際際滷

際際滷Share a Scribd company logo

Analytics driven SDN and commodity switches

N
netvis

1. The document discusses using merchant silicon switches with simple, low-cost hardware for commodity switching fabrics. These are decoupled from more flexible edge switches. 2. Centralized software is used for real-time traffic analytics and control by collecting flow data from switches. This enables identifying large "elephant" flows and applying targeted controls to increase fabric efficiency. 3. A hybrid OpenFlow approach is proposed to control forwarding planes, using existing routing protocols for normal traffic but allowing the controller to override specific flows through ACL tables for exceptions like blocking or rate limiting.

1 of 12
Downloaded 32 times
Analytics driven SDN and commodity switches Peter Phaal Founder and President, InMon Corp. Silicon Valley SDN Group, May, 2014
Copyright 息 2014 InMon Corporation Controller Analyze Plan Act Network Measurement Protocol Control Protocol Feedback control You cant control what you cant measure Tom DeMarco
Copyright 息 2014 InMon Corporation Separation of edge and core Fabric: A Retrospective on Evolving SDN by Martin Casado, Teemu Koponen, Scott Shenker, and Amin Tootoonchian Network Elements Controller Functions Edge flexible software virtual switches network virtualization, tenant isolation, security, NFV e.g. NSX, Nuage Fabric simple, low cost, vendor neutral, hardware switches traffic analytics and control to increase efficiency dard headers) , this requires dreds of bits; d only match e forwarding y far from the y. We expect to increasing in turn means owed and the ign paradigm, ery switch. It a sweet spot functionality ion towards a generality. ements to the to but more hange in the IPv4 to IPv6) Fabric Elements Fabric Controller Src Host Dst Host Edge Controller Ingress Edge Switch Egress Edge Switch Figure 1: The source host sends a packet to an edge switch, which after providing network services, sends it across the fabric for the egress switch to deliver it to the destination host. Neither host sees any internals of the fabric. The control planes of the edge and fabric are similarly decoupled. a new concept but rather we believe it should be included as an architectural building block within SDN. We now identify the key properties for these fabrics. Separation of Forwarding. In order for a fabric to remain decou- pled from the edge it should provide a minimal set of forwarding primitives without exposing any internal forwarding mechanisms Simple, low cost, vendor neutral merchant silicon
Copyright 息 2014 InMon Corporation Rise of merchant silicon 20132011 Ports Opportunity to leverage merchant silicon traffic analytics and apply targeted controls to increase fabric efficiency
Copyright 息 2014 InMon Corporation Large Elephant flows http://research.microsoft.com/en-us/UM/people/srikanth/data/imc09_dcTraffic.pdf Elephant flows are the small number of long lived large flows responsible for majority of bytes on network http://blog.sflow.com/2013/02/sdn-and-large-flows.html
