Transcript Slides - IEEE CloudNet 2013

Security Level:
Towards Software Defined ICN
based Edge Cloud Services
IEEE, CloudNet, 2013
Ravi Ravindran, Xuan Liu, Asit Chakraborti,
Xinwen Zhang, Guo-Qiang Wang
(Huawei Research Lab, Santa Clara)
Version: V1.0(20131109)
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
ICN Motivation
• About a ~2 years back, ICN-RG (IRTF Working Group) was
formed, which made the term ICN official.
– Umbrella of many protocols CCN/NDN, MobilityFirst, NetInf,
PSIRP etc.
• ICN aims at making information as the waist rather than
connectivity as in IP.
• ICN is a unified platform which addresses several IP issues
with Multicast, Multi-homing, Security, and Mobility.
• But why Deploy it ?
– New “Things”, Applications/Services
– Connectivity: Adhoc + Infrastructure interactions, Multi-Cloud
– Do things in an efficient and scalable manner than existing
applications.
• This paper focuses on a way Operators can gain
from ICN.
Industry Trends and Opportunities
Services/Applications
Control Plane
SDN
Forwarding
Plane
Software
(Network Functions)
NFV
Hardware
Long Term
Applications
ICN
(Adhoc/
Infrastru
cture)
Transport
• De-coupling increases flexibility, encourages innovation and faster evolution.
• Services/Applications will drive new technologies, same is the case for ICN too.
• The SDN/NFV allows ICN introduction atleast in an experimental manner.
New Opportunity : NFV + SDN + ICN
•
NFV enables a platform to virtualize network
functions.
 Edge clouds are Closer to the users.
 Service Virtualization, applications are tightly bound to
service locators.
•
SDN drives service-centric network programmability.
 Today realized as overlaid service engineering or at the
edge (Data centers)
•
ICN inter-connects Consumers with Services at the
information level, in a receiver-centric model.
 NFV enabled service virtualization, with SDN’s
NFV: Service
Virtualization
Consumers
ICN
Services
SDN : Servicecentric Network
Programmability
service-centric network programmability, and
Information-Centric Service Connectivity can realize
rich services.
Creates a win-win model for both Operators and
ASPs.
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
ICN Edge Cloud Service : ICN Service Router Platform
• A NFV-based ICN Platform to host several ICN Services
• Envision a high performance ICN based router, with Virtualized Service
Plugins
• Software defined in the sense that service connectivity is managed by specific
service controllers.
• Supports both real-time and non-real time services, and multiple ICN
protocols
• Overlaid model, ICN service layer components extends to the User Entity.
• Contextualized service delivery.
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
Page 5
ICN Edge Cloud Service
V2V
ICN UNI-API
ICN D2D
ICN Service
Router
Software Defined:
Service Driven Virtualiztion
NFV
Cloud
ICN Service
Router
ICN Service
Router
Enterprise
NFV
Cloud
First Responder
Services
NFV Cloud
High Speed
Optical
Home
Networks
NFV
Cloud
NFV
Cloud
NFV
Cloud
Enterprise
• Targets natural Information-centric Applications:




IoT (V2V, Home Networks, Sensor Networks, ..)
Enterprise (Conferencing, WAN Optimization Solutions..)
Web ( Video Distribution..)
…
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
Page 6
Home
Networks
What are Information-Centric Applications ?
Has Characteristics of :
• Being Shareable
 Versus Host-centric : ‘I can only trust information from a
specific host/device/user’
 Location Independent
Exploit these with
Service
Virtualization and
Network
Programmability
• Transport Independent
 Benefits from Name based routing
 Mobility (Producer)/Multi-homing/Anycast
• Leverage Network Caching
 Multicast/Mobility (Consumer)
• Content level Security
 Rather than session level.
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
Page 7
Comparing Service-Centric Protocols
Service Layer
Protocols
Naming
Name
Resolution
Heterogenous
(Anycast, Routing,
L2 )
Application
API
Security
Context/Service
Orchestration
Mobility
ICN
(CCN/NDN/Mobi
lityFirst/NetInf
etc.)
(Cleanslate)
Flexible
(Flat,
Hierarchical)
Coupled/decoupled.
