Mohit Chamania, 16/06/2014 Architecting the Open Source PCE A Service Oriented Approach.

Mohit Chamania, 16/06/2014

Architecting the Open Source PCEA Service Oriented Approach

© 2014 ADVA Optical Networking. All rights reserved. Confidential.22

Outline

• Identify the different frameworks and deployment scenarios for path computation functions

• Outline the requirements for an open-source PCE that can be employed in diverse network deployments

• Extend the open source PCE architecture to incorporate the same


• Vendors / Carriers • Control Plane (GMPLS) • Network Management Systems (NMS) • Network Hypervisors / Orchestrators (SDN)• ABNO architecture

• Infrastructure Providers • Cloud operators• Virtual Network Providers

• Organizations• Research GEANT, Internet2, GLIF• Large Enterprises

• Others

Applications Employing Path Computation



Vendors/Carriers

Technology Scale Requirements ProtocolsControl Plane 100s NEs Low latency

Low Processing overheadAccess control

Topology: OSPF, OSPF-TEPath as a sequence of hops/interfaces and labelsPCEP

NMS ~ 10000 NEs Authentication and Authorization (AA) (RADIUS / DIAMETER)Scalability with network size

Topology: MTNM, ITU-T, custom standardsPath as a TrailCustom APIs / PCEP

SDN N.A. Integration with different controllersPath definitions focused on NE configurations

Topology: Implementation specific representation Path as a sequence of cross connects PCEP and Others


• Control plane deployments• PCE instances integrated in network element controllers• Low processing overhead to reduce cost overheads• Fast computation (10’s of milliseconds) for services like restoration

Control Plane Deployments

Path Computation• Shortest Path

• Kth Shortest Path

• Constrained Shortest Path

Signaling• RSVP (reservations)

• RSVP-TE (tunnel LSP setup)

• GMPLS-RSVP (optical extensions)

Routing• OSPF (reachability)

• OSPF-TE (traffic engineering)

• GMPLS-OSPF (optical extensions)


SDN Deployments



Others

Technology Scale Requirements ProtocolsCloud / VNO Multi-domain

scopeLarge-user base (AA) with Web Auth Standards (OpenID, OAuth, SAML)Multi-view topology and path computation support

Control: OpenStack, Custom implementationsCoordination with other domain controllersCustom topology representation and multi-domain path computation

Research Networks

10s-100s of NEs Large user-base (AA) Custom authentication / Web Auth StandardsExperimentation with path computation algorithms

Topology: custom topology definitions Implementation specific path representation and computation APIs


• Protocol Support • Not all approaches will support PCEP• Support for pluggable protocol modules to ease integration

• Authentication and Authorization• Support for basic Access control• Authentication and Authorization proxy to access topology and path computation functions • Pluggable authentication modules to support different AA mechanisms

• Algorithm support and Scaling• Pluggable path computation functions to access network topology• Horizontal scaling to achieve efficiency in terms of number of requests• Low latency for specific demands (e.g. in wireless mesh networks, restoration computation)

• Topology (TED) • Multiple representations of topology may be required • Different mechanisms to update the topology • Topology visibility linked to access rights of the user

Requirements on PCE


• Open Source PCE implementation (www.opensourcepce.org)• First open-source PCE developed based on IETF standards• Designed for extensibility in terms of

• PCEP Protocol Extensions • Path Computation Algorithms• Path Computation State machines

• Features include asynchronous network I/O, passive state machines, topology updates, hierarchical and multi-layer PCE

• 18,000 lines of code

• Application in EU research projects • ONE for supporting coordinated multi-layer path computation • GEYSERS for joint computation of IT+Network resources• PACE which will pursue standardization, architecture and implementation

Open Source PCE

M. Chamania, M. Drogon, A. Jukan, "An Open-Source Path Computation Element (PCE) Emulator: Design, Implementation, and Performance," IEEE Journal of Lightwave Technology, vol.30, no.4, pp.414,426, Feb.15, 2012


• Socket management, access control

• Asynchronous Network I/O

Open Source PCE ArchitectureM

od

ule

Man

ag

em

ent

Network Module

• PCEP Session Management (Session state machine)

• Message routing within the PCESession Module

• Thread Pools to perform path computation

• Integrated TED with topology update interfaces

Computation Module TED






Requirements on PCE


• Pluggable protocol modules (PPM) to support multiple protocols

Service Oriented PCE architectureM

od

ule

Man

ag

em

ent

Network Module

Session Module

Computation Module TED

Session Module

PPM

Network Module

PCEP Session Management


• PPMs are responsible for protocol specific features of path computation

• PPMs also implement access control features if any

Service Oriented PCE Architecture

Session Module

PPM

Network Module

PCEP Session Management

PPM PPM PPM


• PPMs are responsible for protocol specific features of path computation

• PPMs also implement access control features if any

• Requests to session module are forwarded with • Path Request parameters• Topology view requested• Computation constraints

