2019 term 3 tele3118: network technologies · 2019-10-15 · software defined networking (sdn)...
TRANSCRIPT
2019 term 3TELE3118: Network Technologies
Week 5: Network Layer Control plane: SDN and SNMP
Some slides have been taken from:qComputer Networking: A Top Down Approach Featuring the Internet, 7th edition. Jim Kurose, Keith Ross. Addison-Wesley, 2016. All material copyright 1996-2016. J.F Kurose and K.W. Ross, All Rights Reserved.qComputer Networks, 5th edition. Andrew S. Tanenbaum. Prentice-Hall, 2010.
Software defined networking (SDN)
5c-2Network Technologies
n Internet network layer: historically has been implemented via distributed, per-router approachq monolithic router contains switching hardware,
runs proprietary implementation of Internet standard protocols (IP, RIP, IS-IS, OSPF, BGP) in proprietary router OS (e.g., Cisco IOS)
q different “middleboxes” for different network layer functions: firewalls, load balancers, NAT boxes, ..
n ~2005: renewed interest in rethinking network control plane
Recall: per-router control plane
5c-3Network Technologies
Individual routing algorithm components in each and every router interact with each other in control plane to compute forwarding tables
RoutingAlgorithm
dataplane
controlplane
4.1 • OVERVIEW OF NETWORK LAYER 309
tables. In this example, a routing algorithm runs in each and every router and both forwarding and routing functions are contained within a router. As we’ll see in Sec-tions 5.3 and 5.4, the routing algorithm function in one router communicates with the routing algorithm function in other routers to compute the values for its forward-ing table. How is this communication performed? By exchanging routing messages containing routing information according to a routing protocol! We’ll cover routing algorithms and protocols in Sections 5.2 through 5.4.
The distinct and different purposes of the forwarding and routing functions can be further illustrated by considering the hypothetical (and unrealistic, but technically feasible) case of a network in which all forwarding tables are configured directly by human network operators physically present at the routers. In this case, no routing protocols would be required! Of course, the human operators would need to interact with each other to ensure that the forwarding tables were configured in such a way that packets reached their intended destinations. It’s also likely that human configu-ration would be more error-prone and much slower to respond to changes in the net-work topology than a routing protocol. We’re thus fortunate that all networks have both a forwarding and a routing function!
Values in arrivingpacket’s header
1
23
Local forwardingtable
header
0100011001111001
1101
3221
output
Control plane
Data plane
Routing algorithm
Figure 4.2 ♦ Routing algorithms determine values in forward tables
M04_KURO4140_07_SE_C04.indd 309 11/02/16 3:14 PM
Recall: logically centralized control plane
5c-4Network Technologies
A distinct (typically remote) controller interacts with local control agents (CAs) in routers to compute forwarding tables
dataplane
controlplane
Remote Controller
CA
CA CA CA CA
Software defined networking (SDN)
5c-5Network Technologies
Why a logically centralized control plane?q easier network management: avoid router
misconfigurations, greater flexibility of traffic flowsn table-based forwarding (OpenFlow API) allows
“programming” routersq centralized “programming” easier: compute tables
centrally and distributeq distributed “programming”: more difficult: compute
tables as result of distributed algorithm (protocol) implemented in each and every router
n open (non-proprietary) implementation of control plane
Analogy: mainframe to PC evolution*
5c-6Network Technologies
Vertically integratedClosed, proprietary
Slow innovationSmall industry
SpecializedOperatingSystem
SpecializedHardware
App
App
App
App
App
App
App
App
App
AppApp
SpecializedApplications
HorizontalOpen interfacesRapid innovationHuge industry
Microprocessor
Open Interface
Linux MacOS
Windows(OS) or or
Open Interface
* Slide courtesy: N. McKeown
Traffic engineering: difficult traditional routing
5c-7Network Technologies
Q: what if network operator wants u-to-z traffic to flow along uvwz, x-to-z traffic to flow xwyz?
A: need to define link weights so traffic routing algorithm computes routes accordingly (or need a new routing
algorithm)!Link weights are only control “knobs”: wrong!
