Ranges & Cross-Entrance Consistency with OpenFlow
description
Transcript of Ranges & Cross-Entrance Consistency with OpenFlow
![Page 1: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/1.jpg)
Ranges & Cross-Entrance Consistency
with OpenFlowLiron Schiff (TAU)
Joint work with
Yehuda Afek (TAU) Anat Bremler-Barr (IDC)
Israel Networking Day 2014
![Page 2: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/2.jpg)
Issue 1: Ranges
Start End Action0.0.0.0 61.26.188.55 Server r361.26.188. 56 61.37.255.0 Server r1
61.37.255.1 93.2.100.50 Server r2
93.2.100.51 127.0.64.40 Drop….. ……… ……
Source IP Address
replicas
InternetInternet…
FirewallsLoad BalancersDDoS mitigationForwarding…….
![Page 3: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/3.jpg)
Issue 2: Cross-Entrance Consistency
replicas…
client’s IPs
InternetInternet
SDN Network
![Page 4: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/4.jpg)
Contributions• Ranges: Efficient implementation w/ OpenFlow
– 2 entries per range; total, 2n vs. Previously n w ∙ table entries (n number of intervals, w field size, usually 16 or 32)
• Consistent & Atomic ranges update– Per packet, and per flow consistency
• Cross entrance consistency (with ranges)
![Page 5: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/5.jpg)
Ranges Current Solution: Expansion
Start End Action125.26.188. 56 125.37.255.0 Server A125.37.255.1 126.2.100.50 Server B
Pattern Action125.26.188. [00111***] Server A
125.26.188. [*1******] Server A
125.26.188. [10******] Server A
125. [00011011].*.* Server A
125. [000111**].*.* Server A
125. [001000**].*.* Server A
125.[00100100].*.* Server A
125.[00100101]. 255.0 Server A
125.[00100101]. 255.* Server B
125.[00100101]. *.* Server A
125.[001*****].*.* Server B
126. 1.*.* Server B
126. 2. [00******].* Server B
126. 2. [010*****].* Server B
126. 2. [011000**].* Server B
126. 2. 100.[0010****] Server B
126. 2. 100.[00110001] Server B
126. 2. 100.[00110010] Server B
2w – 4 entries per range
![Page 6: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/6.jpg)
Current Solution: Range Update• Change affects several entries• Need atomicity (while traffic passes thru)• Packet buffering, or duplicating and switching tables
Pattern Action125.26.188. [00111***] Server A
125.26.188. [*1******] Server A
125.26.188. [10******] Server A
125. [00011011].*.* Server A
125. [000111**].*.* Server A
125. [001000**].*.* Server A
125.[00100100].*.* Server A
125.[00100101].255.0 Server A
125.[00100101]. 255.* Server B
125.[00100101]. *.* Server A
125. [001*****].*.* Server B
126. 1.*.* Server B
126. 2. [00******].* Server B
126. 2. [010*****].* Server B
126. 2. [011000**].* Server B
126. 2. 100.[0010****] Server B
126. 2. 100.[00110001] Server B
126. 2. 100.[00110010] Server B
Start End Action125.26.188. 56 125.37.255.0 Server A125.37.255.1 126.2.100.50 Server B
36
36
Flow table
Pattern Action
<EMPTY>
125.[00100100].255.0 Server A125.[00100100]. 255.* Server B125.[00100100]. *.* Server A
![Page 7: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/7.jpg)
Our Ranges Implementation• 2 entries per range
• Atomic (create, delete, split, merge) with O(1) control message complexity. merge
split
![Page 8: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/8.jpg)
[Panigrahy&Sharma2003] TCAM range implementation
TCAM Query
TCAM Query
Compare
Compare
![Page 9: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/9.jpg)
Adapting [PS2003] to OpenFlow
• Even Comparisons are Flow-Table based!
Flow TableQuery
Flow TableQuery
Compare
Compare
Flow Table based comparisonsFlow Table based comparisons
![Page 10: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/10.jpg)
OpenFlow based Comparison
patterns
1******* 0*******
0******* 1*******
*1****** *0******
*0****** *1******...
