Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Virt july-2013-meetup


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Virt july-2013-meetup

  1. 1. Programmable Virtual Networks From Network Slicing To Network Virtualization Ali Al-Shabibi Open Networking Laboratory
  2. 2. Outline • Define FlowVisor – It’s design goal – It’s success – It’s limitation • Describe and define Network Virtualization • Introduce the OpenVirteX (formerly known as NetVisor), which provides programmable virtual networks
  3. 3. Why FlowVisor? Good ideas rarely get deployed Also require access to real world traffic New services may require changes to switch software Experimenters want to control the behaviour of their network Evaluating new network services is hard
  4. 4. OK… Why is it hard?
  5. 5. Current Virtualization à la FlowVisor • Network Slice = Collection of sliced switches, links, and traffic or header space • Each slice associated to a controller • Transparent slicing, i.e., every slice believes it has full and sole control of datapath  FV enforces traffic and slice isolation Not a generalized virtualization
  6. 6. Great! What about real traffic? • FlowVisor allows users to opt-in to services in real-time – Individual flows can be delegated to a slice by a user – Admins can add policy to slice dynamically FlowVisor Web Slice VoIP Slice Video Slice All the rest
  7. 7. Sprinkle some resource limits • Slicing resources includes: – Specifying the link bandwidth – Maximum number of forwarding rules – Fraction of switch CPU FlowSpace: Which slice controls which packet?
  8. 8. Mapping Packets to Slices
  9. 9. FlowVisor Where does it live? • Sits between switches and controllers • Speaks OpenFlow up and down. • Acts like a proxy to switches and controllers • Datapaths and controllers run unmodified
  10. 10. What kind of magic is this? PacketIn from datapath Who controls this packet? It this action allowed?
  11. 11. Message Handling - PacketIn PacketIn Drop if controller is not connected. Is LLDP? Send to appropriate slice. Yes Extract match structure and match FlowSpace No Done Insert a drop rule. No Yes Drop if controller is not connected. Yes Send to slice. Are actions allowed? Log exception. Nomatch Has packet been send to a slice? No match
  12. 12. Message Handling - FlowMod FlowMod Slicing permitted? Slice Actions Send Error. Log exception No Extract match struct and intersect FlowSpace Yes For each intersection, rewrite original flowmod with flowspace info. Has slice permissions? Intersections No Intersections Zero rewrites? Log exception Done Yes No
  13. 13. FlowVisor Highlights • Demonstrations: – Open Networking Summit ’12 and ’13 – GENI GEC 9 – Best demo at SIGCOMM ’09 • Deployments : – GENI – OFELIA – Stanford Production Network – In use at NEC and Ericsson labs, as well as other vendors • 3 releases in the past year – 1.0 release downloaded over 70 times in one day
  14. 14. FlowVisor Downloaders Release 1.0 UniversityResearch Georgia Tech Rutgers KSU U of Wisconsin U of Utah Clemson R&ENetworks APNIC BBN NYSERNet CENIC CommercialNetworkOps AT&T Comcast EarthLink PSINet RCN Vendors Goldman Sachs Cisco Aruba NEC Ericsson
  15. 15. FlowVisor Summary • FlowVisor introduces the concept of a network slice • Not a complete virtualization solution. • Originally designed to test new network services on production taffic • But, it’s really only a Network Slicer! FlowVisor provides network slicing but not a complete network virtualization.
  16. 16. What should Network Virtualization be? • Conceptually introduces virtual network which is decoupled from physical network • Should not change the abstractions we know and love of physical networks • Should provide some new one: Instantiation, deletion, service deployment, migration, etc. At least what I think ;)
  17. 17. MPLS VRF Overlays TRILL VLAN VPN What is Network Virtualization? None of these give you a virtual network They merely virtualize one aspect of a network Topology Virtualization • Virtual links • Virtual nodes • Decoupled from physical network Address Virtualization • Virtual Addressing • Maintain current abstractions • Add some new ones Policy Virtualization • Who controls what? • What guarantees are enforced?