Caching/Multic
asting
Transport
Agnostic, highly
adaptable (Ad hoc)
(inherent features)
Get
()/Put()/Intere
st/Data
(Receiver
Oriented)
Content
Level
Contextcentric/Service
Composability/N
atural Extension
Besteffort/Late
binding
(control
plane)
SERVAL
(Incremental*)
Flat Service ID
Online
Resolution. No
Caching
Consideration
Adaptation at
SERVAL level
Session based
(TCP/UDP)
Session Level
(Segmented)
No specific
Consideration,
but
Locator/ID
Split /
IP Based
OpenADN
(Incremental*)
Application
tag/Application
Level Switching
Online
Resolution. No
Caching
Consideration
Adaptation at
OpenADN Level
(SDN)
Session based
(TCP/UDP)
Session Level
(Segmented)
Application
Meta-tags
IP Based
(Washington State.
Univ.
Prof. Raj Jain)
(Princeton, Prof.
Rexford)
IP Based.
SoA
(Web Services)
(Deployed)
URI/URL
Service
Broker/UDDI.
Caching can be
enabled
Not Internetworking
technology
Session based
(TCP/UDP)
Connection level
security (HTTPS,
SSL/TLS)
SOAP/Web Service
Description Language
(WSDL)
IP Based
HTTP
(Deployed)
URI/URL
DNS /
Reverse/Forward
Proxy. Caching
Enabled
Application
Specific/
IP Based
Get()/Put()/SGet()/
Session based
(TCP/UDP)
Connection level
security (HTTPS,
SSL/TLS)
SoA Based or Other
Protocols
IP Based
(“http as a narrow
Waist”,
Prof. Ion Stoica)
Incremental* : Changes affects the client stack, and introduces new network functions
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
Page 8
S-UNI
Origin
Service-1
Origin
Service-2
Origin
Service-3
ICN Service
Gateway
ICN
Network
Controller
ICN Services
ICN Service
Profile
Manager
ICN Service
Gateway
SDN Components
ICN Service Router
ICN Service
Controller
ICN Service Router
A-UNI
NFV Platform
NFV Platform
Network
Core
ICN Network
Controller
NFV Platform
ICN Service
ICN
ICN Service
SAL.
ICN Service
Gateway
App.
ICN Cloud
Orchestra
tor
ICN
Controller
ICN Service
ICN Cloud
Orchestrator
ICN Service
Controller -2
ICN Cloud
Ochestrator
ICN Service
ICN-Edge Cloud Service: High Level View
ICN Service Router
ICN Cloud
Orchestra
tor
Interfaces and Functions :
ICN Service
Customer
ICN Service Owner
S-UNI
ICN Service API
ICN Cloud
Orchestrator
ICN Service
Controller -2
ICN Service
Control API
ICN Network
Controller
ICN Service
Controller -1
ICN Network
Control API
A-UNI
Users
VFSR-1
VFSR-2
VFSR-3
VFSR-4
A-UNI : Service Discovery/Service Management /Service Contextualization/ Application Delivery (Interest/Data)
S-UNI: Service Virtualization (Provisioning, Scaling)/ Service Monitoring
ICN Service Control API: Service Event Processing (Context, Migration, ICN Flow handling.) – Per ICN Service
ICN Network Control API: Programming ICN Service Forwarding Policies/Transport Routing (e.g. configuring CCN FIBs)
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
Page 10
Service Contextualization: ICN-UNI API (SAL-SAP)
ICN Service
Gateway
A-UNI API
ICN
ICN
Service-1 Service-2
…
ICN Service Router
L3/L2
Smart TV
Smart Phone
Home Router
ICN Service Gateway
UE
Service Access Layer (SAL)
Content
Service Bootstrapping
App-1
App-2
App-N
Service Request
Management
Service Bootstrapping
Context Mgmt.
Mobility
ICN APP-SAL
API
Service Access Point (SAP)
Location
Service Publish
Social
Service Context
Management
Device
Service Request
Management
(Context Processing)
Service-1
ICN SAPService API
Service Publish
…
Service
Monitoring
Service-N
Service Resource
Management
ICN
Service-2
ICN Service Router
Layer-3/Layer-2
Layer-3/Layer-2
Service Adaptation through Contextualization and Service
Orchestration
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
Page 11
Scenario -1: Device Context Adaptation
Video
Client
SAL
Service
Gateway
Controller App.
Video Service
Controller App.
