Software-Defined Networking Architecture Framework for ...aryan/docs/thesis/defence.pdfSoftware-Deﬁned Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments

Introduction Solutions Evaluation Summary

Software-Defined Networking ArchitectureFramework for Multi-Tenant Enterprise Cloud

Environments

Aryan TaheriMonfared

Department of Electrical Engineering and Computer ScienceUniversity of Stavanger

October 26, 2015


Outline1 Introduction

Scope & Problem? & Solution!Cloud NetworkingSoftware-Defined NetworkingNetwork Function VirtualizationNetwork Monitoring Services

2 SolutionsOverviewBackbone Network MonitoringSDN Controlled Cloud PlatformTenant Virtual Network MonitoringVirtual Network FlavorMonitoring Service Orchestration and TransportTenant Controlled Virtual Networks

3 EvaluationOverview

4 Summary


Scope & Problem? & Solution!





4 Summary



Scope

Addressing challenges in ...1 ICT infrastructures of large-scale enterprises and NRENs.2 Cloud and data-intensive computing models.3 Rapidly growing service demands and business models.4 Focus: Networking Infrastructure and Services.



Problems?

Challenges are ...1 Cloud computing characteristics introduce new challenges

to well-studied network functions.2 Significant increase in the data volume, velocity, and

variety.3 Network operation and maintenance have scalability and

efficiency issues:Rudimentary interfaces.Vertically integrated networking planes.Off-premises resources.



Solutions!

3 Approaches ...1 Take advantage of data-intensive processing frameworks.2 Introduce new entities in Cloud model.3 Adapt new network architectures (e.g. SDN, NFV).



Contributions:

A) Architectural improvements for network monitoring services:Data-intensive computing model.SDN mechanisms.

→ Advance the state-of-the-art in backbone and data centernetwork monitoring.

B) SDN architecture framework for large-scale infrastructure:

Re-implementation of traditional network functions usingnew mechanisms.Introduction of new functions to fulfill requirements of thenew computing model.

→ Enhance the efficacy, reliability, and manageability ofnetwork infrastructure.


Cloud Networking





4 Summary


Cloud Networking

Virtual Networks in Cloud

Virtual Network (VN):VNs connect provisioned resources.Resources are VMs, containers, higher level services, etc.VNs are overlays on top of providers’ infrastructures.Providers establish and maintain VNs.


Software-Defined Networking





4 Summary




Definition:New methods for network management and configuration.Abstractions between different layers of networking:→ Control plane: specification, distributed state, forwarding

Logically centralized controller (Network OS).Network programmability via controller.



Network Operating System



Control Plane Protocol

OpenFlowAn approach for forwarding abstraction.Separate forwarding plane from control plane physically.One control plane can manage multiple forwarding planes.

OpenFlow Switch Spec (+ OpenFlow Wire protocol)OF switch has a set of flow tables, and a group table.OF controller add/update/delete flow entries.Flow entry has a matching pattern, ordered actions,priority, counters.



OpenFlow Rules

OFPST_FLOW rep l y (OF1. 3 ) ( x id =0x2 ) :# PRIORITY # MATCH # ACTION

i n _ p o r t =1 , d l_s rc = fa :16 :3 e :1 a :26 :5 c ac t ions= s e t _ f i e l d :0 x1−>tun_id ,go to_ tab le :10

i n _ p o r t =2 , d l_s rc = fa :16 :3 e : 9 0 : c1 :19 ac t ions= s e t _ f i e l d :0 x1−>tun_id ,go to_ tab le :10

d l_ type =0x88cc ac t ions=CONTROLLER:65535p r i o r i t y =8192 , tun_ id =0x1 ac t ions=goto_ tab le :20

tun_ id =0x1 , d l_ds t = fa :16 :3 e :6 a :3 e :13 ac t ions=output : 3 ,go to_ tab le :20

p r i o r i t y =8192 , tun_ id =0x1 ac t ions=drop



Management Plane Protocol

Don’t forget the management plane!As important as control plane (e.g. OpenFlow).Configure several devices with single management plane.

Examples1 Open vSwitch DataBase (OVSDB) management protocol:

OF-Config can be implemented on top it.More than virtual entities (Pica8, HP).