• Choice of algorithms• Computation latency

• Authorization credentials• Callback URI


PPM SM

Request for Path Computation

OK (Session ID)

Response (Session ID)



• Authentication and Authorization• Support for basic Access control• Authentication and Authorization proxy to access topology and path computation

functions • Pluggable authentication modules to support different AA mechanisms



Requirements on PCE


• Aim to leverage existing mechanisms for AA

• Internal AA design build around the SAML/OAuth/OpenID approach• User – (Entity requesting the service)• Identity Provider – (AA service employed)• Service Provider – (PCE)

• Authentication and identity is managed by external entity• User identifies the authentication mechanism • PCE requests a authorization token from the Identity Provider• User authenticates with the identity provider to authorize the session• PCE uses the authorized token to access authorization functions

Authentication and Authorization Support



User

PPMRequest • Auth Type• Credentials

(Optional)

Authentication Proxy

AM AM AM AM

Identity

Provider

Request Authorized Token

Request Authorized Token

Authorized Token

Authorized Token

Session Module

Request with Authorization Credentials


• Authorization of token may involve communication between the user and the identity provider

• Removes the necessity of the user providing actual credentials (e.g. password) to the PCE

• Authorization credentials include the session token


User PCE IP

Request with Auth Type

Session Token request Application Credentials (key/secret)

Authorization OK

Session Token (key/secret)

Session Token (Key)

Authorize session (Session Token, user credentials)


• Authorization profile stored in the identity provider or locally in the AM

• For authorization, Session Token is verified with the IP, and user roles are provided to authentication proxy

• Based on user roles, decisions on operations to be allowed is made by the session module


Session Module

AM

Identity

Provider

Authentication Proxy

Auth Credentials

Application Credentials Session

Token

User Roles




• Algorithm support and Scaling• Pluggable path computation functions to access network topology• Horizontal scaling to achieve efficiency in terms of number of requests• Low latency for specific demands (e.g. in wireless mesh networks, restoration

computation)


Requirements on PCE


• Computation module supporting a specific algorithm should be an autonomous process • Developed in any programming language• One or more processes spread across multiple machines for scaling

• HTTP based APIs for path computation request• Extensive support across multiple programming languages

• Message Queue architectures for managing forwarding of requests to corresponding computation modules

Algorithm Support and Scaling


Message Queue Based Algorithm integration

Session Module

Message Queue

Computation Module

Computation Module

Multiple instances reading

from the same queue can enable

load balancing


• Communication between the Session module and Computation module is asynchronous

• Message queues can also support publish/subscribe models, so multiple computation modules can receive the same request

• Useful in case latency demands drive the use of different algorithms computing the same request


SM MQ CM

Computation Request

Callback URI

Computation Request

Callback URI

Computation Response to URI

Request Received






Requirements on PCE


• A single “view” of the topology is not sufficient for operating across different network environments

• The PCE topology database should be 1 (or more) “models” supporting different views, with corresponding APIs to manage export/update

Topology Management

PCE Topology

TEDGMPLS View

ITU-T View

MTNM View

Topology Update (Control plane)

Topology Request (NMS)


• A single central database manages the complete topology

• Each computation module may maintain their own topology• Initialization using a snapshot from the topology database• Topology Database publishes updates (for each view)

Topology Management

PCE Topology

TEDGMPLS View

ITU-T View

MTNM View

Messa

ge Q

ueue

Computation Module

Computation Module

Computation Module


• Topology views are also subject to authorization • Users may see limited parts of the topology only• Use of authorization credentials to determine what elements of

topology are visible to the user

• Computed paths can also be stored in the topology as an accessible resource• Necessary for features such as virtual tunnels, path-key for inter-

domain computation • Users can have limited view of the path (only endpoints and

properties) and use it for multi-domain path computation

Topology Management


• Numerous standards and frameworks targeting different network deployments are going to co-exist

• Critical features identified for extending the open-source PCE• Topology Management and export• Authentication and Authorization capabilities• Algorithm extensibility

• Service oriented approach to open-source PCE• Cross-platform support • Employ mechanisms and architectures already in place• Reduce overhead for other contributors

Conclusions

[email protected]

Thank You

IMPORTANT NOTICE

The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited.

The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation.

Copyright © for the entire content of this presentation: ADVA Optical Networking.

http://www.linkedin.com/company/adva-optical-networking

http://twitter.com/ADVAOpticalNews

http://www.facebook.com/pages/ADVA-Optical-Networking/37630238931?ref=ts#!/pages/ADVA-Optical-Networking/37630238931?v=wall

http://www.youtube.com/user/ADVAOptical

http://advaopticalnews.tumblr.com/

http://www.slideshare.net/ADVAOpticalNetworking

Date post:	15-Dec-2015
Category:	Documents
Upload:	brenden-coulson
View:	213 times
Download:	1 times

Mohit Chamania, 16/06/2014 Architecting the Open Source PCE A Service Oriented Approach.

Documents