Network Virtualization

Download Report

Transcript Network Virtualization

虛擬化技術
Virtualization Techniques
Network Virtualization
Software Defined Netwrok
Introduction
Motivation
Concept
Character
Open Flow
SOFTWARE DEFINED NETWORK
Network Protocol and Model
Network Topologies
• Topologies
 Topology refers to the physical or logical layout of the
computers in a particular network.
 Commonly used topologies are star, bus and ring.
Network Virtualization
• What is network virtualization ?
5
Network Virtualization
• What is network virtualization ?
 In computing, Network Virtualization is the process of
combining hardware and software network resources and
network functionality into a single, software-based
administrative entity, a virtual network.
• Two categories :
 External network virtualization
• Combining many networks, or parts of networks, into a virtual unit.
 Internal network virtualization
• Providing network-like functionality to the software containers on a single
system.
Network Virtualization
• Desirable properties of network virtualization :
 Scalability
• Easy to extend resources in need
• Administrator can dynamically create or delete virtual network
connection
 Resilience
• Recover from the failures
• Virtual network will automatically redirect packets by redundant links
 Security
• Increased path isolation and user segmentation
• Virtual network should work with firewall software
 Availability
• Access network resource anytime
7
Network Virtualization
• External network virtualization in different layers :
 Layer 1
• Seldom virtualization implement in this physical data transmission
layer.
 Layer 2
• Use some tags in MAC address packet to provide virtualization.
• Example, VLAN.
 Layer 3
• Use some tunnel techniques to form a virtual network.
• Example, VPN.
 Layer 4 or higher
• Build up some overlay network for some application.
• Example, P2P.
Network Virtualization
• Internal network virtualization in different layers :
 Layer 1
• Hypervisor usually do not need to emulate the physical layer.
 Layer 2
• Implement virtual L2 network devices, such as switch, in hypervisor.
• Example, Linux TAP driver + Linux bridge.
 Layer 3
• Implement virtual L3 network devices, such as router, in hypervisor.
• Example, Linux TUN driver + Linux bridge + iptables.
 Layer 4 or higher
• Layer 4 or higher layers virtualization is usually implemented in guest OS.
• Applications should make their own choice.
Network Virtualization
• Protocol approach
 Protocols usually used to approach data-path
virtualization.
 Three implementations
• 802.1Q – implement hop to hop data-path virtualization
• MPLS ( Multiprotocol Label Switch ) – implement router and
switch layer virtualization
• GRE (Generic Routing Encapsulation ) – implement virtualization
among wide variety of networks with tunneling technique.
10
Network Virtualization
• 802.1Q
 Standard by IEEE 802.1
 Not encapsulate the
original frame
 Add a 32-bit field
between MAC address and
EtherTypes field
• ETYPE(2B): Protocol
identifier
• Dot1Q Tag(2B): VLAN
number, Priority code
CE: Customer Edge router
PE: Provider Edge router
11
Network Virtualization
• Example of 802.1Q
VN 1
Source
destination
Physical Network
VN 2
Source
destination
12
Network Virtualization
• MPLS ( Multiprotocol Label Switch )
 Also classified as layer 2.5 virtualization
 Add one or more labels into package
 Need Label Switch Router(LSR) to read MPLS header
13
Network Virtualization
• Example of MPLS
5
4
VN 1
2
7
9
8
LSR
LER
CE
Physical Network
LER
LSR
CE
LER
CE
5
4
7
2
VN 2
9
14
Network Virtualization
• GRE ( Generic Routing Encapsulation )
 GRE is a tunnel protocol developed by CISCO
 Encapsulate a wide variety of network layer protocol
 Stateless property
• This means end-point doesn't keep information about the state
Built Tunnel
15
Internal Network Virtualization
• Internal network virtualization
 A single system is configured with containers, such as the
Xen domain, combined with hypervisor control programs or
pseudo-interfaces such as the VNIC, to create a “network in a
box”.
 This solution improves overall efficiency of a single system
by isolating applications to separate containers and/or
pseudo interfaces.
 Virtual machine and virtual switch :
• The VMs are connected logically to each other so that they can send
data to and receive data from each other.
• Each virtual network is serviced by a single virtual switch.
• A virtual network can be connected to a physical network by
associating one or more network adapters (uplink adapters) with the
virtual switch.
