Toward Transitional SDN Deployment in Enterprise Networks
description
Transcript of Toward Transitional SDN Deployment in Enterprise Networks
Toward Transitional SDN Deployment in Enterprise Networks
Marco Canini
withDan Levin, Stefan Schmid, Anja Feldmann
TU Berlin / Telekom Innovation Labs
Motivation
GOAL: Help SDN succeed!
I♥ SDN
The SDN Deployment Problem
A real large-scale campus network
UPGRADE
FullSDN
Must upgrade to SDN incrementally
Key Questions• How can we incrementally deploy SDN
into enterprise campus networks?
• Can we reap the benefits of SDNwith partial deployment?
Current Transitional Networks
Dual-stack approach
SDNPlatform
LegacyMgmt?
Current Transitional Networks
Dual-stack approach Edge-only approach
SDNPlatform
LegacyMgmt?
LegacyMgmt
SDN Platform
App1
App2
App3
Where the heck is the edge?
TOOLDetermine the partial
SDN deployment
PANOPTICON
SDN ARCHITECTUREOperate the network as
a (nearly) full SDN
The Existing Network
1. Planning the SDN Deployment
A
B
C
D
E
F
Network architect provides set of
ingress ports to becontrolled via SDN
Optimizedpartial SDNdeployment
Tunable parameters• Port priorities• Price model• Utilization thresholds
(link utilization, VLANs, etc.)
Network topology
Cost-awareoptimizer
Objectives• Upgrade budget• Path delay
Trafficestimates
TOOL
The Partial SDN Deployment ( )
A
B
C
D
E
F
Benefits of Partial SDN Deployment?
A
B
C
D
E
F
Harvest unutilizednetwork capacity
A
B
C
D
E
F
Main benefits of SDN=
Principled orchestration ofthe network policy
Can partial SDN deploymentstill take advantage ofprincipled network orchestration?
2. Realizing the Benefits of SDN
A
B
C
D
E
FAccess control
Insight #1:≥ 1 SDN switch
Policy enforcement
IDS
Middleboxtraversal
2. Realizing the Benefits of SDN
A
B
C
D
E
F
Trafficload-balancing
Insight #1:≥ 1 SDN switch
Policy enforcement
Insight #2:≥ 2 SDN switches Fine-grained control
SDN Waypoint Enforcement
Insight #1:≥ 1 SDN switch
Policy enforcement
Insight #2:≥ 2 SDN switches Fine-grained control
Legacy devices must direct traffic to SDN switches
Ensure that all traffic to/froman SDN-controlled port always
traverses at least one SDN switch
A
B
C
D
E
F
Conceptually group SDN ports in Cell Blocks
The SDN ArchitecturePANOPTICON
Traffic restricted to Solitary Confinement Trees
A
B
C
D
E
FPer-port spanning trees thatensure waypoint enforcement
The SDN ArchitecturePANOPTICON
A
B
C
D
E
F
PANOPTICON
B C D E F
A
“Logical SDN”
“Logical SDN”
PANOPTICON
SDN Platform
App1
App2
App3
B C D E F
A
PANOPTICON provides the abstraction of a (nearly)fully-deployed SDN in a partially upgraded network
Results Highlights• Evaluated a large campus network (1713 switches)
• Upgrade 6% of distribution switches – 100% SDN-controlled ingress ports– avg. path stretch < 50%– max. link util. < 70%
PANOPTICON
SDN Platform
App1
App2
App3
B C D E F
A
TOOLDetermine the partial
SDN deployment
SDN ARCHITECTUREOperate the network as
a (nearly) full SDN
Summary
The Collaborators
Anja FeldmannStefan SchmidDan Levin
PANOPTICON
SDN Platform
App1
App2
App3
B C D E F
A
Thank you! Questions?
Come and see us!