2 OpenFlow-Config protocol3 NETCONF



OVSDB Example

5476c254−6f4e−4a1a−be8e−b14837dd06b8Manager " tcp :192.168.10 .1 :6640"Br idge br−i n t

C o n t r o l l e r " tcp :192.168.10 .1 :6633"fa i l_mode : securePor t "em1"

I n t e r f a c e "em1"type : system

Por t br−i n tI n t e r f a c e br−i n t

Por t tap−wer23w2eqI n t e r f a c e tap−wer23w2eq

Por t tap−podf123pI n t e r f a c e tap−podf123p

Por t " gre −172.16.10.5"I n t e r f a c e " gre −172.16.10.5"

type : greopt ions : { key=f low , l o c a l _ i p ="172 .16 .10 .2 " ,

remote_ip ="172 .16 .10 .5 " ,tos= i n h e r i t }

ovs_vers ion : " 2 . 3 . 0 "



Traditional vs SDN


Network Function Virtualization





4 Summary




Definition:Network architecture.Utilizes virtualization for delivering network functions.Functions realized in software.Deployed on standard hardware.Decoupled from proprietary hardware.Evolve beyond HW life-cycles.


Network Monitoring Services





4 Summary


Network Monitoring Services

Monitoring Service Distribution


Overview





4 Summary


Overview

Contributions Overview


Backbone Network Monitoring





4 Summary



Paper 2:

Real-Time Handling of NetworkMonitoring Data Using aData-Intensive Framework



Simplified Backbone Network



Data Characteristics

Sampling rate: 8Number of routers as data source: 2Average number of monitoring records: 22 M/dayAverage volume of monitoring records: 60 GB/dayAnonymized records.Possibly various protocols.



ProblemsProper network operation requires efficient monitoring.Various monitoring instruments and protocols exist.Challenging characteristics of the monitoring data.Diverse query types are required:(e.g. exploratory ad-hoc vs. long-term planned)

ContributionsScalable and flexible storage.Real-time processing, long-term analysis.Protocol independent.



Monitoring Components



Results

Support various query types:ad-hoc, exploratory, long-term planned, trend discovery.

Long-term queries (150 days): ∼25min vs. not possible.Ad-hoc queries: 3-OM faster than traditional tools.One size doesn’t fit all.


SDN Controlled Cloud Platform





4 Summary



NREN Infrastructure (Zoom-in)



High-Level Data Center Architecture



Cloud Networking Details (Isolation Techniques)



Cloud Networking Details 2 (Internal Services)



So what?

ProblemsCurrent solutions are not scalable.Not flexible.No knowledge of multi-tenancy.

SolutionsAdapt SDN architecture.Use Cloud controller knowledge.



NREN Infrastructure with an SDN Controller



High-Level Data Center Architecture with an SDNController


Tenant Virtual Network Monitoring





4 Summary



Paper 1:

Multi-Tenant NetworkMonitoring Based onSoftware-Defined Networking



Monitoring Each Tenant Network Activity UsingTraditional Tools



So what?

Challenges

Complex stakeholders relationship.Multi-tenancy, and elasticity.Unreliability of traditional tools in a heterogeneous infra.Growing demand for monitoring.

ApproachesAdapt traditional mechanisms:e.g. Use IP header, DL header, Virtual components

Use SDN mechanisms.






High-Level View with Per-Tenant Monitoring


Virtual Network Flavor





4 Summary



Paper 4:

Virtual Network Flavors:Differentiated TrafficForwarding for Cloud Tenants



Virtual Machine Flavors

As you know ...Virtual Machines have flavors.VM flavor specifies the VM properties.# vCPU, Memory, Block Device, vNIC Rx/Tx Ratio

However ...Virtual Networks don’t have flavors.Not possible to specify VN properties.



Under and Overlays Controlled by an SDN Controller




ContributionsDefining Flavors and delivering QoS for VNs.Overlay traffic classification and steering in the underlay.Differentiated forwarding of overlays across the underlay.Exploiting meters, queues, and path diversity.Reflecting flavors in DSCP/Flow Label fields.

Traffic Engineering Strategy1 Path Length: # hops2 Meters: Per-flow, fine-grained, OpenFlow3 Queues: Per-port, better guarantees, OpenFlow, OVSDB4 Meters and Queues



VN Flavor & Evaluation Scheduling

VN Flavor Specifies ...Coarse-grained traffic classes.End-to-end priority.Maximum throughput.

Evaluation Scheduling MethodsUse to resemble realistic workload scenariosVNs evaluation concurrency (c: false/true)VMs evaluation concurrency (i: false/true)



CDF of the 90th percentile TCP throughput for each classindependent of the scheduling approach.

0

0.2

0.4

0.6

0.8

1

100 200 300 400 500 600 700 800

CD

F

Rate (Mbps)

Class 3Class 2Class 1Class 4


Monitoring Service Orchestration and Transport





4 Summary



Paper 5:

On the Feasibility of DeepPacket Inspection forMulti-Tenant Data CenterNetworks



Payload Analysis in DC Network

ProblemsPacket payload analysis is costly.Not feasible in a multi-tenant DC network.No choke-point.Customers and providers need it.

