the next big challenge
play

The Next Big Challenge? Gianni Antichi, Gbor Rtvri Disclaimer - PowerPoint PPT Presentation

Apr 25, 2023 •132 likes •390 views

Full-stack SDN: The Next Big Challenge? Gianni Antichi, Gbor Rtvri Disclaimer This is a "Challenge" paper Dont expect answers, only some (hopefully) interesting questions TLDR; Ethernet bridges handle packets at

  1. Full-stack SDN: The Next Big Challenge? Gianni Antichi, Gábor Rétvári

  2. Disclaimer ● This is a "Challenge" paper ● Don’t expect answers, only some (hopefully) interesting questions

  3. TLDR; Ethernet bridges handle packets at L2, IP routers at L3, and middleboxes add L4 processing capability Switch Application Transport Network Link

  4. TLDR; Ethernet bridges handle packets at L2, IP routers at L3, and middleboxes add L4 processing capability Switch SDN Controller Software Defined Networking (SDN): Application impose L2-L4 network policies Transport centrally Network Link

  5. TLDR; Ethernet bridges handle packets at L2, IP routers at L3, and middleboxes add L4 processing capability Switch SDN Controller Software Defined Networking (SDN): Application impose L2-L4 network policies Transport centrally Network We argue it is time to extend SDN Link up into the Application layer (L7)

  6. TLDR; Questions? :D

  7. Cloud 1.0: Monolithic apps deployed into VMs Full app instances Server Server Virtual Virtual deployed into VMs Machine Machine Ethernet, IP Exchange traffic over Virtual Virtual L2 and L3 protocols Machine Machine Virtual Virtual Switch Switch Fabric

  8. Cloud 2.0: Microservices Micro- Micro- Server Server Fine-grained decompo- service service HTTP, gRPC SOAP, sition of business logic Container Container WebSocket.. Micro- Micro- into loosely coupled service service microservices Container Container Virtual Virtual Lightweight isolation in Machine Machine Linux containers Virtual Virtual Machine Machine Expose/consume services over Virtual Virtual application-layer (L7) Switch Switch protocols Fabric

  9. Takeaway 1 With the transition to the microservice architecture, the main network communication pattern becomes application-layer (L7) protocols

  10. Looking glass on microservices Microservice communication relies on Micro- critical L7 network functions that are service App logic hardcoded into applications Container L7 Network stack L4 Examples: Load-balancing, L7 ACLs, L3 circuit breaking, L7 health-checking, L2 encryption, policing, observability, RDMA authentication and authorization Virtual Virtual Port Port Cannot impose L7 network policies Virtual centrally Switch

  11. Example 1: Filter HTTP REST API calls Microservices typically expose/consume Micro- Micro- services over RESTful HTTP APIs service service query read-only These look the same for a conventional HTTP GET L2-L4 SDN switch (TCP, port=80/443) The network SHOULD be able to filter connections based on HTTP header Virtual network HTTP POST fields The control plane SHOULD be able to set L7-ACLs in switches

  12. Example 2: Differentiate/route based on VXLAN ID If a new service version is deployed Micro- Micro- alongside production code.. service service production VXLAN tunnels look the same for an L2- VXLAN Network L4 SDN switch (UDP port is 4789) Normal Identifier? traffic The network SHOULD be able to handle Test traffic at the granularity of VXLAN traffic Virtual network Network Identifier! The control plane SHOULD be able to Micro- service install VXLAN routing rules in the test dataplane

  13. Example 3: Police RTP streams by user ID RTP streams look the same for Micro- Micro- Micro- Micro- service service service service an L2-L4 SDN switch The network SHOULD be able to User 1: 10 Kbps rate-limit RTP streams based on User 2: 100 Kbps user ID (SSRC) Virtual network The control plane SHOULD be able to set/query counters at the granularity of individual RTP streams

  14. Takeaway 2 Application-layer network functions SHOULD be moved out from applications into the dataplane to allow the enforcement of L7 network policies centrally

  15. State-of-the-art: The service mesh Microservice Application The service mesh is an L7- Container SDN to manage HTTP-based Business Logic microservice communication Service Proxy Istio L4-L7 policies Achieved by injecting an HTTP Virtual service proxy to each Port microservice Virtual Switch Kubernetes L2-L3 policies