Interest(/video-service/content/segment-x)
Service Gateway
Video Service
Origin Video
Service
ICN Controller
ICN
Interest<service
discovery,
Attachment>
Video
Client
ICN
SAL
Interest<service namespace, {service
attributes}>
Interest(service_gate
way/migrate<{service
attributes>/<migratio
n_attributes>)
NFV Cloud
(Edge)
ICN Platform
Storage Service
•
•
Service Composition :
Interest(/video/content/{session
_state}) Interest (
/video/content/{session_state},
{storage + transcoding})
Data(/video-service/content/segment-x)
Interest(/video-service/content/segment-x)
•
•
(Core)
ICN Service
Router
Transcoding
Service
In this example user changes the device from the smart phone to a smart TV.
The device simulataneosly signals the action to the service gateway and the peer device, the gateways
forwards the control message to the Video Service Controller Application.
The controller orchestrates a new service composing the fetching of video and real-time transcoding
service.
Here the service is virtualized among device applications.
Scenario-2: BYOD Enterprise Conferencing
Push Notifications/Heartbeat/Recovery
Conference
Controller
Content Interest/Data
Conf
Client
ICN Platform
SAL
Conf
Client
Conference
Proxy
ICN Service
Gateway
SAL
ICN
ICN
Conf
Client
Conference
Proxy
ICN
ICN Platform
Conf
Client
ICN
SAL
SAL
Conference
Proxy
ICN Platform
ICN Service
Gateway
Conference
Proxy
Heterogeneo
us Devices
ICN Platform
ICN Service
Gateway
• Here we realize instance of conference proxy’s per Enterprise site
and one Conference Controller.
• We implement Notification/Heartbeat/Recovery using “Push”
model compared to “Pull” of ChronoSync [NDN, Tech Report]
Realizing Conferencing Service over ISR.
ISR
Sync
Service
Controller
Sync
Service
proxy
SC
Legacy Router
Sync
Service
proxy
Cache
Cache
Internet
ISR
Legacy Router
ISR
Legacy Router
UE3
UE1
Gateway
Gateway
UE2
Step1: PUB/SUB Content
Step 2: Push Notification
Step 3: Retrieve Content (Interest/Data Flow)
ICN Service
Router
Conference Design – User Equipment
Content Interest/Data
Push notification msgs
Chat
Other
App
…
VWB
Service API to Applications
Internal flow
Heartbeat signaling
Other Service-related
flows
App-based
Control Info
Digest log
Fingerprint
Processor
Cache
Heartbeat
Signal Processor
Sync Service Client
Service layer
Cache
ICN Layer
Application layer
Service API to App
Other service
management
blocks
L2/L3
Sycn Service Client
Service Layer
ICN Layer
L2/L3
S-UNI (Data)
S-UNI (Control)
ICN-Enabled UE
L2/l3
Access
L2/L3
Access
ISR
Internet
ISR
ISR
SC
Conference Design – Conference Proxy/Controller
Service Access Proxy
Service 1
Access
Proxy
(VM1)
Service n
Access
Proxy
(VMn)
…
Application Pool
Service API to Applications
Hypervisor
App-based
Control Info
Digest log
Heartbeat
Signal
Processor
Fingerprint
Processor
Cache
Other service
management
blocks
Sync Service Proxy
Application layer
Service API to App
Service layer
ICN layer
Cache
Sycn Service Client
L2/L3
Service Layer
ICN Layer
L2/L3
Interest/Data
S-UNI
ICN-Enabled UE
L2
Access
S-NNI
L2 Access
SRN
Heartbeat signaling
Push notification msgs
Content Interest/Data
Internal flow
Internet
SRN
SC
SRN
• The controller design is similar to the conference proxy,
except in the details of the digest tree it maintains.
