide-31
SLIDE 31

Functions in the South: Anycast

Multiple, unknown destinations, NFV Alternative path to the control plane Extendable to service chains

FW FW

N S

gid

par, next par, next par, next

payload

15

slide-32
SLIDE 32

Functions in the South: Anycast

Multiple, unknown destinations, NFV Alternative path to the control plane Extendable to service chains

FW FW

N S

gid

par, next par, next par, next

payload

Anycast - one DFS traversal If gid match: forward to “self port” Else: continue DFS traversal

15

gid=5 gid=5 gid=8 gid=8

slide-33
SLIDE 33

Functions in the South: Anycast

Multiple, unknown destinations, NFV Alternative path to the control plane Extendable to service chains

FW FW

N S

gid

par, next par, next par, next

payload

Anycast - one DFS traversal If gid match: forward to “self port” Else: continue DFS traversal Priocast - two DFS traversals First - find highest priority dest Second - deliver to the best dest

gid, highest_prio

15

gid=5 gid=5 prio=1 prio=2 gid=8 gid=8

slide-34
SLIDE 34

SmartSouth in practice

Using existing OpenFlow match fields for tagging: IPv6 addresses VLAN tags MPLS tags Using this approach we can support up to few dozens of nodes More tag space in the future Future OpenFlow will probably support flexible match and set NoviFlow switches already support UDP payload access

16

slide-35
SLIDE 35

Conclusions

“Dumb” data plane can implement useful and complex functionality Snapshot Blackhole detection Critical node detection Anycast Smart Counters Nourish discussion on what should be implemented and where

N S

17

slide-36
SLIDE 36

Conclusions

“Dumb” data plane can implement useful and complex functionality Snapshot Blackhole detection Critical node detection Anycast Smart Counters Nourish discussion on what should be implemented and where

Thank You!

N S

17