Incremental SDN Deployment In Enterprise Networks

1y ago
17 Views
2 Downloads
1.87 MB
31 Pages
Last View : 5d ago
Last Download : 5m ago
Upload by : Nora Drum
Transcription

Incremental SDN Deployment in Enterprise Networks Dan Levin with Marco Canini, Stefan Schmid, Anja Feldmann

Motivation SDN deployments are emerging in the datacenter and WAN environments Can we get benefits of the SDN interface, deployed into more network environments?

SDN Interface f( View) Control Programs f( View) Control Programs f( View) Control Programs Global Network View Controller Platform

The SDN Deployment Problem E D A R G P U Full SDN MustAupgrade to SDN incrementally real large-scale campus network

Key Questions How can we incrementally deploy SDN into enterprise campus networks? What SDN benefits can be realized in a hybrid deployment?

Current Transitional Networks ? SDN Platform Legacy Mgmt Dual-stack approach

Current Transitional Networks ? SDN Platform Legacy Mgmt App 1 App 2 App 3 SDN Platform Legacy Mgmt Dual-stack approach Edge-only approach

The edge is legacy access switches

PANOPTICON SDN ARCHITECTURE TOOL Operate the network as a (nearly) full SDN Determine the partial SDN deployment

The Existing Network

1. Planning the SDN Deployment B A Network architect provides set of ingress ports to be controlled via SDN C D E F

Network topology resource aware optimizer Partial SDN deployment Traffic estimates Objectives Upgrade budget Path delay Tunable parameters Port priorities Price model Utilization thresholds (link utilization, VLANs, etc.)

The Partial SDN Deployment ( B C A D E F )

Benefits of Partial SDN Deployment? B C Harvest unutilized A network capacity D E F

Main benefits of SDN Principled orchestration of the network policy B C A D E F

? Can partial SDN deployment still take advantage of principled network orchestration

2. Realizing the Benefits of SDN Insight #1: 1 SDN switch Policy enforcement IDS B C A D E Access control F Middlebox traversal

2. Realizing the Benefits of SDN Insight #1: 1 SDN switch Policy enforcement B C A D E Insight #2: 2 SDN switches Fine-grained control F Traffic load-balancing

Insight #1: 1 SDN switch Policy enforcement Insight #2: 2 SDN switches Fine-grained control Ensure that all traffic to/from an SDN-controlled port always traverses at least one SDN switch SDN Waypoint Enforcement Legacy devices must direct traffic to SDN switches

The PANOPTICON SDN Architecture Conceptually group SDN ports in Cell Blocks B C A D E F

The PANOPTICON SDN Architecture Traffic restricted to Solitary Confinement Trees B C A D E Per-port spanning trees thatF ensure waypoint enforcement

PANOPTICON A B C “Logical SDN” A B C D E F D E F

App 1 App App 2 3 SDN Platform A “Logical SDN” B C D E F PANOPTICON provides the abstraction of a (nearly) fully-deployed PANOPTICON SDN in a partially upgraded network

Hybrid SDN Use Cases Automated Planned Maintenance Tool Lightweight IP Subnet Mobility ACL refactorization Middle-box Traversal

Use Case: Planned Maintenance Operator says: “You’re Going down for service. B C A D E F .and, could the rest of you switches cooperate to minimize the disruption?

Use Case Testbed Evaluation 2x NEC IP8800 (OF 1.0) 1x Cisco C3550XL 3x Cisco C2960G TCP Connection Recovery Time 2x HP 5406zl 1x Pica8 3290 Locations of “port-down” events along one path traversing SDN switch.

Use Case: Planned Maintenance 3) Update forwarding rules to re-route “green flow” B C A 1) Operator signals intent to our application, to remove switch for maintenance. D E F 2) Install 4) Gratuitous forwarding ARP for rules destination for “green flow” C.