Copyright 息 2014 InMon Corporation packets decode hash sendflow cache flushsample Flow Records flow cache embedded on switchcustom ASIC based switch NetFlow IPFIX decode hash sendflow cache flush Flow Records packets send poll i/f counters sample multiple switches export sFlow packets send poll i/f counters sample ... external software flow cache merchant silicon based switch (Broadcom, Intel/Fulcrum, and Marvell) JSON/REST NetFlow IPFIX Reduce ASIC cost / complexity Fast response (data not sitting on switch) Centralized, network-wide visibility Increase flexibility software defined analytics Move flow cache from ASIC to external software Scale-out alternative to SNMP polling Traffic analytics with sFlow Centralized real-time analytics identifies large flows, paths, hot spots etc. plan corrective actions How can controls be efficiently deployed?
Copyright 息 2014 InMon Corporation Simple, no change to normal forwarding behavior - BGP, OSPF, SPB, TRILL, LAG/MLAG etc. used to control L2 / L3 forwarding tables Efficient, merchant silicon hardware multipath forwarding efficiently handles most flows. OpenFlow used to control ACL table and selectively override forwarding of specific flows (block, mark, steer, rate-limit), maximizing effectiveness of limited general match capacity. Note: very few ACLs needed in fabric since policy has shifted to edge - mainly required to protect control plane Scaleable, flows handled by existing control plane, OpenFlow only used when controller wants to make an exception. Note: An OpenFlow controller could pro-actively configure L2/L3 tables to define NORMAL forwarding and still support hybrid control of ACL table Robust, if controller fails, network keeps forwarding Traffic control with hybrid OpenFlow Hybrid Programmable Forwarding Plane, David Ward, ONF Summit, 2011
Copyright 息 2014 InMon Corporation sFlow-RT feedback controller Large flow steering DDoS Mitigation REST API Open Southbound APIs Data Plane Real-time analytics and control Hosts Open Northbound APIs User defined policy sFlow-RT controller real-time analytics hybrid OpenFlow controller Open JavaScript/ECMAScript API optimized for SDN traffic engineering applications Large flow marking Web portal OpenStack etc.
Copyright 息 2014 InMon Corporation Brocade/InMon: DDoS mitigation http://www.opennetsummit.org/pdf/2014/sdn-idol/Brocade-SDN-Idol-Proposal.pdf Real-Time SDN Analytics for DDoS Mitigation winner of ONS SDN Idol 2014
Copyright 息 2014 InMon Corporation ALU/InMon: Large flow marking http://enterprise.alcatel-lucent.com/docs/?id=23847
Copyright 息 2014 InMon Corporation Extend control beyond network Analyze Plan Act Network, Storage, Compute sFlow-RT Feedback Controller Maximize data center efficiency through coordinated workload placement and resource allocation of network, storage, and compute based on measured loads and communication patterns e.g. reduce network congestion by instructing OpenStack to move virtual machine
Copyright 息 2014 InMon Corporation InMon.com blog.sFlow.com sFlow.org Host-sFlow.SourceForge.net Velocity 2012 http://blog.sflow.com/2013/04/velocity-conference-talk.html Bay Area Network Virtualization Meetup http://blog.sflow.com/2013/06/bay-area-network-virtualization-talk.html Mininet testbed http://blog.sflow.com/2014/04/mininet-integrated-hybrid-openflow.html Explore further

