ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... •...
Transcript of ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... •...
![Page 1: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/1.jpg)
ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION(AND INTEGRATION OF COMPUTE AND STORAGE)
Eric BoydSenior Director, Strategic Projects, Internet2Ed BalasManager, Software Engineering, Indiana University
![Page 2: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/2.jpg)
October 8, 2013 © 2013 Internet2[ 2 ]2 – 10/8/2013, © 2012 Internet2
2 – © 2012 Internet2
Unleashing new waves of global discovery, together.
![Page 3: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/3.jpg)
3 – 10/8/2013, © 2012 Internet2
Advanced Layer2 Service Deployment
Sunnyvale
Los Angeles
Salt Lake City
Denver
Tulsa
HoustonHardy
Kansas City
Chicago600W
Chicago710NLSD
Cleveland New York32AoA
McLean
Raleigh
Atlanta
Jacksonville
PortlandMinneapolis
Pittsburgh
Boston
Jackson
Columbia
Seattle
Phoenix
Albany
Ashburn
Philadelphia
Charlotte
HoustonN I-45
IP Node
AL2S-IP Interconnect
AL2S Node
100G AL2S Backbone
![Page 4: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/4.jpg)
This is what we have been able to say for about a year:The 100G testbed of innovation for tomorrow’s Internet is available nationwide, right now.
![Page 5: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/5.jpg)
Does this create a platform for innovation?Abundant bandwidth to enable innovation?Programmability to encourage application innovation?Support data intensive science?
![Page 6: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/6.jpg)
Does this create a platform for innovation?Abundant bandwidth to enable innovation? Programmability to encourage application innovation? Support data intensive science?
![Page 7: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/7.jpg)
Does this create a platform for innovation?Abundant bandwidth to enable innovation? Programmability to encourage application innovation? Support data intensive science?
TODAY
![Page 8: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/8.jpg)
Does this create a platform for innovation?Abundant bandwidth to enable innovation? Software‐defined networking substrate? Support data intensive science? Virtualization? ☐Integrate network with compute and storage? ☐
TOMORROW
![Page 9: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/9.jpg)
Does this create a platform for innovation?Abundant bandwidth to enable innovation? Software‐defined networking substrate? Support data intensive science? Virtualization? ☐Integrate network with compute and storage? ☐
TOMORROW
![Page 10: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/10.jpg)
• We have a great deal of innovation, experimentation, and deployment in areas such as:– 100G networking around the globe– Software‐defined networking– Enabling big science flows
• We need understand the various approaches to:– Network Virtualization– Integration with compute and storage
• Questions to ponder:– Does the GLIF community need a common approach to network
virtualization?– Does the GLIF community need an integrated approach to network
virtualization?– More importantly: How does the networking community integrate
itself into the compute and storage community?
So what does this mean for GLIF Tech?
![Page 11: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/11.jpg)
11 – © 2013 Internet2
GOLDGOLD
SILVERSILVER
BRONZEBRONZE
2013 Internet2 Innovative Application Awards2013 Internet2 Innovative Application Awards
![Page 12: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/12.jpg)
12 – © 2013 Internet2
GOLDGOLD
SILVERSILVER
BRONZEBRONZE
2013 Internet2 Innovative Application Awards2013 Internet2 Innovative Application Awards
Projects include:Video streamingBGP routing over OpenFlowSDN for Exchange PointsGENI integration
![Page 13: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/13.jpg)
13 – 10/8/2013, © 2013 Internet2
• We’ve had virtualization of storage and servers for quite some time
• How to define Network Virtualization?
