07 (IDNOG02) SDN Research activity in Institut Teknologi Bandung by Affan Basalamah
-
Upload
indonesia-network-operators-group -
Category
Internet
-
view
215 -
download
0
Transcript of 07 (IDNOG02) SDN Research activity in Institut Teknologi Bandung by Affan Basalamah
SDN & Cloud Related Activities & ResearchAffan Basalamah & Eueung MulyanaInstitut Teknologi Bandung
About the Presenter• Affan Basalamah
• Head of Development, ICT Directorate
• Dr.-Ing. Eueung Mulyana
• Faculty, Telecommunication Engineering
tl;dr• SDN & Cloud Computing adalah topik yang multidisiplin
• Tidak ada satu entitas yang bisa menguasai seluruhnya
• Perlunya sinergi antar:
• Akademik: Dosen dan Mahasiswa
• Operator: ISP dan Networkers secara umum
• Vendor: Principal dan System Integrator
About ITB
Institut Teknologi Bandung Aula Barat ITB
Campus Core Network
Brocade MLXe-8 Core Network
SDN & Cloud in 5 minutes
Future Internet• Rapid Innovation
• Rapid Deployment
• Flexible & Robust Underlying Networking Infrastructure
Cloud• Virtualize Everything!
• Scalability, Virtual Assets Flexibility, Ease of Management, and Provisioning
http://dilbert.com/strip/2011-01-07
DevOps (Simplified – Finch)• It is not my job to build and manage servers.
• It is my job to build and maintain a system that builds and manages servers.
• It is not my job to build and manage switches.
• It is my job to build and maintain a system that builds and manages switches.
• Humans are good at strategy, but bad at repetitive tasks
• Computers are good at repetitive tasks
• https://speakerdeck.com/cfinch/sdn-devops-for-networks
What is Software Defined Networking?
Thomas D. Nadeau & Ken Gray, SDN - Software Defined Networking, O’Reilly Media, 2013
Software-defined networks (SDN): an architectural approach that optimizes and simplifies network operations by more
closely binding the interaction (i.e., provisioning, messaging, and alarming) among applications and network services and devices,
whether they be real or virtualized.
SDN Architectures• Device Provisioning Systems
• Service Provisioning Systems
• Routing & Forwarding Adjustment Controllers
• Centralized Control Plane (e.g. OpenFlow)
Management, Control & Data Planes
14 © ipSpace.net 2013 SDN, OpenFlow and NFV for Skeptics
Management, Control and Data Planes
Adjacent routerAdjacent router Router
Control planeControl plane Control plane
Data plane Data planeData plane
OSPF OSPF
Neighbortable
Link statedatabase
IP routing table
Static routes
Forwarding table
Switching
Routing
OSPF
Management / Policy plane
Configuration / CLI / GUI
This material is copyrighted and licensed for the sole use by Affan Basalamah ([email protected] [202.152.202.105]). More information at http://www.ipSpace.net/Webinars
SDN for Device ConfigurationController
Router Access switch
Apps
Core switch
Distrib switch
Core switch
Core switch
Core switch
Core switch
Device configuration
SDN for Service ConfigurationController
Router
Hypervisor
Apps
Core switch
Multitenant VM
Core switch
Core switch
Core switch
Core switch
Service configuration
Hypervisor
ToR switch
Figure 1-6. Storage node
Example Component ConfigurationTable 1-2 and Table 1-3 include example configuration and considerations for boththird-party and OpenStack components:
Table 1-2. Third-party component configurationComponent Tuning Availability Scalability
MySQL binlog-format = row
Master/master replication. However, both nodes arenot used at the same time. Replication keeps allnodes as close to being up to date as possible(although the asynchronous nature of the replicationmeans a fully consistent state is not possible).Connections to the database only happen through aPacemaker virtual IP, ensuring that most problemsthat occur with master-master replication can beavoided.
Not heavily considered. Onceload on the MySQL serverincreases enough thatscalability needs to beconsidered, multiple mastersor a master/slave setup canbe used.
Example Architecture—OpenStack Networking | 19
Figure 1-6. Storage node
Example Component ConfigurationTable 1-2 and Table 1-3 include example configuration and considerations for boththird-party and OpenStack components:
Table 1-2. Third-party component configurationComponent Tuning Availability Scalability
MySQL binlog-format = row
Master/master replication. However, both nodes arenot used at the same time. Replication keeps allnodes as close to being up to date as possible(although the asynchronous nature of the replicationmeans a fully consistent state is not possible).Connections to the database only happen through aPacemaker virtual IP, ensuring that most problemsthat occur with master-master replication can beavoided.
