170 likes | 312 Views
Next Generation Internet Architectures: Emerging Trends, Challenges and Solutions. Dr. Riad Hartani Chief Architect, Caspian Bangkok, May 4 th 2006. Agenda. IPv6: Where are we today…Briefly ! Emerging Networks Trends and Implications Evolution of IPv6 Router Architectures
E N D
Next Generation Internet Architectures: Emerging Trends, Challenges and Solutions Dr. Riad Hartani Chief Architect, Caspian Bangkok, May 4th 2006
Agenda • IPv6: Where are we today…Briefly ! • Emerging Networks Trends and Implications • Evolution of IPv6 Router Architectures • Benefits and Applications • Q&A
IPv6 Networks: State of the Art • Motivations for IPv6 well understood • Addressing space, routing hierarchy, dynamic configuration, security, mobility • Popularity of P2P and Multimedia services • Protocol specifications largely finalized • IETF specifications for IPv6 migration ready • Interoperability demonstrated, major router/application vendors support • Ongoing network/services deployments • Aggressive deployment in the Far East, Semi-aggressive deployments in Europe, Slow deployments in America, mainly government/federal driven • Consumer electronics, computing industries (grid/collaborative networking) and retail industries driving applications developments
Network Trends and Challenges • FACTS: • Services and network convergence accelerating – Internet Protocol based • Towards an always on ubiquitous broadband connectivity (DSL, FTTH, Wifi, Wimax, etc.) • TRENDS: • From centralized to distributed information models (P2P content distribution, grid computing, etc.) • Emergence of overlay service providers (e.g. Skype, etc.) – Disruptive competitive landscape • Shift from geography specific competition to global competition (e.g. Google, Yahoo, Microsoft, etc.)
Networks Trends and Challenges • CHALLENGES: • Challenge 1: How to improve Internet (node and network levels) traffic control & oversubscription dimensioning ? • Challenge 2: How to delivery QoS with low OPEX, in fixed/mobile environments ? • Challenge 3: How to secure / protect the infrastructure ? • CONSTRAINTS: • Constraint 1: No change to IP / MPLS protocols • Constraint 2: No change to principles that made the Internet successful
IPv6 Routers Architecture Evolution • Architectural Principles • - Evolution towards traffic aware QoS, traffic control and routing • - Evolution towards behavioral models, optimal for Privacy, Application Agnostic, Neutrality, Encryption, Privacy, etc. • - Leverage TCP/UDP/IP inherent characteristics DPI Appliances - Traffic Analysis - Stateful processing IP/MPLS -Deterministic QoS -Deterministic routing
Conventional vs. Stateful IPv6 Routing Architectures RAM RAM • Conventional Forwarding/Routing • Forwarding each packet • Switch to output • Class-based QoS Route Each Packet Switch Fabric Queue (Class) & Forward RAM RAM • Flow-based Forwarding/Routing • Hash for flow identification • 2M flows/s and 6M flows per 10 Gig • Flexible definition of flows: IP flows, Pseudo-WireoMPLS flows, IPoMPLS flows • Create “soft” state or look up • Route, switch, filters, stats • Per-flow QoS behavior • Leverage flow state for advanced QoS • Shape, police, CAC, congestion control RAM RAM Hash, Lookup State, Route, Store, WFQ/Flow, Switch Switching Network Lookup State, Store, and WFQ/Flow RAM RAM
Per Flow Actions / Controls Generic actions based on traffic control principles Specific actions based on specific network services Flow Aware Traffic Management Principles • Identification Methods • Function of network service • Function of traffic control business case Dynamic Flow/Aggregate Identification Per-Flow Traffic Control
Flow Aware Architecture Benefits • Customized congestion/resources control schemes for Video/Voice/P2P/Wireless traffic • Advanced application level QoS (Shaping/Policing/CAC) guarantees • Preventive DDOS security models • Others: Traffic aware routing, Dynamic services diagnostic, Lawful intercept, etc. State Intelligence Improved nodal behavior Enhanced network services at lower cost
Example: IPv6 Dynamic Flow Identification & Customized Congestion Management • Non-interactive Traffic • Large FTP Transfers • Some P2P (large transfers) • Interactive Traffic • Browsing • Streaming • Voice/Video over IP • Some P2P (skype, small transfers, etc) • Small web downloads • Unknown Traffic • Browsing • Streaming • Voice/Video over IP • Some P2P (skype, small transfers, etc) • Small web downloads • Large FTP Transfers • Some P2P (large transfers) • Flow routers leverage state information to characterize traffic flows • Can enforce specified congestion control policies • (responsive vs. unresponsive, high rate vs. low rate, short lived vs. long lived, P2P vs. web, “legal” vs. “illegal” content )
Example: IPv6 Flow-aware Connection Admission Control • All flows allowed into a class • wRED on class congestion • Many flows affected - poor service lack of determinism Port Without CAC Port • New flows CACed • Preserves integrity of existing flows, no performance degradation • Enables ON/OFF service model With CAC New UDP/TCP flows rejected
Example: IPv6 Flow-based Shaping/Policing • Shaping aims at changing characteristics of input stream to produce an output stream with required characteristics • Benefits for the end users, and • For the downstream network • Policing aims at enforcing traffic contracts • Flow routing allows shaping and policing of desired flows Port Flows are shaped/policed based on requirements
Example: IPv6 Flow Graduation Application Non Interactive Traffic Class Flows dynamically thresholds are graduated to a different class, policy routed or mirrored Unknown Flows Unknown Traffic Class (Default) Dynamic Traffic Aware Management, Routing Corporate Flows Virtual Leased Line Class VoIP and VIDoIP Flows Video & Voice over IP Class BGP, IS-IS, OSPF Flows Control Traffic Class
Example: IPv6 Covert Intercept • VoIP hides in Internet • Which links to monitor? • HTTP & random ports used 1% VoIP 4% Video 11% HTTP 17% TCP Explicit Identification and analysis of Traffic Dynamic Re-routing of traffic 67% P2P
Other Carrier Network Other Carrier Network Example: Flow-based DDOS Prevention in IPv6 • Put in specific focal points for DOS attacks • Detect anomalies in traffic flows, online • Raise alarms to operator for immediate investigation • Fast, inexpensive way to detect attack before customer is impacted ISP Dynamic Security Models
Conclusions • Gradual migration from IPv4 to IPv6 with long term co-existence of IPv4 and IPv6 • Deployment of IPv6 networks required to satisfy evolving network/service architecture models • Stateful IPv6 routers nodal behavior, fully interoperable with existing technologies – a new resources management model, QoS and security architectures • Enhances value proposition & ROI of migration to IPv6