Network Services Interface (NSI): Enabling multi-domain SDNnv/nvs2013/nvs3-is5-monga.pdf · multi-tenant separation, Service Level Experience (SLE) • NSI and SDN concepts are architecturally

Network Services Interface (NSI): Enabling multi-domain SDN Inder Monga

Chief Technologist and Area Lead

NSI co-chair, OGF

The 3rd International Symposium on Network Virtualization

September 6th, 2013

Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

Service Plane Concepts

Network Service Interface (NSI)

Multi-Domain SDN

1

2

3

9/6/13 Inder Monga, Tokyo 2013 2


Introducing the Service Plane Concept

Data Plane!

bits in/out!

provision, monitor !& troubleshoot!!

Control Plane!

Routing, topology &!signaling!

Management Plane!

programmatic!Interface, abstract topology!end-to-end view!

Service Plane!

1


AAA

Policy

SLA/ SLE


•  …is an architectural framework

•  offers programmatic access

•  multiplexing a menu of network services

•  using a simple, abstract, model

•  over a multi-domain network

NSI…



Network Virtualization

Service Plane meets SDN: a provider view

Global Network View

Network OS

Abstract Network View


Simple Packet Forwarding Hardware





Management Plane!

Network Applica7ons

Network Applica7ons

Network Applica7ons

Service Plane!

User/Client Applica7ons





Network Service Interface

Control Plane!

Data Plane!



Network Resource Manager (NRM) NRM

NSI 101

Requesting Agent (RA)

Provider Agent (PA)

Network Services Interface

Network Services Agent (NSA) NSA

NSA

NSI Network Service Domain

2



NSI Protocol Structure

Message Transport Layer

Message Transport Layer

NSI 2.0 à WS/SOAP

Transport layer can be changed

Provider Agent (PA) Requesting Agent (RA)

Message Handler Message Handler Multiple sessions and services multiplexed between 2 NSAs

NSI-Connection Service

State Machines ReserveHeld

ReserveChecking

ReserveFailed

<rsv.fl<rsv.fl

<rsv.cf<rsv.cf

<rsvcommit.cf<rsvcommit.cf

>rsv.rq>rsv.rq

>rsvcommit.rq>rsvcommit.rq

ReserveCommitti

ng

ReserveAborting

ReserveTimeout

(reserve_timeout)

<rsvTimeout.nt

>rsvabort.rq>rsvabort.rq


<rsvabort.cf<rsvabort.cf

>rsvcommit.rq<rsvcommit.fl


Reserved

<rsvcommit.ｆｌ<rsvcommit.ｆｌ

uPA only

Initial

>rsv.rq>rsv.rq

Releasing

Provisioning>prov.rq

>prov.rq

>rel.rq>rel.rq

<rel.cf<rel.cf

<prov.cf<prov.cf

Scheduled

Provisioned

State Machines ReserveHeld

ReserveChecking

ReserveFailed

<rsv.fl<rsv.fl

<rsv.cf<rsv.cf


>rsv.rq>rsv.rq


ReserveCommitti

ng

ReserveAborting

ReserveTimeout

(reserve_timeout)

<rsvTimeout.nt






Reserved


uPA only

Initial

>rsv.rq>rsv.rq

Releasing

Provisioning>prov.rq

>prov.rq

>rel.rq>rel.rq

<rel.cf<rel.cf

<prov.cf<prov.cf

Scheduled

ProvisionedReservation, Provisioning,

Scheduling of point-to-point network connections

Protocol Messages Protocol Messages Message exchange with service attributes

Client API Aggregator Fn (including PCE, Topology)

Multiple clients and NSA’s interact to create a multi-domain end-to-end service

ReserveHeld

ReserveChecking

ReserveFailed

<rsv.fl<rsv.fl

<rsv.cf<rsv.cf


>rsv.rq>rsv.rq


ReserveCommitti

ng

ReserveAborting

ReserveTimeout

(reserve_timeout)

<rsvTimeout.nt






Reserved


uPA only

Initial

>rsv.rq>rsv.rq

Reservation State machine



NSI Fundamental Design Principles

1. NSI interface can support multiple services Examples: •  Pt-Pt Connection Service (NSI-CS) •  Topology Service (NSI-TS) •  Discovery Service (NSI-DS) •  Switching Service (NSI-SS) •  Monitoring Service •  Protection Service •  Verification Service •  Etc.

