Where Do You Want To Peer Today?
Download
Report
Transcript Where Do You Want To Peer Today?
Tutorial: Bringing Experimenters
to GENI with the Transit Portal
Vytautas Valancius, Hyojoon Kim, Nick Feamster
Georgia Tech
What You Will Learn
•
•
•
•
What is Transit Portal?
How does Transit Portal work?
How to get set up with Transit Portal?
How can I use the Transit Portal?
– For experiments
– In the classroom
• Summary and Breakout Ideas
2
Networks Use BGP to Interconnect
Autonomous Systems
Route Advertisement
Traffic
Session
3
Virtual Networks Need BGP Too
• Strawman
– Default routes
– Public IP address
ISP 1
ISP 2
• Problems
– Experiments may need
to see all upstream routes
– Experiments may need
more control over
traffic
BGP Sessions
GENI
• Need “BGP”
– Setting up individual
sessions is cumbersome
– …particularly for transient
experiments
4
Route Control Without Transit Portal
• Obtain connectivity to upstream ISPs
– Physical connectivity
– Contracts and routing sessions
• Obtain the Internet numbered resources from
authorities
• Expensive and time-consuming!
5
Route Control with Transit Portal
Experiment 1
ISP1
Virtual
Router
A
Transit
Portal
Virtual
Router
B
Internet
ISP2
Experiment 2
Experiment
Facility
Routes
Packets
Full Internet route
control to hosted
cloud services!
6
Connecting to the Transit Portal
• Separate Internet router for each service
– Virtual or physical routers
• Links between service router and TP
– Each link emulates connection to upstream ISP
• Routing sessions to upstream ISPs
– TP exposes standard BGP route control interface
7
Basic Internet Routing with TP
ISP 2
ISP 1
• Experiment with two
upstream ISPs
BGP
Sessions
Traffic
Transit
Portal
Virtual BGP
Router
Interactive Cloud Service
• Experiment can reroute traffic over one
ISP or the other,
independently of
other experiments
8
Current TP Deployment
• Server with custom routing software
– 4GB RAM, 2x2.66GHz Xeon cores
• Three active sites with upstream ISPs
– Atlanta, Madison, and Princeton
• A number of active experiments
– BGP poisoning (University of Washington)
– IP Anycast (Princeton University)
– Advanced Networking class (Georgia Tech)
9
Transit Portal Node Manager
10
What You Will Learn
•
•
•
•
What is Transit Portal?
How does Transit Portal work?
How to get set up with Transit Portal?
How can I use the Transit Portal?
– For experiments
– In the classroom
• Summary and Breakout Ideas
11
Conventional BGP Routing
• Conventional BGP router:
– Receives routing updates from peers
– Propagates routing update about one
path only
– Selects one path to forward packets
ISP2
ISP1
BGP Router
• Scalable but not transparent or
flexible
Client BGP
Router
Client BGP
Router
Updates
Packets
12
Scaling TP Memory Use
• Store and propagate all
BGP routes from ISPs
– Separate routing tables
• Reduce memory
consumption
– Single routing process shared data structures
– Reduce memory use from
90MB/ISP to 60MB/ISP
ISP1
ISP2
Routing Process
Routing
Table 1
Virtual
Router
Interactive Service
Routing
Table 2
Virtual
Router
Bulk Transfer
13
Scaling TP CPU Use
• Hundreds of routing
sessions to clients
– High CPU load
• Schedule and send
routing updates in
bundles
– Reduces CPU from 18% to
6% for 500 client sessions
ISP1
ISP2
Routing Process
Routing
Table 1
Virtual
Router
Interactive Service
Routing
Table 2
Virtual
Router
Bulk Transfer
14
Scaling Forwarding Memory
• Connecting clients
ISP1
ISP2
– Tunneling and VLANs
• Curbing memory usage
– Separate virtual routing tables
with default to upstream
– 50MB/ISP -> ~0.1MB/ISP
memory use in forwarding
table
Forwardin
Forwardng
Forwarding Table
g Table 1
Table 2
Virtual
BGP
Router
Interactive Service
Virtual
BGP
Router
Bulk Transfer
15
What You Will Learn
•
•
•
•
What is Transit Portal?
How does Transit Portal work?
How to get set up with Transit Portal?
How can I use the Transit Portal?
