SLIDE 1 Exploiting ICN for Flexible Management of Software-Defined Networks
Mayutan Arumaithurai†, Jiachen Chen†, Edo Monticelli†, Xiaoming Fu† and K. K. Ramakrishnan*
† University of Goettingen, Germany * University of California, Riverside, U.S.A.
SLIDE 2 Middleboxes usually provide these services for reasons of
– Policy control, security, performance optimization – They have to be resident on the path of a flow =>
- traffic might have to deviate from its natural “IP” shortest path
and forced through middleboxes
Problem Statement and Terminology
9/26/2014 Exploiting ICN for Flexible Management of SDN 2
Objective of this paper: Deal with an important and common problem, i.e. Service Chaining Long term vision: Enhance SDN with Information Centricity to improve network management Service Chaining: The steering of flows through the different network functions/services needed, before it is delivered to the destination.
SLIDE 3
Base Topology
9/26/2014 Exploiting ICN for Flexible Management of SDN 3 Middlebox Prefix Popper ICN-Switch Ingress Egress Firewall A DSA R5 Cache DPI DPI Firewall B
SLIDE 4
- Middleboxes performing additional processing of packets
before it is delivered has become an integral need of the Internet
– E.g. , Facebook, Twitter, FourSquare, Google Instant, MyYahoo require
content to go through middleboxes in order to improve performance
– Dynamic site accelerators – TCP optimization – NAT – Proxy – Firewall – DPI – CDNs
Motivation - I
4 9/26/2014 Exploiting ICN for Flexible Management of SDN
SLIDE 5
- Advent of Network Function Virtualization (NFV)
– makes it easier to deploy middleboxes in a flexible and dynamic
manner
– can be instantiated, removed and positioned on demand
NFV based Middleboxes
5 9/26/2014 Exploiting ICN for Flexible Management of SDN
Managing such an NFV based middlebox provisioning and service chaining can be challenging
SLIDE 6
- Software Defined Networking (SDN’s)
– attempt to perform such network management by making use of a
logically centralized controller
- Controller has a global view of the network and therefore network mgmt.
is easier than in the case of the current distributed approach
– Setup flow based forwarding rules on paths – Provides greater control for networks to steer packets flexibly without
being constrained by traditional routing such as OSPF, BGP
SDN - I
6 9/26/2014 Exploiting ICN for Flexible Management of SDN
However, the management logic (“what” is required) is intrinsically coupled with the node location (“where” it is available).
SLIDE 7
- Intrinsic coupling results in issues pertaining to =>
– Flexibility: cannot make real time decisions since location is decided – Scalability: places flow based forwarding rules on every router – Reliability: when middleboxes fail, a new path has to be built
- or a backup path for every flow and every possibility (i.e. if router A fails, if
router B fails and so on) exist
SDN - II
7 9/26/2014 Exploiting ICN for Flexible Management of SDN
However, the management logic (“what” is required) is intrinsically coupled with the node location (“where” it is available).
SLIDE 8 We argue that the performance of SDN can be further improved by using ideas of information centricity
– Decouple location from the identity (name) of the function – Can make better use of
- Flexibility offered by NFV
Proposal
8 9/26/2014 Exploiting ICN for Flexible Management of SDN
We Propose Function Centric Service Chaining (FCSC) Key idea of information centricity => Name based forwarding Caching is a service that it facilitates
SLIDE 9
FCSC Basic Design
9/26/2014 Exploiting ICN for Flexible Management of SDN 9 Forwarding Layer Ingress Middlebox Policy Module Routing Module Flow Features Next Hop Flow Layer Controller
(a) SDN
Router/Switch What Where
SLIDE 10
FCSC Basic Design
9/26/2014 Exploiting ICN for Flexible Management of SDN 10 Forwarding Layer Ingress Middlebox Policy Module Routing Module Flow Features Next Hop Flow Layer
Naming Layer
Ingress Middlebox Policy Module Flow Features Name Routing Module Next Hop Controller
(a) SDN (b) FCSC
Router/Switch
These layers are already available in NDN/CCN enabled nodes
What Where What Where
SLIDE 11
FCSC: Forwarding Engine
Per flow solutions Entries ∝ flows FCSC Entries ∝ functions
11 9/26/2014
Flow identifier FACE Flow-id 5 Tuples Application Function identifier FACE Function A Function B
Scalability Exploiting ICN for Flexible Management of SDN
SLIDE 12
FCSC: Forwarding Engine
Per flow solutions Entries ∝ flows FCSC Entries ∝ functions
12 9/26/2014
Flow identifier FACE Flow-id 5 Tuples Application Function identifier FACE Function A X Function B Function A Y
Intrinsically supports the presence of multiple instances for the same functionality and can perform network layer load balancing among these nodes
