© 2005 Caspian. Caspian Confidential Next Generation Internet Architectures: Emerging Trends,...
-
Upload
valentine-hutchinson -
Category
Documents
-
view
212 -
download
0
Transcript of © 2005 Caspian. Caspian Confidential Next Generation Internet Architectures: Emerging Trends,...
© 2005 Caspian. Caspian Confidential
Next Generation Internet Architectures: Emerging
Trends, Challenges and Solutions
Dr. Riad Hartani
Chief Architect, Caspian
Bangkok, May 4th 2006
© 2005 Caspian. Caspian Confidential
Agenda
• IPv6: Where are we today…Briefly !
• Emerging Networks Trends and Implications
• Evolution of IPv6 Router Architectures
• Benefits and Applications
• Q&A
© 2005 Caspian. Caspian Confidential
IPv6 Networks: State of the Art
• Motivations for IPv6 well understood
- Addressing space, routing hierarchy, dynamic configuration, security, mobility
- Popularity of P2P and Multimedia services
• Protocol specifications largely finalized
- IETF specifications for IPv6 migration ready
- Interoperability demonstrated, major router/application vendors support
• Ongoing network/services deployments
- Aggressive deployment in the Far East, Semi-aggressive deployments in Europe, Slow deployments in America, mainly government/federal driven
- Consumer electronics, computing industries (grid/collaborative networking) and retail industries driving applications developments
© 2005 Caspian. Caspian Confidential
Network Trends and Challenges
• FACTS:
- Services and network convergence accelerating – Internet Protocol based- Towards an always on ubiquitous broadband connectivity (DSL, FTTH, Wifi, Wimax,
etc.)
• TRENDS:
- From centralized to distributed information models (P2P content distribution, grid computing, etc.)
- Emergence of overlay service providers (e.g. Skype, etc.) – Disruptive competitive landscape
- Shift from geography specific competition to global competition (e.g. Google, Yahoo, Microsoft, etc.)
© 2005 Caspian. Caspian Confidential
Networks Trends and Challenges
• CHALLENGES:
- Challenge 1: How to improve Internet (node and network levels) traffic control & oversubscription dimensioning ?
- Challenge 2: How to delivery QoS with low OPEX, in fixed/mobile environments ?
- Challenge 3: How to secure / protect the infrastructure ?
• CONSTRAINTS:
- Constraint 1: No change to IP / MPLS protocols
- Constraint 2: No change to principles that made the Internet successful
© 2005 Caspian. Caspian Confidential
IPv6 Routers Architecture Evolution
IP/MPLS
-Deterministic QoS -Deterministic routing
DPI Appliances
- Traffic Analysis- Stateful processing
Architectural Principles
- Evolution towards traffic aware QoS, traffic control and routing- Evolution towards behavioral models, optimal for Privacy, Application
Agnostic, Neutrality, Encryption, Privacy, etc.- Leverage TCP/UDP/IP inherent characteristics
© 2005 Caspian. Caspian Confidential
Conventional vs. Stateful IPv6 Routing Architectures
RAM RAM
Route Each Packet
Queue (Class) & Forward
RAM RAM
Sw
itch
Fab
ricConventional Forwarding/Routing
1. Forwarding each packet
2. Switch to output
3. Class-based QoS
RAM RAM
Hash, Lookup State, Route, Store, WFQ/Flow, Switch
RAM RAM
Lookup State, Store, and WFQ/Flow
Flow-based Forwarding/Routing
1. Hash for flow identification• 2M flows/s and 6M flows per 10 Gig• Flexible definition of flows: IP flows,
Pseudo-WireoMPLS flows, IPoMPLS flows
2. Create “soft” state or look up• Route, switch, filters, stats
3. Per-flow QoS behavior• Leverage flow state for advanced QoS• Shape, police, CAC, congestion control
Sw
itch
ing
N
etw
ork
© 2005 Caspian. Caspian Confidential
Flow Aware Traffic Management Principles
• Per Flow Actions / Controls- Generic actions based on traffic control principles
- Specific actions based on specific network services
Dynamic Flow/Aggregate Identification
Per-Flow Traffic Control
• Identification Methods
- Function of network service- Function of traffic control business case
© 2005 Caspian. Caspian Confidential
Flow Aware Architecture Benefits
• Customized congestion/resources control schemes for Video/Voice/P2P/Wireless traffic
• Advanced application level QoS (Shaping/Policing/CAC) guarantees
• Preventive DDOS security models
• Others: Traffic aware routing, Dynamic services diagnostic, Lawful intercept, etc.