Introduction
Motivation
Concept
Character
Open Flow
SOFTWARE DEFINED NETWORK
Problem with Internet Infrastructure
Routing, management, mobility management,
access control, VPN,….
Feature
Feature
Million of lines of source code
Operating System
Specialized Packet
Forwarding Hardware
Billions of gates Bloated
Vertically integrated, complex, closed, proprietary
Not suitable for experimental ideas
Not good for network owners & users; Not good for researchers.
Problem: No Abstractions for Control Plane
• Addition of a new function to the network
 Highly complex distributed system problem
• Networks too difficult to program and to reason about
 No good abstractions and interfaces
Distributed Network Functions
OS
Forwarding
Router/Switch/Appliance
OS
Forwarding
Router/Switch/Appliance
OS
Forwarding
Router/Switch/Appliance
Software-Defined Network with key
Abstractions in the Control Plane
Network
Virtualization
Well-defined API
Routing
Traffic
Engineering
Other
Applications
Network Operating System
Separation of Data
and Control Plane
Forwarding
Forwarding
Forwarding
Forwarding
Network Map
Abstraction
Introduction
Motivation
Concept
Character
Open Flow
SOFTWARE DEFINED NETWORK
Concept
• In SDN architecture, the control and data planes
are decoupled, network intelligence and state are
logically centralized, and the underlying network
infrastructure is abstracted from the applications.
 By Open Networking Foundation white paper
Traditional network node: Router
• Router can be partitioned into control and data plane
 Management plane/ configuration
 Control plane / Decision: OSPF (Open Shortest Path First)
 Data plane / Forwarding
Adjacent Router
Routing
Control plane
OSPF
Switching
Data plane
Router
Management/Policy plane
Configuration / CLI / GUI
Static routes
Control plane
OSPF
Neighbor
table
Data plane
Link state
database
Adjacent Router
Control plane
OSPF
IP routing
table
Forwarding table
Data plane
Traditional network node: Switch
• Typical Networking Software
 Management plane
 Control Plane – The brain/decision maker
 Data Plane – Packet forwarder
SDN entity
• SDN Protocol – Open Flow
 A commonly protocol used to manage software defined
network
SDN
• Software Defined Networking
• SDN Principles
 Separate Control plane and Data plane entities
 Execute or run Control plane software on general purpose
hardware
• Decouple from specific networking hardware
• Use commodity servers
 Have programmable data planes
• Maintain, control and program data plane state from a central entity
 An architecture to control not just a networking device but
an entire network
Introduction
Motivation
Concept
Character
Open Flow
SOFTWARE DEFINED NETWORK
Key Characters for SDN Success
• Architecture for a Network Operating System with a
service/application oriented namespace
• Resource virtualization and aggregation
• pooling to achieve scaling
• Appropriate abstractions to foster simplification
• Decouple topology, traffic and inter-layer dependencies
• Dynamic multi-layer networking
Introduction
Motivation
Concept
Character
Open Flow
SOFTWARE DEFINED NETWORK
What is OpenFlow
• OpenFlow is like an x86 instruction set for the network
• Provides open interface to “black box” networking node
 (ie. Routers, L2/L3 switch) to enable visibility and openness in
network
• Separation of control plane and data plane.
 The datapath of an OpenFlow Switch consists of a Flow Table, and
an action associated with each flow entry
 The control path consists of a controller which programs the flow
entry in the flow table
• OpenFlow is based on an
Ethernet switch, with an internal
flow-table, and a standardized
interface to add and remove flow
entries
Components of OpenFlow Network
• Controller
 OpenFlow Protocol Messages
 Controlled channel
• Flow Table
 Flow entry
• Processing
 Pipeline Processing
 Packet Matching
 Instructions & Action Set
Controller: Centralized V.S. Distributed
OpenFlow Protocol Messages
• Controller-to-Switch :
 initiated by the controller and used to directly manage or inspect the
state of the switch
• EX: Features, Config, Modify State, Read-State, Packet-Out, Barrier.
• Asynchronous :
 Asynchronous messages are sent without the controller soliciting
them from a switch
• EX: Packet-in, Flow Removed / Expiration, Port-status, Error
• Symmetric:
 Symmetric messages are sent without solicitation, in either direction
• EX: Hello, Echo, Experimenter / Vendor
Secure Channel (SC)
• SC is the interface that connects each OpenFlow switch to
controller
• A controller configures and manages the switch via this interface.
