SDX: A Software Defined Internet Exchange
Transcript of SDX: A Software Defined Internet Exchange
![Page 1: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/1.jpg)
SDX: A Software Defined Internet Exchange
Laurent Vanbever
Princeton University
@SIGCOMM 2014
FGRE Workshop (Ghent, iMinds)
July, 8 2014
![Page 2: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/2.jpg)
AS10
AS20 AS30
AS40
AS50
The Internet is a network of networks,
referred to as Autonomous Systems (AS)
![Page 3: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/3.jpg)
AS10
AS20 AS30
AS40
AS50
BGP sessions
BGP is the routing protocol
“glueing” the Internet together
![Page 4: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/4.jpg)
129.132.0.0/16 ETH/UNIZH Camp Net
ASes exchange information about
the IP prefixes they can reach
AS40
![Page 5: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/5.jpg)
AS10
AS20 AS30
AS50
129.132.0.0/16 ETH/UNIZH Camp Net
129.132.0.0/16
Path: 40
129.132.0.0/16
Path: 40
ASes exchange information about
the IP prefixes they can reach
AS40
![Page 6: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/6.jpg)
AS10
AS20 AS30
AS50
129.132.0.0/16 ETH/UNIZH Camp Net
129.132.0.0/16
Path: 10 40
Reachability information is propagated hop-by-hop
AS40
![Page 7: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/7.jpg)
AS10
AS20 AS30
AS50
129.132.0.0/16 ETH/UNIZH Camp Net
129.132.0.0/16
Path: 50 10 40
129.132.0.0/16
Path: 10 40
Reachability information is propagated hop-by-hop
AS40
![Page 8: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/8.jpg)
Life of a BGP router is made of
three consecutive steps
while true:
receives routes from my neighbors
select one best route for each prefix
export the best route to my neighbors
![Page 9: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/9.jpg)
Each AS can apply local routing policies
preferably, the cheapest one
Each AS is free to
select and use any path
![Page 10: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/10.jpg)
129.132.0.0/16
Path: 50 10 40
129.132.0.0/16
Path: 10 40
always prefer Deutsche Telekom routes over AT&T
![Page 11: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/11.jpg)
always prefer Deutsche Telekom routes over AT&T
IP traffic
![Page 12: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/12.jpg)
Each AS can apply local routing policies
preferably none, to minimize carried traffic
preferably, the cheapest one
Each AS is free to
select and use any path
decide which path to export (if any) to which neighbor
![Page 13: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/13.jpg)
129.132.0.0/16
Path: 40
do not export ETH routes to AT&T
![Page 14: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/14.jpg)
do not export ETH routes to AT&T
![Page 15: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/15.jpg)
BGP is notoriously inflexible
and difficult to manage
![Page 16: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/16.jpg)
BGP is notoriously inflexible
and difficult to manage
Fwd paradigm
Fwd control
Fwd influence
![Page 17: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/17.jpg)
BGP is notoriously inflexible
and difficult to manage
Fwd paradigm
Fwd control
Fwd influence
BGP
destination-based
indirect
configuration
local
BGP session
![Page 18: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/18.jpg)
Fwd paradigm
Fwd control
Fwd influence
BGP
destination-based
indirect
local
SDN
any
source addr, ports, VLAN,…
direct
open API (e.g., OpenFlow)
global
remote controller control
SDN can enable fine-grained, flexible
and direct expression of interdomain policies
configuration
BGP session
![Page 19: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/19.jpg)
How do you deploy SDN in a network
composed of 50,000 subnetworks?
![Page 20: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/20.jpg)
How do you deploy SDN in a network
composed of 50,000 subnetworks?
