Network Infrastructures: Exploring Logically Centralized Control, ISP, Enterprise, and Cloud Networks

1. Logically Centralized Control Class 2

2. Types of Networks ISP Networks Entity only owns the switches Throughput: 100GB-10TB Heterogeneous devices: laptop/desktop Medium latency: 20-80 milliseconds Enterprise Networks One entity owns many of the servers + switches Throughput: 10G-40GB Heterogeneous devices: laptop/desktop Medium latency: 5-10 milliseconds Clouds/Data Centers One entity owns servers + switches Extra low latency between 2 devices (20 microseconds) Homogenous devices

3. Network Review Edge Device Connects hosts Sees little traffic (GB) Sees a small number of flows Implications: Can do per flow processing. Can store per for state Core Connects other switches Lots of traffic (TB) VERY Expensive See a lot of flows Implications Cant do per flow processing! Cant store per flow state

4. Router Review Fast path/data path Specialized H/W Very Expensive Takes 3-5 years to change Performs processing on every packet Very very fast Slow Path/control plane Has general purpose CPU Runs routing algorithms Only works on a few packets Very very slow Very very slow Cant process all packets

5. 5 Inside a Single Network Data Plane Distributed routers Forwarding, filtering, queueing Based on FIB or labels Management Plane Figure out what is happening in network Decide how to change it Shell scripts Traffic Eng Databases Planning tools OSPF SNMP netflow modems Configs OSPF BGP Link metrics OSPF BGP OSPF BGP Control Plane Multiple routing processes on each router Each router with different configuration program Huge number of control knobs: metrics, ACLs, policy FIB FIB FIB Routing policies Packet filters

6. Time Scales

7. Split load between S5 and S6 Shut down S6 for maintenance on May 1 forwarding state Ideally Managing network in a simple way Directly and explicitly apply policies to network accurate network view S1 S2 S3 S4 S5 S6 Internet Internet

8. Probe routers to fetch configuration Monitor control traffic (e.g., LSAs, BGP update) probe routers and guess network view S1 S2 S3 S4 S5 S6 Internet Internet Indirect Control - Fact #1: Infer network view by reverse engineering ? ? ? ? ?

9. Change OSPF link weights on S2, S3, S4.. Modify routing policies on S2, S3, S4 configuration commands Many knobs to tune Trial and error probe routers and guess network view S1 S2 S3 S4 S5 S6 Internet Internet ? ? ? ? ? Indirect Control - Fact #2: Policies buried in box-centric configuration

10. Complex configuration is error-prone and is causing network outages interface Ethernet0 ip address 6.2.5.14 255.255.255.128 interface Serial1/0.5 point-to-point ip address 6.2.2.85 255.255.255.252 ip access-group 143 in frame-relay interface-dlci 28 router ospf 64 redistribute connected subnets redistribute bgp 64780 metric 1 subnets network 66.251.75.128 0.0.0.127 area 0 router bgp 64780 redistribute ospf 64 match route-map 8aTzlvBrbaW neighbor 66.253.160.68 remote-as 12762 neighbor 66.253.160.68 distribute-list 4 in access-list 143 deny 1.1.0.0/16 access-list 143 permit any route-map 8aTzlvBrbaW deny 10 match ip address 4 route-map 8aTzlvBrbaW permit 20 match ip address 7 ip route 10.2.2.1/16 10.2.1.7

11. Indirect Control - Fact #3: Indirect Control Creates Subtle Dependencies Example: Policy #1: use C as egress point for traffic from AS X Policy #2: enable ECMP for A-C flow AS Y 1 1 2 3 3 1 AS X 1 4 Desired Unexpected! C B A D

12. Indirect Control leads to 62% of network downtime in multi-vendor networks comes from human-error 80% of IT budgets is spent on maintenance and operations .

13. 13 An Architecture Question to Study How should the functionality that controls a network be divided up? Important: everyone hates net outages Practical: solutions can be implemented without changing IP or end-hosts Relevant: trends toward separating decision- making from forwarding Unsolved: problem is not solved by running BGP/OSPF on faster servers

14. 14 Our Proposal: Dissemination and Decision Planes What functions require a view of entire network and network objectives? Path selection and traffic engineering Reachability control and VPNs ! Decision plane What functions must be on every router to support creation of a network-wide view ? Topology discovery Report measurements, status, resources Install state (e.g., FIBs, ACLs) into data-plane ! Dissemination plane

15. Direct Control: A New World Express goals explicitly Security policies, QoS, egress point selection Do not bury goals in box-specific configuration Make policy dependencies explicit Design network to provide timely and accurate view Topology, traffic, resource limitations Give decision maker the inputs it needs Decision maker computes and pushes desired network state FIB entries, packet filters, queuing parameters Simplify router functionality Add new functions without modifying/creating protocols or upgrading routers

16. D How can we get there? Routing Table Access Control Table NAT Table Tunnel Table Decision Computation Service Generating table entries Data Plane Modeled as a set of tables Install table entries Discovery Dissemination Service D D D 4D

17. 17 Discuss Implementations Possibilities Decision Plane Centralized, or Distributed Dissemination Plane In-band, or Out-of-band Data Plane Flow table entries Piece of code run at every router Piece of code in each packet