Othman Othman M.M. , Koji Okamura Kyushu University Proceedings of the 33nd Asia-Pacific Advanced Network Meeting Thailand, Chiang Mai, 2012/2/15 1 Outline: Goal. 2. Motivation. 3. An attempt to solve the problem 1. Network Equipment to Equipment flow installation. 4. Steps for Flow delegation. 1. Flow Aggregation Algorithm. 2. Finding Equipment . 3. Programming flows & Security aspect. 4. Tunneling. 5. Evaluation. 6. Conclusion. 2 1- Goal: Improve OpenFlow. Support self-reactive behavior. Step towards having wider adoption of OpenFlow. Reduce load on controller. 3 2- Motivation: Tight coupling between OpenFlow switch and controller. Every thing is up to the controller. Controller might be bottleneck. number of flows that can be installed by the NOX controller as shown in [1] are 30K flow/sec, and the flow arrival rate in [2] that is 100K flow per second. Figures might have changed but debate still going. [1].Tavakoli, A., Casado, M., Koponen, T., & Shenker, S. (n.d.). Applying NOX to the Datacenter. Proc. HotNets (October 2009). [2]. Kandula, S., Sengupta, S., Greenberg, A., Patel, P., & Chaiken, R. (2009). The nature of data center traffic: measurements & analysis. Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference (p. 202–208). ACM. 4 2- Motivation: Figure 3: Enhanced OpenFlow Control Mode Target: Controller to Equipment, AND Equipment to Equipment: to give OpenFlow the ability to exchange information between equipment in addition to controller. Fig2. Regular Network Information exchange. Current Internet: Equipment to Equipment only: equipment exchange information with each other. Figure 1: OpenFlow Control Mode Current OpenFlow’s control model: Controller to Equipment only: Equipment exchange information only with the controller. 5 2- Motivation: Why Equipment to Equipment can help: Network edges are suitable for installing flows, since all of the incoming and outgoing packets must pass through them. Network edges can be used in different applications like, implementing security, traffic policies, traffic tagging, ….. However, equipment flow table is limited. Also Controller can be a bottleneck. Equipment to Equipment Flow installation: Provide a new method for the overloaded equipment to act on their own, without involving the controller. 6 3-An attempt to solve the problem: 1. Network equipment to Network equipment Flow Programming: To create traffic-aware self-reactive network. Can be used to delegate some flows to less loaded network equipment. To easily program whole network without loading controller. 7 3- Network Equipment to Equipment flow installation : To reduce load off the controller. Flows to manipulate headers in packets Packet P P Packet Packet Packet PE Give the equipment ability to act by their own to reduce load off loaded equipment. Alternative way to install flows to whole network (e-e propagation). P P P PE Flows to manipulate headers in packets P Packet P Packet Packet PE Packet P P Fig1. Equipment overloaded, due to many flows to carry out. Fig2. Overloaded equipment delegates some flows to other equipment. Fig3. Reduced load off the overloaded equipment. Packet 8 4- Steps for Flow delegation : 1 No 2 3 4 Start Need to delegate? Yes Find aggregate able flows. And aggregate them. Find equipment to program. 5 Program flows from 3 to equipment form 4 6 Tunnel aggregated flows from 3 to target equipment form 4. 7 Finish 9 4- Steps for Flow delegation : 1- Flow Aggregation Algorithm : How to delegate flows? Aggregate flows that have common features, and responsible for some portion of traffic. i.e. to aggregate many flows to one. Delegate the aggregated flows to other equipment. Use Flow Aggregation Algorithm. Overloaded equipment flows = original flows – delegated flows. Flow Table Range of portions of total traffic e.g. (20%-30%) aggregated flow (one or more) 10 4-Steps for Flow delegation: 1- Flow Aggregation Algorithm : TA-FAA : TA-FAA Evaluation: Start Build Histograms for all Fields None Strict Aggregation percentage? Wide Aggregate SrcIP None Strict Success Rate Success Rate of the TA-FAA 120% 100% 80% 60% 40% 20% 0% Wide Aggregate DstIP None Strict Wide Find common values from two wide aggregations. None, Wide Fail Strict Finish Range of traffic portion to be aggregated Java Program to evaluate the efficiency of Flow Aggregation Algorithm. 11 FAA success rate of aggregation = 79.7 % 4: Steps for Flow delegation 2- Finding Equipment : Request is a kind of controlled 3 way programming flooding: method: Request, Accept, Confirm Request is a kind of controlled flooding. The delegating device Limited propagation; request will have a count to valid hop counts.(TTL) Limited number of acceptance, (LFI); Level of Flow Installation. Negative Acknowledgement. Expiry time. The device receiving delegation Other device receiving delegation Installation Request? Flows to be delegated. LFI= 2 , TTL=5 Accept Self Identification. Confirm Installation Request? Flows to be delegated. LFI= 1 , TTL=4 Accept Self Identification. Confirm 12 4: Steps for Flow delegation 3- Programming flows & Security aspect : Flow 1 1 1 2 3 2 2 Figure 1: Initial Flow Installation. Figure 2: Flow Delegation (e-e Flow Installation) Signed by Controller Signed by Equipment 1 Signed by Equipment 2 13 4: Steps for Flow delegation 3- Programming flows & Security aspect : Why to do that: case of flow includes sending packet to controller Flow 1 1 2 2 Expect packet from eq.1 Figure 1: Controller installs flow. Flow Expect packet from eq.1 Figure 2: This flow was delegated. 1 Signed by Controller Signed by Equipment 1 Signed by Equipment 2 2 Flow Flow’s Hash 1’s ID 2’s ID Expect packet from eq.1 eq.2 used the signed fields it got form eq.1 So controller will accept Figure 3: Accepting packets form eq.2 instead of eq.1. 14 4: Steps for Flow delegation 4- Tunneling : In such cases: Flow Flow Flow 2 3 1 4 Fig1. flows are stitched to form a path defined by controller. Flow Flow 2 3 1 Flow 4 eq.4 have to tunnel packets to eq.2. This is done using IP tagging . (similar to VLAN tag) Also eq.1 uses the aggregated flow (1 flow) to tunnel traffic to eq.4. Fig2. Path might break because eq.2 expects packets from eq.1 or the interface of eq.2 that connects it to eq.1. 15 5- Evaluation: Run simulation on NS3 using : Regular OpenFlow. Modified OpenFlow. Collaboration for experimenting on NICT’s JGN-X. Compare edge equipment load, all equipment load. Evaluate efficiency to reduce load. Evaluate traffic generated by the new enhancement. 16 6- Conclusion: Aim to improve OpenFlow by reducing load off the controller, make it self-aware and self-reactive,. Achieving goals by proposing a new enhancements to OpenFlow: Network equipment to equipment flow installation. Proposing Flow Aggregation Algorithm, to enable the enhancements. Simulation shows the success rate of FAA is 79.7 % 17 Q & A: Thanks for listening. 18