  16. State-of-the-art: The sidecar proxy model Microservice Microservice Application Application Container Container Business Logic Business Logic Service Proxy Service Proxy L4-L7 policies L4-L7 policies Virtual Switch L2-L3 policies The proxy runs side-by-side with the app and intercepts all ingress/egress traffic

  17. State-of-the-art: The sidecar proxy model Microservice Microservice Application Application Container Container Business Logic Business Logic Service Proxy Service Proxy L4-L7 policies L4-L7 policies Virtual Switch L2-L3 policies Even a local packet exchange requires stitching 3 connections one after the other This is 6 kernel-space--user-space context switches (remote calls are even worse)

  18. State-of-the-art: The sidecar proxy model Microservice Microservice Application Application Container Container Business Logic Business Logic Service Proxy Service Proxy L4-L7 policies L4-L7 policies Virtual Switch L2-L3 policies Check the paper for some numbers on how this architecture might affect network function performance!

  19. Takeaway 3 The state-of-the-art L7 SDN is restricted to HTTP and runs on top of the inefficient sidecar-proxy model

  20. The challenge: Full-stack SDN Microservice Microservice Application Application Container Container Business Logic Business Logic Service Proxy Service Proxy L4-L7 policies L4-L7 policies Virtual Switch L2-L3 policies

  21. The challenge: Full-stack SDN Microservice Microservice Application Application Container Container Business Logic Business Logic Full-Stack Virtual Switch L2-L7 policies A local packet exchange would require now only 1 simple connection This is only 2 kernel-space--user-space context switches!!!!

  22. Full-stack SDN: How? Process traffic at any layer in the protocol stack (UDP, TCP, RTP, WebSocket, Ethernet, IP, etc..) Key components: ○ Full-stack SDN switch ○ Full-stack SDN control plane See a couple of initial ideas in the paper

  23. Conclusions Takeaway 1 With the transition to the microservice architecture, the main network communication pattern becomes application-layer (L7) protocols Takeaway 2 Application-layer network functions SHOULD be moved out from applications into the dataplane to allow the enforcement of L7 network policies centrally Takeaway 3 The state-of-the-art L7 SDN is restricted to HTTP and runs on top of the inefficient sidecar-proxy model Challenge: Full-stack SDN

  24. Thanks!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

STEP CHALLENGE February 7 th March 8 th CHALLENGE OVERVIEW This Step Challenge is a fun

STEP CHALLENGE February 7 th March 8 th CHALLENGE OVERVIEW This Step Challenge is a fun

Marion County Public Schools STEP CHALLENGE February 7 th March 8 th CHALLENGE OVERVIEW This Step Challenge is a fun and effective 30-day walking challenge where your goal is to increase your daily average steps by 25% * ! *If you are not

466 views • 8 slides
VAST CHALLENGE 2017 Bianca Barnucz & Stephanie Wegscheidl OVERVIEW VAST Challenge

VAST CHALLENGE 2017 Bianca Barnucz & Stephanie Wegscheidl OVERVIEW VAST Challenge

VAST CHALLENGE 2017 Bianca Barnucz & Stephanie Wegscheidl OVERVIEW VAST Challenge User Challenge 1 Challenge 2 Challenge 3 Grand Challenge Implementation Project Management & Outlook VAST CHALLENGE 2017

270 views • 16 slides
THIS IS WHERE CHANGE BEGINS - Worlds Challenge Challenge February 12, 2018 1 AGENDA

THIS IS WHERE CHANGE BEGINS - Worlds Challenge Challenge February 12, 2018 1 AGENDA

THIS IS WHERE CHANGE BEGINS - Worlds Challenge Challenge February 12, 2018 1 AGENDA Introduction to the SDGs - Rules of the Worlds Challenge Challenge Sustainable Development Mixer 2 Triple Bottom Line An

789 views • 46 slides
www.bpho.org.uk Oxford 24 th June 2014 Physics Challenge AS Challenge A2 Challenge

www.bpho.org.uk Oxford 24 th June 2014 Physics Challenge AS Challenge A2 Challenge

www.bpho.org.uk Oxford 24 th June 2014 Physics Challenge AS Challenge A2 Challenge Experimental Project BPhO Round 1 Round 2 Training Camp IPhO Moreover a physics problem should be difficult in order to entice

720 views • 33 slides
Challenge: InMutaGene https://www.crackit.org.uk/challenge-21- inmutagene Launch Meeting 10

Challenge: InMutaGene https://www.crackit.org.uk/challenge-21- inmutagene Launch Meeting 10