Well, you don’t …
![Page 21: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/21.jpg)
Instead, you aim at finding locations where
deploying SDN can have the most impact
![Page 22: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/22.jpg)
Instead, you aim at finding locations where
deploying SDN can have the most impact
connect a large number of networks
carry a large amount of traffic
Deploy SDN in locations that
are opened to innovation
![Page 23: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/23.jpg)
Internet eXchange Points (IXP)
meet all the criteria
BGP Route Server
Mobile peering
Open peering…
2.9 Tb/s (peak)
670 networks
AMS-IX
https://www.ams-ix.net
connect a large number of networks
carry a large amount of traffic
are opened to innovation
Deploy SDN in locations that
![Page 24: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/24.jpg)
A single deployment
can have a large impact
AMS-IX
https://www.ams-ix.net
connect a large number of networks
carry a large amount of traffic
are opened to innovation
Deploy SDN in locations that
BGP Route Server
Mobile peering
Open peering…
2.9 Tb/s (peak)
670 networks
![Page 25: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/25.jpg)
SDX = SDN + IXP
![Page 26: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/26.jpg)
Enable fine-grained inter domain policies
bringing new features while simplifying operations
Augment the IXP data-plane with SDN capabilities
keeping default forwarding and routing behavior
SDX = SDN + IXP
![Page 27: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/27.jpg)
Enable fine-grained inter domain policies
bringing new features while simplifying operations
… with scalability and correctness in mind
supporting the load of a large IXP and resolving conflicts
Augment the IXP data-plane with SDN capabilities
keeping default forwarding and routing behavior
SDX = SDN + IXP
![Page 28: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/28.jpg)
SDX enables a wide range of novel applications
Wide-area load balancing
Upstream blocking of DoS attacks
Influence BGP path selectionremote-control
Application-specific peeringpeering
Prevent/block policy violationsecurity
Prevent participants communication
Inbound Traffic Engineering
Traffic offloading
Middlebox traffic steeringforwarding optimization
Fast convergence
![Page 29: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/29.jpg)
programming model
Architecture1
Scalability
control- & data-plane
2
Applications
inter domain bonanza
3
SDX: A Software Defined Internet Exchange
![Page 30: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/30.jpg)
programming model
Architecture1
Scalability
control- & data-plane
Applications
inter domain bonanza
SDX: A Software Defined Internet Exchange
![Page 31: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/31.jpg)
An IXP is a large layer-2 domain where
participant routers exchange routes using BGP
IXP Switching Fabric
Edge router
Participant #1
Participant #2
Participant #3
![Page 32: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/32.jpg)
An IXP is a large layer-2 domain where
participant routers exchange routes using BGP
eBGP sessions
eBGP routes
Participant #1
Participant #2
Participant #3
![Page 33: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/33.jpg)
Router Server
To alleviate the need of establishing eBGP sessions,
IXP often provides a Route Server (route multiplexer)
10.0.0.0/8
10.0.0.0/8
10.0.0.0/8
Participant #1
Participant #2
Participant #3
![Page 34: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/34.jpg)
IP traffic is exchanged directly between
participants—IXP is forwarding transparent
Router Server
IP traffic
Participant #1
Participant #2
Participant #3
![Page 35: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/35.jpg)
Participant #1
Participant #2
Participant #3
Router Server
With respect to a traditional IXP, SDX…
data-plane relies on SDN-capable devices
![Page 36: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/36.jpg)
Participant #1
Participant #2
Participant #3
Router Server
With respect to a traditional IXP, SDX’s
data-plane relies on SDN-capable devices
SDN
![Page 37: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/37.jpg)
With respect to a traditional IXP, SDX’s
control-plane relies on a SDN controller
SDN controller
also a Route Server
BGP sessions
Participant #1
Participant #2
Participant #3
![Page 38: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/38.jpg)
SDX participants express their forwarding policies in a high-level language built on top of Pyretic (*)
(*) http://frenetic-lang.org/pyretic/
