190 likes | 205 Views
This article discusses the problems faced by network designers and provides solutions for enterprise network control, including VLANs, IP address assignment, and packet filters. It also introduces the concept of a 4D architecture for simplified network management.
E N D
Problems and Solutions in Enterprise Network Control:Motivations for a 4D Architecture David A. Maltz Microsoft Research Joint work with Albert Greenberg, Gisli Hjalmtysson Andy Myers, Jennifer Rexford, Geoffrey Xie, Hong Yan, Jibin Zhan, Hui Zhang
Isolation, VLANs, and the Spaghetti that Results • Network designers want to deal in groups • Collect users/host into group • Measure, restrict/permit, QoS, a group’s traffic • Routing designs to do this are horribly complicated • VLANs • Clever IP address assignment • Packet filters everywhere Let the designers configure policy in terms of groups • Shouldn’t have to worry about L2/L3 etc.
Device Configuration is a Nightmare interface Ethernet0 ip address 6.2.5.14 255.255.255.128 interface Serial1/0.5 point-to-point ip address 6.2.2.85 255.255.255.252 ip access-group 143 in frame-relay interface-dlci 28 router ospf 64 redistribute connected subnets redistribute bgp 64780 metric 1 subnets network 66.251.75.128 0.0.0.127 area 0 router bgp 64780 redistribute ospf 64 match route-map 8aTzlvBrbaW neighbor 66.253.160.68 remote-as 12762 neighbor 66.253.160.68 distribute-list 4 in access-list 143 deny 1.1.0.0/16 access-list 143 permit any route-map 8aTzlvBrbaW deny 10 match ip address 4 route-map 8aTzlvBrbaW permit 20 match ip address 7 ip route 10.2.2.1/16 10.2.1.7
Device Configuration is a Nightmare • Thousands of lines of configuration • Make a configuration mistake, router becomes unreachable over the network Want zero device-specific configuration
Network Designers Want “Simple” Things(But Achieving Them is Incredibly Hard) Data Center Infrastructure Servers
Network Designers Want “Simple” Things(But Achieving Them is Incredibly Hard) Support customized responses • Enable designers to express desired behaviors
Embrace Heterogeneity or Die! • No two router versions have the same capabilities • That’s why they have different version #s • Device vendors add features to differentiate their products • No one wants to be made a commodity Management/control systems that treat devices as generic are doomed to be stillborn • Must make use of new features that vendors innovate • Common format for configuration state - okay • One-size-fits all logic computing that state – not okay
Good Abstractions Reduce Complexity All decision making logic lifted out of control plane • Routers no longer run routing protocols • Dissemination plane provides robust communication to/from data plane switches Management Plane Configs Decision Plane Control Plane FIBs, ACLs FIBs, ACLs Dissemination Data Plane Data Plane
A Clean-Slate Approach: The 4D Architecture Generating table entries Decision Plane Routing Table Access Control Table NAT Table Tunnel Table DisseminationPlane Install table entries Discovery Plane Modeled as a set of tables Data Plane
Using the 4D Architecture • Install a security key on each device • Connect them together • Connect Decision Elements Example network with 49 switches and 5 DEs
Does it work? Yes. • 4D designed so performance can be predicted • Recovers from single link failure in < 120 ms • < 1 s response considered “excellent” • Faster forwarding reconvergence possible • Survives failure of master Decision Element • New DE takes control within 170 ms • No disruption unless second fault occurs • Gracefully handles complete network partitions • Less than 170 ms of outage • At no point did two DEs attempt to master the same switch
4D Enables Customized Decision Logic • Example also illustrates the 4D controlling both L2 and L3 (Ethernet and IP)
Tying the Hosts and Users Back Into the Network • 4D gets us back to every Ethernet jack on the wall is the same • Now how to differentiate them based on what user/hosts connects? Extend 4D into the hosts (a little bit) • 4D creates paths between newly connected hosts and authentication server (DHCP/DC/BRAS) • Hosts bootstrap, users login • Discovery Plane finds the new host • Routes pushed to switches • DNS/printer/IPSEC policies/etc pushed to host
4D as the Framework for Network Control (?) • Decision Plane must be modular/extensible • Isolation: each group specifies the decision logic used to control traffic among the group • Device heterogeneity: vendor ships decision logic that leverages their cool new feature along with the router Grand Vision: 4D must arbitrate access to resources • Different decision logics may output conflicting state • The operating system for the network Step 1: 4D is the easiest framework in which to implement cool routing/control ideas • What Click did for routers, 4D should do for the network
Simple Questions • Should switches/routers be in the same address space as end hosts? • End hosts hack into routers? • Communication channel for control and management • Operational when data channel fails?