Challenge: InMutaGene https://www.crackit.org.uk/challenge-21- inmutagene Launch Meeting 10 September 2015 The Challenge To develop in vitro / in silico assay(s) that can be used singly or in combination to improve risk assessment for GT

547 views • 17 slides
30 / 40 piece challenge presentation by Lizbeth Atkinson Where did the challenge begin? The idea

30 / 40 piece challenge presentation by Lizbeth Atkinson Where did the challenge begin? The idea

30 / 40 piece challenge presentation by Lizbeth Atkinson Where did the challenge begin? The idea of the 40 piece challenge began when Elissa Milne, an Australian born composer, musician and teacher discovered this statement in a book one day,

281 views • 7 slides
Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic Challenge V1.0 * Forensic

Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic Challenge V1.0 * Forensic

Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic Challenge V1.0 * Forensic Challenge V2.0 * Conclusions Introduction Why this forensic Challenge ? * To promote and impulse the Forensic Analysis in our Region -- Hispanoamerica--

558 views • 19 slides
Promoting Sustainability: A Challenge for All Our biggest challenge in this new century is to

Promoting Sustainability: A Challenge for All Our biggest challenge in this new century is to

Promoting Sustainability: A Challenge for All Our biggest challenge in this new century is to take an idea that seems abstract - sustainable development - and turn it into a daily reality for all the worlds people . Kofi Annan, UN

321 views • 15 slides
Arizona FAF$A Challenge Julie Sainz, M.Ed. Arizona FAF$A Challenge Project Manager Arizona

Arizona FAF$A Challenge Julie Sainz, M.Ed. Arizona FAF$A Challenge Project Manager Arizona

Arizona FAF$A Challenge Julie Sainz, M.Ed. Arizona FAF$A Challenge Project Manager Arizona Commission for Postsecondary Education Agenda Agenda What is the AZ FAF$A Challenge New State Goal Challenge Categories Incentives

666 views • 21 slides
The Challenge Avoiding the next GFC... The Challenge - Producing More with Less

The Challenge Avoiding the next GFC... The Challenge - Producing More with Less

Banking 4 Food Edwin van Raalte The Challenge Avoiding the next GFC... The Challenge - Producing More with Less today 2050 Natural Natural Resources Resources Every minute 158 & Footprint more mouths to feed Of

632 views • 41 slides
Climate-KIC 9 December 2015 t The Climate Challenge and opportunities Challenge Opportunities

Climate-KIC 9 December 2015 t The Climate Challenge and opportunities Challenge Opportunities

Climate-KIC 9 December 2015 t The Climate Challenge and opportunities Challenge Opportunities 2 o C is the guard rail for A unique opportunity: we must manageable climate address the biggest challenge change. facing mankind

489 views • 13 slides
@ International KEYSTONE Challenge Track Conference Challenge Track Koice 11 12 May 2015

@ International KEYSTONE Challenge Track Conference Challenge Track Koice 11 12 May 2015

@ International KEYSTONE Challenge Track Conference Challenge Track Koice 11 12 May 2015 Sanda Martini - Ipi University of Rijeka Challenge Track Any challenge in the scope of KEYSTONE project is welcome. What open

200 views • 19 slides
1. Introduction butterfillS@ceu.hu butterfillS@ceu.hu first challenge second challenge We

1. Introduction butterfillS@ceu.hu butterfillS@ceu.hu first challenge second challenge We

1. Introduction butterfillS@ceu.hu butterfillS@ceu.hu first challenge second challenge We are stuck with our two main ways of describing and explaining things, one which treats objects and events as mindless, and the other which treats

854 views • 82 slides
Challenge on Challenge on 48 Ca enrichment 48 Ca enrichment Separation of Calcium Isotopes with

Challenge on Challenge on 48 Ca enrichment 48 Ca enrichment Separation of Calcium Isotopes with

Sep 19,2005@US-Japan Seminar, Hawaii Challenge on Challenge on 48 Ca enrichment 48 Ca enrichment Separation of Calcium Isotopes with a Crown Ether Pedersen@1962 Cram&Lehn@1987 Ryuta Hazama for the CANDLES Collaboration Dept. Phys.,

360 views • 18 slides
Structure of Presentation Introduction Challenges in the Verification of Challenge 1:

Structure of Presentation Introduction Challenges in the Verification of Challenge 1:

