Building Virtual Networks for Experimentation and Profit Nick Feamster, Georgia Tech Andy Bavier,...

transcript

Building Virtual Networks for Experimentation and Profit

Nick Feamster, Georgia Tech

Andy Bavier, Lixin Gao, Mark Huang, Murtaza Motiwala, Jennifer Rexford, Larry Peterson, Yaping Zhu

Original Internet Design Goals

• Interconnection/Multiplexing (packet switching)• Resilience/Survivability (fate sharing)• Heterogeneity• Distributed management• Cost effectiveness• Ease of attachment• Accountability

DecreasingPriority

Internet Faces New Demands• High availability and performance

– Path diversity, low-latency paths, fast reaction to failures, convergence…

• Security guarantees– Defense against unwanted traffic

• Manageability– Fault detection and localization

• Scaling

• Mobility

Design Goal Redux

• Human costs, operational expenditure dominate– The network must provide support for manageability

• Accountability increasingly important– Mobility, security, etc. to the forefront

“…some of the most significant problems with the Internet today relate to lack of sufficient tools for distributed management, especially in the area of routing.”

—Dave Clark, The Design Philosophy of the DARPA Internet Protocols

“Dr Cerf admits that with hindsight, there are two things he regrets not including: authentication, to ensure that internet packets really do come from where they claim to have originated, and support for mobile devices.” ---The Economist, June 2006

New Protocols to the Rescue

• Addressing: IPv6, 8+8, HIP, NIRA

• Security: Secure BGP (S-BGP), soBGP, SPV

• Routing: HLP, RCP, Compact/Valiant Routing

• Naming: DOA

• Unwanted traffic: Capabilities, SANE, DoS-Resistant Internet Archictecture,

Two Hurdles

• Deployment requires feasibility• Feasibility requires deployment

Deployment Dilemma

Coordination Constraint

• Benefits only realized when large fraction of networks deploy

• No single network wants to deploy first

VINI: Realistic and controlled network experimentation.

Cabo: “Concurrent Architectures are Better than One”

Network Virtualization: Characteristics

• Multiple logical routers on a single platform• Resource isolation in CPU, memory, bandwidth,

forwarding tables, …

• Customizable routing and forwarding software• General-purpose CPUs for the control plane• Network processors and FPGAs for data plane

Sharing

Customizability

VINI Overview

• Runs real routing software• Exposes realistic network conditions• Gives control over network events• Carries traffic on behalf of real users• Is shared among many experiments

Simulation

Emulation

Small-scaleexperiment

Livedeployment

Bridge the gap between “lab experiments” and live experiments at scale.

Goal: Control and Realism

• Control– Reproduce results– Methodically change or

relax constraints

• Realism– Long-running services

attract real users– Connectivity to real Internet– Forward high traffic

volumes (Gb/s)– Handle unexpected events

TopologyActual network

Arbitrary, emulated

TrafficReal clients, servers

Synthetic or traces

Network EventsObserved in operational network

Inject faults, anomalies

Fixed Physical Infrastructure

Shared By Many Parties

Supports Arbitrary Virtual Topologies

PL-VINI: Prototype on PlanetLab

• First experiment: Internet In A Slice– XORP open-source routing protocol suite – Click modular router

• Expose issues that VINI must address– Unmodified routing (and other) software on a virtual

topology– Forwarding packets at line speed– Illusion of dedicated hardware– Injection of faults and other events

PL-VINI: Prototype on PlanetLab

• PlanetLab: testbed for planetary-scale services• Simultaneous experiments in separate VMs

– Each has “root” in its own VM, can customize

• Can reserve CPU, network capacity per VM

Virtual Machine Monitor (VMM)(Linux++)

NodeMgr

LocalAdmin

VM1 VM2 VMn…PlanetLab node

XORP: Control Plane

• BGP, OSPF, RIP, PIM-SM, IGMP/MLD

• Goal: run real routing protocols on virtual network topologies

XORP(routing protocols)

User-Mode Linux: Environment

• PlanetLab limitation:– Slice cannot create new

interfaces

• Run routing software in UML environment

• Create virtual network interfaces in UML

• Challenge: Map these interfaces to the right tunnels

eth1 eth3eth2eth0

Click: Data Plane

• Performance– Avoid UML overhead– Move to kernel, FPGA

• Interfaces tunnels– Click UDP tunnels

correspond to UML network interfaces

• Filters– “Fail a link” by blocking

packets at tunnel

eth1 eth3eth2eth0

PacketForwardEngine

Control

DataUmlSwitch

element

Tunnel table

Filters

Demonstration

planetlab1.csail.mit.edu

Some Ongoing Experiments

• IGP convergence: data and control plane• RON and overlay experiments• iBGP convergence• Network troubleshooting• …

Two Hurdles

Deployment Dilemma

Overcoming the Coordination Constraint

• Key problem: Federation– No Internet Service Provider has control over an

entire end-to-end path– This makes deployment, troubleshooting,

accountability, etc. very dificult

• Idea: Make the infrastructure that supports the testbed the architecture itself– Separate providers of infrastructure and service

Concurrent Architectures are Better than One (“Cabo”)

• Infrastructure: physical infrastructure needed to build networks

• Service: “slices” of physical infrastructure from one or more providers

The same entity may sometimes play these two roles.