Not heavily considered. Onceload on the MySQL serverincreases enough thatscalability needs to beconsidered, multiple mastersor a master/slave setup canbe used.
Example Architecture—OpenStack Networking | 19
Multitenant VM
SDN for RIB/FIB AdjustmentsController
Router Access switch
Access point
Hypervisor
Apps
Core switch
Distrib switch
Core switch
Core switch
Core switch
Core switch
Routing & Forwarding Adjustment
BGP-LS, PCEP, Quagga
MPLS-TE automatic tunnel
Centralized Control Plane - OpenFlow
Router Access switch
Access point
Hypervisor
Apps
Core switch
Distrib switch
Core switch
Core switch
Core switch
Core switch
Forwarding flow (e.g. 11-tuples)
OpenFlow
Existing toolbox for SDN
22 © ipSpace.net 2015 SDN – Four Years Later
SDN Toolbox: Existing Tools!
Router
Control plane
Data plane
Neighbortable
Link statedatabase
IP routing table
Static routes
Forwarding table
OSPF
Management / Policy plane
Configuration / CLI / GUINETCONF
ForCES, BGP Flowspec, MPLS-TP
PCEP
BGP SNMP
This material is copyrighted and licensed for the sole use by Affan Basalamah ([email protected] [180.214.233.86]). More information at http://www.ipSpace.net/Webinars22 © ipSpace.net 2015 SDN – Four Years Later
SDN Toolbox: Existing Tools!
Router
Control plane
Data plane
Neighbortable
Link statedatabase
IP routing table
Static routes
Forwarding table
OSPF
Management / Policy plane
Configuration / CLI / GUINETCONF
ForCES, BGP Flowspec, MPLS-TP
PCEP
BGP SNMP
This material is copyrighted and licensed for the sole use by Affan Basalamah ([email protected] [180.214.233.86]). More information at http://www.ipSpace.net/Webinars
Emerging toolbox for SDN
23 © ipSpace.net 2015 SDN – Four Years Later
SDN Toolbox: Emerging Protocols!
OF-Config, XMPP, OVSDB, Puppet/Chef
OpenFlow
I2RS, OVSDB
OnePK
Router
Control plane
Data plane
Neighbortable
Link statedatabase
IP routing table
Static routes
Forwarding table
OSPF
Management / Policy plane
Configuration / CLI / GUI
This material is copyrighted and licensed for the sole use by Affan Basalamah ([email protected] [180.214.233.86]). More information at http://www.ipSpace.net/Webinars
23 © ipSpace.net 2015 SDN – Four Years Later
SDN Toolbox: Emerging Protocols!
OF-Config, XMPP, OVSDB, Puppet/Chef
OpenFlow
I2RS, OVSDB
OnePK
Router
Control plane
Data plane
Neighbortable
Link statedatabase
IP routing table
Static routes
Forwarding table
OSPF
Management / Policy plane
Configuration / CLI / GUI
This material is copyrighted and licensed for the sole use by Affan Basalamah ([email protected] [180.214.233.86]). More information at http://www.ipSpace.net/Webinars
SDN, Cloud & DevOps Tools
Mininet
Opensource SDN Process Simplified
Impact for Networkers
Impact - New Ways of Doing Things• Campus Network
• Datacenter Network
• Service Provider Network
Campus Network• Old Way
• Manually provisioning network config to equipment
• Provision services via manually configuring equipment
• New Way
• Push configs to standardized equipment
• Simplified Network Access Control (NAC)
• Simplified DDoS mitigation
Datacenter Network• Old Way
• Manually provisioning network config to equipment
• Provision services via manually configuring equipment
• New Way
• DevOps - automatic config/service provisioning
• OpenStack with SDN - multitenant private cloud
Service Provider Network• Old Way
• Manually provisioning network config to equipment
• Provision services via manually configuring equipment
• New Way
• Automatic TE tunnels via PCEP
• Large-scale DDoS mitigation via BGP FlowSpec
• NFV - SP service chaining
Tiga Pertanyaan1. Apakah Netadmin mengkonfigur device atau “network”?
2. Apakah Netadmin musti mengerti server dan aplikasi?
3. Apakah Netadmin bakal disuruh coding?
Tiga Pertanyaan - Jawaban1. Apakah Netadmin mengkonfigur device atau “network”?
