Shadow MACs: Scalable Label-switching for Commodity Ethernet

Author: Kanak Agarwal, John Carter, Eric Rozner and Colin DixonPublisher: HotSDN 2014Presenter: Yi-Tsung HuangDate: 2015/12/02

Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Introduction

Issues around consistent updates and rule space exhaustion tend to only arise at scale.

Encoding fine-grained paths as labels allows all forwarding decisions to be made using fixed-width, exact-match lookups, which map easily into large simple hardware tables without requiring large expensive TCAM tables.

National Cheng Kung University CSIE Computer & Internet Architecture Lab

2

Introduction

Label switching can be done using MPLS, but MPLS support in commodity switches is limited.

We explore an alternative scalable label-switching architecture that can be implemented on existing commodity hard-ware by using virtual MAC addresses, which we call shadow MACs, as forwarding labels.

National Cheng Kung University CSIE Computer & Internet Architecture Lab

3

Design-Control Plane

The control plane of our label-based forwarding mechanism is implemented via extensions to a SDN controller.

We modify the controller to export an install route API to install a shadow-MAC-based label-routed path to a destination.

National Cheng Kung University CSIE Computer & Internet Architecture Lab

4

Design-Control Plane

Alternatively, invoking applications can pre-install multiple paths to a host and activate them later for a particular flow.

SDN applications can activate one of the pre-installed routes for a flow by making an API call to the select route interface and specifying the source and flow identifier along with the route identifier for ingress switch match.

National Cheng Kung University CSIE Computer & Internet Architecture Lab

5

Design-Core Forwarding

The key idea in our proposal is to treat each packet’s destination MAC address field as an opaque forwarding label.

The SDN controller allocates a unique shadow MAC address for each path in the network.

It then installs rules that match on the shadow MAC address in the L2 forwarding table of each switch along the path.

National Cheng Kung University CSIE Computer & Internet Architecture Lab

6

Design-Edge Forwarding

Once the core is configured to forward packets based on shadow MACs, all that remains is to steer traffic in and out of MAC-label-switched paths at the source and destination edges.

We have implemented two schemes to accomplish these goals:• MAC address rewriting • ARP spoofing.

National Cheng Kung University CSIE Computer & Internet Architecture Lab

7

Design-Edge Forwarding

We install a rule in the ingress switch that matches flow-specific fields and rewrites the destination MAC address to the shadow MAC address for the desired path.

At the egress switch, we install a rule that rewrites the destination MAC to the destination host’s real MAC address.

National Cheng Kung University CSIE Computer & Internet Architecture Lab

8

Design-Edge Forwarding

National Cheng Kung University CSIE Computer & Internet Architecture Lab

9

Design-Edge Forwarding

The SDN controller acts as an ARP proxy and handles all ARP request from hosts.

When a path is activated between source and destination, the SDN controller sends a gratuitous ARP response to the source identifying the shadow MAC as the MAC address corresponding to the destination.

National Cheng Kung University CSIE Computer & Internet Architecture Lab

10

Design-Edge Forwarding

National Cheng Kung University CSIE Computer & Internet Architecture Lab

11

Key Benefits-Minimal TCAM Usage

It requires little or no scarce TCAM resources to implement fine-grained (e.g., per-flow) forwarding.

National Cheng Kung University CSIE Computer & Internet Architecture Lab

12

Key Benefits-Consistent Updates

SDN controller can pre-install new rules in the core and egress switches along the new path.

When the new path is fully installed, the SDN controller updates the route atomically by installing a new rewrite rule in the ingress switch

National Cheng Kung University CSIE Computer & Internet Architecture Lab

13

Key Benefits-End-to-End Multipathing

SDN controller can allocate multiple distinct paths (shadow MACs) per destination.

OVS can allocate flows in round-robin fashion

National Cheng Kung University CSIE Computer & Internet Architecture Lab

14

Key Benefits-Fast Switch-over

Our API allows SDN applications to pre-install multiple paths for a given flow, each of which uses a distinct shadow MAC address.

After installation, only one is activated, while the remainder lie dormant until needed.

To activate a new path, the SDN controller need only replace the rewrite rule in the ingress switch

National Cheng Kung University CSIE Computer & Internet Architecture Lab

15

Key Benefits-Fast Switch-over

National Cheng Kung University CSIE Computer & Internet Architecture Lab

16

Key Benefits-Fast Switch-over

National Cheng Kung University CSIE Computer & Internet Architecture Lab

17

Key Benefits-Fast Switch-over

National Cheng Kung University CSIE Computer & Internet Architecture Lab

18

Evaluation

National Cheng Kung University CSIE Computer & Internet Architecture Lab

19

Evaluation

We compare two mechanisms to change routes.• Shadow MAC rerouting• Traditional OpenFlow rerouting uses Floodlight’s

Static Flow Pusher We consider a packet to be incorrectly routed

if it traverses part of more than one route.

National Cheng Kung University CSIE Computer & Internet Architecture Lab

20

Evaluation

National Cheng Kung University CSIE Computer & Internet Architecture Lab

21

Evaluation

National Cheng Kung University CSIE Computer & Internet Architecture Lab

22