Telefnica I+D 10.12.2012 For a More Efficient and Fair Network
Usage Applying Abstraction
Slide 2
2 TPI GCTO Unit Telefnica I+D Network Plasticity User-centric
connectivity experience Collaboration among the applications and
the network(s) Networks based on different technologies Networks in
different realms Mutual awareness between network and IT
Bidirectional flows Blurring the limits Software in the network
Networks in software Northbound Application-to-network Eastbound
Network-realm-to-network-realm Abstraction ability is key
Complexity hiding Coopetition
Slide 3
3 TPI GCTO Unit Telefnica I+D SDN: Shifting Paradigms SDN is a
dramatic shift in the mechanisms to design and operate networks
Make network behaviour programmable beyond individual boxes Changes
the vision from configuration to programming Compiling, scripting,
rapid prototyping, debugging, profiling, IDEs Convergence of
application and network APIs Clearer, more comprehensive interfaces
Provides a powerful toolset to deepen network virtualization
Slide 4
4 TPI GCTO Unit Telefnica I+D Out of the Boxes The network does
not need to be seen any longer as a composition of individual
elements User applications interact with the network controller(s)
The network becomes a single entity Suitable to be programmed
Aligned with current IT practices We can apply different levels of
abstraction Think of a network design flow And even an IDE FEATURE
OPERATING SYSTEM SPECIALIZED PACKET FORWARDING HARDWARE FEATURE
OPERATING SYSTEM SPECIALIZED PACKET FORWARDING HARDWARE FEATURE
OPERATING SYSTEM SPECIALIZED PACKET FORWARDING HARDWARE FEATURE
OPERATING SYSTEM SPECIALIZED PACKET FORWARDING HARDWARE
Slide 5
5 TPI GCTO Unit Telefnica I+D SDN Principles Make network
behaviour programmable Beyond individual boxes Fully decouple data
and control planes Simple packet processing elements (switches)
Software-based controlling components (controllers) Functions are
split between per-packet rules on the switch and high-level
decisions at the controller Open interface between control and data
plane Open interface to the control plane Controllers actually
program the network Even bypassing conventional layered protocols
and their configuration Switch SDN Control Plane Software..
App
Slide 6
6 TPI GCTO Unit Telefnica I+D SDN at Work: OpenFlow The
controller drives the switch by means of updating its flow tables A
flow table is a set of rules consisting of Match fields (per
packet) Instructions (output, drop, Set tag or field) If no match,
ask controller by default A channel connects a controller and a
switch through messages Controllers can prepopulate instructions or
dynamically take decisions on switch queries
Slide 7
7 TPI GCTO Unit Telefnica I+D The Network and the Computer Back
in 2009 The idea of dealing with the network as a computing device
has been around for quite some time
Slide 8
8 TPI GCTO Unit Telefnica I+D A Stored Program Model for the
Network The SDN concepts bring into play the processing
capabilities And the stored program
Slide 9
9 TPI GCTO Unit Telefnica I+D The Network Is *A* Computer So we
can apply software development techniques and tools Software
development and operation being multifaceted Different tools for
different tasks Static and dynamic verification Translation:
assemblers, compilers, interpreters, linkers Testing and debugging
Version and configuration control Dynamic composition and linking
Development flows And abstraction capabilities OpenFlow Controller
OpenFlow Switch OVS
Slide 10
10 TPI GCTO Unit Telefnica I+D Network OS. SDN in the Widest
Sense Providing a consistent interface to control, data and
management plane A layered model The first take could follow an
analogy with existing OS The kernel is realized by control plane
mechanisms Data plane is associated with the file system The
management plane is mapped to the system tools Remember the shell
Specific services to enforce policy and security And the APIs
Slide 11
11 TPI GCTO Unit Telefnica I+D The Network OS Ecosystem The
users Network operators Manage the network, create services and
locate problems in a more efficient manner Application providers
Reduced time to market for new applications, value added services,
abstracted view of the network The networks Need to address a wide
variety of devices and protocols The goal To simplify use and
management of heterogeneous E2E networks Access, core, datacenter.