![Page 39: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/39.jpg)
SDX policies are composed ofa pattern and some actions
match ( ), then ( )Pattern Actions
![Page 40: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/40.jpg)
dstip
srcip
srcmac
dstmac
dstport
srcport
protocol
vlan_id
eth_type
tos
, &&, ||
Pattern
Pattern selects packets based on any header fields
while Actions forward or modify the selected packets
match ( ), then ( )Actions
![Page 41: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/41.jpg)
drop
forward
rewrite
Pattern selects packets based on any header fields,
while actions forward or modify the selected packets
Actions
match ( ), then ( )Pattern
![Page 42: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/42.jpg)
SDN controller
Each participant writes policies independently
and transmits them to the controller
Participant #1
Participant #3 policy
Participant #2 policy
match(dstport=80), fwd(#3)match(dstport=22), fwd(#1)
match(srcip=0*), fwd(left)match(srcip=1*), fwd(right)
![Page 43: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/43.jpg)
SDN controller
SDN
forwarding entries
Given the participant policies,
the controller compiles them to SDN forwarding rules
Participant #3 policy
Participant #2 policy
match(dstport=80), fwd(#3)match(dstport=22), fwd(#1)
Participant #1
match(srcip=0*), fwd(left)match(srcip=1*), fwd(right)
![Page 44: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/44.jpg)
Given the participant policies,
the controller compiles them to SDN forwarding rules
Ensuring isolation
Resolving policies conflict
Ensuring compatibility with BGP
![Page 45: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/45.jpg)
Given the participant policies,
the controller compiles them to SDN forwarding rules
Ensuring isolation
Resolving policies conflict
Ensuring compatibility with BGP
Each participant controls
one virtual switch
connected to participants
it can communicate with
![Page 46: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/46.jpg)
Given the participant policies,
the controller compiles them to SDN forwarding rules
Ensuring isolation
Resolving policies conflict
Ensuring compatibility with BGP
Participant policies are
sequentially composed
in an order that respects
business relationships
![Page 47: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/47.jpg)
Given the participant policies,
the controller compiles them to SDN forwarding rules
Ensuring isolation
Ensuring compatibility with BGP
policies are augmented
with BGP information
guaranteed correctness
and reachability
Resolving policies conflict
![Page 48: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/48.jpg)
programming model
Architecture
Scalability
control- & data-plane
2
Applications
inter domain bonanza
SDX: A Software Defined Internet Exchange
![Page 49: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/49.jpg)
data-plane
space
control-plane
time
The SDX platform faces scalability challenges
in both the data- and in the control-plane
![Page 50: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/50.jpg)
data-plane
space
control-plane
time
500,000 prefixes, 500+ participants,
potentially billions of forwarding rules
100s of policies that have to be updated
dynamically according to BGP
![Page 51: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/51.jpg)
data-plane
space
control-plane
time
To scale, the SDX platform leverages
domain-specific knowledge
leverage existing routing platform
leverage inherent
policy structure
![Page 52: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/52.jpg)
data-plane
space
control-plane
time
leverage existing routing platform
![Page 53: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/53.jpg)
not FIB-constrained
Edge router
FIB constrained
SDN switch
The edge routers, sitting next to the fabric,
are tailored to match on numerous IP prefixes
![Page 54: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/54.jpg)
We consider routers FIB as the first stage
of a multi-stage FIB
Table #1 Table #2
IXP fabric
Edge router SDN switch
![Page 55: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/55.jpg)
Routers FIB match on the destination prefix and set a tag accordingly
Table #1 Table #2
Edge router SDN switch
set a TAG
based on IP
![Page 56: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/56.jpg)
The SDN FIB matches on the tag,
not on the IP prefixes
Table #1 Table #2
Edge router SDN switch
set a TAG
based on IPmatch TAG
![Page 57: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/57.jpg)
How do we provision tag entries in a router,
and what are these tags?
