Скачать презентацию Shadow Configurations A Network Management Primitive Richard Скачать презентацию Shadow Configurations A Network Management Primitive Richard

326131f953b7033dbe3671ab2ba4685f.ppt

  • Количество слайдов: 57

Shadow Configurations : A Network Management Primitive Richard Alimi, Ye Wang, and Y. Richard Shadow Configurations : A Network Management Primitive Richard Alimi, Ye Wang, and Y. Richard Yang Laboratory of Networked Systems Yale University February 16, 2009

Configuration Leads to Errors “ 80% of IT budgets is used to maintain the Configuration Leads to Errors “ 80% of IT budgets is used to maintain the status quo. ” “. . . human error is blamed for 50 -80% of network outages. ” Source: Juniper Networks, 2008 Source: The Yankee Group, 2004 February 16, 2009 Yale University Why is configuration hard today? 2

Configuration Management Today Hardware Simulation & Analysis VPNs SLAs Network structure Hardware and software Configuration Management Today Hardware Simulation & Analysis VPNs SLAs Network structure Hardware and software Limited scalability Hard to access real traffic OSPF Can be prohibitively expensive February 16, 2009 e. BGP ACLs TE Test networks i. BGP Software Depend on simplified models Traffic Yale University Why are these not enough? 3

Analogy with Programming Program Target System Network Management Configs February 16, 2009 Yale University Analogy with Programming Program Target System Network Management Configs February 16, 2009 Yale University Target Network 4

Analogy with Databases STATE A INSERT. . . UPDATE. . . DELETE. . . Analogy with Databases STATE A INSERT. . . UPDATE. . . DELETE. . . STATE B INSERT. . . UPDATE. . . DELETE. . . Network Management STATE A ip route. . . STATE B ip addr. . . STATE C router bgp. . . STATE D router ospf. . . ? February 16, 2009 Yale University 5

Enter, Shadow Configurations Hardware Traffic Key ideas i. BGP Software Allow additional (shadow) config Enter, Shadow Configurations Hardware Traffic Key ideas i. BGP Software Allow additional (shadow) config on each router In-network, interactive shadow environment “Shadow” term from computer graphics OSPF VPNs e. BGP SLAs ACLs TE Key Benefits Realistic (no model) Scalable February 16, 2009 Access to real traffic Transactional Yale University 6

Roadmap Motivation and Overview System Basics and Usage System Components Design and Architecture Performance Roadmap Motivation and Overview System Basics and Usage System Components Design and Architecture Performance Testing Transaction Support Implementation and Evaluation February 16, 2009 Yale University 7

System Basics What's in the shadow configuration? Routing parameters ACLs Interface parameters VPNs Qo. System Basics What's in the shadow configuration? Routing parameters ACLs Interface parameters VPNs Qo. S parameters Real config Shadow header marked “ 1” February 16, 2009 Yale University Real header marked “ 0” 8

Example Usage Scenario: Backup Path Verification Backup Primary February 16, 2009 Yale University 9 Example Usage Scenario: Backup Path Verification Backup Primary February 16, 2009 Yale University 9

Example Usage Scenario: Backup Path Verification Send test packets in shadow February 16, 2009 Example Usage Scenario: Backup Path Verification Send test packets in shadow February 16, 2009 Yale University 10

Example Usage Scenario: Backup Path Verification Disable shadow link X February 16, 2009 X Example Usage Scenario: Backup Path Verification Disable shadow link X February 16, 2009 X Yale University 11

Example Usage Scenario: Backup Path Verification February 16, 2009 Yale University 12 Example Usage Scenario: Backup Path Verification February 16, 2009 Yale University 12

Example Usage Scenario: Configuration Evaluation February 16, 2009 Yale University Video Server 13 Example Usage Scenario: Configuration Evaluation February 16, 2009 Yale University Video Server 13

Example Usage Scenario: Configuration Evaluation February 16, 2009 Yale University Video Server 14 Example Usage Scenario: Configuration Evaluation February 16, 2009 Yale University Video Server 14

Example Usage Scenario: Configuration Evaluation Video Server Duplicate packets to shadow February 16, 2009 Example Usage Scenario: Configuration Evaluation Video Server Duplicate packets to shadow February 16, 2009 Yale University 15

Roadmap Motivation and Overview System Basics and Usage System Components Design and Architecture Performance Roadmap Motivation and Overview System Basics and Usage System Components Design and Architecture Performance Testing Transaction Support Implementation and Evaluation February 16, 2009 Yale University 16

Design and Architecture Management Configuration UI Control Plane OSPF BGP IS-IS Forwarding Engine FIB Design and Architecture Management Configuration UI Control Plane OSPF BGP IS-IS Forwarding Engine FIB Interface 0 February 16, 2009 Interface 1 Interface 2 Yale University Interface 3 17

Design and Architecture Management Configuration UI Control Plane OSPF BGP IS-IS Forwarding Engine Shadow-enabled Design and Architecture Management Configuration UI Control Plane OSPF BGP IS-IS Forwarding Engine Shadow-enabled FIB Shadow Bandwidth Control Interface 0 February 16, 2009 Interface 1 Interface 2 Yale University Interface 3 18

