Othman_2012_2_15_apan33_01
Download
Report
Transcript Othman_2012_2_15_apan33_01
Othman Othman M.M. , Koji Okamura
Kyushu University
Proceedings of the 33nd Asia-Pacific Advanced
Network Meeting
Thailand, Chiang Mai, 2012/2/15
1
Outline:
Goal.
2. Motivation.
3. An attempt to solve the problem
1.
Network Equipment to Equipment flow installation.
4. Steps for Flow delegation.
1. Flow Aggregation Algorithm.
2. Finding Equipment .
3. Programming flows & Security aspect.
4. Tunneling.
5. Evaluation.
6. Conclusion.
2
1- Goal:
Improve OpenFlow.
Support self-reactive behavior.
Step towards having wider adoption of OpenFlow.
Reduce load on controller.
3
2- Motivation:
Tight coupling between OpenFlow switch and controller.
Every thing is up to the controller.
Controller might be bottleneck.
number of flows that can be installed by the NOX controller
as shown in [1] are 30K flow/sec, and the flow arrival rate
in [2] that is 100K flow per second.
Figures might have changed but debate still going.
[1].Tavakoli, A., Casado, M., Koponen, T., & Shenker, S. (n.d.). Applying NOX to the
Datacenter. Proc. HotNets (October 2009).
[2]. Kandula, S., Sengupta, S., Greenberg, A., Patel, P., & Chaiken, R. (2009). The
nature of data center traffic: measurements & analysis. Proceedings of the 9th
ACM SIGCOMM conference on Internet measurement conference (p. 202–208).
ACM.
4
2- Motivation:
Figure 3: Enhanced
OpenFlow Control Mode
Target:
Controller to Equipment, AND
Equipment to Equipment: to give
OpenFlow the ability to exchange
information between equipment in
addition to controller.
Fig2. Regular Network
Information exchange.
Current Internet:
Equipment to Equipment only:
equipment exchange information
with each other.
Figure 1: OpenFlow
Control Mode
Current OpenFlow’s control model:
Controller to Equipment only:
Equipment exchange information
only with the controller.
5
2- Motivation:
Why Equipment to Equipment can help:
Network edges are suitable for installing flows, since all of
the incoming and outgoing packets must pass through them.
Network edges can be used in different applications like,
implementing security, traffic policies, traffic tagging, …..
However, equipment flow table is limited.
Also Controller can be a bottleneck.
Equipment to Equipment Flow installation:
Provide a new method for the overloaded equipment to act
on their own, without involving the controller.
6
3-An attempt to solve the problem:
1. Network equipment to Network equipment Flow
Programming:
To create traffic-aware self-reactive network.
Can be used to delegate some flows to less loaded network
equipment.
To easily program whole network without loading controller.
7
3- Network Equipment to Equipment
flow installation :
To reduce load off
the controller.
Flows to
manipulate
headers in packets
Packet
P
P
Packet
Packet
Packet
PE
Give the equipment
ability to act by
their own to reduce
load off loaded
equipment.
Alternative way to
install flows to
whole network (e-e
propagation).
P
P
P
PE
Flows to
manipulate
headers in packets
P
Packet
P
Packet
Packet
PE
Packet
P
P
Fig1.
Equipment
overloaded,
due to many
flows to carry
out.
Fig2.
Overloaded
equipment
delegates some
flows to other
equipment.
Fig3. Reduced
load off the
overloaded
equipment.
Packet
8
4- Steps for Flow delegation :
1
No 2
3
4
Start
Need to
delegate?
Yes
Find aggregate able
flows. And aggregate
them.
Find equipment to
program.
5 Program flows from 3 to
equipment form 4
6
Tunnel aggregated
flows from 3 to target
equipment form 4.
7
Finish
9
4- Steps for Flow delegation :
1- Flow Aggregation Algorithm :
How to delegate flows?