• “Virtualization is the core principle in overlays, both allowing nodes to treat an overlay as if it were the native network, and allowing multiple overlays to simultaneously use the same underlying overlay infrastructure.” (2004 – Anderson, Peterson, Shenker, Turner)
![Page 14: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/14.jpg)
14 – 10/8/2013, © 2013 Internet2
• So what does that mean in a practical sense?• Decouple control plane from data plane
• Enable multiple virtual control planes on a common physical data plane
![Page 15: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/15.jpg)
15 – 10/8/2013, © 2013 Internet2
• Internet2 in partnership with Indiana University has been building / deploying an architecture to support network virtualization• Provide network multi‐tenancy at Layer 2 and Layer 3
• Enforce non‐overlapping Layer 2 tag‐based flowspace• Experiment Foo can use VLAN tag range 1‐200 (a sliver)
• Experiment Bar can use VLAN tag range 201‐400 (a sliver)
![Page 16: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/16.jpg)
16 – 10/8/2013, © 2013 Internet2
• How to implement virtualization?• First we looked at Flowvisor• Then we realized we needed something slightly different … Flowspace Firewall
![Page 17: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/17.jpg)
Current Configuration
OpenFlowOpenFlow
OpenFlow
OESSOSCARS
NSI
OESS U
I
Exp App
Exp App
OE
SS
AP
I
OS
CAR
S API
NSI Proto
IDCP Proto
OpenFlow Switch OpenFlow Switch OpenFlow Switch
Exp App
OE
SS
AP
I
OpenFlow Controllers
Other Key Components
OpenFlow Switch
Key
Programmable Interface
![Page 18: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/18.jpg)
Early Q4 2013AL2S Software Stack
FOA
M
OESS API
OpenFlowOpenFlow
OpenFlow
OESSOSCARS
NSI
OESS U
I
Exp App
Exp App
OE
SS
AP
I
OS
CA
RS
AP
I
NSI Proto
IDCP Proto
OpenFlow Switch OpenFlow Switch OpenFlow Switch
Exp App
OE
SS
AP
I
OpenFlow Controllers
Other Key Components
OpenFlow Switch
Key
Programmable Interface
![Page 19: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/19.jpg)
Late Q4 2013AL2S Software Stack
FlowSpaceFirewall
OpenFlow
OpenFlow OpenFlow OpenFlow
API
FOA
M
OESS API OESSOSCARS
NSI
OESS U
I
Exp App
Exp App
OE
SS
AP
I
OS
CA
RS
AP
I
NSI Proto
IDCP Proto
OpenFlow Switch OpenFlow Switch OpenFlow Switch
Exp App
OE
SS
AP
I
OpenFlow Controllers
Other Key Components
OpenFlow Switch
Key
Programmable Interface
![Page 20: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/20.jpg)
Q1 Early 2014AL2S Software StackExp O
F App
OpenFlow
FlowSpaceFirewall
OpenFlow
OpenFlow OpenFlow OpenFlow
API
FOA
M
OESS API OESSOSCARS
NSI
OESS U
I
Exp App
Exp App
OE
SS
AP
I
OS
CA
RS
AP
I
NSI Proto
IDCP Proto
OpenFlow Switch OpenFlow Switch OpenFlow Switch
Exp App
OE
SS
AP
I
OpenFlow Controllers
Other Key Components
OpenFlow Switch
Key
Programmable Interface
![Page 21: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/21.jpg)
Q1 Late 2014AL2S Software Stack
FlowVisor
OpenFlow
Exp OF A
pp
OpenFlow
API
Exp OF A
pp
OpenFlow
FlowSpaceFirewall
OpenFlow
OpenFlow OpenFlow OpenFlow
API
FOA
M
OESS API OESSOSCARS
NSI
OESS U
I
Exp App
Exp App
OE
SS
AP
I
OS
CA
RS
AP
I
NSI Proto
IDCP Proto
OpenFlow Switch OpenFlow Switch OpenFlow Switch
Exp App
OE
SS
AP
I
OpenFlow Controllers
Other Key Components
OpenFlow Switch
Key
Programmable Interface
![Page 22: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/22.jpg)
• Does not support VLAN Tag range‐based policy– need 1 policy for every tag on every port in a flowspace
• ~ 1 million policy rules for the AL2S network – 28 switches, 10ports each, 4096 policies per port
• Unable to load this many rules in a acceptable time– Non‐linear
FlowVisor Performance Issues
![Page 23: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/23.jpg)
• Policy defined using port numbers not names– Port numbers on some systems are ephemeral– Difficult for humans to parse
• Policy defined using DPID vs symbolic name– DPID on some systems is ephemeral – Difficult for humans to parse
FlowVisor Usability Issues