  18. 18. Network Virtualization vs. Network Slicing Slicing • Sorry, you can’t. • You need to discriminate traffic of two networks with something other than the existing header bits • Thus no address or complex topology virtualization Network virtualization • Virtual nets are completely independent • Virtual nets are distinguished by the tenant id • Complete address and topology virtualization
  19. 19. Virtualization State of the Art • Functionality implemented at the edge • Use of tunneling techniques, such as STT, VXLAN, GRE • Network core is not available for innovation • Closed source controller controls the behaviour of the network • Provides address and topology virtualization, but limited policy virtualization. • Moreover, the topology looks like only one big switch
  20. 20. Big Switch Abstraction E6 E2 E5 E1 E3 E4 SWITCH 1E1 E3 E2 E5 SWITCH 2 E4 E6 • A single switch greatly limits the flexibility of the network controller • Cannot specify your own routing policy. • What if you want a tree topology?
  21. 21. Current Virtualization vs OpenVirteX Current Virtualization Solutions • Networks are not programmable • Functionality implemented at the edge • Network core is not available for innovation • Must provision tunnels to provide virtual topology • Address virtualization provided by encapsulation OpenVirteX • Each virtual network is handed to a controller for programming. • Edge & core available for innovation • Entire physical topology may/can be exposed to the downstream controller. • Address virtualization provided by remapping/rewriting header fields • Both dataplanes and controllers can be used unmodified.
  22. 22. OpenVirteX All problems in computer science can be solved by another level of indirection. - David Wheeler OpenVirtex
  23. 23. Ultimate Goal physical)network) NetVisor) Virtual)Network) Maps) Physical)Network) Map) VM) Topology,)Address)Space)and) Control)Func>on)Mapping) Network)OS) Network)OS) Network)OS) OpenVirteX
  24. 24. Address Space Virtualisation source'physical'IP' des1na1on'physical'IP' tenant'ID' LSB' transformed' virtual'source'IP' transformed' virtual'des1na1on'IP' 32'bits' 32'bits' tenant'ID' MSB' NetVisor) physical)network) VM) edge) switch) virtual)IP) physical)IP) physical)IP) virtual)IP) physical)IP) virtual)IP) Network)OS) Control traffic address translation physical)IP)space) virtual)IP)space) NetVisor) Address)Space)Mapping)) Data traffic address mapping Data traffic address translation
  25. 25. Topology Virtualization - Abstractions • Expose physical topology to tenants • Virtual link: collapse multi-hop path into one-hop link • Approach is also valid for proactive rules OpenVirtex
  26. 26. Abstractions (contd.) • Virtual switch: collapse ports dispersed over network into a switch • Big switch is virtual switch with all edge ports • Use separate controller for each virtual switch – Allow OpenVirteX admin to control routing within virtual switch virtual physical ... ... virtual switch edge ports core ports VM
  27. 27. OpenVirteX Interaction with the Real-World NetVisorOpenVirtex
  28. 28. OpenVirteX API Mapping to Quantum OpenStack Management System Nova Quantum Other Components virtual switch vSwitch VM1 VM2 VM3 Nova plugin Quantum plugin Quantum plugin OpenVirteX Quantum plugin OpenFlo w Physical Network
  29. 29. OpenVirteX API Mapping to Quantum Create Network API OpenVirteX Quantum ✔ Attach Port API ✔ Create vRouter API ✔ Configure Topology API Via the Router extension
  30. 30. High Level Features • Support for more generalized network virtualization as opposed to slicing – Address virtualization: use extra bits or clever use of tenant id in header – Topology virtualization: on demand topology • Integrate with cloud using OpenStack – Via the Quantum plugin • Support any OF 1.x version, simultaneously • Support for scale, HA and security-features. – Incorporate right building blocks from other OSS Just finised implementing a prototype
  31. 31. Current Status • Quick and dirty prototype implemented • Provides Address space virtualisation/isolation • Two topology abstractions: – Virtual Link – Virtual Switch • Current implementation not intended to scale or provide any significant performance – It’s a proof of concept
  32. 32. Future Challenges • Traffic engineering, e.g., load balancing • Reliability, e.g., disjoint paths • The above needs special attention when offering topology abstractions – They may even be severely impacted. • Physical topology changes • Tenant may ask for reconfiguration of virtual network • Extremely challenging to get right
  33. 33. Conclusion • FlowVisor 1.0 will remain to be supported • OpenVirteX is still in the design phase – But our clear goal is to deliver programmable virtual networks. • An initial proof of concept may be available in Q3 2013. • Contributions to FlowVisor and OpenVirteX are greatly appreciated and welcomed.
  34. 34. Thanks! Questions?