Table #1 Table #2
Edge router SDN switch
set a TAG
based on IPmatch TAG
![Page 58: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/58.jpg)
BGP router virtual switch
p1
p2
p3
p4
p5
fwd(1)
fwd(2)
fwd(3)
fwd(4)
We use BGP as a provisioning interface
and BGP next-hops as labels
forward
to BGP NHmatch on BGP NH
![Page 59: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/59.jpg)
BGP router virtual switch
p1
p2
p3
p4
p5
fwd(1)
fwd(2)
fwd(3)
fwd(4)
All prefixes sharing the same forwarding behavior
are grouped together using the same BGP next-hop
![Page 60: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/60.jpg)
The SDX data-plane maintains one
forwarding entry per prefix-group
BGP router virtual switch
p1
p2
p3
p4
p5
fwd(1)
fwd(2)
fwd(3)
fwd(4)
![Page 61: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/61.jpg)
Data-plane utilization is reduced considerably
as there are way more prefixes than prefixes groups
BGP router virtual switch
p1
p2
p3
p4
p5
fwd(1)
fwd(2)
fwd(3)
fwd(4)
# prefixes >> #prefixes groups
![Page 62: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/62.jpg)
By leveraging BGP, the SDX can accommodate policies
for hundreds of participants with less than 30k rules
![Page 63: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/63.jpg)
data-plane
space
control-plane
time
leverage inherent
policy structure
![Page 64: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/64.jpg)
SDX policies exacerbate key characteristics
that enable to speed-up compilation time considerably
Policies are often disjoint
Policy updates are local
Policy updates are bursty
![Page 65: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/65.jpg)
SDX policies exacerbate key characteristics
that enable to speed-up compilation time considerably
Policies are often disjoint
Policy updates are local
Policy updates are bursty
disjoint policy do not have
to be composed together
significant gain as composing
policies is time consuming
![Page 66: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/66.jpg)
SDX policies exacerbate key characteristics
that enable to speed-up compilation time considerably
Policies are often disjoint
Policy updates are local
Policy updates are bursty
Policy updates usually
impact a few prefix-groups
75% of the updates affect
no more than 3 prefixes
![Page 67: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/67.jpg)
SDX policies exacerbate key characteristics
that enable to speed-up compilation time considerably
Policies are often disjoint
Policy updates are local
Policy updates are bursty
policy changes are separated
of large periode of inactivity
75% of the time, inter-arrival time
between updates is at least 10s
![Page 68: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/68.jpg)
Slow, but optimal algorithm in background
recompute prefix groups
Time vs Space trade-off
Fast, but non-optimal algorithm upon updates
can create more rules than required
The SDX controller adopts
a two-staged compilation algorithm
![Page 69: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/69.jpg)
In most cases, the SDX takes <100 ms
to recompute the global policy upon a BGP event
![Page 70: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/70.jpg)
programming model
Architecture
Scalability
control- & data-plane
Applications
inter domain bonanza
3
Novel Applications for a
SDN-enabled Internet eXchange Point
![Page 71: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/71.jpg)
SDX enables a wide range of novel applications
Wide-area load balancing
Upstream blocking of DoS attacks
Influence BGP path selectionremote-control
Application-specific peeringpeering
Prevent/block policy violationsecurity
Prevent participants communication
Inbound Traffic Engineering
Traffic offloading
Middlebox traffic steeringforwarding optimization
Fast convergence
![Page 72: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/72.jpg)
SDX enables a wide range of novel applications
Wide-area load balancing
Upstream blocking of DoS attacks
Influence BGP path selectionremote-control
Application-specific peeringpeering
Prevent/block policy violationsecurity
Prevent participants communication
Inbound Traffic Engineering
Traffic offloading
Middlebox traffic steeringforwarding optimization
Fast convergence
![Page 73: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/73.jpg)
SDX can improve inbound traffic engineering
![Page 74: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/74.jpg)
AS B
192.0.1/24192.0.2/24
Given an IXP Physical Topology and a BGP topology,
implement B’s inbound policies!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
AS A AS C
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
192.0.1/24192.0.2/24
![Page 75: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/75.jpg)
to receive on
left192.0.1/24 A
right192.0.2/24 C
right192.0.2/24 ATT_IP
192.0.1/24 right*
from
Given an IXP Physical Topology and a BGP topology,
Implement B’s inbound policies
AS B
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
AS A AS C
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
B’s inbound policies
192.0.1/24192.0.2/24
192.0.2/24 left*
![Page 76: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/76.jpg)
left192.0.1/24 A
right192.0.2/24 C
right192.0.2/24 ATT_IP
192.0.1/24 right*
192.0.2/24 left*
to receive onfrom
Given an IXP Physical Topology and a BGP topology, How do you that with BGP?
AS B
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
AS A AS C
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
!"#$%&'()&**+)
!"#$%&'()
!"#!
