Скачать презентацию Enabling Active Flow Manipulation In Silicon-based Network Forwarding Скачать презентацию Enabling Active Flow Manipulation In Silicon-based Network Forwarding

cb4f7a39f2c2ca4427923546d7b09120.ppt

  • Количество слайдов: 29

Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines Tal Lavian - tlavian@ieee. org Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines Tal Lavian - [email protected] org Nortel Networks Advanced Technology Labs Open Source - http: //www. openetlab. org DANCE Exposition May 28 -29, 2002 1

Outline of the talk • Driving Forces • Openet • AFM Enabling Mechanism • Outline of the talk • Driving Forces • Openet • AFM Enabling Mechanism • Realization with Openet Passport • Application Examples • Openet Alteon: AN platform • Next step • Conclusion DANCE Exposition May 28 -29, 2002 2

Driving Forces Users – Service Providers – Network Providers • Introducing services on-demand • Driving Forces Users – Service Providers – Network Providers • Introducing services on-demand • Assuring Quality of Service • Addressing Impedance Mismatch • Demanding Programmability DANCE Exposition May 28 -29, 2002 3

Authentication Dynamic loading Security Introducing Services on-demand Monitor application Services & Control Intelligence React Authentication Dynamic loading Security Introducing Services on-demand Monitor application Services & Control Intelligence React VIRTUAL ENVIRONMENT OS HW Network Device DANCE Exposition May 28 -29, 2002 4

Programmability • A significant challenge in today’s Internet is the ability to efficiently incorporate Programmability • A significant challenge in today’s Internet is the ability to efficiently incorporate customizable network intelligence in commercial high performance network devices. — Framework for introducing services — API for programming network devices DANCE Exposition May 28 -29, 2002 5

Impedance Mismatch User Connections HTTP, RTP, TCP, UDP, etc Optical World Fiber 1 Residential Impedance Mismatch User Connections HTTP, RTP, TCP, UDP, etc Optical World Fiber 1 Residential LAN Access (Edge) Core Networks (WAN) Access (Edge) Enterprise Intranet User Network ISP Network Carrier Network DANCE Exposition May 28 -29, 2002 6

AN Solution • Active networks (AN) approach opens an exciting opportunity for individual applications AN Solution • Active networks (AN) approach opens an exciting opportunity for individual applications to define the service provided by the network through programmability. • Active Networks technologies expose a novel approach that allows customer value-added services to be introduced to the network “on-the-fly”. • Active Nets program has produced a new network platform flexible and extensible at runtime to accommodate the rapid evolution and deployment of network technologies. • The exciting opportunity exists for network service providers and third parties, not just the network device providers, to program the network infrastructure and services. DANCE Exposition May 28 -29, 2002 7

AN issues Lack of industrial-strength Active Network devices that dispel major concerns: • AN AN issues Lack of industrial-strength Active Network devices that dispel major concerns: • AN requires substantial supports from a NOS • AN introduces substantial software component, hence delay on the data path • AN lacks adequate measures to addressing integrity and security of network devices. DANCE Exposition May 28 -29, 2002 8

Openet Platform = Active Nets Enabling Platform = Programmable Networking Solution • Passport Router Openet Platform = Active Nets Enabling Platform = Programmable Networking Solution • Passport Router • Openet • Active Flow Manipulation (AFM) • Programmable Openet Passport Platform DANCE Exposition May 28 -29, 2002 9

Passport Router - Separation of Control and Forwarding Planes Centralized, CPU-based Router Forwarding-Processors Based Passport Router - Separation of Control and Forwarding Planes Centralized, CPU-based Router Forwarding-Processors Based Router Routing SW Control Plane CPU Forwarding Processor Wire Speed Slow Control + Forwarding Functions combined Control separated from forwarding DANCE Exposition May 28 -29, 2002 10

Openet: a view from a node Application services Oplet. Service, Shell, Logger User Oplets Openet: a view from a node Application services Oplet. Service, Shell, Logger User Oplets Standard Services Function Services ORE JFWD JVM Control Plane MEM Data Plane JNI/Native Code CPU Filtered packets ANTS Firewall, Diff. Serv Jcapture, HTTP, Ip. Packet Monitor status … New forwarding rules Forwarding Engine DANCE Exposition May 28 -29, 2002 11

