Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3:...
Transcript of Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3:...
![Page 1: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/1.jpg)
Jeronimo BezerraFloridaInternationalUniversity
Internet2GlobalSummitWashingtonDC,Apr26th 2017
Inter-domainSDNDataPlaneValidation:NextStepsatAmLight
MarcosSchwarzRede Nacional deEnsino ePesquisa
![Page 2: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/2.jpg)
Outline• IntroducingAmLight• TroubleshootingproductionSDNnetworks• TroubleshootingtheDataPlane• Inter-DomainTracingProtocol• FutureWork• IntroducingtheAmLightSDNTrace app• Inter-Domainscreenshots
2
![Page 3: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/3.jpg)
AmLightisaDistributedAcademicExchangePoint• Production SDNInfrastructuresinceAug2014• ResponsiblefortheSouthAmericaacademicconnectivity• CarriesAcademicandNon-Academic/Commercialtraffic
– L2VPN,IPv4,IPv6,Multicast
• SupportsNetworkProgrammability/Slicing– OpenFlow 1.0– FlowSpaceFirewallforNetworkProgrammability/Slicing– OGFNetworkServiceInterface(NSI)enabled
• Currently,operatingwithmorethan1kflows(productionandexperimentation)• Website:www.sdn.amlight.net
WiththeSDNdeployment,everythingchanged….
3
![Page 4: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/4.jpg)
Troubleshootingaproduction SDNnetwork
• Troubleshootingaproductionenvironmenthasdifferentrequirements– Itneedstobeagileandleastdisruptiveaspossible– Itmightneedhistoricalinformationandunderstandingoftrafficgoingthroughthenetwork– Toolshavetobehandy!
• Legacytroubleshootingtoolsarepartiallyusefulorcompletelyuseless– OAM(Operation,AdministrationandMaintenance)isnotsupportedbyOpenFlow(yet)– Ping,traceroute,SNMP,Wireshark/Tcpdump arenotmadeforOpenFlownetworks
• Deepknowledgeofthehardwareandsoftwareplatformisrequired:– Usageofthe”hidden”commandsbecomespartofyourroutine
4
![Page 5: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/5.jpg)
TroubleshootingDataPlane?
• Insomecases,everythinglooksfine,buttrafficisnotflowing• Examplesofdataplaneblackholes:
– Aspecificlinecardorinterfacediscardingalltraffic• Duetoaninterfacememoryissue,flowsareinstalledbuttrafficisdiscarded
– InterfacedowninonesidebutupintheremoteandtheSDNappdoesn’tunderstandthat• Forinstance:10GLAN-PHY,Ethernetcircuitsand100Glonghaulcircuits• Inthiscase,dependingoftheside,theSDNappinstallsthecircuitspointingtotheaffectedlink,discardingalltraffic
– Aspecificinstalledflowentrycrashed• Duetoaninterfacememoryissue,onespecificflowisaffectedandtrafficisdiscarded• DependingofthenumberofOpenFlowswitchesandflowentries,findingtheproblemmightbeextremelytime-
consuming
• Inthesecases,in-bandtestsarerequired:– JustaveryfewSDNappstestin-bandperlink– NoSDNappstestin-bandperflow
5
![Page 6: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/6.jpg)
DataPlaneMonitoring• Monitoringindividualflowsisimportantbutextremely
expensive– Beingproactivewithallflowsisdesiredbuttheintervalbetween
testsandnumberofflowsneedtobetakenintoconsideration– Usingareactiveapproachisthebestsuggestion
• Userswon’tbehappy,butyourswitcheswon’tcrash
• Approachestovalidateusers’flowsarebeingproposed:”SDNtraceroute:TracingSDNForwardingwithoutChangingNetworkBehavior””Multi-protocolNetworkTroubleshootingwithPathtrace protocol”
• AmLight’sdeveloped asolution to traceusers’flows:SDNTrace
6
ApplicationLayer
Forwarding Device
OESS ONOS/SDN-IP
OpenFlow 1.0
Forwarding Device
Forwarding Device
Forwarding Device
FlowSpace Firewall
OpenFlow 1.0
User AUser A User BUser B
Testbed
Monitoring User Flows: SDNTrace
![Page 7: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/7.jpg)
But,waitaminute!Whataboutcircuitsthatspansmultipledomains?
![Page 8: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/8.jpg)
Inter-domainDataPlaneTroubleshooting• Multi-domainvirtualcircuitsaresubjecttoproblemsineachdomaintheytransverse• Issuesonlinkspeeringtwodomainsareevenmoredifficulttodetectandtroubleshoot:
– MultipleNOCs,configurationinconsistencies,devicesmalfunction,unpredictedtopologychanges
• Thelegacyway:manuallyaddanIPtoeachswitchinthepath,pingeachswitchuntilyouisolatetheissue– WhataboutSDN?Youdon’teasilyaddanIPtoanOpenFlowswitch!– Lackofinter-domaintools,currenteffortsmainlyonintra-domain
• Recentexperience:– Twousers(BrazilandUK)– Fivedomainsinthepath,includingtwoOpenFlow-based(AmLightandInternet2)– 22days&45e-mailstorestoreasingleVLAN!