rule 6182: FlowEntry[dpid=[00:00:00:a0:a5:7a:d7:34],ruleMatch=[OFMatch[in_port=59590,dl_vlan=4092]],actionsList=[Slice:nddi=7],id=[7200],priority=[10],]rule 6183: FlowEntry[dpid=[00:00:00:a0:a5:7a:d7:34],ruleMatch=[OFMatch[in_port=59590,dl_vlan=4093]],actionsList=[Slice:nddi=7],id=[7201],priority=[10],]rule 6184: FlowEntry[dpid=[00:00:00:a0:a5:7a:d7:34],ruleMatch=[OFMatch[in_port=59590,dl_vlan=4094]],actionsList=[Slice:nddi=7],id=[7202],priority=[10],]
![Page 24: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/24.jpg)
• FlowVisor was designed to provide Flowspace translation• Translating VLAN tags requires a 1 to 1 mapping
– Architectural issues behind this• For AL2S we are more interested in protection than translation• We need a firewall to keep an OpenFlow application within its
defined slice. Slice isolation is essential.• After working with OnLab, we came to agreement that a separate
application would be the most expedient path to resolve• We need a FlowSpace Firewall.
Looking beyond FlowVisor
![Page 25: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/25.jpg)
• Simple VLAN Tag based flowspace firewall / proxy• Policy definition and enforcement support range operations
– < 1,000 policies to support 3 slices using the entire flowspace• Per slice total rule limits• Per slice per switch flow modification rate limits (planned)• Built upon FloodLight• Designed for production use.
Developed by Internet2 with GlobalNOC Software Engineering
FlowSpace Firewall
![Page 26: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/26.jpg)
FlowSpace Firewall Config Example<flowspace_firewall>
<switch name="foo" dpid="5" flush_rules_on_connect="false" /><switch name="foo1" dpid="2" flush_rules_on_connect="false" /><switch name="foo2" dpid="3" flush_rules_on_connect="false" /><switch name="foo3" dpid="4" flush_rules_on_connect="false" />
<slice name="OESS1”><switch name="foo" max_flows="10" flow_rate="1"><port name="s5-eth1"><range start="1" end="2000"/>
</port><port name="s5-eth2">
<range start="1" end="2000" /></port>
</switch>
<controller ip_address="140.182.45.45" ssl="false" port="6633" />
</slice></flowspace_firewall>
Symbolic names reduce policy churnSymbolic names reduce policy churn
limits protect networklimits protect network
Range expression for sanityRange expression for sanity
![Page 27: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/27.jpg)
DEMO …
![Page 28: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/28.jpg)
Does this create a platform for innovation?Abundant bandwidth to enable innovation? Software‐defined networking substrate? Support data intensive science? Virtualization? In progressIntegrate network with compute and storage? ☐ Next step
![Page 29: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/29.jpg)
• We have a great deal of innovation, experimentation, and deployment in areas such as:– 100G networking around the globe– Software‐defined networking– Enabling big science flows
• We need understand the various approaches to:– Network Virtualization– Integration with compute and storage
• Questions to ponder:– Does the GLIF community need a common approach to network
virtualization?– Does the GLIF community need an integrated approach to network
virtualization?– More importantly: How does the networking community integrate
itself into the compute and storage community?
So what does this mean for GLIF Tech?
![Page 30: ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION … · Kansas City Chicago 600W Chicago ... • Experiment Foo can use VLAN ... ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION](https://reader034.fdocuments.in/reader034/viewer/2022051801/5ad8e4e67f8b9a9d5c8de1b5/html5/thumbnails/30.jpg)
ENABLING INNOVATION THROUGH NETWORK VIRTUALIZATION(AND INTEGRATION OF COMPUTE AND STORAGE)
Eric BoydSenior Director, Strategic Projects, Internet2Ed BalasManager, Software Engineering, Indiana University
Thank you. For more information, visit http://www.internet2.eduor e‐mail [email protected]
30 – 10/8/2013, © 2012 Internet2