 Receives events from the switch
 Send packets out the switch
• SC establishes and terminates the connection between OpneFlow
Switch and the controller using the procedures
 Connection Setup
 Connection Interrupt
• The SC connection is a TLS connection. Switch and controller
mutually authenticate by exchanging certificates signed by a sitespecific private key.
Flow Table / Entry
• A flow table consists of flow entries
 Match fields
• to match against packets. These consist of the ingress port and packet
headers, and optionally metadata specified by a previous table
 Counters
• to update for matching packets
 instructions
Match
Fields
Counters
Instructions
• to modify the action set or pipeline processing
In Port
Src
MAC
Dst
MAC
Eth
Type
Layer 2
1. Packet
2. Byte counters
Vlan Id
IP Tos
IP
Proto
IP Src
Layer 3
IP Dst
TCP Src
Port
TCP Dst
Port
Layer 4
1.
2.
3.
4.
Forward packet to port(s)
Encapsulate and forward to controller
Drop packet
Send to normal processing pipeline
Matching Fields & List of Counters
Figure From OpenFlow Switch Specification
Pipeline Processing
Packet Matching
Flowchart how to parsed for matching
• Eth Type (commonly)




Vlan: 0x88a8, 0x8100
MPLS: 0x8847, 0x8848
ARP: 0x0806
IP: 0x0800
Instructions & Action Set
• Each flow entry contains a set of instructions that are executed
when a packet matches the entry
• An Action set is associated with each packet. Its empty by default
• Action set is carried between flow tables
• A flow entry modifies action set using Write Action or ClearAction instruction
• Processing stops when the instruction does not contain GotoTable and the actions in the set are executed
Usage: Load Balancing
•
•
•
•
•
Current methods use uniform distribution of traffic
Not based on network congestion and server load
More adaptive algorithms can be implemented by using OpenFlow
Monitor the network traffic
Program flows based on demand and server capacity
Network Operating System
Program Flow Entries
Collect Statistics
Observe load patterns
Data Forwarding
(OpenFlow Switch)
Dynamic load balancing
using Open Flow
Summary
• SDN is an architecture of which OpenFlow is just a part
• Clearly separation of control and data plane
functionalities
• Provides high level abstractions
 Network topology
 Application API
 Standard vendor-agnostic interface to program the hardware
• Scalability concerns
• SDN is not a magic wand to solve the current problems
• Many vendors are evaluating the direction SDN will take
References
•
•
•
•
•
•
•
•
•
•
•
•
"OpenFlow: Enabling Innovation in Campus Networks“ N. McKeown, T. Andershnan, G. Parulkar, L.
Peterson, J. Rexford, S. Shenker, and J. Turneron, H. Balakris ACM Computer Communication Review,
Vol. 38, Issue 2, pp. 69-74 April 2008
OpenFlow Switch Specication V 1.1.0.
Richard Wang, Dana Butnariu, and Jennifer Rexford OpenFlow-based server load balancing gone
wild, Workshop on Hot Topics in Management of Internet, Cloud, and Enterprise 66 IP Infusion
Proprietary and Confidential, released under Customer NDA , Roadmap items subject to change
without notice © 2011 IP Infusion Inc. gone wild, Workshop on Hot Topics in Management of
Internet, Cloud, and Enterprise Networks and Services (Hot-ICE), Boston, MA, March 2011.
Saurav Das, Guru Parulkar, Preeti Singh, Daniel Getachew, Lyndon Ong, Nick McKeown, Packet and
Circuit Network Convergence with OpenFlow, Optical Fiber Conference (OFC/NFOEC'10), San Diego,
March 2010
Nikhil Handigol, Srini Seetharaman, Mario Flajslik, Nick McKeown, Ramesh Johari, Plug-n-Serve:
Load-Balancing Web Traffic using OpenFlow, ACM SIGCOMM Demo, Aug 2009.
NOX: Towards an Operating System for Networks
https://sites.google.com/site/routeflow/home
http://www.openflow.org/
http://www.opennetsummit.org/
https://www.opennetworking.org/
http://conferences.sigcomm.org/sigcomm/2010/papers/sigcomm/p195.pdf
http://searchnetworking.techtarget.com/
Q&A