Scalability Scalability Flexibility Reliability Exploiting ICN for Flexible Management of SDN
SLIDE 13
– chain: DPI/cache/egress-R5
- Scheme identifiers could be chain, monitor, ctrl
– Prefix popping (simple and stateless task) will be done at the
node hosting that particular network function instance
– Middleboxes advertise the prefix they are serving
- prefix (similar to advertising the data they serve)
– Forwarding table is accordingly populated
- Can use centralized/distributed routing schemes
- Stateful Middleboxes
– In some cases, it is necessary to maintain states – Use chain:firewall/_A/cache instead of firewall/cache
FCSC Design Strategy
13 9/26/2014 Exploiting ICN for Flexible Management of SDN
SLIDE 14
– Ingress (or via the controller) knows the list of functions a flow needs – The controller does not have to inform all the routers of the
forwarding rules for the new flow, just ingress(es) is sufficient
– Can set at ingress the set of functions a flow might require
- Not required to proactively set forwarding states in routers
- No need to set paths from each ingress for all flows [O(𝑂2)]
FCSC Architecture Description
14 9/26/2014 Exploiting ICN for Flexible Management of SDN Scalability
Flow identifier Functions Needed Flow-1 DPI, Cache Flow-2 DSA, TCP Opt. Flow-3
SLIDE 15
- Policy change by middleboxes
– Just change the name, i.e function list – No need to change forwarding rules in the routers
FCSC Architecture Description
15 9/26/2014 Exploiting ICN for Flexible Management of SDN Flexibility Scalability
SLIDE 16 Lifetime of a Packet
9/26/2014 Exploiting ICN for Flexible Management of SDN 16 Ingress Egress Firewall A Load Balancer Firewall B R5 chain:/Cache/R5 chain:/LB/_FW/Cache/R5 Cache chain:/Firewall/_B/Cache/R5 chain:/Cache/R5 chain:/R5 DPI chain:/DPI/Cache/R5
DPI
Middlebox Prefix Popper ICN-Switch
SLIDE 17
- We use a custom simulator in Java
– Used in previous works such as COPSS[1], G- COPSS[2], Coexist[3]
- Compare to a centralized controller based SDN
– Decentralized approaches exist
- Inconsistent state can affect performance
- Communication overhead to keep them in sync is not known
– Even if a decentralized approach exist, each controller will be
responsible for a set of routers (a portion of the network)
- Topology (Demonstrate the benefits of FCSC)
– Synthetic topology – Real world topology
Evaluations
9/26/2014 Exploiting ICN for Flexible Management of SDN 17
SLIDE 18 Synthetic Topology
– between switches is 2ms – between switches and the end-systems (middlebox, src, dst, control)
is 10ms.
– 100Mbps
- The processing latency on all the middleboxes (including Ctrl)
is 1ms, or 1000pps (packets per second).
- The sending rate at src is also 1000pps.
18 9/26/2014
R5 R4 R6 Ctrl DPI N1 [A] N2 [B] Dst Src N3 [A] N4 [B] R1 R2 R3
Exploiting ICN for Flexible Management of SDN
Focus: To understand how FCSC can compliment SDN
SLIDE 19
Dynamic Failure Recovery
9/26/2014 Exploiting ICN for Flexible Management of SDN 19
FCSC looses less packets while recovering from failure
60 70 80 90 100 50 100 150 200 250 300
Latency (ms) Packet ID
FCSC SDN
SLIDE 20
Dynamic Adaption to New Instances
9/26/2014 Exploiting ICN for Flexible Management of SDN 20
FCSC flows able to use new instances since routers are able to make forwarding decisions on a per packet basis
60 70 80 90 100 50 100 150 200 250 300
Latency (ms) Packet ID
FCSC SDN
SLIDE 21
Dynamic Policy Change on Middleboxes
9/26/2014 Exploiting ICN for Flexible Management of SDN 21
FCSC routes via the new function at 30th packet itself
50 75 100 125 150 20 40 60 80 100
Latency (ms) Packet ID
FCSC SDN
SLIDE 22 Large Scale Evaluation
– Exodus AS-3967
- 18 cities used as core network
- Latency
– 30 links – Latency ranging from 2ms – 21ms (avg 6.6ms) – Latency between end-hosts, controller and core routers set to 6ms
- Bandwidth is 100 Mbps
- We assume that 11 different functions are required
– One is a DPI function that can rewrite the required function list
- Each flow belongs to one of 100 different applications
– Each application requires a range of functions (1 to 4)
22 9/26/2014 Exploiting ICN for Flexible Management of SDN
Focus: Verify if benefits of FCSC hold true in the presence
- f varying number of heterogenous flows and instances
SLIDE 23
- 100 long lasting flows (5 min)
– All flows start at 0s – Different sending rate (120Kbps to 1.05Mbps)
- The simulation starts with one instance
– A new instance is launched at a random location every 30s
Varying Number of Function Instances
9/26/2014 Exploiting ICN for Flexible Management of SDN 23
75 85 95 105 1 2 3 4 5 6 7 8 9 10
# of instances per function FCSC SDN
SLIDE 24
- # of flows: 50 – 500
- Arrival time: Random such that they start in the first 5 min
– Duration: 0.05s to 91.24s – Sending rate: 1.2 Mbps to 11.09 Mbps.