More Related Content

Analytics driven SDN and commodity switches

  • 1. Analytics driven SDN and commodity switches Peter Phaal Founder and President, InMon Corp. Silicon Valley SDN Group, May, 2014
  • 2. Copyright 息 2014 InMon Corporation Controller Analyze Plan Act Network Measurement Protocol Control Protocol Feedback control You cant control what you cant measure Tom DeMarco
  • 3. Copyright 息 2014 InMon Corporation Separation of edge and core Fabric: A Retrospective on Evolving SDN by Martin Casado, Teemu Koponen, Scott Shenker, and Amin Tootoonchian Network Elements Controller Functions Edge flexible software virtual switches network virtualization, tenant isolation, security, NFV e.g. NSX, Nuage Fabric simple, low cost, vendor neutral, hardware switches traffic analytics and control to increase efficiency dard headers) , this requires dreds of bits; d only match e forwarding y far from the y. We expect to increasing in turn means owed and the ign paradigm, ery switch. It a sweet spot functionality ion towards a generality. ements to the to but more hange in the IPv4 to IPv6) Fabric Elements Fabric Controller Src Host Dst Host Edge Controller Ingress Edge Switch Egress Edge Switch Figure 1: The source host sends a packet to an edge switch, which after providing network services, sends it across the fabric for the egress switch to deliver it to the destination host. Neither host sees any internals of the fabric. The control planes of the edge and fabric are similarly decoupled. a new concept but rather we believe it should be included as an architectural building block within SDN. We now identify the key properties for these fabrics. Separation of Forwarding. In order for a fabric to remain decou- pled from the edge it should provide a minimal set of forwarding primitives without exposing any internal forwarding mechanisms Simple, low cost, vendor neutral merchant silicon
  • 4. Copyright 息 2014 InMon Corporation Rise of merchant silicon 20132011 Ports Opportunity to leverage merchant silicon traffic analytics and apply targeted controls to increase fabric efficiency
  • 5. Copyright 息 2014 InMon Corporation Large Elephant flows http://research.microsoft.com/en-us/UM/people/srikanth/data/imc09_dcTraffic.pdf Elephant flows are the small number of long lived large flows responsible for majority of bytes on network http://blog.sflow.com/2013/02/sdn-and-large-flows.html
  • 6. Copyright 息 2014 InMon Corporation packets decode hash sendflow cache flushsample Flow Records flow cache embedded on switchcustom ASIC based switch NetFlow IPFIX decode hash sendflow cache flush Flow Records packets send poll i/f counters sample multiple switches export sFlow packets send poll i/f counters sample ... external software flow cache merchant silicon based switch (Broadcom, Intel/Fulcrum, and Marvell) JSON/REST NetFlow IPFIX Reduce ASIC cost / complexity Fast response (data not sitting on switch) Centralized, network-wide visibility Increase flexibility software defined analytics Move flow cache from ASIC to external software Scale-out alternative to SNMP polling Traffic analytics with sFlow Centralized real-time analytics identifies large flows, paths, hot spots etc. plan corrective actions How can controls be efficiently deployed?
  • 7. Copyright 息 2014 InMon Corporation Simple, no change to normal forwarding behavior - BGP, OSPF, SPB, TRILL, LAG/MLAG etc. used to control L2 / L3 forwarding tables Efficient, merchant silicon hardware multipath forwarding efficiently handles most flows. OpenFlow used to control ACL table and selectively override forwarding of specific flows (block, mark, steer, rate-limit), maximizing effectiveness of limited general match capacity. Note: very few ACLs needed in fabric since policy has shifted to edge - mainly required to protect control plane Scaleable, flows handled by existing control plane, OpenFlow only used when controller wants to make an exception. Note: An OpenFlow controller could pro-actively configure L2/L3 tables to define NORMAL forwarding and still support hybrid control of ACL table Robust, if controller fails, network keeps forwarding Traffic control with hybrid OpenFlow Hybrid Programmable Forwarding Plane, David Ward, ONF Summit, 2011
  • 8. Copyright 息 2014 InMon Corporation sFlow-RT feedback controller Large flow steering DDoS Mitigation REST API Open Southbound APIs Data Plane Real-time analytics and control Hosts Open Northbound APIs User defined policy sFlow-RT controller real-time analytics hybrid OpenFlow controller Open JavaScript/ECMAScript API optimized for SDN traffic engineering applications Large flow marking Web portal OpenStack etc.
  • 9. Copyright 息 2014 InMon Corporation Brocade/InMon: DDoS mitigation http://www.opennetsummit.org/pdf/2014/sdn-idol/Brocade-SDN-Idol-Proposal.pdf Real-Time SDN Analytics for DDoS Mitigation winner of ONS SDN Idol 2014
  • 10. Copyright 息 2014 InMon Corporation ALU/InMon: Large flow marking http://enterprise.alcatel-lucent.com/docs/?id=23847
  • 11. Copyright 息 2014 InMon Corporation Extend control beyond network Analyze Plan Act Network, Storage, Compute sFlow-RT Feedback Controller Maximize data center efficiency through coordinated workload placement and resource allocation of network, storage, and compute based on measured loads and communication patterns e.g. reduce network congestion by instructing OpenStack to move virtual machine
  • 12. Copyright 息 2014 InMon Corporation InMon.com blog.sFlow.com sFlow.org Host-sFlow.SourceForge.net Velocity 2012 http://blog.sflow.com/2013/04/velocity-conference-talk.html Bay Area Network Virtualization Meetup http://blog.sflow.com/2013/06/bay-area-network-virtualization-talk.html Mininet testbed http://blog.sflow.com/2014/04/mininet-integrated-hybrid-openflow.html Explore further