Zeppelin - A Third Generation Data Center Network Virtualization Technology based on SDN and MPLS
James Kempf, Ying Zhang, Ramesh Mishra, Neda BeheshtiEricsson Research
CloudNet ’13 | 2013-11-13 | Page 2
› Motivation› Our approach› Design choices› Unicast Routing
– Basic Data Plane Label Based Fowarding– Example Control Plane: VM Activation
› Evaluation› Conclusions
Outline
CloudNet ’13 | 2013-11-13 | Page 3
› Lack of performance guarantees– No QoS or traffic engineering
› Coupling with wide area network is weak– Cumbersome gateway/tunnel endpoints required
› Efficient traffic isolation techniques are needed – Performance isolation– Disruptions minimization– DoS attack prevention
› Existing solutions are insufficient or proprietary– VLANs, MAC address tunnels, and IP overlays are difficult to scale – IP overlay based approaches are difficult to manage– Proprietary versions of TRILL and MAC address tunneling– Flowvisor approach makes debugging difficult and requires the OpenFlow controller to
handle multicast and broadcast
Motivation: Drawbacks in Existing Network virtualization Technology
CloudNet ’13 | 2013-11-13 | Page 4
› Zeppelin: an MPLS based network virtualization technology– SDN controller manages MPLS-based forwarding elements
› Simple OpenFlow control plane– Labels for tenant and last hop link are used for forwarding between
TORS and VMs– Hierarchical labels to improve scalability
› Virtual network labels› Aggregation network labels
Our approach
CloudNet ’13 | 2013-11-13 | Page 5
› Existing applications of MPLS mostly in carrier networks
– Transport networks (MPLS-TP), L2VPN, EVP, L3VPN, traffic engineering
› 24 bit labels specify next hop› Extremely simple data plane:
– Push: push 24 bit label on top of stack– Pop: pop top label– Swap: Swap top label with next
› Horrendously complex control plane– Historically constrained by linking with IP– BGP, LDP, RSVP-TE, Netconf/YANG, etc., etc.– Every new MPLS application results in a new
control plane
Design Choices: MPLS Review
Fundamentally, MPLS addresses links, while IP addresses nodes
CloudNet ’13 | 2013-11-13 | Page 6
› Simple data plane, simple control plane
– Replace control plane with OpenFlow
› Available in most switches– New low cost OpenFlow enabled
switches support it (Pica8,Centec)– And most moderate cost Ethernet
switches do too
› Widely used in wide area network VPNs
– Simplifies gateway between WAN VPN and DC VPN
Design choices: Why MPLS?
CloudNet ’13 | 2013-11-13 | Page 7
Design choices: Why NOT mpls?› Ethernet is entrenched everywhere and in the data center in
particular– Low cost hardware, management software– Merchant chip OpenFlow hardware has constrained flow scalability
› TCAM is costly and consumes power– Network processors have good flow scalability but may not be cost
competitive
› IP overlay techniques like GRE/VXLAN are gaining favor– Only require changing software
› Virtual switch at hypervisor and gateway to WAN– Easily managable IP routed network underlay for aggregation
› Lots of tooling, sysadmin expertise in IP network management– Easy to switch out underlay network
CloudNet ’13 | 2013-11-13 | Page 8
Unicast ROUTING: Data Plane label based forwarding
DestinationTORS
Aggregation Aggregation AggregationAggregation
Core Core
Source Virtual Switch
Green Tenant
VM
Blue Tenant
VM
L1
…
……
Ln
SourceTORS
Rack 1 Rack m
R1Rm LSP-1 R1Rm LSP-2
10.22.30.2
GT Label
GT ENet
Ln Label
BT Label
Ln Label
10.22.30.2
BT ENet
BT ENet
10.22.30.2
GT ENet
10.22.30.2
Dest Virtual Switch
Green Tenant
VM
Blue Tenant
VM
GT ENet
GT Label
Ln Label
10.22.30.2
R1RM L-1
BT ENet
10.22.30.2
GT ENet
10.22.30.3
10.22.30.3
GT Label
GT ENet
Ln Label
BT ENet
BT Label
Ln Label
10.22.30.2
BT ENet
BT Label
Ln Label
10.22.30.2
R1RM L-2
Push Tenant LabelsPush Dest. Link Labels
Push Inter-TORSLabel
Pop Inter-TORSLabel
Pop Link and Tenant Label
CloudNet ’13 | 2013-11-13 | Page 9
Unicast Routing: EXAMPLE Control Plane: VM Activation
Cloud Execution Manager
Cloud NetworkManager
Server Virtual Switch
New Green Tenant VM:<GT ID, GT MAC, Srvr MAC>
OpenFlow FlowMod
Server/VS MAC
VS-TORS Link Label
GT MAC L1
…
Tenant ID Tenant Label
GT ID GT Label
…Source MAC Dest. IP
MPLS LabelStack
IP Protocol Action
* * *ARP
Forward to CNM
* * *DHCP
Forward to CNM
* GT IPL1GT
Label* Pop Labels,
Forward to GT MAC
…
Tenant
ID
Tenant VM
MAC
Server/VS MAC
Tenant VM IP
GT IDGT
MACSrvr MAC GT IP
…
Inform CloudNetwork Manager about new VM
Look up VS-TORS link label and TenantLabel using Tenant MAC and ID as key