Control Functions CE: Control Element FE: Forwarding Element (1) Control Intensive computation CE (2) Control Functions CE: Control Element FE: Forwarding Element (1) Control Intensive computation CE (2) (3) FE 1) Control functions that reside wholly in the control plane 2) Control functions that insert software in the critical data path 3) Control functions that allow control entities to act both in the control plane and in the data forwarding plane without adding software in the data path DANCE Exposition May 28 -29, 2002 12

Active Flow Manipulation Abstractions • Aggregate data into traffic flows — Flows whose characteristics Active Flow Manipulation Abstractions • Aggregate data into traffic flows — Flows whose characteristics can be identified in real-time — E. g. , “all UDP packets to a particular service”, “all TCP packets from a particular machine”. • Actions to be performed in the traffic flows — Actions that can be performed in real-time — E. g. , “Change the priority of all traffic destined to a particular service on a particular machine”, “Stop all traffic out of a particular link of a router”. DANCE Exposition May 28 -29, 2002 13

Active Flow Manipulation • A key enabling technology of Openet Policy • Two abstractions Active Flow Manipulation • A key enabling technology of Openet Policy • Two abstractions Fil n — Primitive flows — Primitive actions • Customer network Forwarding Processor Packet tio Ac Filters ter Pa cke t AFM DANCE Exposition services exercise active network control — Identifying specific flows — Apply actions to alter network behavior in realtime May 28 -29, 2002 14

Identifiable Elements of Primitive Flows Destination Address (DA) Range of Destination Address (RDA) Source Identifiable Elements of Primitive Flows Destination Address (DA) Range of Destination Address (RDA) Source Address (SA) Range of Source Address (RSA) Exact TCP protocol match (TCP) Exact UDP protocol match (UDP) Exact ICMP protocol match (ICMP) Source Port number, for both TCP and UDP (SP) Destination Port number for both TCP and UDP (DP) TCP connection request (TCPReg) ICMP request (ICMPReg) DS field of a datagram (DS) IP Frame fragment (Frame. Frag) DANCE Exposition May 28 -29, 2002 15

Primitive Permissible actions Drop Forward Mirror Stop on Match (SOM) Detect Out of Profile Primitive Permissible actions Drop Forward Mirror Stop on Match (SOM) Detect Out of Profile behaviour (Out) Change DSCP value (DSCP) Prevent TCP Connect Request Modify IEEE 802. 1 p bit DANCE Exposition May 28 -29, 2002 16

Openet on Passport Router Active Networks Services Control Plane Active Services ORE System Services Openet on Passport Router Active Networks Services Control Plane Active Services ORE System Services CPU System Monitor status New rules Switching Fabric Data Plane Forwarding Rules Forwarding Processor Statistics &Monitors (Wire Speed Forwarding) Forwarding Rules Statistics &Monitors Forwarding Rules . . . Forwarding Processor Statistics &Monitors Traffic Packets DANCE Exposition May 28 -29, 2002 17

Openet Framework • Openet Architecture with Passport Switches DANCE Exposition May 28 -29, 2002 Openet Framework • Openet Architecture with Passport Switches DANCE Exposition May 28 -29, 2002 18

Example 1: Active Flow Priority Change in Real-time DANCE Exposition May 28 -29, 2002 Example 1: Active Flow Priority Change in Real-time DANCE Exposition May 28 -29, 2002 19

Example 2 : JDiffserv on Passport Device Console Differvenabled Network UDP sender UDP receiver Example 2 : JDiffserv on Passport Device Console Differvenabled Network UDP sender UDP receiver Passport 8600 Passport 1100 B UDP Passport 1100 B JDiffserv UDP Linux PC HTTP server Diffserv Monitor Linux PC DANCE Exposition May 28 -29, 2002 20

Example 3 : Regatta - Fault Recovery • Automated supervision • Minimal service interruption Example 3 : Regatta - Fault Recovery • Automated supervision • Minimal service interruption • Heartbeats DANCE Exposition May 28 -29, 2002 21