The POSIX reference model
Slide 12
12 TPI GCTO Unit Telefnica I+D Net-wide, POSIX Style
Application System Interface - APIs System Tools - Mgmt Plane
Filesystem Data Plane Kernel - Control Plane Application OpenFlow
*MPLS (LDP/RSVP )... L2VPN v6 LISP IP Policy - Security
Slide 13
13 TPI GCTO Unit Telefnica I+D Kernel and Filesystem OpenFlow
as the default mechanism And kernel drivers for other control plane
technologies Strict control on kernel-mode access Restricted API A
filesystem for the data plane A naming schema equivalent to
directories plus filenames Overlay transparent integration
Interaction with other Network OS instances Consistent security
model A neutral data model for internal representations YANG is a
clear candidate
Slide 14
14 TPI GCTO Unit Telefnica I+D Acting at the Dataplane Network
slicing Essential for physical infrastructure sharing Specific
appliance access by traffic steering Content filtering and dynamic
firewalling Encryption and privacy Access control Transport
optimization OF-enabled appliances Controlled as another switch
Closer integration
Slide 15
15 TPI GCTO Unit Telefnica I+D And Supporting Network Function
Virtualization Base sophisticated services on open standard
hardware And rely on virtual appliances running on datacenters Do
not require expensive redeployments Just change controllers and
appliances Aligned with central policies Define a new way of
addressing network functionality Dynamic connection of virtualized
components Grow as requirements grow Switch Access Point Mdem CPE
FW TR-069 NAT UPnP DHCP IPv4/IPv6 STB Home environment Network
environment
Slide 16
16 TPI GCTO Unit Telefnica I+D Policy and Management Management
plane is mapped to the system process idea Shell Monitoring
Accounting Policy definition A dedicated subset of services for
policy enforcement and security Converged authorization Mapping
from outer identities and roles Accountability Security Metering
and auditing Monetization
Slide 17
17 TPI GCTO Unit Telefnica I+D Know Who Does What First packets
in any flow can be always routed to the controller And identity of
the user established Several options for doing this en- route
Different flavours of EAP transport, like 802.1x or PANA The
controller can apply policies Derived from any source At any
layer(s) And define sessions By means of specific rules Triggered
by time or flow properties Default behaviour for plain access
Slide 18
18 TPI GCTO Unit Telefnica I+D Go beyond the
User-behind-a-portal Do not require a leap of faith to the network
infrastructure Current models do not allow to positively identify
the user behind a request Forward identity information down to the
controller Decouple decision points And allow autonomous decisions
Break blind trust relationships So services can be individualised
at any layer And different trust links established with a variety
of partners
Slide 19
19 TPI GCTO Unit Telefnica I+D Converged Authorization
Controllers are programmable entities They can rely on any set of
services for policy enforcement and security Including
authorization engines And even federated identity systems Specific
authorisations recorded Access and usage rules Dynamic contract
enforcement Pay-as-you-go for network services Mix-and-match with
current technologies in IT space Outer identities permeate the
network infrastructure NSP Community of Registration NSP customer
Community of Interest Local government Community of Interest Health
services Community of Interest
Slide 20
20 TPI GCTO Unit Telefnica I+D Providing the Third A Whenever
required, flows can be mirrored to additional switch ports
Associated with identity At any relevant level and layer Mirroring
rules can be associated with different events Network session
Security Accountability is the word Much better security Detailed
metering Technical auditing Lawful interception ...
Slide 21
21 TPI GCTO Unit Telefnica I+D Upper Layers of Abstraction NaaS
beyond itself Current models are still very much box- oriented
Virtual view of current elements And beyond OpenFlow An excellent
practical base As much as processor instruction sets A first step:
consider the fabric Extend OpenFlow to deal with overlay control
And start thinking of the equivalents to SQL OO Garbage
collectors
Slide 22
22 TPI GCTO Unit Telefnica I+D The Road to a Network IDE The
natural consequence of applying concepts and tools related to
software development Supporting a complete design flow High-level
definition and manipulation Validation from simulation to actual
debugging Beta versions by slicing Phased deployment Integrated
with parallel IT development Proof of concept OpenFlow-in-a-Box
More to come
Slide 23
23 TPI GCTO Unit Telefnica I+D ALTO: The What Application-Layer
Traffic Optimization A mechanism for providing information on the
network To modify the patterns of network resource consumption And
maintain or even improve performance Based on abstract networks
maps And properties associated with those maps Associated with
costs Maps are based on PIDs Provider-defined Network Location
identifier General, network-agnostic, identifying a set of related
endpoints An IETF WG defining these mechanisms and the current ALTO
protocol RESTful interface JSON syntax P2P and CDN as initial use
cases Extensible by design Sounds like a natural companion to