* +
!"#$%&'(*
!"#$
),
!"#$%&'(+
%&'()&#!"#*
),
!"#$%&'(,
!"#+
* +
!"#$%&'()*+(,-.$#&/$"01(2,)3.4(5"36.(07(8+9:
-#$./.$0"1()!(2&1.3.45
,&62&5.74(81&9:;014(4#7;.45
,#-$!./(01/'2$345)/06
7
%
<&074(!4;/4;
B’s inbound policies
192.0.1/24192.0.2/24
![Page 77: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/77.jpg)
Implementing such a policy is configuration-intensive
using AS-Path prepend, MED, community tagging, etc.
It is hard BGP provides few knobs to influence remote decisions
![Page 78: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/78.jpg)
BGP policies cannot influence remote decisions based on source addresses
to receive on
right192.0.2.0/24 ATT_IP
from
It is hard... ... and even impossible for some requirements
![Page 79: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/79.jpg)
There is no guarantee that remote parties will comply
one can only “influence” remote decisions
Networks engineers have no choice but to “try and see”
which makes it impossible to adapt to traffic pattern
Implementing such a policy is configuration-intensive
using AS-Path prepend, MED, community tagging, etc.
It is hard... In any case, the outcome is unpredictable
![Page 80: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/80.jpg)
match(dstip=192.0.1/24, srcmac=A), fwd(L)
match(dstip=192.0.2/24, srcmac=B), fwd(R)
match(dstip=192.0.2/24, srcip=ATT), fwd(R)
match(dstip=192.0.1/24), fwd(R)
to fwd
left192.0.1/24 A
right192.0.2/24 B
right192.0.2/24 ATT_IP
192.0.1/24 right*
from B’s SDX Policy
SDX policies give any participant direct control on its forwarding paths
With SDX, implement B’s inbound policy is easy
192.0.2/24 left* match(dstip=192.0.2/24), fwd(L)
![Page 81: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/81.jpg)
SDX enables a wide range of novel applications
Wide-area load balancing
Upstream blocking of DoS attacks
Influence BGP path selectionremote-control
Application-specific peeringpeering
Prevent/block policy violationsecurity
Prevent participants communication
Inbound Traffic Engineering
Traffic offloading
Middlebox traffic steeringforwarding optimization
Fast convergence
![Page 82: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/82.jpg)
SDX enables a wide range of novel applications
Wide-area load balancing
Upstream blocking of DoS attacks
Influence BGP path selectionremote-control
Application-specific peeringpeering
Prevent/block policy violationsecurity
Prevent participants communication
Inbound Traffic Engineering
Traffic offloading
Middlebox traffic steeringforwarding optimization
Fast convergence
![Page 83: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/83.jpg)
SDX#B
SDX#A
AS1
AS7
AS13
SDX can help in blocking DDoS attacks
closer to the source
![Page 84: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/84.jpg)
Victim
Attacker
SDX#B
SDX#A
AS1
AS7
AS13
AS7 is victim of a DDoS attack
originated from AS13
![Page 85: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/85.jpg)
Victim
Attacker
SDX#B
SDX#A
AS1
AS7
AS13
AS7 can remotely install drop() rule
in the SDX platforms
![Page 86: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/86.jpg)
match(srcip=Attacker/24, dstip=Victim/32) >> drop()
![Page 87: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/87.jpg)
programming model
Architecture
Scalability
control- & data-plane
Applications
inter domain bonanza
SDX: A Software Defined Internet Exchange
![Page 88: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/88.jpg)
We are in the process of having a first deployment
SNAP @ ColoATL, planned deployment with GENI
Many interested parties already
important potential for impact
We have running code (*)
with full BGP integration, check out our tutorial
(*) https://github.com/sdn-ixp/sdx/wiki
Our SDX platform can serve as
skeleton for a SDX ecosystem
![Page 89: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/89.jpg)
Demonstration
![Page 91: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/91.jpg)
![Page 92: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/92.jpg)
BGP picked routes
![Page 93: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/93.jpg)
port:80 + default
port:4321
port:4322
![Page 94: SDX: A Software Defined Internet Exchange](https://reader031.fdocuments.net/reader031/viewer/2022013012/61cf6516ec5c0c1cf4099bb9/html5/thumbnails/94.jpg)
Laurent Vanbever
www.vanbever.eu
FGRE Workshop (Ghent, iMinds)
July, 8 2014
SDX: A Software Defined Internet Exchange