Current Development: Programmable Services Solution • Alteon-i. SD • Openet • Extended Active Flow Current Development: Programmable Services Solution • Alteon-i. SD • Openet • Extended Active Flow Manipulation (AFM) • Openet Alteon-based Active Nets Platform DANCE Exposition May 28 -29, 2002 22

Openet Alteon Active Nets Platform = A Powerful Platform for AN Technologies Transfer • Openet Alteon Active Nets Platform = A Powerful Platform for AN Technologies Transfer • A powerful and extensible control and computational plane Openet — Partitioning hardware/software resources — Active service enabling L 2 -L 7 filtering Content processing Power computing — content filtering in real-time — active services accommodation Optical Wireless router DANCE Exposition Content gateway Edge Device May 28 -29, 2002 23

Solutions’ Features • Real-time Filtering — Ability to poke at the device’s data flows Solutions’ Features • Real-time Filtering — Ability to poke at the device’s data flows • Processing Power — Ability to perform intensive processing • Enabling Services — Introducing services on-demand • Programmable Services — Enabling active and adaptive services • Impedance Matching — Addressing mismatches between disparate domains, disparate technologies DANCE Exposition May 28 -29, 2002 24

Streaming Media Distribution Service Openet Alteon AN Platform for SMDS l 1 Real server Streaming Media Distribution Service Openet Alteon AN Platform for SMDS l 1 Real server on Linux or NT, 2~8 Real Players on Solaris l SMDS on i. SD èReal Player RTSP request filter and interception èReal Server reply real-time stream filter and replication èRTSP session setup by replicating first 16 packets cached i. SD rtsp: //pcary 1 gc: 5454/real 8 video Real Player 2 SMDS service RTSP Client Packet intercept Register Replicate Packet Redirection Alteon Packet Writeback rtsp: //pcary 1 gc/real 8 video Real Player 1 1 st Client RTSP Request Server reply Real Server 8 Linux/X 86 Sun/Solaris DANCE Exposition May 28 -29, 2002 25

Eva. Q 8 OG -2 A Simple Eva. Q 8 concept Eva. Q 8 Eva. Q 8 OG -2 A Simple Eva. Q 8 concept Eva. Q 8 OG - 1 Control Mesg Alteon Control Mesg Omni. Net Control Plane [Linux] i. SD TL 1 10 G Alteon 8600 1 G X i. SD Omni. Net A B 1 B 2 10 G 1. Eva. Q 8 OG 3 sends a signal[RSVP] to OG 1 4. B Disaster Strikes at Location Z 3. 10 G OG 1 instructs Omnit net to connect B 2 & B 3 ; Server Z and Server Y data syncd 5. Y 8600 D 1 G Z i. SD Disaster Event/ Environ. Sensor Alteon On successful sync, OG 2 instructs Omni. Net to connect B 1 ->B 2. 6. 1 G C Normal App flow : Client X -> Server Z 2. B 3 8600 Service Restored for Client X ->server Y Eva. Q 8 OG - 3 DANCE Exposition May 28 -29, 2002 26

What next? Service-centric Active Nets Platform • Service Enabling API • Control API ge What next? Service-centric Active Nets Platform • Service Enabling API • Control API ge a an M Security • Security API SERVICES e Int Co ra-S mm erv ic • Management API Impedance Matching • Impedance Matching API Ser En vice abl ing ol ntr Co • Intra-service Communications API DANCE Exposition May 28 -29, 2002 27

Summary • Openet – our Networking Programmability • Commercial network programmable hardware • New Summary • Openet – our Networking Programmability • Commercial network programmable hardware • New AN platform: Openet + Alteon + i. SD — Alteon: AN platform on an advanced content switch — i. SD: powerful & extensible computation plane • Enables AN technologies transfer • Promoting an edge device service-centric platform DANCE Exposition May 28 -29, 2002 28

Openet. Lab – Nortel Networks: http: //www. openetlab. org/ Q&A DANCE Exposition May 28 Openet. Lab – Nortel Networks: http: //www. openetlab. org/ Q&A DANCE Exposition May 28 -29, 2002 29