support SDN abstractions
Slide 24
24 TPI GCTO Unit Telefnica I+D ALTO: The How An ALTO server
collects data on topology And, to some extent, state No real-time
service Aggregates data and builds the maps According to provider
policy Privacy Confidentiality Network intelligence No single view
required The servers publishes the available endpoints Clients
attach to the endpoints and collect the maps
Slide 25
25 TPI GCTO Unit Telefnica I+D ALTO: The Looks Simple JSON
syntax for requests and responses Maps contain PIDs and the
endpoints they group Cost maps contain relationships between PIDs
Clients make explicit requests for particular maps Or properties of
specific combinations of PIDs JSON makes data easily extensible and
suitable for integrating them with additional sources Much more
flexible than current signalling protocols "data:{
"map-vtag:"1266506139", "map:{ mypid1:{
"ipv4:["10.0.0.0/8,"15.0.0.0/8]}, "transitpid1:{
"ipv4:["132.0.0.0/16]},... "defaultpid:{ "ipv4:["0.0.0.0/0],
"ipv6:["::/0]} } "data" : { "cost-mode" : "ordinal", "cost-type" :
"routingcost", "map-vtag" : "1266506139", "map" : { "mypid1:{
"mypid1:0, "mypid2:0, "mypid3:0, "peeringpid1:1, "peerinpid2:1,
"transitpid1:4, "transitpid2:4, "defaultpid:5}, }... }
Slide 26
26 TPI GCTO Unit Telefnica I+D The (Not So) Obvious: One-to-One
Co-locate ALTO servers and SDN controllers The SDN controller is an
excellent source for the ALTO server The only one, if full SDN is
achieved A relevant aggregator otherwise An open update protocol
would be of great help The SDN controller takes advantage of the
ALTO server ALTO becomes the standard mechanisms for retrieving
certain networks properties And combine then with application state
and requirements Especially in mixed environments Achieving
Cross-Stratum Orchestration ALTO as part of the Northbound API
Network Orchestrator (SDN) Application Orchestrator 1 2 3 4 1 2 3 D
A B C 4 Topology Abstraction Engine (ALTO) Network Element Network
Element Network Element Network Element
Slide 27
27 TPI GCTO Unit Telefnica I+D CSO-based Express Lanes Traffic
engineered between data centers and end user regions Requires
additional data in ALTO maps Network capacity, latency And temporal
aspects Data Center 1 Data Center 2 Data Center 3 Client B3 Client
A1 Client CN Client C3 Client B2 Client C2 Client C1 Client A2
Client B1 Client A3 Client AN Client BN Region B Region A Region
C
Slide 28
28 TPI GCTO Unit Telefnica I+D Cross-Domain Scenarios
Cross-connection of clients (controllers) to servers ALTO server
adapts abstract views to each client Cross-domain maps become and
additional input for controller policies ALTO as part of the
Eastbound API Network Orchestrator (SDN) Application Orchestrator 1
2 4 1 2 D A B C Topology Abstraction Engine (ALTO) Network Element
Network Element Network Element Network Element Network
Orchestrator (SDN) Application Orchestrator 1 2 3 4 1 2 3 D A B C 4
Topology Abstraction Engine (ALTO) Network Element Network Element
1 2 3 4
Slide 29
29 TPI GCTO Unit Telefnica I+D Inter-NSP ASQ Abstraction to
avoid exposing data not necessary for interconnection Extensions to
accomplish SLA matching and verification In addition to network
capacity and temporal constraints
Slide 30
30 TPI GCTO Unit Telefnica I+D SDN Realm Partitioning SDN
partitioning is inevitable A large network is likely to be divided
into multiple SDN realms Each SDN realm with its own controller
Some reasons Scalability Manageability Privacy Privacy policies
applied to tenants or special applicable policies Incremental
deployment Partitioning is already a common practice SDN-enabled
slices SDNi: An interface mechanism between SDN controllers 30
Slide 31
31 TPI GCTO Unit Telefnica I+D ALTO SDNi SDN controllers
communicate by exporting and importing network information through
an ALTO server Information exchange is subject to realm-specific
policies The ALTO server acts as network data orchestrator Control
decisions are autonomously taken by controllers ALTO as part of an
evolved Eastbound (North-East-bound?) API ALTO Server Policy
Policed (aggregated) information SDN controllers
Slide 32
32 TPI GCTO Unit Telefnica I+D Making Orchestration Work The
ALTO server becomes a soft orchestrator No need for a controller
hierarchy, mesh, chain, or Policy driven Flexible arrangements
Controllers retain autonomy Multi-homing is possible And different
policies at each attachment link Neutrality With respect to
positioning in the realm(s) With respect to SDN flavor We need to
Decide on extensions to ALTO data models Enhance two-way
interactions, session management and timely updates Explore
mechanisms for security, discovery, policy declaration, attachment
modes
Slide 33
33 TPI GCTO Unit Telefnica I+D The Struggle for the Right
Abstractions We are witnessing a paradigm shift in networking The
possibility of interacting with the network as a whole And to
reason about that Taking the first steps IT is an interesting
source of inspiration Its models are limited as well And
convergence requires additional effort The future of network design
and operation lies in building the right abstractions Validation
and acceptance are not short processes You can only learn to walk
by walking Experience shows abstraction is extremely powerful in
supporting resource sharing Just look your laptops, tablets,
smartphones