Record new tenantVM addresses in Cloud NetworkMapping Table
Send OpenFlow FlowMod to VS on Srvrcausing tenant and link label on incomingpackets to pop and forward packet toTenant VM
CloudNet ’13 | 2013-11-13 | Page 10
EVALUATION: implementation
› Use Mininet to emulate the data center network
› Implement the control plane on NOX controller
› Modify Mininet to store node metadata for switches and hosts
CloudNet ’13 | 2013-11-13 | Page 11
Evaluation: SIMULATION› Metric was average number of rules per VS
and TORS› Simulation parameters
– 12 racks– 20 servers per rack– Random number of VMs to connect– Average 5 and 10 connections per VM
› Results show good scalability– 5 session average within current gen TORS flow
table scale– 10 session average within next gen TORS flow
table scale
› Difference from other OpenFlow network virtualization schemes
– As number of flows per VM increases, TORS rules get reused
– Existing switch MPLS support can be used to move flow table rules out of TCAM
CloudNet ’13 | 2013-11-13 | Page 12
conclusion
› Presented the design and implementation of Zeppelin, a third generation data center virtualization scheme
› Zeppelin uses two levels of MPLS labels– The destination link location and tenant network– The routing path in the aggregation network
› Future work– Extend Zeppelin to multicast and couple with existing WAN MPLS
VPNs– Implement on actual OpenFlow hardware– Study actual data center traffic
CloudNet ’13 | 2013-11-13 | Page 14
Back up slides
CloudNet ’13 | 2013-11-13 | Page 15
LabelTORS1
…
…
…
TLVLL Table
TITL Table
SMVL Table
CNM Table
Labeltid1
LabelTORS1
TID1
TID1
MACServer-T1-VM
MACServer-T1-VMMACT1-VM IPT1-VM
TORS1
Changes in cloud operating system
CloudNet ’13 | 2013-11-13 | Page 16
MACT-VM MACServer IPT-VMLk Other fields
Lj Other fields
Ln Other fields
…
Sent to Lk Group
Sent to Li Group
Sent to Ln Group
LkGroup
HashHeader
Push BBLabel-1, Forward Port1
Push BBLabel-2, Forward Port2
…
Li Group
HashHeader
Push BBLabel-4, Forward Port1
Push BBLabel-5, Forward Port2
…
LkGroup
HashHeader
Push BBLabel-6, Forward Port1
Push BBLabel-7, Forward Port2
…
TORS Flow Table Rules for Packets Outgoing from the Rack
CloudNet ’13 | 2013-11-13 | Page 17
Control Plane messages for: VM IP Address Configuration
Green Tenant VM
Cloud NetworkManager
ServerVirtual Switch
DHCP Request DHCP Request (Fwd)
DHCP Reply
Find IP Address(DHCP Relay or Server)
Tenant IDTenant
VM MAC
Server/VS
MAC
Tenant VM IP
GT IDGT
MAC
Srvr MAC GT IP
…Source MAC Dest. IP
MPLS LabelStack
IP Protocol Action
* * *ARP
Forward to CNM
* * *DHCP
Forward to CNM
* GT IPL1GT
Label* Pop Labels,
Forward to GT MAC
…
OpenFlow FlowMod
Tenant ID Tenant Label
GT ID GT Label
…
Server/VS MAC
VS-TORS Link Label
GT MAC L1
…
CloudNet ’13 | 2013-11-13 | Page 18
Tenant
ID
Tenant VM
MAC
Server/VS MAC
Tenant VM IP
GT IDGT
DMAC
DSrvr MAC GT DIP
…
Control Plane messages for: Destination IP and MAC Discovery
Green Tenant VM
Cloud NetworkManager
Source ServerVirtual Switch
ARP Request: GT Dest. IP
See Figure 7 andtext for Source and Dest.TORSand Dest. VirtualSwitch FlowMods
ARP Request (Fwd)
ARP Reply: GT DMAC
Source/Dest. TORS
OpenFlow FlowMod
OpenFlow FlowMods
Source MAC Dest. IP MPLS LabelStack
IP Protocol
Action
GT SMAC GT DIP * *
Push GT Label,Push Ln,
Forward to Source TORS
…
Server/VS MAC VS-TORS Link Label
DSrvr MAC Ln
…
Dest. VirtualSwitch
CloudNet ’13 | 2013-11-13 | Page 19
Hyper-visor
Virtual
Switch
Blade + NIC HW
Hyper-visor
Virtual
Switch
Blade + NIC HW
VM
Cloud Execution Manager Cloud Network Manager
Source VS Flow Table
CNMMapping
Table
Source Server
GT-VM
Destination Server
Destination VS Flow Table
Packet Buffer
(data plane)
GT-VM
VMGT-VM
Tenant
ID
Tenant VM
MAC
Server/VS MAC
Tenant VM IP
GT ID GT MACSrvr MAC GT IP
…
Source MAC
Dest. IP MPLS LabelStack
IP Protocol Action
* GT IPL1
GT Label* Forward to CNM
…
Source MAC
Dest. IP MPLS LabelStack
IP Protocol Action
* GT IPL1
GT Label*
Pop Labels,Forward to GT MAC
…
Control Plane messages for: VM movement
CloudNet ’13 | 2013-11-13 | Page 20
Inter-TORS LSP Configuration
› When data center boots up or a new rack is added, each TORS is configured with labels for links in the rack in Table 2
› Rule: Match label against labels for rackAction: Forward on matched link to server
› Only configure TORS for tunnels into rack– Number of table entries for servers in rack is limited
CloudNet ’13 | 2013-11-13 | Page 21
TORS
TORS
TORS
TORS
…
…
…
…
CloudNet ’13 | 2013-11-13 | Page 22