End-to-End Services

Online Banking Web Surfing

Routing Secure routing protocol (e.g., S-BGP)

Lowest common denominator

Addressing Self-certifying addresses(optimized for persistence)

Dynamic addresses(optimized for convenience)

More SecurityMore Complete

Reachability

• Today: Deployment logjam– Deployment requires consensus and coordination

• Instead: Adopt pluralist approach– Determined service provider leases infrastructure and deploys technology end-to-end

Example

Application-Specific Networks

Internal BGP Link-State Protocols

Dissemination Hierarchical, incremental Flooding

Computation BGP-style decision process Shortest Paths

Better ScalabilityFaster

Convergence

• Today: Optimize a single set of protocols• Instead: Parallel deployment

– Run multiple networks, each catered to specific applications

Example

Embedding

• Given: virtual network and physical network– Topology, constraints, etc.

• Problem: find the appropriate mapping onto available physical resources (nodes and edges)

• Many possible formulations– Specific nodes mapping to certain physical nodes– Generic requirements: “three diverse paths from SF to

LA with 100 MBps throughput”– Traffic awareness, dynamic remapping, etc.– On-the-fly creation of links in the substrate

Accounting and Provisioning• Problem: Brokering of physical infrastructure

– Discovery: Discovering physical infrastructure• Autodiscovery of components and topology• Decision elements that configure components

– Provisioning: Creating virtual networks• Requests to decision elements (initially out of

band), which name virtual network components• Turner et al., Substrate Control Metanet

– Creation: Instantiating virtual networks

Economic Refactoring

• Infrastructure providers: maintain physical infrastructure needed to build networks

• Service providers: lease “slices” of physical infrastructure from one or more providers

Examples in Communications Networks

• Packet Fabric: share routers at exchange points• FON: resells users’ wireless Internet connectivity

• Infrastructure providers: Buy upstream connectivity, broker access through wireless

• Nomads: Users who connect to access points• Service provider: FON as broker

Broker

Economic Refactoring: Challenges

• Being a service provider: a great deal– Opportunity to add value by creating new services

• Infrastructure providers– Can this enterprise be profitable?

• Who will become infrastructure providers?

http://www.cc.gatech.edu/~feamster/papers/cabo-tr.pdf

Need to understand whether this refactoring would occur

Summary

• Internet faces stronger demands from users– Not necessarily designed for those challenges– Difficult to deploy fundamentally new fixes

• Virtualization: moving beyond paper design– Testbed– Architectural foundation

• Challenges– Simultaneous operation– Substrate and interface

Supports Controlled Link Failures

Carry Traffic for Real End Users

Participate in Internet Routing

These Solutions Face Two Hurdles

Deployment Dilemma

Intra-domain Route Changes

587 846

6391295

Ping During Link Failure

0 10 20 30 40 50

Seconds

Link down

Link up

Routes converging

Close-Up of TCP Transfer

17.5 18 18.5 19 19.5 20

Seconds

Packet receiv ed

Slow start

Retransmitlost packet

PL-VINI enables a user-space virtual networkto behave like a real network on PlanetLab

Attracting Real Users

• Could the experiment have been run in Emulab?– Maybe, though interconnection with real Internet

could provide some advantages– “Turning the dials” between realism and contro

• Goal: Operate our own virtual network– Carrying traffic for actual users– We can tinker with routing protocols

End-to-End Services

• Multi-provider VPNs• Paths with end-to-end performance guarantees

Today Cabo

Competing ISPs with different goals must coordinate

Single service provider controls end-to-end path

Can Other Industries Offer Clues?

• Infrastructure providers: Airports• Infrastructure: Gates, “hands and eyes”, etc.• Service providers: Airlines

SFOATL

Parallel Deployment: Questions

• Guaranteeing global reachability– Do we need an end-to-end global reachability

service?

• Proliferation of protocols and architectures– Is “low barrier to entry” a good thing for an

architecture?

• Security– Should parallel deployment imply isolation?– If so, how to implement it?

Building Virtual Networks for Experimentation and Profit Nick Feamster, Georgia Tech Andy Bavier,...

Documents