State Intelligence Improved nodal behavior Enhanced network services at lower cost
State Intelligence Improved nodal behavior Enhanced network services at lower cost
© 2005 Caspian. Caspian Confidential
Example: IPv6 Dynamic Flow Identification & Customized Congestion Management
Unknown Traffic
• Browsing
• Streaming
• Voice/Video over IP
• Some P2P (skype, small transfers, etc)
• Small web downloads
• Large FTP Transfers
• Some P2P (large transfers)
•Flow routers leverage state information to characterize traffic flows - Can enforce specified congestion control policies- (responsive vs. unresponsive, high rate vs. low rate, short lived vs. long lived, P2P
vs. web, “legal” vs. “illegal” content )
Non-interactive Traffic
• Large FTP Transfers
• Some P2P (large transfers)
Interactive Traffic
• Browsing
• Streaming
• Voice/Video over IP
• Some P2P (skype, small transfers, etc)
• Small web downloads
© 2005 Caspian. Caspian Confidential
Example: IPv6 Flow-aware Connection Admission Control
Port New flows CACed Preserves integrity of existing
flows, no performance degradation
Enables ON/OFF service model
Port
With CAC
Without CAC
New UDP/TCP flows rejected
All flows allowed into a class wRED on class congestion Many flows affected - poor service
lack of determinism
© 2005 Caspian. Caspian Confidential
Example: IPv6 Flow-based Shaping/Policing
Port Shaping aims at changing characteristics
of input stream to produce an output stream with required characteristics
• Benefits for the end users, and
• For the downstream network
Policing aims at enforcing traffic contracts
Flow routing allows shaping and policing of desired flows
Flows are shaped/policed based on requirements
© 2005 Caspian. Caspian Confidential
Example: IPv6 Flow Graduation Application
Control Traffic Class
Video & Voice over IP Class
Virtual Leased Line Class
Unknown Traffic Class
(Default)
Non Interactive Traffic Class
BGP, IS-IS, OSPF Flows
VoIP and VIDoIP Flows
Corporate Flows
Unknown Flows
Flows dynamically thresholds are graduated to a different class, policy routed or mirrored
Dynamic Traffic Aware Management, Routing
Dynamic Traffic Aware Management, Routing
© 2005 Caspian. Caspian Confidential
Example: IPv6 Covert Intercept
67% P2P
17% TCP
11% HTTP4% Video
1% VoIP
• VoIP hides in Internet
• Which links to monitor?
• HTTP & random ports used
Explicit Identification and analysis of Traffic
Dynamic Re-routing of traffic
Explicit Identification and analysis of Traffic
Dynamic Re-routing of traffic
© 2005 Caspian. Caspian Confidential
• Put in specific focal points for DOS attacks
• Detect anomalies in traffic flows, online
• Raise alarms to operator for immediate investigation
• Fast, inexpensive way to detect attack before customer is impacted
Example: Flow-based DDOS Prevention in IPv6
Other Carrier Network
Other Carrier Network
ISP
Dynamic Security ModelsDynamic Security Models
© 2005 Caspian. Caspian Confidential
Conclusions
• Gradual migration from IPv4 to IPv6 with long term co-existence of IPv4 and IPv6
• Deployment of IPv6 networks required to satisfy evolving network/service architecture models
• Stateful IPv6 routers nodal behavior, fully interoperable with existing technologies – a new resources management model, QoS and security architectures
• Enhances value proposition & ROI of migration to IPv6