• Thenwedecidedtoworkonthisproblem… 8
![Page 9: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/9.jpg)
• Aninter-domain SDNdataplanetroubleshootingsolutionwascreatedwiththefollowinginitialrequirements:• UsershouldnotneedtoknowthenetworktopologyorunderstandOpenFlow,justlikea
traditionaltraceroute• Eachdomaininthepathshouldbeabletohavedifferentprivacypolicies• Thesolutionshouldnotrequiretopologyortechnologychanges,justafewOpenFlowentries
• Optional:• Theinter-domaintraceprotocolshouldbeflexibleenoughtosupportdifferent solutions ofpath
trace
9
Requirementsforaninter-domaintroubleshootingsolution
![Page 10: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/10.jpg)
• Step1:Contractestablishedbetweenneighbordomainswiththe"color"ofthepeeringswitches.
• Step2:EachControllerPushesthe”colored”flowstothepeeringswitches
10
Howdoesitwork?(1)– SimpleVersion
Peering configuration between A and B
IP address type remote label/color interface
a.b.c.d:443 tracepath domainA:switchA2 dl_src:111 p2
w.x.y.z:443 tracepath domainB:switchB1 dl_src:110 p1
![Page 11: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/11.jpg)
Afteratracerequest:Step3:”ControllerA” usesthecontractandsendsaprobematchingtheneighbor’s switch”color”Step4:Switch”A2” matchestheprobewiththeinter-domainflowentryandforwarditto”B1”Step5:Switch”B1”matchesthe probe with the ”colored”flow and sends the probe to ”Controller B”Step7:ControllerBreports<”domain B”,”switchB1”,”port 1”>toControllerAStep8:ControllerAforwardsthereporttotheuser
StepN:DomainBcontinuestheintra-domaintracetilltheendofitsdomain.Ifthereisa"DomainC”forsuchusercircuit,processcontinuesinthenextdomain. 11
![Page 12: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/12.jpg)
12
Howdoesitwork?(3)– FullVersion
![Page 13: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/13.jpg)
AmLightSDNTrace
• DoesnotchangeuserflowentriesATALL• Lightweight(2-4flowentriesneededper
sw)• WorkswithOpenFlow1.0and1.3• BasedonRyu SDNframework• Traceflows fromdifferent SDNapplications• TraceUserFlows based onLayer 2,Layer 3
ormixoflayers• SupportsInter-domainTracing• Betacode:
http://github.com/amlight/SDNTrace13
![Page 14: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/14.jpg)
14
SDNTrace running– Demo
![Page 15: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/15.jpg)
15
Screenshots– TracefromRNP(left)toCLARA(right)
RNP CLARA
![Page 16: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/16.jpg)
16
Screenshots– TracefromCLARA(right)toRNP(left)
RNP CLARA
![Page 17: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/17.jpg)
Future• ExpandthesolutiontousetheNetworkServiceInterface(NSI)protocol
• NSIprovidesmodelsfordescribingnetworkservices andenablestheuseofsharedresourcesthroughsecureandreliable sessionsforcommunicationbetweendomains
• UsedbyGLIFAutoGOLE communityforinter-domainL2circuitsprovisioning• Supportsauthenticationandencryption• NSIcanbeusedtoenforcethe”peeringcontract” andtransportcommunicationbetween
controllers
• DeployatAMPATH,AmLight,SouthernLight,ANSPandRNPin2017
• Evolvetoamorecomplexsolutionwithalarms/triggers,etc.
17
![Page 18: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/18.jpg)
Internet2GlobalSummitWashingtonDC,Apr26th 2017
AmLight’s DevelopmentTeam:• ANSP– AcademicNetworkofSaoPaulo:
• AntonioFrancisco• JorgeMarcos• Rogerio Motitsuki
• RNP– Rede Nacional deEnsino ePesquisa• MarcosSchwarz
• FIU– FloridaInternationalUniversity• Jeronimo Bezerra
ThankYou!
Questions?
![Page 19: Inter-domain SDN Data Plane Validation: Next Steps at AmLight€¦ · 21/04/2017 · Step 3: ”Controller A” uses the contract and sends a probe matching the neighbor’s switch](https://reader034.fdocuments.in/reader034/viewer/2022051811/601fbdbf06374e369573a297/html5/thumbnails/19.jpg)
Agarwal,Kanak,etal."SDNtraceroute:TracingSDNforwardingwithoutchangingnetworkbehavior."ProceedingsofthethirdworkshoponHottopicsinsoftwaredefinednetworking.ACM,2014.
http://groups.geni.net/geni/wiki/GEC24Agenda/EveningDemoSession#Multi-protocolNetworkTroubleshootingwithPathtraceprotocol
References