Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
Hierarchical Rate Limiting in an ODL Orchestrated Virtualized DC
Vishal Thapar, Ericsson Deepthi V V, Ericsson Faseela K, Ericsson
How to Enforce Rate Limiting at admin specified levels of aggregation in an SDN Controller orchestrated Data Center?
Agenda • Challenges • OpenFlow Meters
• OF Meter basics • Meters based Solution • Advantages • Proposal – Hierarchical Rate Limiter
• Orchestration Layer • Rate Calculator • Rate Enforcer
• Next Steps • Demo? • Q&A
Challenges
• Distributed VMs • Lack of centralized logic to manage
bandwidth • Dynamic adjustment of rate limits based on
traffic conditions • Monitoring malicious VMs within the same
DC • Avoid traffic all the way to gateway only to
be dropped
OpenFlow Meters
OpenFlow Meters
• OpenFlow 1.3 • Defines Per Flow Meters • Specified in instruction set • Multiple meters for the same packet • Controls rate of aggregate of all flows
attached to a meter
OpenFlow Meters (cntd)
• Meter Identifier : unique identifier • Meter Bands : rate of the band and way to
process the packet • Counters : updated when packet processed
by the meter
Meter Identifier Meter Bands Counters
OpenFlow Meters - Bands
• Band Type: Defines how pkts are processed • Drop – We use this for Rate Limiter • DSCP Remark
• Rate: Lowest rate at which band can apply • Burst: Granularity of meter • Counters • Type specific arguments: Optional
arguments for some band types
Band Type
Rate Burst Counters Type-specific args
Meters based Solution
• Chaining of metered Flows • Orchestration layer communicates to SDNc
the various bandwidth restrictions of VMs • SDNc programs the required METER table
entries and flow entries to enforce the rate limiting
• When new VMs are spawned under the same levels of aggregation, rate limit calculator within SDNc redistributes the rates
Meter Table - Example Meter Identifier Meter Bands Counters
Tenant A 2Gbps 0
Tenant A : Network 1 1.5Gbps 0
Tenant A : Network 2 0.5Gbps 0
Tenant A : Network 1 : vpn1 0.2Gbps 0
Tenant A : Network 1 : vpn2 0.2Gbps 0
Tenant A : Network 1 : vpn1 : port 1 500Kbps 0
Control Flow
Rate Limiter NSF
OpenStack
vSwitch1
GBP
vSwitch2 vSwitch3
VM1 VM2 VM3 VM4 VM5 VM6
In_port = 1, apply meter : TenantA:Network1:vpn1:port1, goto network flow table
Meter1: Tenant A rate : 1Gbps Meter2: Tenant B rate : 2Gbps Meter3: TenantA:Network1:vpn1 -> rate 1Mbps Meter4: TenantA:Network1:vpn1:port1 -> rate 500kbps
Network = 1, vpn = 1, apply meter TenantA:Network1:vpn1, goto tenant flow table
Tenant = A, apply meter Tenant A
Tenant Flow Table
Port Flow Table
Meter Table
Vpn Flow Table
Advantages
• Rate Limiting applied at compute node • Avoids multiple calculations for different
levels of aggregation
Sample Heirarchical Rate Limiter
Key Components
• Orchestration Layer • Rate Limit Calculator • Rate Limit Enforcer
Orchestration Layer
• Communicates the bandwidth requirements at various levels of aggregation
• Northbound can be OpenStack, GBP or any other cloud orchestration layer already existing within ODL.
• Cloud orchestration layer is instructed to setup the datapath for the VM
• Checks the various rate limiting groups the VM belongs to
Rate Calculator • Another module of Rate Limiter NSF • Gets Rate Limits (policies) to be applied from
Orchestration Layer • Calculates the distributed rates to be applied at
each virtual switch • Uses aggregated bandwidth available and the
number of virtual instances belonging to this entity.
• Monitors the statistics of each of the VM meters.
• If there are overprovisioned VMs on a node under the same aggregation level, re-caculates their rate limits
Rate Enforcer
• Gets rates calculated from Rate Limit Calculator
• Creates different entries in the Meter Table for each of these rate limiting aggregations based on calculations.
• Modifies flows/meters as per instructions from Rate Calculator
Sample Architecture
Orchestration Layer
Rate Calculator
OpenStack
Rate Enforcer
Node1
GBP
Node1 Node3
Next Steps
Where do we go from here? • Distributed Rate Limit Calculator and Rate
Limit Enforcer as ODL NSFs • Working PoC of Hierarchical Rate Limiter • More OF switches with OF13 Meters
support
• Hierarchical Rate Limiter as ODL Project
Q&A