Structure of Presentation Introduction Challenges in the Verification of Challenge 1: Variety of modeling languages Electronic Control Units Challenge 2: Learning curve for Requirement Capture Challenge 3: Integration with

250 views • 11 slides
F-17 TTAC QP The Challenge The F-17 TTAC Challenge Restore Integrity without being able to

F-17 TTAC QP The Challenge The F-17 TTAC Challenge Restore Integrity without being able to

PH IP F 17 WP PCP Stavanger May 26 th , 2011 Thore Bergsaker DP F-17 TTAC QP The Challenge The F-17 TTAC Challenge Restore Integrity without being able to reach communication depth & Restore Production (3000 bopd) 2 F-17 F-17

205 views • 7 slides
Implementing Blue/Green Deployments with Istio Machine Intelligence Modern Infrastructure

Implementing Blue/Green Deployments with Istio Machine Intelligence Modern Infrastructure

Implementing Blue/Green Deployments with Istio Machine Intelligence Modern Infrastructure http://mi2.live What is MI2? MI2 Webinars focus on the convergence of machine intelligence and modern infrastructure . Every alternate week, I deliver

562 views • 27 slides
One year of Deploying Applications for Docker, CoreOS, Kubernetes and Co thomas@endocode.com

One year of Deploying Applications for Docker, CoreOS, Kubernetes and Co thomas@endocode.com

One year of Deploying Applications for Docker, CoreOS, Kubernetes and Co thomas@endocode.com LinuxCon+ContainerCon, Berlin, Oct 5, 2016 HI! Thomas Fricke thomas@endocode.com CTO Endocode System Automation DevOps Cloud, Database

949 views • 54 slides
Move your VS Code extension into Eclipse Che Florent Benoit 1 Eclipse Che 7 Eclipse Che 7 2

Move your VS Code extension into Eclipse Che Florent Benoit 1 Eclipse Che 7 Eclipse Che 7 2

Move your VS Code extension into Eclipse Che Florent Benoit 1 Eclipse Che 7 Eclipse Che 7 2 Devfile Devfile to share workspaces apiVersion : 1.0.0 metadata: generateName : python- Project projects : - Name Repo Branch name :

533 views • 36 slides
Sidecars Future and Other Cavity Concepts Nathan Woollett August, 2018 LLNL-PRES-756799

Sidecars Future and Other Cavity Concepts Nathan Woollett August, 2018 LLNL-PRES-756799

Sidecars Future and Other Cavity Concepts Nathan Woollett August, 2018 LLNL-PRES-756799 This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE-AC52-07NA27344.

135 views • 10 slides
Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker & Kubernetes Enthusiast Speaker at Meetups Email: apurvbhandari@gmail.com LinkedIn: https://www.linkedin.com/in/apurvabhandari-linux GitHub:

2.16k views • 28 slides
Machine Learning pipeline wit ith R Contributions to whiteboxing machine learning for

Machine Learning pipeline wit ith R Contributions to whiteboxing machine learning for

Towards an Enterprise grade Machine Learning pipeline wit ith R Contributions to whiteboxing machine learning for interoperation with production environments Thomas.Strehl@at.ibm.com Thomas.Weinrich@at.ibm.com Rudolf.Pailer@at.ibm.com @20200120

858 views • 58 slides
Agreeing on Institutional Goals for Multi-Agent Societies D. Gaertner 1 , 2 , J.-A. Rodriguez 2 ,

Agreeing on Institutional Goals for Multi-Agent Societies D. Gaertner 1 , 2 , J.-A. Rodriguez 2 ,

Agreeing on Institutional Goals for Multi-Agent Societies D. Gaertner 1 , 2 , J.-A. Rodriguez 2 , F. Toni 1 1 Department of Computing, Imperial College, London, United Kingdom 2 Artificial Intelligence Research Institute, IIIA-CSIC, Bellaterra,

770 views • 38 slides
Towards Quantifiable Boundaries for Elastic Horizontal Scaling of Microservices Manuel Ramrez

Towards Quantifiable Boundaries for Elastic Horizontal Scaling of Microservices Manuel Ramrez

Towards Quantifiable Boundaries for Elastic Horizontal Scaling of Microservices Manuel Ramrez Lpez <ramz@zhaw.ch> & Josef Spillner <josef.spillner@zhaw.ch> Service Prototyping Lab (blog.zhaw.ch/icclab) Dec 5, 2017 | 6th

197 views • 16 slides

More recommend