Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Rina renumbering, EUCNC 2017

131 views

Published on

Seamless network renumbering in RINA: automate address changes without breaking flows!

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Rina renumbering, EUCNC 2017

  1. 1. EUCNC, Oulu, June 2017 Seamless network renumbering in RINA: automate address changes without breaking flows! Eduard Grasa, Leonardo Bergesio, Miquel Tarzan (i2CAT) Diego Lopez (Telefonica) John Day and Lou Chitkushev (Boston University)
  2. 2. THE PROBLEM: NETWORK RENUMBERING 2 1
  3. 3. What is renumbering •  Update part or all of the addresses assigned to network entities •  What does this imply for IP networks? –  Assign IP addresses to interfaces on switches, routers, hosts –  Propagate routing information –  Update ingress/egress filters, firewalls and ACLs –  Update DNS entries –  Update network management databases if needed –  Care must be taken to support graceful termination of existing flows (old addresses have to coexist until these flows are terminated) Large-scale RINA experimentation on FIRE+ 3 1 2 3 4 5 6
  4. 4. WHY IS RENUMBERING HARD IN IP NETWORKS? 4 2
  5. 5. Lack of application names (I) •  Domain names are mapped to IP addresses by DNS •  The transport layer knows nothing about domain names •  TCP/UDP flows are between pairs of IP addresses and ports –  If IP addresses change, the identity of the flow is lost 5 §  h%p://www.i2cat.net Synonym of an interface of a host Port number (Endpoint of TCP connecPon) :80 App App App name = domain name + port number IP address MAC address IP address MAC address Internet layer routes on IP addresses
  6. 6. Lack of application names (II) •  The IP address is both the identifier of the IP protocol machine and the identifier used to forward IP packets •  Identifier of protocol machine should be stable and location-independent –  So that firewall rules, ACLs, etc. don’t need to be updated if the network is renumbered or the host/router moves •  Identifiers used for forwarding must be location- dependent and may change –  To minimize elements in forwarding table and routing updates •  But there is only 1 identifier: the IP address –  Can’t have both properties at the same time Large-scale RINA Experimentation on FIRE+ 6
  7. 7. WHAT ABOUT RENUMBERING IN RINA NETWORKS? 7 3
  8. 8. RINA overview Large-scale RINA Experimentation on FIRE+ 8 Host Border router Interior Router DIF DIF DIF Border router DIF DIF Distributed IPC Facility (DIF) Host App A App B Consistent API through layers App A Layer (DIF) API IPC Process 1. Register/Unregister App 2. Allocate/Deallocate flows 3. Write data (SDUs) to flows 4. Read data (SDUs) from flows 5.  Get layer informaHon
  9. 9. Naming and addressing, mobility, routing No need for special protocols Large-scale RINA Experimentation on FIRE+ 9 Name Indicates Property RINA IP Applica6on name What Loca6on independent Yes No Node address Where Loca6on dependent, route independent Yes No Point of A%achment How to get there Route dependent Yes Yes (twice: IP, MAC)
  10. 10. Flows and addresses Large-scale RINA Experimentation on FIRE+ 10 App A App B Host Host IPCP Z, @ 1 IPCP Y, @ 2 B ->2 B ->2 Register 1 4 2 3 Update mapping Update mapping Disseminate mapping Provider 1 DIF App A App B Host Host IPCP Z, @ 1 IPCP Y, @ 2 B ->2 B ->2 Accept / Deny 5 2 4 3 Access Control Check Resolve address Allocate Flow Request Provider 1 DIF 1 Allocate Flow to B 6 Allocate Flow Response 7 Flow AllocaBon ApplicaBon registraBon
  11. 11. IPCP procedures Large-scale RINA Experimentation on FIRE+ 11 IPCP Y, @ 2 IPCP Z 1 Allocate Flow to Y 3 Accept / Deny 2 Host Router 4 Authen3ca3on 5 Access Control IPCP Z joins DIF Allowed IPCPs: Z, T, R Provider 1 DIF Access DIF Net Mgmt DIF MA K Mgr L 1 Allocate Flow to L 3 Accept / Deny 2 Router Mgmt. System System discovers Manager
  12. 12. Experimental setup: Backbone net •  37 node network, Single DIF over Ethernet •  All nodes in the DIF change addresses every 30-240s •  IRATI RINA implementation Large-scale RINA Experimentation on FIRE+ 12 •  Check out this demo at booth # 9 (ARCFIRE)
  13. 13. Experimental setup: DC net •  Leaf-spine DC configuration •  IRATI RINA implementation •  All nodes in both DIFs constantly renumber every 30-240s •  38 nodes Large-scale RINA Experimentation on FIRE+ 13 PtP DIF PtP DIF PtP DIF PtP DIFDC Fabric DIF VPN DIF VPN DIF ToR router Spine router ToR router Server Server DC FABRIC DIF TOR1 TOR2 TOR3 TOR4 SPI1 SPI2 TOR1 TOR2 S11 S12 S13 S14 S21 S22 S23 S24 VPN (1-4) DIF
  14. 14. Experimental results •  No packet loss during renumbering events •  Almost no penalty in throughput •  Penalty in delay for the worst case scenario Large-scale RINA Experimentation on FIRE+ 14 0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 VPN 1: s14 - s24 VPN2 : s18 - s28 VPN3: s31 - s41 VPN4: s35 -s45 rina-echo-*me flows between nodes Applica*on RTT (ms) vs. renumbering frequency Every [30, 60] s Every [60, 120] s Every [120, 240] s No renumbering 0 10 20 30 40 50 60 70 80 90 100 VPN 1: s14 - s24 VPN2 : s18 - s28 VPN3: s31 - s41 VPN4: s35 -s45 rina-tgen flows between nodes Applica4on goodput (Mbps) vs. renumbering frequency Every [30, 60] s Every [60, 120] s Every [120, 240] s No renumbering •  Results in the worst case scenario (constanly renumbering network) •  Renumbering can be done live
  15. 15. IMPLICATIONS, FURTHER WORK 15 4
  16. 16. Implications •  With a proper naming and addressing structure in place, life network renumbering can be done –  without impacting existing flows –  without the need of extra protocols or mechanisms –  in a fully automated way (minimize opex and network downtime) •  Use cases –  Network consolidation (e.g. acquisition of other networks) –  Update network addressing scheme to optimize routing (e.g. due to changes in network topology) –  Better support for mobility (change address of moving nodes if they attach to different subnets) Large-scale RINA Experimentation on FIRE+ 16
  17. 17. Ongoing RINA R&D activities Large-scale RINA Experimentation on FIRE+ 17 •  Current research projects –  FP7 PRISTINE (2014-2016) http://ict-pristine-eu –  H2020 ARCFIRE (2016-2017) http://ict-arcfire.eu –  Norwegian project OCARINA(2016-2021) –  BU RINA team http://csr.bu.edu/rina •  Open source implementations –  IRATI (Linux OS, C/C++, kernel components, policy framework, RINA over X) http://github.com/irati/stack –  RINASim (RINA simulator, OMNeT++) –  ProtoRINA (Java, RINA over UDP, quick prototyping) •  Key RINA standardization activities –  Pouzin Society (experimental specs) http://pouzinsociety.org –  ISO SC6 WG7 (2 new projects: Future Network – Architectures, Future Network- Protocols) –  ETSI Next Generation Protocols ISG 1 2 3 4 1 2 3 1 2 3

×