120 likes | 287 Views
Network Operations and Research at Georgia Tech. Nick Feamster and Ron Hutchins Georgia Tech. Main Message. Researchers and operators can both benefit from close interaction This requires trust from both sides, developed through one-on-one relationships
E N D
Network Operations and Research at Georgia Tech Nick Feamster and Ron HutchinsGeorgia Tech
Main Message • Researchers and operators can both benefit from close interaction • This requires trust from both sides, developed through one-on-one relationships • This requires risk-taking, but offers benefits to both sides • We have a successful mode of working together at Georgia Tech • Main element: GT-RNOC,the “interface” between research and operations
Each group offers something… • Operators • Source of real problems to solve and real network data • Opportunities for deployment • Infrastructure resources • Researchers • Fundamentally new ways of approaching old (and sometimes nagging) problems
…but, there are challenges • Operators • Downtime is unacceptable • This can lead to conservative approaches and a fear of disrupting the status quo • Researchers • Producing production-quality software, etc. is often not the first-order concern Despite these challenges, both parties can benefit.Need to build trust, common understanding of issues and incentives.
Two Examples • Operations problem: Access control • Researchers can offer new flexible, scalable approaches • Operators can offer opportunities for deployment and testing • Support for experimentation: BGP Mux • Requirements: VLAN, BGP, filters, transit
Current Access Control Model • New hosts • Assigned to private VLAN • Given private IP address space • Authenticated and scanned
Problems with Status Quo • Access control is too coarse-grained • All unauthenticated/unscanned hosts are on the same subnet • Hosts with access are all on the same VLAN • Lack of dynamism • Hosts cannot be dynamically remapped • Monitoring is not continuous • Reaction to alarms is manual
Dynamic Access Control with OpenFlow • Flow-table entries in switches redirect hosts to gardenwall • Traffic is remapped with flow table entries per-host • Continuous, real-time monitoring integrated with controller
Challenges • Will it scale in a real deployment? • Inventory of campus network users • Traffic forwarding rates at switch • Amount of traffic at the controller • Researchers need • Realistic evaluation scenarios (topologies, traffic, etc.) • Actual deployment platform Big challenge: How to do a phased deployment without disrupting the operational network?
Support for Evaluation • Space for running real-world projects and applications • Need: Ability to “re-enact” network events • Real-world connectivity
Key Piece: BGP Mux • BGP session to border • VLAN to border • /30 prefix for the session • Route filters to permit BGP announcements • Packet filters to permit traffic from new source IPs • Researchers: understand restrictions and assumptions • Operators: adjust mental model of “normal” operations BGP Mux
Summary • Researchers and operators can both benefit from close interaction • This requires trust from both sides, developed through one-on-one relationships • This requires risk-taking, but offers benefits to both sides