Aggregate flows that have common
features, and responsible for some
portion of traffic.
i.e. to aggregate many flows to
one.
Delegate the aggregated flows to
other equipment.
Use Flow Aggregation Algorithm.
Overloaded equipment flows =
original flows – delegated flows.
Flow Table
Range of
portions of
total traffic
e.g.
(20%-30%)
aggregated flow
(one or more)
10
4-Steps for Flow delegation:
1- Flow Aggregation Algorithm :
TA-FAA :
TA-FAA Evaluation:
Start
Build Histograms for
all Fields
None
Strict
Aggregation
percentage?
Wide
Aggregate SrcIP
None
Strict
Success Rate
Success Rate of the TA-FAA
120%
100%
80%
60%
40%
20%
0%
Wide
Aggregate DstIP
None
Strict
Wide
Find common values
from two wide
aggregations.
None,
Wide
Fail
Strict
Finish
Range of traffic portion to be
aggregated
Java Program to evaluate the efficiency
of Flow Aggregation Algorithm.
11
FAA success rate of aggregation = 79.7
%
4: Steps for Flow delegation
2- Finding Equipment : Request is a kind of controlled
3 way programming
flooding:
method:
Request, Accept, Confirm
Request is a kind of
controlled flooding.
The delegating
device
Limited propagation; request
will have a count to valid hop
counts.(TTL)
Limited number of acceptance,
(LFI); Level of Flow Installation.
Negative Acknowledgement.
Expiry time.
The device receiving
delegation
Other device
receiving delegation
Installation Request?
Flows to be delegated.
LFI= 2 , TTL=5
Accept
Self Identification.
Confirm
Installation Request?
Flows to be delegated.
LFI= 1 , TTL=4
Accept
Self Identification.
Confirm
12
4: Steps for Flow delegation
3- Programming flows & Security aspect :
Flow
1
1
1
2
3
2
2
Figure 1: Initial Flow Installation.
Figure 2: Flow Delegation (e-e Flow Installation)
Signed by Controller
Signed by Equipment 1
Signed by Equipment 2
13
4: Steps for Flow delegation
3- Programming flows & Security aspect :
Why to do that: case of flow includes sending packet to
controller
Flow
1
1
2
2
Expect
packet from
eq.1
Figure 1: Controller installs flow.
Flow
Expect
packet from
eq.1
Figure 2: This flow was delegated.
1
Signed by Controller
Signed by Equipment 1
Signed by Equipment 2
2
Flow Flow’s Hash
1’s ID 2’s ID
Expect
packet from
eq.1
eq.2 used
the signed
fields it got
form eq.1
So
controller
will accept
Figure 3: Accepting packets form eq.2 instead of eq.1.
14
4: Steps for Flow delegation
4- Tunneling :
In such cases:
Flow
Flow
Flow
2
3
1
4
Fig1. flows are stitched to form a path defined by controller.
Flow
Flow
2
3
1
Flow
4
eq.4 have to tunnel
packets to eq.2.
This is done using IP
tagging . (similar to
VLAN tag)
Also eq.1 uses the
aggregated flow (1
flow) to tunnel traffic
to eq.4.
Fig2. Path might break because eq.2 expects packets from eq.1
or the interface of eq.2 that connects it to eq.1.
15
5- Evaluation:
Run simulation on NS3 using :
Regular OpenFlow.
Modified OpenFlow.
Collaboration for experimenting on NICT’s JGN-X.
Compare edge equipment load, all equipment load.
Evaluate efficiency to reduce load.
Evaluate traffic generated by the new enhancement.
16
6- Conclusion:
Aim to improve OpenFlow by reducing load off the
controller, make it self-aware and self-reactive,.
Achieving goals by proposing a new enhancements to
OpenFlow:
Network equipment to equipment flow installation.
Proposing Flow Aggregation Algorithm, to enable the
enhancements.
Simulation shows the success rate of FAA is 79.7 %
17
Q & A:
Thanks for listening.
18