NSA

NSA



Design Principles (contd.)

2. Designed for flexible, multi-domain, service chaining

C

Domain C

B

Domain B Domain A

A

NSI Topology

Supports Tree and Chain model of service chaining

Fits in well with Cloud/Compute model of provisioning as well as Network/GMPLS model



Design Principles (contd.)

3. Principles of Abstraction applied – to network layers, technologies and domains

EP a

Node

EP b

EP c

EP d

EP fNode

EP g

EP h

Inter-‐Network representation of network resources

EP e

Intra-‐network representation of network resources

STP -‐ Service Termination PointTF -‐ Transfer FunctionSDP -‐ Service Demarcation Point

Host

STP a/STP b

Network X STP e

STP d

STP gNetwork W

NetworkY

STP c/STP f

TFTF

Dynamic Connection

STP h/STP j

Network W Network Z

EP j

EP k

Host

STP k

SDP

SDP

SDP

EP -‐ Edge pointLink Node

EP a

Node

EP b

EP c

EP d

EP fNode

EP g

EP h

Inter-‐Network representation of network resources

EP e

Intra-‐network representation of network resources

STP -‐ Service Termination PointTF -‐ Transfer FunctionSDP -‐ Service Demarcation Point

Host

STP a/STP b

Network X STP e

STP d

STP gNetwork W

NetworkY

STP c/STP f

TFTF

Dynamic Connection

STP h/STP j

Network W Network Z

EP j

EP k

Host

STP k

SDP

SDP

SDP

EP -‐ Edge pointLink Node

Service Termination Points (STP) and Service Demarcation Points (SDP) are abstract and technology independent



Design Corollaries

a. User-driven composition of services is enabled by NSI

11

Atomic Service (AS1)




Composite Service (S2 = AS1 + AS2)

Composite Service (S3 = AS3 + AS4)

Composite Service (S1 = S2 + S3)

Ser

vice

Abs

tract

ion

Incr

ease

s S

ervi

ce U

sage

Sim

plifi

es

1+1

b. Network model -driven design (NML@OGF) helps scale across multi-vendor equipment

topology protection monitoring

[note for later: service composition can be applied to flows, circuits, or any network service construct]

9/6/13 Inder Monga, Tokyo 2013


NSI is part of SDN: Aligned architecturally

NSI model 1.  One NSA/network

2.  Tree/Chain model of NSA interaction

3.  b/w NSAs/domains

4.  Resource policies enforced by NRM

5.  Provisioning of end-to-end services

6.  Inherits same challenges

SDN model 1.  One logical Controller

2.  Multiple hierarchical controller model (tree)

3.  Required b/w controllers

4.  Flowvisor, AM, other policy mechanisms

5.  Provisioning of end-to-end data flows

6.  Inherits same challenges

Architecture/Function 1.  Logically Centralized

2.  Hierarchical/nested support

3.  Trust in control plane

4.  Policy Management central to operation

5.  Control and Management functions

6.  Control plane challenges: Security, partitioning



Multi-domain SDN

SDN, so far, has been conceived as control plane within a single domain ex. a data center, a service provider network, a campus network

Multi-domain aspects have not been explicitly addressed OR

Multi-domain aspects have been left to IP routing

=> End-to-end flow issues of today, ex. QoS, packet loss, are NOT solved by SDN (by default), as traffic transits multiple domains

Two questions and a possible answer: •  Why is multi-domain important? •  What does multi-domain SDN mean? •  How does NSI, a multi-domain protocol, fit in this picture?

3


ESnet USA

Chicago

New York BNL-T1

Internet2 USA

Harvard

CANARIE Canada

UVic SimFraU

TRIUMF-T1 UAlb UTor

McGilU

Seattle

TWAREN Taiwan

NCU NTU

ASGC Taiwan

ASGC-T1

KERONET2 Korea

KNU

LHCONE VPN domain

End sites – LHC Tier 2 or Tier 3 unless indicated as Tier 1

Regional R&E communication nexus

Data communication links, 10, 20, and 30 Gb/s

See http://lhcone.net for details.