ApproachUse commodity devices (networking, compute).Distribute the service.Orchestrate distributed components.










ContributionsFind switches and monitoring hosts for designated flows

Avoid network congestionMinimize service overhead

→ Combinatorial optimization problemProgram the network

Fast path calculation algorithmSDN programming

Results27000 hosts, 2800 switches.

⇒ 10% of network traffic processed by 0.5% of hosts and20% switches.



Monitoring Service Design



Path Finding Evaluation

0.1

1

10

100

1000

10000

100000

0 5 10 15 20 25 30 35 40 45 50

Pair p

er

second

K (Number of ports)

Numeric with subpathsNumeric without subpaths

YKSP with subpathsYKSP without subpaths



Monitoring Switches & Hosts for Various Inputs

Monitoring Switches Monitoring Hosts

520

540

560

580

600

620

640

0 1 2 3 4 5 6 7

#M

onS

w

Inputs

Late AcceptanceSimulated Annealing

Tabu Search

0

50

100

150

200

250

300

350

400

0 1 2 3 4 5 6 7

#M

onH

ost

Inputs

Late AcceptanceSimulated Annealing

Tabu Search


Tenant Controlled Virtual Networks





4 Summary



Paper 3:

Flexible Building Blocks forSoftware Defined NetworkFunction Virtualization



Virtual Networks Controlled by Tenants

ProblemsCompute resources are controlled by tenants.Network resources are not.VNs have limited functionality.Proprietary APIs.

ContributionsNew approach for network virtualization.Dedicated networking components for each tenant.Direct and full control.Standard/Open protocols.



Traditional VMs connectivity






Evaluation – Reachability Time

⇒ Start-up time increased for the first few VMs.



Evaluation – TCP Bandwidth

⇒ Throughput is decreased ∼ 12%.


Overview





4 Summary


Overview

Implementation & Deployment & Operation

Implementation6 modules for OpenDaylight SDN controller.2 extensive evaluation frameworks for OpenStack.Automated topology generation.Open Source: https://github.com/aryantaheri

Testbeds’ Purposes

1 Feasibility Analysis2 Development

3 Prototyping4 Production Evaluation

Infrastructure Operation & Maintenance

Monitor Configure Deploy

https://github.com/aryantaheri


Thank you!

Questions? & Answers!


NREN Infrastructure with an SDN Controller



SDN Controller


Network Operating System


High-Level Data Center Architecture with an SDNController


Underlay and Overlays Controlled by an SDNController


Testbed


VN Flavor – Programming Endpoints

Classifying OverlaysMarking Tunnel Packets


DPI – Evaluation

Numeric Path Finder Algorithm# calculated paths per second# calculated sub-paths after finding a limited number ofpaths

Optimization SolverInputs:topology, traffic characteristics, monitored traffic, resource cost

Service costResources usage stats (switch, host)Resource utilization stats (reuse frequency)Switch distribution and aggregated layer usageMonitoring switch-host distance stats


DPI – Monitoring Paths


DNB – Internal Structure


DNB – Internal Structure


DNB – Logical Overlay Networks


DNB – PacketFlow


DNB – Reachability Time

DNB DNB/CNB


DNB – TCP Bandwidth


Future Directions I

GeneralInter-Data Center Virtual Networks.Integration of contributions as a unified solution.Enterprise security enforcement and incident responseusing SDN.Tor implementation.Extend evaluations.


Future Directions II

Backbone Monitoring

Study streaming solutions and impacts.Packet capture and payload analysis.Porting existing software (Suricata/Snort).Automatic trend discovery and scheduled jobs.Feedback to SDN controller.


Future Directions III

Tenant VN MonitoringAlerting, billing, accounting.Live migration and automated quarantine mechanisms.Integration with real-time processing framework.


Future Directions IV

VN FlavorInter-DC VN flavor.VN Embedding algorithm (transit switch access).Integration with tenant-dedicated network switches.


Future Directions V

DPIFocus on processing.Distributed processing logic (single tenant/flow distributedon several processing node).Templates for traffic flows (reduce optimization time).Integration with real-time processing framework.


Future Directions VI

Tenant Controlled VNTenant transport network enhancement.Implementation in the kernel TCP/IP stack.Inter-DC architecture.

Documents

Software-Defined Networking Architecture Framework for ...aryan/docs/thesis/defence.pdfSoftware-Deﬁned Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments