"Deeply Programmable Network"
Emerging Technologies for Network Virtualization
and Software Defined Network (SDN)
Aki Nakao
The University of Tokyo
Keynote Speech
ITU-T Kaleidoscope Conference in Kyoto
2013/4/23
The University of Tokyo became an academic member
of ITU-T in 2012
2
Interdisciplinary Initiative in
Information Studies (III)
• The latest graduate school of UTokyo established in 2000
• Multi-disciplinary graduate school including 50+ professors
http://www.iii.u-tokyo.ac.jp/en/about.php#gakufu
3
5 Courses in the III Graduate School
•
•
•
•
•
Socio-information and Communication Studies
Cultural and Human Information Studies
I am in here
conducting
Applied Computer Science
research on
International Master s Doctoral Degree computer
Program: Information, Technology, and networks
Emerging Design and Informatics
Society in Asia (ITASIA)
4
Future Network Research
Proliferating...
•
•
•
•
•
Future Internet Architecture (FIA) in U.S.
Global Initiative in Network Innovations (GENI) in U.S.
Framework Programme 7 (FP7) in EU
Horizon 2020 (2014-) in EU
New Generation Network (NwGN) in Japan
One of the most active research areas for building
sustainable communities through new ICT Infrastructures
5
Roadmap of Future Network Standardization
‘06 ‘07 ‘08 ‘09 ‘10 ‘11 ‘12 ‘13
NWGN
A
R&D Start
B
C
D
A: 1St ITU-T Kaleidoscope Conference
B: ITU-T FG-FN Start (SG 13 WG5 Q.21)
C: Y.3001 (First ITU-T Recommendation for
Future Networks )
D: Y.3011 (Framework of Network
Virtualization for Future Networks)
Slides from Prof. Tomonori Aoyama
6
First ITU-­‐T Kaleidoscope Academic Conference
A New Genera;on Network -­‐ Beyond NGN -­‐
May 12, 2008
Tomonori Aoyama
Keio University
NICT
Slides from Prof. Tomonori Aoyama 7
Slides from Prof. Tomonori Aoyama
8
Why Future Network is needed?
Is the Internet of today full of problems?
9
Traffic Increase in Data Center Access
http://www.internetevolution.com/author.asp?section id=715&doc id=175123.
10
World-Wide Mobile Traffic Volume
Rapid Increase in
Mobile Data Traffic
Ericsson Japan 「Traffic and Market Report」(2012/6)
11
SPAM: The Most Annoying Problem of Today
•
95% of all email traffic
•
As of August 2007, one
in every 87 emails was a
phishing attack
•
Targeted attacks on rise
20k-30k unique phishing
Source: APWG
(Nick Feamster s Talk @UTokyo)
12
Top-10 Spamming BotNets
BotNet
Size
# of Spams
Grum
600K
40B
Bobax
100K
27B
Pushdo
1.5M
19B
Rustock
2M
17B
Bagle
500K
14B
Mega-D
50K
11B
Maazben
300K
2.5B
Xarvester
60K
2.5B
Donbot
100K
800M
http://www.techrepublic.com/
13
•
•
Mobile Botnet
Android phones are exploited as of 2012 (10k-30k devices)
RootSmart backdoor (remotely controlling Android phones)
Number of malware modifications for Android OS
http://www.securelist.com/
14
How can we resolve newly observed,
constantly arising problems in the
current Internet?
In order to establish sustainable
communities...
15
Paradigm Shift in Programming Model
The Internet
Cloud
Data Center 1
Cloud
Data Center 2
Open Programmability at Edges
Future Network
Cloud
Data Center 1
Cloud
Data Center 2
Open Programmability within Network
Multiple Isolated Programming Environments (Slices)
16
Multiple Flexibly & Deeply Programmable Networks
Slice 1
Cache
Oriented
NW
Slice 2
Sensor
Processing
ＮＷ
Slice N
Cloud
Access
ＮＷ
ID/Loc
NW
Content
Oriented
NW
TV
Broadcast
NW
Legacy
NW
Future
NW
“Slices” accommodate diverse networks
Slice = a set of resources reserved across mul7ple network domains cloud1
Smartphones
cloud2
Network Virtualization Platform
17
Multiple Flexibly & Deeply Programmable Networks
Slice 1
Cache
Oriented
NW
Slice 2
Sensor
Processing
ＮＷ
Slice N
Cloud
Access
ＮＷ
ID/Loc
NW
Content
Oriented
NW
TV
Broadcast
NW
Legacy
NW
Future
NW
“Slices” accommodate diverse networks
Slice = a set of resources reserved across mul7ple network domains cloud1
Smartphones
cloud2
Network Virtualization Platform
Objective: Enabling future network architecture that can be quickly
and flexibly programmed to adapt to diverse demands
17
Three Emerging Areas of Study
in Future Network Research
• Network Virtualization (NV)
• Software Defined Network (SDN)
• Network Functions Virtualization (NFV)
• And more?
Deep Programmability in Network is a key...
18
Deep Programmability
Problem:
Inflexible Infrastructure cannot deal with constantly arising problems
Solution:
Flexible / Adaptive Communication Infrastructure
Deep Programmability enables new network functionalities
that can resolve the problems
Supporting multiple isolated new functionalities flexibly and dynamically
Data Plane
Control Plane
19
Network Virtualization
Programmability(NFV) Programmability (SDN)
Network Virtualization
In computing, network virtualization is the process of combining hardware and
software network resources and network functionality into a single, software-based
administrative entity, a virtual network. Network virtualization involves platform
virtualization, often combined with resource virtualization.
http://en.wikipedia.org/wiki/Network_virtualization
The advanced network virtualization applies the virtualization technology to
the networks in a sense that the networks offer extra capabilities provided by
software resources in the nodes. These capabilities are beyond the basic
network capabilities, i.e., link and their selection. The extra involvement
enables the nodes, and the network, to provide computation and data storage
capabilities to the users. The ICT infrastructure in the new-generation
networks, which install the advanced network virtualization, govern a
collection of the resources ranging from links, networks, and node-software as
a slice and create a virtualized network over the slice with dynamically
controllable and programmable links and nodes.
http://nvlab.nakao-lab.org/nv-study-group-white-paper.v1.0.pdf
20
SDN
?
21
SDN
•
?
Software Driven Network (IETF BoF)
21
SDN
•
•
?
Software Driven Network (IETF BoF)
Software Defined Network
21
SDN
•
•
•
?
Software Driven Network (IETF BoF)
Software Defined Network
Some Definition Needed :-)
21
SDN
•
•
•
?
Software Driven Network (IETF BoF)
Software Defined Network
Some Definition Needed :-)
Software-defined networking (SDN) is an approach to building computer
networks that separates and abstracts elements of these systems
SDN decouples the system that makes decisions about where traffic is sent
(the control plane) from the underlying system that forwards traffic to the
selected destination (the data plane)...
...this technology simplifies networking and enables new applications, such as
network virtualization...
http://en.wikipedia.org/wiki/Software-defined_networking
21
Standardization Activities
•
•
ITU-T on Future Networks / Network Virtualization
•
•
•
IETF BoF on Software Driven Networks (SDN)
ETSI on Network Functions Virtualization (NFV)
IRTF BoF on Network Virtualization
ONF (Open Networking Foundation) on
Software Defined Networks (SDN) /OpenFlow
•
OpenDaylight on Software Defined Networks (SDN)
22
Y.3001: Future networks: Objec7ves and design goals
• Defini7on of FN: – A network able to provide services, capabili7es, and facili7es difficult to provide using exis7ng network technologies.
• 4 Objec7ves of FNs:
– Service awareness : to provide services whose func7ons are designed to be appropriate to the needs of applica7ons and users – Data awareness : to have architecture op7mized to handling enormous amounts of data in a distributed environment, and are recommended to enable users to access desired data safely, easily, quickly, and accurately, regardless of their loca7on
– Environmental awareness : to be environmentally friendly
– Social and economic awareness : to consider social and economic issues to reduce barriers to entry for the various actors involved in the network ecosystem
Service Service Diversity
awareness
These objectives are not considered as primary or not
realized to a satisfactory extent in current networks.
These objectives are the candidate characteristics that
clearly differentiate FNs
Target Date: roughly 2015-2020
Functional Flexibility
Virtualization of Resources
Data awareness
Data Access
Network Management
Identification
Mobility
Reliability and Security
Energy Consumption
Optimization
Environmental awareness
Service Universalization
Economic Incentives
Social and economic awareness
(Slides from Nozomu Nishinaga and Takashi Egawa). 23
Y.3011: Framework of network virtualiza7on for future networks
§ Definition of “network virtualization":
Ø A technology that enables the creation of logically isolated network partitions over
shared physical networks so that heterogeneous collection of multiple virtual networks
can simultaneously coexist over the shared networks. This includes the aggregation of
multiple resources in a provider and appearing as a single resource.
§ Motivation
Various Services
Coexistence of multiple networks
Simplified access to resources
Flexibility in provisioning
Evolvability
Design goals
LINP2
Virtual
Resources
Physical NW 4 Manager
Physical NW 4
Physical NW 1 Manager
Physical NW 2
Physical NW 3
Physical NW 3 Manager
Physical NW 1
Physical NW 2 Manager
§ Isolation, network abstraction,
topology awareness and quick
reconfigurability, performance,
programmability, management,
mobility, wireless
Virtual
Networks LINP1
Virtual Resources
Manager
Ø
Ø
Ø
Ø
Ø
LINP3
LINP2 Manager
§ Problem spaces & design goals
LINP1 Manager
§ Diverse services
§ Heterogeneous network
architectures
LINP3 Manager
Ø Key technology for Service
Awareness of FNs
(Slides from Nozomu Nishinaga and Takashi Egawa). 24
Network Functions Virtualisation
• Replaces proprietary hardware with software equivalents running on
high volume industry standard servers, and using IT virtualisation
techniques
• Enables a wide variety of eco-systems and encourages openness.
• Provides opportunities for pure software players.
• Facilitates innovation towards new network functions and services
that are only practicable in a purely software network environment.
• Applicable to any data plane packet processing and control plane
functions, in fixed or mobile networks
• Enables new ways to implement resilience, service assurance, test
and diagnostics and security surveillance
• But Network Functions Virtualisation will only scale if management
and configuration of functions can be automated
• NFV aims to l ultimately transform the way network operators
architect and operate their networks, but change can be incremental
ETSI NFV
"Network Functions Virtualisation", NFV ETSI Industry Specification Group, OFC - NFOEC, Mar.17-21, 2013
25
Network Functions Virtualisation: Vision
Classical Network Appliance
Approach
Network Func7ons Virtualisa7on Approach
Message
CDN
Router
DPI
Firewall
Session Border
WAN
Controller
Accelera7on
Carrier
Grade NAT
Tester/QoE
Competitive &
Innovative
Open Ecosystem
Independent
Soaware Vendors
Orchestrated,
automatic & remote install.
monitor
High volume standard servers
SGSN/GGSN
PE Router
BRAS
Radio/Fixed Access
Network Nodes
•
Fragmented non-commodity hardware.
•
Physical install per appliance per site.
•
Hardware development large barrier to entry for new
vendors, constraining innovation & competition.
ETSI NFV
High volume standard storage
High volume Ethernet switches
"Network Functions Virtualisation", NFV ETSI Industry Specification Group, OFC - NFOEC, Mar.17-21, 2013
26
ONF
Open Networking Foundation
•
•
Industry organization
dedicated to the
development,
standardization, and
promotion of Open Software
Defined Networking.
Founded in 2011
•
•
Drive SDN
Standards
Influence the
future of
networking
Collaborate
with the
innovators
23 Founding members
90 + membersWho’s w ho in networking and telecommunications
Gain visibility
in the
community
Introduction to Open Networking Foundation
2 Education Committee (MEC) Ciena Corporation mcohn@ciena.com
Marc Cohn, Chairman Market
April 2, 2013
27
ONF
ONF Members
(March, 2013)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
6Wind
A10 Networks
ADVA Optical
Alcatel-Lucent
Aricent
Argela/Turk Telekom
Big Switch Networks
Broadcom
Brocade
Centec Networks
Ceragon
China Mobile
Ciena
Cisco
Citrix
CohesiveFT
Colt
CompTIA
Cyan Optics
Dell/Force10
Deutsche Telekom
Ericsson
ETRI
Extreme Networks
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
F5 Networks/
LineRate Systems
Facebook
France Telecom
Orange
Freescale Semi
Fujitsu
Gigamon
Google
Goldman Sachs
Hitachi
HP
Huawei
IBM
Infinera
Infoblox
Intel
Intune Networks
IP Infusion
Ixia
Juniper Networks
KDDI
Korea Telecom
Lancope
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Level3 Comms
LSI
Luxoft
Marvell
Mellanox
Metaswitch Networks
Microsoft
Midokura
NCL Comms K.K.
NEC
Netgear
Netronome
Netscout Systems
Nokia Siemens Netw.
NoviFlow
Oracle
Overture Networks
NTT Communications
Pica8
Plexxi
Qosmos
Radware
Riverbed Technology
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Samsung
SK Telecom
Spirent
Sunbay AG
Swisscom
Tail-f Systems
Tekelec
Telecom Italia
Telefonica
Tencent
Texas Instruments
Thales
Tiera
Transmode
TW Telecom
Vello Systems
Verisign
Verizon
VMware/Nicira
Xpliant
Yahoo!
ZTE
4
Introduction to Open Networking
Foundation
Marc Cohn, Chairman Market Education Committee (MEC) Ciena Corporation mcohn@ciena.com
April 2, 2013
28
OpenDayLight
http://www.opendaylight.org
29
Deep Programmability within Network
•
Control-Plane Programmability
•
•
•
•
Route Control
Access Control
Network Management
Data-Plane Programmability
•
Packet Data Processing
•
•
•
•
Cache
Transcode
DPI
Handling New Protocols
•
•
•
•
Target Scope
of OpenFlow/
SDN
IPvN (N>6)
New Layer2
Irrelevant with
OpenFlow
(+processors)
Content Centric Network (CCN)
Meta-Control-Plane Programmability
•
OpenFlow/SDN
with external
processors
and NFV
Defining new proprietary APIs
Out of scope
of OpenFlow
(Included in
OpenDayLight?)
Scope of
Deeply
Programmable
Network
(DPN)
Deeper
Programmability
30
Deeply Programmable Network（DPN)
DPN
Programmability
for Data Plane
NFV
Edge Data
Processing
SDN
Programmability
for Control Plane
via a given API
Programmability
for defining an API
for C/D planes
31
Missing Pieces
for Deep Programmability
•
•
•
Network Virtualization
Software Defined Network (SDN)
Network Functions Virtualization (NFV)
Further study/research and standardization needed...
•
•
•
•
Programmability for in-network processing
Programmability for new non-IP protocols
Programmability for C/D Plane APIs in SDN
Accommodation of multiple isolated deeply
missing
pieces
programmable environments
32
Deeply Programmable Network
Research in Japan
33
VNode
34
VNode Project in Japan
•
VNode Infrastructure Enabling Deeply Programmable Network
(Project Leader: Aki Nakao）
•
•
2008-2010 Collaborative Research (NICT/Utokyo/NTT/NEC/Hitachi/Fujitsu)
2011-2014 Collaborative Research (Utokyo/NTT/NEC/Hitachi/Fujitsu/KDDI)
The University of Tokyo Confidential
35
R&D on Network Virtualiza;on Technology to Support New-­‐Genera;on Network
Develop a technology comprising the service-­‐oriented virtualiza7on pladorm that provides integrated management for various resources including online network, calcula7on and storage and that also can flexibly customize communica7on method, speed, quality and func7ons to establish the new-­‐genera7on network pladorm.
Subject C: R&D on network services and applica;ons in NWGN
New-­‐Genera;on
Sensor Network
Applica;on
Develop typical network applica7ons that were not easy to build in the past internet environment but would appear in the NWGN era by u7lizing resources in the network.
New-­‐Genera;on
Contents Distribu;on
Applica;on
Virtualiza;on Network for Service A
Service Programming
Cloud
Electric Packet Network
Virtualiza;on Gateway
Data
Replica7on
Ultra-­‐low Consump;on
Power-­‐oriented Network
Applica;on
Network Applica;on
Subject B: R&D on service composable network plaSorm
Service Component Management & Implementa;on
Network Service Virtualiza;on Integrated Management
New-­‐Genera;on
Trustable Network
Applica;on
New-­‐Genera;on
Value-­‐added
Applica;on
Authen7ca
7on
Broadca
st
Develop a service plaSorm that can develop and implement various applica;ons サービスB向け
サービスC向け
with use of m
ixing service parts the network virtualiza;on plaSorm provides.
仮想ネットワーク
仮想ネットワーク
Monitori
ng
Cash
Compression
Encryp7on
Loca7on Info
QoS
Sta7s7cs
Network PlaSorm
Network Service Management
Virtualized Node
Virtualiza;on Virtualized Node
Gateway
Calculator Lightpath
Storage
Resource
Network
Resource
Subject A: R&D on integrated-­‐management network virtualiza;on plaSorm
Virtualized Node
Network Service Management
Network Virtualized Node
Virtualiza;on Electric Packet PlaSorm
Network
Virtualiza;on Gateway
Server
Terminal
Virtualiza;on Gateway
Lightpath
Network
Calculator Resource
Storage
Resource
Develop a new-­‐genera7on network virtualiza7on pladorm that can simultaneously provide mul7ple networks being customized by service and that substan7ally enhances its safety, reliability, flexibility etc. to realize high func7onality, large capacity and ultra-­‐low consump7on.
(Slide from NICT)
36
VNode Infrastructure (extended to US!)
•7 VNodes, 4 Network Connectors, 11 Access Gateways
•Deep Programmability for Experimenting with Arbitrary Protocols (Non•Slice-Around-The-World Project (A VNode in U of Utah)
AGW
Utah
Sapporo
Kanazawa
Sendai
Okayama
AGW
1G
VN
Tokyo Area
NC
International Circuit
KR
Hiroshima
VN
AGW
AGW
10G
10Gx2
Fukuoka
10G
10Gx2
10G
NICT Koganei
40G
AGW
AGW
Tokyo
NICT Otemachi
NICT Hakusan
40G
NC
AGW
UTokyo
International Circuit
AGW
Nagoya
USA
TH
SG
Wireless Testbed
Example
NC
AGW
NTT Yokosuka
VN
AGW
VN
40G
VN
10G
VN
10G
AGW
40Gx2
Osaka
VN
10G
AGW
NC
VN
VNode
HK
AGW
AccessGateway
10G
1G
NC
Network Connector
37
Data Plane Federation (VNode / GENI)
ProtoGENI
VNode
Okayama
Hokuriku
Fukuoka
Osaka
Tokyo1
LA Salt Lake City
Packet Cache Slice
Nagoya Tokyo2 NC10 LandSat
Houston
Slice
NC7
JGN-X
VNode
JGN-X
VNode Front-End (Network Connector)
IDC
IDC
JGN-X
DCN
TransPAC3
DCN
I2
ProtoGENI
IDC
Internet2
ION
Emulab
UEN
Internet2
TransPAC3 JP-US circuit
Aki Nakao, Plenary Talk @GENI Engineering Conference GEC15, 2012
VNode and GENI Packet Cache Demo
File Server
KyusyuV
VNode
Hokuriku
Hakusan
NC10
PRESTA
PRESTA
Osaka
Data Traffic
Hash Traffic
Nagoya
Otemachi
Ingress Cache
data sync.
Egress Cache
pc412
File Download
pc350
1.5Mb/s
vlan3130
pc551
pc415
300kb/s
pc256
pc331
protoGENI
University of Utah
FLARE
40
FLARE
SDN
Control Plane Programmability
DPN
SDN + Data Plane Programmability
Deeply
Programmable
Node
Network Virtualiza;on
New Protocol Capability
41
FLARE Node Implementation
•
•
•
•
•
•
Multiple, isolated, deeply programmable environments
Hybrid of many-core processors + x86 processors
1U / 1U Mini Form Factor
4 x 10G, 2x10G + 8x1G (20G non-block switching)
Control Plane & Data Plane Linux Programmability
Achieve both programmability and performance
42
Ethernet Switch
ToGxIO
(xgbe2)
FromGxIO
(xgbe1)
Ether
Switch
ToGxIO
(xgbe1)
FromGxIO
(xgbe2)
(Gbps)
10.0
9.9
9.9 9.9
9.9 9.9
9.9 9.9
2 cores
3 cores
4 cores
5 cores
7.8
7.5
5.0
9.9
4.2
2.5
0
1 core
Switching Performance
pkt_size=512B
pkt_size=1514B
43
OpenFlow Switch
Control Plane
NOX
Controller
ofprotocol
dpctl
tunnel
Data Plane
FromIO
(xgbe1)
ToIO
(xgbe2)
OFSwitch
FromIO
(xgbe2)
ToIO
(xgbe1)
(Gbps)
9.9
10.0
9.9
9.9
7.9
6.7
7.5
2.5
5.1
4.2
5.0
2.7
3.8
1.5
0
1 core
2 cores
3 cores
Switching Performance
4 cores
5 cores
pkt_size=512B
pkt_size=1514B
44
L2 Programmability
Extended (96bit) MAC switching
ToGxIO
(xgbe2)
FromGxIO
(xgbe1)
ExMAC
Switch
ToGxIO
(xgbe1)
FromGxIO
(xgbe2)
(Gbps)
7.5
5.0
9.9
9.7
10.0
9.9
9.9 9.9
9.9 9.9
3 cores
4 cores
5 cores
pkt_size=512B
pkt_size=1514B
8.7
6.1
3.2
2.5
0
1 core
2 cores
Switch Performance
Window-based Arbitrary Bit Matching
Arbitrary bit matching as in openflow pattern matcher
is costly due to expensive memory operation per packet
window
Set a window to minimize per-packet memory operations
Improve performance while keeping flexibility
Leon Lee, Ping Du and Akihiro Nakao, "Ouroboros: SDN Beyond Flow-Tuple Matching," IEICE NS Technical Report, Mar. 2013
46
RTP-SSRC Matching
Purpose:
Specific Real-time audio/video traffic control, based on stream , not flow
(e.g. based on RTP SSRC field to enable routing according to the
streaming-video IDs )
Benefit:
Application/Content specific routing
Solution:
Use window to extract information included in RTP headers
RTP
SSRC
Payload type
……..
47
Trailer Matching
Purpose:
Device/application/content specific traffic engineering
Benefits:
More specific recognition for packets bound to overly used TCP port (e.g., 80)
Traffic engineering for data transmitted from specific devices
Proposal:
After attach/detach trailers, establish control in intermediate FLARE switches
CCAV
….
80
HTTP
8080
48
Trailer Matching
Trailer is an extra section attached at the end of each packet
Headers Packet content Trailer
End/Edge nodes are responsible for attaching and detaching Trailers
Host1
Host2
Packet
Packet
FLARE
.
Packet
.
Packet
.
Packet
.
Leon Lee, Ping Du and Akihiro Nakao, "Ouroboros: SDN Beyond Flow-Tuple Matching," IEICE NS Technical Report, Mar. 2013
49
FLARE at ITPro EXPO 2012
Beyond OpenFlow/SDN
50
MPLS 2012
(with Cisco & Juniper)
11
LivingLab
Living with Deeply Programmable FLARE
Living#Lab#Control#Plane#
402
Blue#RJ45#ports#(CAT6)#
#
7
8
Living&Lab&Data&Plane&
F
S
9
102
005##
L2#SW#
F
1
1
005#
402
Fiber&Port&
&
2
1
102
J
S
G
F
005&
Patch&
Panel&
F
F
2
F
FC
105
F
1
107
106
2
F
3
4
5
F
105
6
Blue#RJ45#ports#(CAT6)#
#
1
2
1
F
F
F
S
107
106
2
1
2
1
2
Fiber&Port&
&
52
Conclusion
•
Deep Programmability refers to the extensive programmability
including Control-plane, Data-plane (including non-IP handling),
(re)defining APIs in SDN, etc.
•
Network virtualization is key to accommodating multiple slices with
security-, performance-, namespace-isolated programmability
•
Standardization for Deeply Programmable Network (DPN) should
collectively concepts of Network Virtualization, SDN, NFV,
OpenDayLight/OpenFlow, etc is crucial for future network
•
Sustainable communities can be realized through developing
flexible and adaptive Deeply Programmable future network
infrastructure against constantly arising problems
53