NTU Chicago

NORDUnet Nordic

NDGF-T1a NDGF-T1a NDGF-T1c

DFN Germany

DESY GSI DE-KIT-T1

GARR Italy

INFN-Nap CNAF-T1 RedIRIS Spain

PIC-T1

SARA Netherlands

NIKHEF-T1

RENATER France

GRIF-IN2P3

Washington

CUDI Mexico

UNAM

CC-IN2P3-T1 Sub-IN2P3

CEA

CERN Geneva

CERN-T1

SLAC

GLakes

NE

MidW SoW

Geneva

KISTI Korea

TIFR India

India

Korea

FNAL-T1

MIT

Caltech UFlorida

UNeb PurU

UCSD UWisc

UltraLight UMich

Amsterdam

GÉANT Europe

Source: Bill Johnston, ESnet

Science is a networked multi-domain activity Dedicated ‘Overlay Network’ for LHCONE: Includes 30 Nations, 40+ Global Networks


Cloud experience depends on a Multi-Domain Network: orchestration is needed end-to-end

This is the cloud that everyone thinks about!

Wide Area Network

Public Cloud Provider (s)

User experience = Σ (Application + Data center + Campus + WAN)

Cloud Consumers

Private Cloud

Private Cloud

Wide Area Network Wide Area Network

Site/Campus network

Site/Campus network

Site/Campus network


What does multi-domain SDN mean?

•  Multi-domain: transiting multiple administrative domains

•  Multi-domain SDN: Controlling network flows across multiple resource/administrative domains

•  One argument: NSI is multi-domain SDN.. •  ..but that is only part of the larger SDN picture. •  How does NSI integrate with the OpenFlow-based SDN?

•  The challenge we want solved is ‘How to provide a consistent end-to-end service and programmability for multi-domain SDN networks?’



Multi-domain SDN models


OF Ctrl OF Ctrl

NSA

1.  Simplest case: Use SDN to provision multi-domain VLAN/Circuit

NSA Multi-domain conversation Cons: No multi-domain flow management

2. Create multi-domain virtual topology and flowspace partition manage using OpenFlow/SDN (slice)

OF Ctrl NSA NSA

Multi-domain conversation

Cons: service providers do not want to allow flow programmability in their switches by third party controllers (trust and security issues)

Cons: flowspace separation is static and not programmable


Multi-domain SDN models

18

OF Ctrl OF Ctrl NSA

3. Leverage NSI multi-domain conversation to exchange flow-rules, exchange topology, and apply policies

NSA

Multi-domain flow rule conversation leverage multiple service conversations

TBD: Multi-domain policy conversation and negotiation


Combine NSI (service plane) and SDN (control plane) technologies hierarchically

NSA

NSA

SDN

NSA

NSA

SDN

NSA

NSA

Network Virtualization and Policy Layer

Multi-domain virtual network view


SDN Controller for Software Switch Software Switch abstraction (MD-NV)

NSA

NSA

NSA


Summary

•  Service Plane is the right ‘level’ for users to interact with the network •  Application of policy, AAA for effective resource management and

multi-tenant separation, Service Level Experience (SLE)

•  NSI and SDN concepts are architecturally well aligned

•  Combination of SDN and NSI will enable global scalability and new network services

•  Just as SDN was targeted towards single domain, NSI has been designed for multi-domain



Questions?

Contact:

imonga at es dot net

Twitter: esnetupdates, indermo

http://www.es.net/inder



Sensitive Elephants, Robust Mice

Effect of 0.0046% packet loss (1 out of 22000 packets) on data transfer rates for elephant and mouse flows.1

As measured recently by ESnet research scientist Brian Tierney.

1

80x reduction in data transfer rate at DOE-

relevant distances (ANL to NERSC) and speeds

(10Gpbs).

Negligible.



A small amount of packet loss makes a huge difference in end-to-end TCP performance


Documents

Network Services Interface (NSI): Enabling multi-domain SDNnv/nvs2013/nvs3-is5-monga.pdf · multi-tenant separation, Service Level Experience (SLE) • NSI and SDN concepts are architecturally