Digest Tree & Log Example
Current Digest Tree
C
P1
U1
dc3
P2
U2
P3
U3
U5
dp1,2
fp1,1
U4
Logic connectivity at t3 (steady state)
Digest Tree
Log
New join at t4
dp2,1
fp2,1
dc3
dp1,2
fp3,1
dc2
dp2,1
dc1
dp1,1
dp2,1
dp1,1
fp1,0
fp3,0
fp1,1
New join at t5
fp1,1
Current
Digest @P1
fp1,1
dc3
fp2,1
Current
Digest @P2
dp2,1
fp3,1
fp3,1
Log @ P1
dr1,5
dp1,2
fp2,1
<dr5> : <dp1,2, dc3>: fp2,1
<dr4> : <dp1,2, dc2>: fp2,1
<dr3> : <dp1,1, dc2>: fp3,1
<dr2> : <dp1,1, dc1>: fp1,1
<dr1> : <dp1,1, dc0>: fp1,1
<dr0> : <dp1,0, dc0>
Log @ P2
dr2,4
dc3
<dr4> : <dp2,1, dc3>: fp2,1
<dr3> : <dp2,1, dc2>: fp3,1
<dr2> : <dp2,1, dc1>: fp3,1
<dr1> : <dp2,0, dc1>: fp1,1
<dr0> : <dp2,0, dc0>:
Current
Digest @ U1
<dr1,5>,fp2,1
Current
Digest @ U3
<dr2,4>, fp2,1
Log @ U1
dr1,5: fp2,1
dr1,4 : fp2,1
dr1,3 : fp3,1
dr1,2 : fp1,1
dr1,1 : fp1,1
dr1,0 :
Log @ U3
dr2,4: fp2,0
dr2,3: fp3,0
dr2,2 :fp3,0
dr2,1 :fp1,0
dr2,0 ,:
Current
Digest @ U2
<dr5>, fp2,1
Log @ U2
dr5: fp2,1
dr4: fp2,1
dr3: fp3,1
dr2: fp1,1
dr1: fp1,1
dr0
dc0
Tracking the number of updates
Hierarchical View of
Connectivity
C
P1
U1
…
…
P2
Um
Um+1
The digest tree
at time t at P1
Pn
Um+k
dr1,k
dp1,j
• Generic form of digest tree at a Sync Service
Proxy (P1) at time t– Steady State
• The digest tree at the Sync Service Proxy
has to track updates from both Sync Service
Clients and the Sync Service Controller
• Digest values at different levels of the
digest tree are updated at different time
• We use the subscripts to track the number
of updates occurred.
m
j  dp1 (t )   fpi (t )
dcw
i 1
k  dr (t )  dc(t )  dp1 (t )
n
fp1,fp1(t)
…
fpm,fp2(t)
w  dc(t )  dp1 (t )   dp j (t )
j 2
• The network load (for n updates) scales
linearly with number of proxy nodes
rather than O(n2 ) in a peer-to-peer mode
Local update
state
Remote update
state
Simulation Evaluation
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
Page 19
Simulation
• Objective: To study the convergence
time as we scale with number of
participants and compare with peerto-peer case.
• Core Topology : Abilene and 3x3 Grid
• Access Topology : 2 Level Tree
Topology
• Parameters
 # of participants : 60-300
 Poisson Content Generation (0.510)contents/sec
 Core link Capacity : 1-5 Gbps
 Core Link propagation delay : 10ms
• P2P Case: Simple 3 User Case.
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
Page 20
1
Convergence time
2
3
Single Update Convergence
• Fig. 1. & 2 corresponds to two
topologies, shows convergence among
all participant.
• Fig. 3, shows multiple update
convergence. Notifications and content
convergence is deterministic.
• Participants in the same cluster
synchronize faster than remote clusters
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
Page 21
Scaling Number of Participants
• The scenarios with 50 and 100 participants are invariant to Content
Generation rate.
• In the 300 case, the access link capacity begins to get congested,
hence the convergence time increases.
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
Page 22
Varying Content Generation Rate and Network Conditions
• Here the Link capacity is set to
0.1Gpbs.
• The content rate causes
proportional increase in data
traffic, hence the convergence
time increases.
HUAWEI TECHNOLOGIES CO., LTD.
• The convergence time
improves as long as the
capacity of the network link is
planned correctly.
Huawei Confidential
Page 23
Peer-to-Peer Conferencing Case:
• Here the Participants synchronize through pulling information over a name
space.
• In-determinants : Multiple Updates, Exclusion of multiple contents to same
name, Rate of Interest expression,
• High control overhead to improve convergence time, but doesn’t require a
control infrastructure.
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
Page 24
Conclusions
• ICN based Service Layer a possible way to introduce ICN into Operator’s
domain.
• Can Leverage all ICN features : Name based Routing, Multicasting,
Security, Mobility Handling.
• Combined with NFV and SDN allows to achieve the goal of true Service
Centric Networking.
• Platform suitable for ICN applications: Conferencing, IoT/M2M, Video
Multicasting.
• Conferencing can be enabled as a VNF over the platform.
• Showed through simulation analysis the scalability of the conferencing
framework.
• We are prototyping this platform, hope to share our experience on this in
the future..!
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
Page 25
Thank you
www.huawei.com
Copyright©2011 Huawei Technologies Co., Ltd. All Rights Reserved.
The information in this document may contain predictive statements including, without limitation,
statements regarding the future financial and operating results, future product portfolio, new technology,
etc. There are a number of factors that could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements. Therefore, such information is provided for
reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the
information at any time without notice.