.
.
.
******** ********
Result
m>q
m<q
m>q
m<q...
m=q
qmPacketheader
![Page 11: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/11.jpg)
Issue 2: Cross Entrance Consistency
![Page 12: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/12.jpg)
Per-Flow Consistency[Reitblatt, Foster, Rexford, Schlesinger, Walker 2012]
InternetInternet
replicas
client’s IPs
…
![Page 13: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/13.jpg)
InternetInternet
replicas
client’s IPs
Change in weights Change in ranges
…Start End Action
125.26.188. 56 125.37.255.0 Server 2125.37.255.1 126.2.100.50 Server 3
36
36
But existing flow shouldn’t change
Per-Flow Consistency[Wang, Butnariu, Rexford, 2011]
![Page 14: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/14.jpg)
Per-Flow Consistency solution [Wang et.al.]
InternetInternet
replicas
client’s IPs
…ControllerController
Start End Action
125.26.188. 56 125.37.255.0 Server 2125.37.255.1 126.2.100.50 Server 3
36
36
1 .Send flows in affected sub range to
controller
![Page 15: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/15.jpg)
InternetInternet
replicas
client’s IPs
…ControllerController
Start End Action125.37.1.1 125.37.1.1 Server 2125.26.188. 56 125.37.255.0 Server 2125.37.255.1 126.2.100.50 Server 3
36
36
2 .Add specific rules for existing flows
Per-Flow Consistency solution [Wang et.al.]
![Page 16: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/16.jpg)
InternetInternet
replicas
client’s IPs
…Richer OpenFlow interface (e.g. DevoFlow) can solve this locally in the switch and save control communication.Richer OpenFlow interface (e.g. DevoFlow) can solve this locally in the switch and save control communication.
ControllerController
DevoFlowDevoFlow
Per-Flow Consistency solution [Wang et.al.]
![Page 17: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/17.jpg)
DevoFlow
Src IP Dst IP Action
10.0.0.2 10.*.*.* Forward port 3
Src IP Dst IP Action
Devo Rules
Standard Rules
Src IP Dst IP
10.0.0.2 10.0.1.2
Packet 10.0.0.2 10.0.1.2 Forward port 3
[Mogul, Tourrilhes, Yalagandula, Sharma, Curtis, Banerjee 2010]
![Page 18: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/18.jpg)
DevoFlow
Src IP Dst IP Action
10.0.0.2 10.*.*.* Forward port 5
Src IP Dst IP Action
10.0.0.2 10.0.1.2 Forward port 3
Devo Rules
Standard Rules
Src IP Dst IP
10.0.0.2 10.7.1.5
Packet10.0.0.2 10.7.1.5 Forward port 5
![Page 19: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/19.jpg)
InternetInternet
replicas
client’s IPs
…Richer OpenFlow interface (e.g. DevoFlow) can solve this locally in the switch and save control communication.Richer OpenFlow interface (e.g. DevoFlow) can solve this locally in the switch and save control communication.
ControllerController
DevoFlowDevoFlow
Per-Flow Consistency solution [Wang et.al.]
![Page 20: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/20.jpg)
Cross-Entrance Consistency
replicas…
client’s IPs
InternetInternetX
ControllerController
SDN Network
Local solution is not possibleWe must sync between entrances
Local solution is not possibleWe must sync between entrances
![Page 21: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/21.jpg)
Implementing Cross-Entrance Consistency
replicas…
client’s IPs
InternetInternet ControllerController
DevoFlow + SYN match
DevoFlow + SYN match
Richer OpenFlow interface (e.g. DevoFlow and SYN matching) can reduce control communication.Richer OpenFlow interface (e.g. DevoFlow and SYN matching) can reduce control communication.
DevoFlow + SYN match
DevoFlow + SYN match
![Page 22: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/22.jpg)
summary• Efficient Ranges implementation
• Multi-entrance consistency
![Page 23: Ranges & Cross-Entrance Consistency with OpenFlow](https://reader035.fdocuments.net/reader035/viewer/2022062807/56815024550346895dbe0bac/html5/thumbnails/23.jpg)
Questions?