– For experiments
– In the classroom
• Summary and Breakout Ideas
16
Demonstration of Transit Portal
17
Demonstration Setup
Lookingglass
Server
route-server.ip.att.net
Client network:
168.62.21.0/24
Traceroute
GT
(AS 2637)
Transit
Portal
VPN
Tunneling
Public
AS
47065
Virtual
Router
Private
AS
65000
: BGP connectivity
18
How To Connect to Transit Portal
1. Pick a device which will be the virtual router (Linux)
2. Request for needed resources & provide information
–
CA certificate, client certificate & key (for Transit Portal)
–
Get prefixes that the client will announce
3. Tunneling: Set up OpenVPN tunnel with Transit Portal
4. Control Plane: Set up BGP daemon in virtual router
(e.g., Quagga)
5. Data Plane: Make changes to routing table if necessary
19
Steps for Connecting to Transit Portal
• Setting up virtual machines
•
•
•
•
Tunneling to the TP: Installing OpenVPN
Getting routes: Setting up BGP
Forwarding traffic: Setting up the data plane
Testing connectivity: Traceroute
20
Tunneling to the Transit Portal
• Install OpenVPN Client
• Set up OpenVPN Connectivity (currently manual)
– Get key pair from Transit Portal operator
(Valas Valancius)
– Determine IP address of tunnel endpoint
– Notify operator of tunnel endpoint IP address
• Test connectivity (e.g., ping TP tunnel endpoint)
21
Sample OpenVPN Configuration
# OpenVPN config file
client
dev tun
proto tcp
remote 143.215.254.26 6000
nobind
persist-key
persist-tun
# certification part
ca ca.crt
cert nick.crt
key nick.key
22
Discovering Internet Routes
•
•
•
•
•
Install Quagga software router
Download configuration template from GENI wiki
Modify template with tunnel endpoint IP addresses
Run bgpd and zebrad
Check Linux kernel routing tables for routes
• Advertising routes: Need IP prefix
(we have some)
23
Example Quagga Configuration
bgpd configuration
!
hostname kendall
password XXXXX
!
router bgp 65003
bgp router-id 168.62.21.15
network 168.62.20.0/24
neighbor 168.62.21.1 remote-as
2637
!
access-list vty permit
127.0.0.1/32
!
line vty
access-class vty
!
zebra configuration
hostname kendall
password crazymux
access-list vty permit
127.0.0.1/32
!
24
Setting Up Traffic Forwarding
• Give some machine in your testbed an address
within the IP prefix
• Configure “gateway” to route traffic for that IP
address to the appropriate location
25
What You Will Learn
•
•
•
•
What is Transit Portal?
How does Transit Portal work?
How to get set up with Transit Portal?
How can I use the Transit Portal?
– For experiments
– In the classroom
• Summary and Breakout Ideas
26
Experiment 1: IP Anycast
• Internet services require fast name resolution
• IP anycast for name resolution
– DNS servers with the same IP address
– IP address announced to ISPs in multiple locations
– Internet routing converges to the closest server
• Available only to large organizations
27
IP Anycast
• Host service at multiple locations (e.g., on ProtoGENI)
• Direct traffic to one instance of the service or another using anycast
Asia
ISP
1
North America
ISP
2
ISP
3
Transit
Portal
ISP
4
Transit
Portal
Anycast
Routes
Name Service
Name Service
28
Experiment 2: Service Migration
• Internet services in geographically diverse data
centers
• Operators migrate Internet user’s connections
• Two conventional methods:
– DNS name re-mapping
• Slow
– Virtual machine migration with local re-routing
• Requires globally routed network
29
Service Migration
Asia
ISP
1
Internet
ISP
2
Transit
Portal
Active Game
Service
North America
ISP
3
Tunneled Sessions
ISP
4
Transit
Portal
30
Experiment 3: Flexible Peering
Hosted service can quickly provision services
in the cloud when demand fluctuates.
31
Using TP in Courses
32
Using TP in Your Courses
• Used in “Next-Generation
Internet” Course at Georgia Tech
in Spring 2010
• Students set up virtual networks and connect
directly to TP via OpenVPN (similar to
demonstration)
– Live feed of BGP routes
– Routable IP addresses for in class topology inference
and performance measurements
33
Example Problem Set
• Set up virtual network with
– Intradomain routing
– Hosted services
– Rate limiting
• Connect to Internet with Transit Portal
34
Conclusion
• Limited routing control for hosted services
• Transit Portal gives wide-area route control
– Advanced applications with many TPs
• Open-source implementation
– Scales to hundreds of client sessions
• The deployment is real
– Can be used today for research and education
– More information http://valas.gtnoise.net/tp
35
36
Ongoing Developments
• More deployment sites
– Your help is desperately needed
• Integrating TP with network research testbeds
(e.g., GENI, CoreLab)
• Faster forwarding (NetFPGA, OpenFlow)
• Lightweight interface to route control
37
Transit Portal in the News
38
Breakout Session Agenda
• Q&A
• Demonstration Redux
• Brainstorming Experiments
– MeasuRouting: Routing-Assisted Traffic Monitoring
– Pathlet Routing and Adaptive Multipath Algorithms
– Aster*x: Load-Balancing Web Traffic over Wide-Area
Networks
– Migrating Enterprises to Cloud-based Architectures
39
Extra Slides
40
Scaling the Transit Portal
• Scale to dozens of sessions to ISPs and
hundreds of sessions to hosted services
• At the same time:
– Present each client with sessions that have an
appearance of direct connectivity to an ISP
– Prevented clients from abusing Internet routing
protocols
41