120 likes | 197 Views
Control Plane Software – or packet service hypervisors – and network virtualization. Jon Crowcroft http:// www.cl.cam.ac.uk /~jac22 Jon.crowcroft@cl.cam.ac.uk. Virtual networks/services. Multiplex & isolate Explicit label (mpls, vlan id) Implicit label (5 tuple) No label (bucket of bits)
E N D
Control Plane Software – or packet service hypervisors – and network virtualization Jon Crowcroft http://www.cl.cam.ac.uk/~jac22 Jon.crowcroft@cl.cam.ac.uk
Virtual networks/services • Multiplex & isolate • Explicit label (mpls, vlan id) • Implicit label (5 tuple) • No label (bucket of bits) • Classifiers increasingly expensive (incl h/w support) • But buy increasing flexibility • Isolation • For QoS • for security • or both? • Schedulers and crypto (both could be distributed/NFV) • Both cost a lot
NIC, Node, Net level functions • Some things can be near edge • Labeling (in server NIC or edge switch) • Core stateless FQ • E2e crypto • New application specific functions • Some things in core only • TE • Anti-DDoS measures (ingress too)
Smart switches and nets • Control via openflow (remember gsmp) • Switch resource partitions • ClickOS, NetVM, smartswitch, flowvisor etc • Centralised programing (ok for datacenter or small ISP) • Decentralised programming • OpenDaylight POX, DISCOetc • scales, but • Needs synchronisation • Either consistent update • Or triggered by app flow
Node/NIC level API and Resources • What do we have in a node/NIC? • How do we make it easy to use? • How do you make a lot of them easy to use together? • Who are the users? • Network services • Multicast • Aggregator • DPI filter • Normaliser • transCoder • … • Application services • Aggregator • Disaggregator • Crypto (SHE?) (c.f mylar/privacy preserving search) • …
Typical Node Resources • Lots of h/w threads & cores • Some shared some non shared memory • Some exotic memory (hash/tcam) • Some special instructions • Probably not x86 inset • Some isolation (sometimes) • E.g. execution context/cpu priority etc • Or virtual memory support • Or….
Net services( again) • Multicast – see brad cain work (nortel) on min router functions needed • Incast • min hw support: per S,G) op • Filtering • Regex • Stateful • Per source or ingress • State latched same way as proto • So same as normalizer • How much state??? • In shared memory or core affinity • Kick into slow path if out of resource
Application Service (warning – mostly academic or data cente, prob not “carrier”) • Aggregator • Disaggregator • Note: both finite iteration over data • Poster child case is redux on shuffle of Map/Reduce • E.g. find min, ave or max of set of task outputs • And return to next phase for all tasks • Trades off work (min.ave,max) over packet redux/incast redux • Crypto service • Imagine Cloud 3.0 does Somewhat Homomorphic Crypto • Data stored and transmitted encrypted • What about processing too? • Use SHE, Garbled circuit or mylar type ops • Offloaded in net…. • E.g. Privacy preserving search
New control plane is distributed OS problem (warning – asumes capabilities + verified s/w!) • Needs guarantees for its own traffic • E.g. VM load and control (openflow etc) packets • Min requirement – see qjump code. Avoid CAP problem • Needs version ctl/fall back • Needs failsafe configs (dom0) and • Debugging&reset systems • New programming languages and runtime • Declarative/functional or declarative logic • E.g. Frenetic (or ocaml) • Allow offline verification of service • E.g. NICE, NetPlumber, VeriFlow etc • Safer (less likely to test on customer ) • Possibly can extrapolate performance too
Verification… • Of node netvm code • Crash proof • no isolation violations • Of local net property – • e.g. multicast doesn’t leak • Mobile handover doesn’t loop • Middlebox doesn’t break tcp/sctp/etc • Can we test global properties? • Trickier – ok for routing/TE/ QoS ones probably • See e.g.Metarouting Project in cambridge • http://www.cl.cam.ac.uk/~tgg22/metarouting/
Summary and Conclusion • Raise the game for s/w arch in switches and NICs • Use same futuristic s/w arch as in new cloud VMs • Use less exotic h/w resource as s/w can generate efficiently at compile time, if not present at runtime… • Challenges: • Simplifying programming diverse novel/exotic switch/NIC hardware – “paravirtualizing”NPs/NetFPGA etc? • Scaling consistency state update in distributed controllers – Software Transactional Networks? • Correctness of SDN applets “by design” - metarouting? • Questions?
http://nymote.org/ Cheers! Thank You! And Questions?