1

Problems and Solutions in Enterprise Network Control:Motivations for a 4D Architecture

David A. MaltzMicrosoft Research

Joint work with

Albert Greenberg, Gisli HjalmtyssonAndy Myers, Jennifer Rexford, Geoffrey Xie,

Hong Yan, Jibin Zhan, Hui Zhang

2

Isolation, VLANs, and the Spaghetti that Results

• Network designers want to deal in groups

– Collect users/host into group

– Measure, restrict/permit, QoS, a group’s traffic• Routing designs to do this are horribly

complicated

– VLANs

– Clever IP address assignment

– Packet filters everywhere

Let the designers configure policy in terms of groups• Shouldn’t have to worry about L2/L3 etc.

3

Device Configuration is a Nightmare

interface Ethernet0

ip address 6.2.5.14 255.255.255.128

interface Serial1/0.5 point-to-point

ip address 6.2.2.85 255.255.255.252

ip access-group 143 in

frame-relay interface-dlci 28

router ospf 64

redistribute connected subnets

redistribute bgp 64780 metric 1 subnets

network 66.251.75.128 0.0.0.127 area 0router bgp 64780 redistribute ospf 64 match route-map 8aTzlvBrbaW neighbor 66.253.160.68 remote-as 12762 neighbor 66.253.160.68 distribute-list 4 in

access-list 143 deny 1.1.0.0/16access-list 143 permit anyroute-map 8aTzlvBrbaW deny 10 match ip address 4route-map 8aTzlvBrbaW permit 20 match ip address 7ip route 10.2.2.1/16 10.2.1.7

4

Device Configuration is a Nightmare

• Thousands of lines of configuration• Make a configuration mistake, router becomes

unreachable over the network

Want zero device-specific configuration

5

Network Designers Want “Simple” Things(But Achieving Them is Incredibly Hard)

Data Center Infrastructure

Servers

6

Network Designers Want “Simple” Things(But Achieving Them is Incredibly Hard)

Support customized responses• Enable designers to express desired

behaviors

7

Embrace Heterogeneity or Die!

• No two router versions have the same capabilities

– That’s why they have different version #s• Device vendors add features to differentiate their products

– No one wants to be made a commodity

Management/control systems that treat devices as generic are doomed to be stillborn

• Must make use of new features that vendors innovate• Common format for configuration state - okay• One-size-fits all logic computing that state – not okay

8

Good Abstractions Reduce Complexity

All decision making logic lifted out of control plane• Routers no longer run routing protocols• Dissemination plane provides robust

communication to/from data plane switches

ManagementPlane

Control Plane

Data Plane

DecisionPlane

Dissemination

Data Plane

Configs

FIBs, ACLs FIBs, ACLs

9

A Clean-Slate Approach: The 4D Architecture

Routing Table Access Control Table NAT Table Tunnel Table

Decision Plane

Generating table entries

Data Plane

Modeled as a set of tables

Install table entries

Discovery Plane

Dissemination Plane

10

Using the 4D Architecture

• Install a security key on each device• Connect them together• Connect Decision Elements

Example network with 49 switches and 5 DEs

11

Does it work? Yes.

• 4D designed so performance can be predicted

• Recovers from single link failure in < 120 ms– < 1 s response considered “excellent”– Faster forwarding reconvergence possible

• Survives failure of master Decision Element – New DE takes control within 170 ms– No disruption unless second fault occurs

• Gracefully handles complete network partitions– Less than 170 ms of outage– At no point did two DEs attempt to master the same

switch

12

4D Enables Customized Decision Logic

• Example also illustrates the 4D controlling both L2 and L3 (Ethernet and IP)

13

Tying the Hosts and Users Back Into the Network

• 4D gets us back to every Ethernet jack on the wall is the same– Now how to differentiate them based on what

user/hosts connects?Extend 4D into the hosts (a little bit)• 4D creates paths between newly connected hosts

and authentication server (DHCP/DC/BRAS)• Hosts bootstrap, users login• Discovery Plane finds the new host• Routes pushed to switches• DNS/printer/IPSEC policies/etc pushed to host

14

4D as the Framework for Network Control (?)

• Decision Plane must be modular/extensible– Isolation: each group specifies the decision logic used

to control traffic among the group– Device heterogeneity: vendor ships decision logic that

leverages their cool new feature along with the router

Grand Vision: 4D must arbitrate access to resources• Different decision logics may output conflicting state• The operating system for the network

Step 1: 4D is the easiest framework in which to implement cool routing/control ideas

• What Click did for routers, 4D should do for the network

15

Backup Slides

16

17

18

Simple Questions

• Should switches/routers be in the same address space as end hosts?

– End hosts hack into routers? • Communication channel for control and

management

– Operational when data channel fails?

19

Routers Serve Different Functions