- # of middlebox creation/failure events: 1,151
- 95% confidence Interval
Varying Number of Flows - I
9/26/2014 Exploiting ICN for Flexible Management of SDN 24
50 60 70 80 90 100 110 50 100 150 200 250 300 350 400 450 500
# OF FLOWS FCSC SDN
SLIDE 25 Varying Number of Flows - II
9/26/2014 Exploiting ICN for Flexible Management of SDN 25
0% 10% 20% 30% 50 150250350450 Packet loss rate # of flows FCSC SDN 4 8 12 16 50 150 250 350 450 # of rules (k) # of flows FCSC SDN
- # of flows: 50 – 500
- Arrival time: Random such that they start in the first 5 min
– Duration: 0.05s to 91.24s – Sending rate: 1.2 Mbps to 11.09 Mbps.
- # of middlebox creation/failure events: 1,151
- 95% confidence Interval
SLIDE 26
- First attempt of enhancing SDN with information centricity by
dealing with a common and important problem of network mgmt.
– Service Chaining
- Simple solution, but the potential could be huge
Conclusion
9/26/2014 Exploiting ICN for Flexible Management of SDN 26
SLIDE 27
As usual, open_issues/work_to_be_done outweighs work done
Future Work
9/26/2014 Exploiting ICN for Flexible Management of SDN 27
Work on the more detailed aspects to improve naming, routing, forwarding and etc. But, also work to convince the non-ICN community: other SDN use-cases, prototyping, deployment in small scale, better performance evaluations.
SLIDE 28
Contact: Arumaithurai@cs.uni-goettingen.de Acknowledgements Parts of this research was funded by the joint EU FP7/NICT GreenICN project, under EU grant agreement 608518 and NICT contract 167 and the Volkswagen Foundation Project “Simulation Science Center”.
Thank you for your attention
SLIDE 29 1. COPSS: An Efficient Content Oriented Publish/Subscribe System, Jiachen Chen, Mayutan Arumaithurai, Lei Jiao, Xiaoming Fu, K. K. Ramakrishnan, ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS 2011), Brooklyn, NY, USA, October 2011. 2. G-COPSS: A Content Centric Communication Infrastructure for Gaming, Jiachen Chen, Mayutan Arumaithurai, Xiaoming Fu, and K.
- K. Ramakrishnan, The 32nd IEEE International Conference on
Distributed Computing Systems (ICDCS 2012), Macau, China, June 2012. 3. Coexist: Integrating Content Oriented Publish/Subscribe Systems with IP, Jiachen Chen, Mayutan Arumaithurai, Xiaoming Fu, K. K. Ramakrishnan, ACM/IEEE ANCS 2012, ACM, October 2012.
References
9/26/2014 Exploiting ICN for Flexible Management of SDN 29
SLIDE 30
Extra Slides
SLIDE 31
- Indirection based service chaining
– They rely on predetermined nodes that provide the service – Con: Poor routes; Cannot make good use of the flexibility of NFVs
– Based on traffic characteristics (5-Tuple-IP; rate) – Con: Policy decision needs to be communicated early to the routers,
i.e., flow based forwarding rules (issues of scalability, flexibility)
Related Work - I
31 9/26/2014 Exploiting ICN for Flexible Management of SDN
SLIDE 32 Lifetime of a packet
9/26/2014 Exploiting ICN for Flexible Management of SDN 32
Middlebox Prefix Popper ICN-Switch Ingress Egress Firewall A Load Balancer Firewall B R5 chain:/Cache/R5 chain:/LB/_FW/Cache/R5 Cache chain:/Firewall/_B/Cache/R5 chain:/Cache/R5 chain:/R5 DPI chain:/DPI/Cache/R5 DPI
SLIDE 33
- What if we want all the packets of a flow to go to the same
instance?
– Use name associated with that particular instance
- E.g, chain:firewall/_A/cache
- What if we want the packets in both directions to go through
the same instance?
– Again, use name associated with that particular instance
FCSC special cases
9/26/2014 Exploiting ICN for Flexible Management of SDN 33
SLIDE 34
- What is the Impact of the choice of a routing scheme?
- Decision affects the flexibility and reliability
– Centralized controller based scheme
» Global knowledge
– Distributed routing scheme
» Need to synchronize better » But information can propagate to neighbours quickly
- Possibility to use a load-balancer middlebox instance if required
FCSC Routing
9/26/2014 Exploiting ICN for Flexible Management of SDN 34
SLIDE 35
– Flexibility
- Enables switches to dynamically detect load and accordingly
instantiate/dispose Network functions
- Allows flows to use newly instantiated NFVs and faster recovery from
node/link failures
- Allows dynamic modification of the functions needed by a flow on the
controller or middleboxes
– Scalability
- By placing the flow state in the packet header, the number of states stored in
the network is reduced
– Therefore more scalable than the per-flow state solutions
- Intrinsically supports the presence of multiple instances for the same
functionality and can perform network layer load balancing among these nodes
– Reliability
- Allows faster recovery from node/link failures by using the forwarding table to
find another instance
FCSC Advantages
9/26/2014 Exploiting ICN for Flexible Management of SDN 35
SLIDE 36
Proactive rule for flow initiation
9/26/2014 Exploiting ICN for Flexible Management of SDN 36
60 70 80 90 100 10 20 30 40 Latency (ms) Packet ID FCSC SDN