22
13
1
1
2
53
5
v wu z
yx
Traffic engineering: difficult
5c-8Network Technologies
yx
wv
z2
21
3
1
1
2
53
5
u
v
x
w
y
z
Q: how to make w route blue and red traffic differently?
A: can’t do it (with destination based forwarding)
Traffic engineering: difficult
5c-9Network Technologies
Q: what if network operator wants to split u-to-z traffic along uvwz and uxyz (load balancing)?
A: can’t do it (or need a new routing algorithm)
22
13
1
1
2
53
5
v wu z
yx
Software defined networking (SDN)
5c-10Network Technologies
dataplane
controlplane
Remote Controller
CA
CA CA CA CA
1: generalized“ flow-based” forwarding (e.g., OpenFlow)
2. control, data plane separation
3. control plane functions external to data-plane switches
…4. programmable control applications
routing access control
loadbalance
SDN perspective: data plane switches
5c-11Network Technologies
Data plane switchesn fast, simple, commodity switches
implementing generalized data-plane forwarding (Section 4.4) in hardware
n switch flow table computed, installed by controller
n API for table-based switch control (e.g., OpenFlow)
q defines what is controllable and what is not
n protocol for communicating with controller (e.g., OpenFlow) data
plane
controlplane
SDN Controller(network operating system)
…routing
access control
loadbalance
southbound API
northbound API
SDN-controlled switches
network-control applications
SDN perspective: SDN controller
5c-12Network Technologies
SDN controller (network OS):
n maintain network state information
n interacts with network control applications “above” via northbound API
n interacts with network switches “below” via southbound API
n implemented as distributed system for performance, scalability, fault-tolerance, robustness
dataplane
controlplane
SDN Controller(network operating system)
…routing
access control
loadbalance
southbound API
northbound API
SDN-controlled switches
network-control applications
SDN perspective: control applications
5c-13Network Technologies
network-control apps:n “brains” of control: implement
control functions using lower-level services, API provided by SND controller
n unbundled: can be provided by 3rd party: distinct from routing vendor, or SDN controller
dataplane
controlplane
SDN Controller(network operating system)
…routing
access control
loadbalance
southbound API
northbound API
SDN-controlled switches
network-control applications
Components of SDN controller
5c-14Network Technologies
Network-wide distributed, robust state management
Communication to/from controlled devices
Link-state info switch infohost info
statistics flow tables…
…
OpenFlow SNMP…
network graph intent
RESTfulAPI
… Interface, abstractions for network control apps
SDNcontroller
routing access control
loadbalance
communication layer: communicate between SDN controller and controlled switches
Network-wide state management layer: state of networks links, switches, services: a distributed database
Interface layer to network control apps: abstractions API
OpenFlow protocol
5c-15Network Technologies
n operates between controller, switch
n TCP used to exchange messagesq optional encryption
n three classes of OpenFlow messages:q controller-to-switchq asynchronous (switch to
controller)q symmetric (misc)
OpenFlow Controller
OpenFlow: controller-to-switch messages
5c-16Network Technologies
Key controller-to-switch messagesn features: controller queries switch
features, switch replies
n configure: controller queries/sets switch configuration parameters
n modify-state: add, delete, modify flow entries in the OpenFlow tables
n packet-out: controller can send this packet out of specific switch port
OpenFlow Controller
OpenFlow: switch-to-controller messages
5c-17Network Technologies
Key switch-to-controller messagesn packet-in: transfer packet (and its control)
to controller. See packet-out message from controller
n flow-removed: flow table entry deleted at switch
n port status: inform controller of a change on a port.
Fortunately, network operators don’t “program” switches by creating/sending OpenFlow messages directly. Instead use higher-level abstraction at controller
OpenFlow Controller
SDN: control/data plane interaction example
5c-18Network Technologies
Link-state info switch infohost info
statistics flow tables…
…
OpenFlow SNMP…
network graph intent
RESTfulAPI
…
1
2
3
4
6
5
Dijkstra’s link-state Routing
s1s2
s3s4
S1, experiencing link failure using OpenFlow port status message to notify controller
1
SDN controller receives OpenFlow message, updates link status info
2
Dijkstra’s routing algorithm application has previously registered to be called when ever link status changes. It is called.