Use Case Testbed Evaluation 2x NEC IP8800 (OF 1.0) 1x Cisco C3550XL 3x Cisco C2960G 2x HP 5406zl 1x Pica8 3290

Key Results Highlights Evaluated a large campus network (1500 switches) Real topologies and real traffic traces Upgrade 2% of the switches/routers 100% SDN-controlled ingress ports avg. path stretch 50% 90th percentile link util. 25% increase

Also, we’re Hiring. https://venture.badpacket.in Contact us!

Summary App 1 App App 2 3 SDN Platform SDN ARCHITECTURE A Operate the network as a (nearly) full SDN TOOL B C D E F Determine the partial SDN deployment https://venture.badpacket.in PANOPTICON

SDN Waypoint Enforcement Insight #1: 1 SDN switch Policy enforcement Insight #2: 2 SDN switches Fine-grained control Legacy devices must direct traffic to SDN switches Ensure that all traffic to/from an SDN-controlled port always traverses at least one SDN switch

Related Documents:

sdn.301 security protocol3(sp3) sdn.401 security protocol4(sp4) sdn.701 messagesecurity protocol sdn.702 directoryspecs forusewith msp key management sdn.601 keymanagement profile sdn.902 kmp definitionof servicesprovided bykmase sdn.903 kmp servicesprovided bykmase sdn,906 kmp traffickey attribute negotiation access control sdn.801 .

SDN 40-24-100C aND SDN 40-24-480C DImENSIoNS Catalog Number Dimensions - mm (in) h w D SDN 5-24-100C 123.0 (4.85) 50.0 (1.97) 111.0 (4.36) SDN 10-24-100C 123.0 (4.85) 60.0 (2.36) 111.0 (4.36) SDN 20-24-100C 123.0 (4.85) 87.0 (3.42) 127.0 (4.98) SDN 5-24-480C 123.0 (4.85) 50.0 (1.97) 111.0 (4.36) SDN 10-24-480C 123.0 (4.85) 60

SDN and NFV: Enhancing Network Capacity and Functionality Figure 4. Goal of Wide Area SDN: the SDN Cockpit (not yet a reality) Data Center SDN The Enterprise data center is where SDN is best known, and most advanced in implementation. When SDN is discussed, it is usually in the context of the data center. The common Enterprise data

Dynamic and Diverse SDN Networks . The IxNetwork SDN test solution delivers feature sets covering various SDN technology approaches, including green-field OpenFlow deployment, carrier network SDN technology, data center virtualization overlay, as well as overall orchestration and management. The IxNetwork SDN solution emulates carrier-

SDN in Access network, SDN in Optical Layer & MPLS on top Working in orchestration Depends on -Control Plane, SDN Controllers, APIs Communication through Open Interfaces Access SDN SDN to MPLS Control Plane API Function Edge Gate way Programmable MAC/VLAN/PBB & MPLS to MPLS Mapping Ethernet CPRI/dRoF

SDN security issues [31-37] Security policies in SDN [28,38-52] DDoS [53-56] DDoS vulnerability in SDN [33,36,57] Policies for rescuing SDN from DDoS [58-69] DDoS, distributed denial of service; SDN, software-defined network. focusing on DDoS issue, followed by the comparison of various proposed countermeasures for them. Table I has

SDN Application (GUI & Orchestration) SDN Controller VIM(OpenStack) Server VSW VM VM Server VSW vFW (A) vFW (A) SDN GW Server VSW vFW (S) vFW (S) Internet DC Router Data Center NFV SDN SDN Service Chain VNFM VNFM ①Create vFW request ②call plugin ③Create FW VM ④response VM ID, vport ⑤send vFW information, classifier rules .

A02 Authorised: return title page only to supplier A03 Authorised: keep as complimentary copy, credit will be given in full A04 Hold pending further investigation A05 Return to supplier regardless of condition A06 Claim authorised for credit Although it remains customary for the distributor to require the return of the complete book before giving credit, the code lists also provide for .