Ia harus memiliki device view dan network view
2. Apakah Netadmin musti mengerti server dan aplikasi?
Tidak perlu, tapi sebaiknya ia mengetahui dasar UNIX/Linux
3. Apakah Netadmin bakal disuruh coding?
Tidak, Netadmin hanya pengguna aplikasi, tapi sebaiknya ia mengetahui hal dasar (web services & API)
Activities & Research
SDN-ready Network in ITB
PAU Labtek V
Labtek VIII
CCAR
CRCS
OpenFlow
Juniper MX80 Mikrotik
OpenWRT
OpenvSwitch
Apps
Implementing OpenFlow SDN• Core network support OpenFlow v1.0
• Hybrid Port Mode with Protected & Unprotected VLANs
• Protected VLANs is not subject to defined OpenFlow flows
• Regular network can coexist with OpenFlow
• VPLS support on VLAN on OpenFlow Hybrid Mode
• L2 mode & L3 mode
• SDN Controller using OpenDaylight
• Ongoing
SDN Course in ITBTelecommunication Engineering : EL5244 - Software Defined Networking
• Lectured by Dr.-Ing. Eueung Mulyana
Thesis/Final Projects:
• Design & Implementation of Multicast Streaming Application on A Local OpenFlow Network
• Design & Implementation of MPLS Service on OpenFlow Network with Open vSwitch
• Implementation & Analysis of Elastic Load Balancing for DNS Service on OpenStack Cloud
• Sustainable Campus-Scale OpenFlow Testbed at ITB
• Design & Implementation Site-to-Site IPsec VPN on OpenStack
Design & Implementation of Multicast Streaming Application on A Local OpenFlow Network
Dummy%client
Streaming%server OpenFlow%Controller
Client%1 Client%2 Client%3
Design Multicast Video Streaming Application on Unicast Network Using Floodlight (OF1.0)
Design & Implementation Site-to-Site IPsec VPN on Openstack
Design & Implementation Site-to-Site IPsec VPN on Openstack
• Implement Site-to-Site IPsec VPN on OpenStack
• Performance evaluation :
• s2s IPsec VPN @Cisco routers
• s2s IPSec VPN @Openstack using Openswan in Fedora Instance as VPN Gateway
• s2s IPSec VPN @Openstack using VPN as a Service (Neutron)
Implementation of Elastic Load Balancing in DNS Service on Openstack Cloud
internet
client
qrouter+xx
10.205.11.121192.168.10.1
Virtual7distribution7switchNetwork7DNS7Server
.3
.4
.5
(1)7request
(2)7rescheduling7&7rewriting7packets
(3)7process7request
(4)7rewriting7replies
(5)7replies
Keepalived
Integrating LVS+Keepalived to load balance DNS request (UDP Traffic)Implement elastic resource allocation based using Openstack Heat
Campus-Scale OpenFlow Testbed
Campus-Scale OpenFlow Testbed
Campus-Scale OpenFlow Testbed
Final Project Work In-Progress• BGP over OpenFlow Network
• Dynamic Routing on OpenStack Neutron
• Implement VPN as a Service between Cloud & Existing IP Network
• File Sharing Service over OpenStack Swift
What’s Next: Collaboration
SDNRG ITB• SDN Research Group at ITB
• http://sdnrg.itb.ac.id
• twitter.com/sdnrgitb
• facebook.com/sdnrgitb
• Special Interest Groups on Networking and Connected Services (e.g. OpenStack, Internet of Thing)
But why?
• SDN & Cloud Computing adalah topik yang multidisiplin
• Tidak ada satu entitas yang bisa menguasai seluruhnya
• Academic, Operator & Vendor saling memerlukan
• Academics need real use case for their research
• Operators need help for their problems
• Vendors need customers to propose their solutions
SDNRG ITB can bridge the gaps
• Academic can get real use case from practitioners
• Networkers can get help understanding SDN tech
• Vendors can promote SDN tech to educated community
After the gaps is small, whats next?
• Educated researchers can build SDN tech solutions for practitioners that fit to the real use case
• Educated networkers can architect better SDN solutions that leads to better network, with help from researchers & vendors
• Educated vendors can propose SDN solutions to the right customers
SDNRG 1st Meetup, Bandung 2014
OpenStack Mini Workshop, Bandung 2015
SDNRG ITB• SDN Research Group at ITB
• http://sdnrg.itb.ac.id
• twitter.com/sdnrgitb
• facebook.com/sdnrgitb
Let’s make it happen!
Terima kasih!