3
Dijkstra’s routing algorithm access network graph info, link state info in controller, computes new routes
4
SDN: control/data plane interaction example
5c-19Network Technologies
Link-state info switch infohost info
statistics flow tables…
…
OpenFlow SNMP…
network graph intent
RESTfulAPI
…
1
2
3
4
6
5
Dijkstra’s link-state Routing
s1s2
s3s4
link state routing app interacts with flow-table-computation component in SDN controller, which computes new flow tables needed
5
Controller uses OpenFlow to install new tables in switches that need updating
6
OpenDaylight (ODL) controller
5c-20Network Technologies
topologymanager
Basic Network Service Functions
REST API
OpenFlow 1.0… SNMP OVSDB
forwardingmanager
switchmanager
hostmanager
statsmanager
Network service apps
Service Abstraction Layer (SAL)
AccessControl
TrafficEngineering
… n ODL Lithium
controller
n network apps may be contained within, or be external to SDN controller
n Service Abstraction Layer: interconnects internal, external applications and services
ONOS controller
5c-21Network Technologies
Network control apps
…
REST API
ONOSdistributed core
southbound abstractions,protocolsOpenFlow Netconf OVSDB
device link host flow packet
northbound abstractions,protocolsIntent
statisticsdevices
hosts
links
paths flow rules topology
n control apps separate from controller
n intent framework: high-level specification of service: what rather than how
n considerable emphasis on distributed core: service reliability, replication performance scaling
SDN: selected challenges
5c-22Network Technologies
n hardening the control plane: dependable, reliable, performance-scalable, secure distributed systemq robustness to failures: leverage strong theory of
reliable distributed system for control planeq dependability, security: “baked in” from day one?
n networks, protocols meeting mission-specific requirementsq e.g., real-time, ultra-reliable, ultra-secure
n Internet-scaling
Network management & SNMP
5c-23Network Technologies
n autonomous systems (aka “network”): 1000s ofinteracting hardware/software components
n other complex systems requiring monitoring, control:q jet airplaneq nuclear power plantq others?
"Network management includes the deployment, integration and coordination of the hardware, software, and human elements to monitor, test, poll, configure, analyze, evaluate, and control the network and element resources to meet the real-time, operational performance, and Quality of Service requirements at a reasonable cost."
Infrastructure for network management
5c-24Network Technologies
managed devicemanaged device
managed device
managed device
definitions:
managed devicescontain managed
objects whose data is gathered into a
Management Information Base
(MIB)
managingentity data
managing entity
agent data
agent data
networkmanagement
protocol
managed device
agent data
agent data
agent data
SNMP protocol
5c-25Network Technologies
Two ways to convey MIB info, commands:
agent data
managed device
managingentity
agent data
managed device
managingentity
trap msgrequest
request/response mode trap mode
response
SNMP protocol: message types
5c-26Network Technologies
GetRequestGetNextRequestGetBulkRequest
manager-to-agent: “get me data”(data instance, next data in list, block of data)
Message type Function
InformRequest manager-to-manager: here’s MIB value
SetRequest manager-to-agent: set MIB value
Response Agent-to-manager: value, response to Request
Trap Agent-to-manager: inform managerof exceptional event
SNMP protocol: message formats
5c-27Network Technologies
….PDUtype(0-3)
RequestID
ErrorStatus(0-5)
ErrorIndex Name Value Name Value
….PDUtype4
Enterprise AgentAddr
TrapType(0-7)
Specificcode
Timestamp Name Value
Get/set header Variables to get/set
Trap header Trap info
SNMP PDU
More on network management: see earlier editions of text!
Network Layer Control Plane: summary
5c-28Network Technologies
we’ve learned a lot!n approaches to network control plane
q per-router distributed control (traditional)q logically centralized control (SDN)
n Distributed routing algorithmsq Intra-domain: distance vector (RIP) and link-state (OSPF)q Inter-domain: BGP
n Centralized control:q SDN use-cases: traffic engineering, resilience, security, …q Switch interaction and standardization (OpenFlow)q Controller platforms (ODL, ONOS) and applications
n Network management and visibility: ICMP, SNMP