Design and Architecture Management Configuration UI Control Plane OSPF BGP IS-IS Shadow Management Commitment Design and Architecture Management Configuration UI Control Plane OSPF BGP IS-IS Shadow Management Commitment Forwarding Engine Shadow-enabled FIB Shadow Bandwidth Control Interface 0 February 16, 2009 Interface 1 Interface 2 Yale University Interface 3 19

Design and Architecture Management Configuration UI Debugging Tools Shadow Traffic Control FIB Analysis Control Design and Architecture Management Configuration UI Debugging Tools Shadow Traffic Control FIB Analysis Control Plane OSPF BGP IS-IS Shadow Management Commitment Forwarding Engine Shadow-enabled FIB Shadow Bandwidth Control Interface 0 February 16, 2009 Interface 1 Interface 2 Yale University Interface 3 20

Design and Architecture Management Configuration UI Debugging Tools Shadow Traffic Control FIB Analysis Control Design and Architecture Management Configuration UI Debugging Tools Shadow Traffic Control FIB Analysis Control Plane OSPF BGP IS-IS Shadow Management Commitment Forwarding Engine Shadow-enabled FIB Shadow Bandwidth Control Interface 0 February 16, 2009 Interface 1 Interface 2 Yale University Interface 3 21

Shadow Bandwidth Control Requirements Minimal impact on real traffic Accurate performance measurements of shadow Shadow Bandwidth Control Requirements Minimal impact on real traffic Accurate performance measurements of shadow configuration Supported Modes Priority Bandwidth Partitioning Packet Cancellation February 16, 2009 Yale University 22

Packet Cancellation Observation: in many network performance testing scenarios, Content of payload is not Packet Cancellation Observation: in many network performance testing scenarios, Content of payload is not important Only payload size matters Idea: only need headers for shadow traffic Piggyback shadow headers on real packets February 16, 2009 Piggybacked shadow header Yale University 23

Packet Cancellation Details Output interface maintains real and shadow queues Qr and Qs February Packet Cancellation Details Output interface maintains real and shadow queues Qr and Qs February 16, 2009 Yale University 24

Packet Cancellation Details Output interface maintains real and shadow queues Qr and Qs February Packet Cancellation Details Output interface maintains real and shadow queues Qr and Qs February 16, 2009 Yale University 25

Packet Cancellation Details Output interface maintains real and shadow queues Qr and Qs February Packet Cancellation Details Output interface maintains real and shadow queues Qr and Qs February 16, 2009 Yale University 26

Packet Cancellation Details Output interface maintains real and shadow queues Qr and Qs February Packet Cancellation Details Output interface maintains real and shadow queues Qr and Qs February 16, 2009 Yale University 27

Forwarding Overhead Without Packet Cancellation: IP Looku p With Packet Cancellation: IP Looku p Forwarding Overhead Without Packet Cancellation: IP Looku p With Packet Cancellation: IP Looku p Cancellation may require routers to process more packets. Can routers support it? February 16, 2009 Yale University 28

Forwarding Overhead Analysis Routers can be designed for worst-case Load typically measured by link Forwarding Overhead Analysis Routers can be designed for worst-case Load typically measured by link utilization L : Link speed Kmin : Minimum packet size Router supports packets per second αr : Utilization due to real traffic (packet sizes kr ) αs : Utilization due to shadow traffic (packet sizes ks ) We require: February 16, 2009 Yale University 29

Forwarding Overhead Analysis Routers can be designed for worst-case Load typically measured by link Forwarding Overhead Analysis Routers can be designed for worst-case Load typically measured by link utilization L : Link speed Kmin : Minimum packet size Router supports packets per second αr : Utilization due to real traffic (packet sizes kr ) αs : Utilization due to shadow traffic (packet sizes ks ) We require: Example: With α = 70%, and 80% real traffic utilization Support up to 75% shadow traffic utilization February 16, 2009 Yale University 30

Commitment Objectives Smoothly swap real and shadow across network Eliminate effects of reconvergence due Commitment Objectives Smoothly swap real and shadow across network Eliminate effects of reconvergence due to config changes Easy to swap back February 16, 2009 Yale University 31

Commitment Objectives Smoothly swap real and shadow across network Eliminate effects of reconvergence due Commitment Objectives Smoothly swap real and shadow across network Eliminate effects of reconvergence due to config changes Easy to swap back Issue Packet marked with shadow bit 0 = Real, 1 = Shadow bit determines which FIB to use Routers swap FIBs asynchronously Inconsistent FIBs applied on the path February 16, 2009 Yale University 32

Commitment Protocol Idea: Use tags to achieve consistency Temporary identifiers Basic algorithm has 4 Commitment Protocol Idea: Use tags to achieve consistency Temporary identifiers Basic algorithm has 4 phases February 16, 2009 Yale University 33

Commitment Protocol Idea: Use tags to achieve consistency Temporary identifiers Basic algorithm has 4 Commitment Protocol Idea: Use tags to achieve consistency Temporary identifiers Basic algorithm has 4 phases Distribute tags for each config C-old for current real config C-new for current shadow config 0: C-old 1: C-new 0 0 1 0 1 1 0 February 16, 2009 Yale University 34

Commitment Protocol Idea: Use tags to achieve consistency Temporary identifiers Basic algorithm has 4 Commitment Protocol Idea: Use tags to achieve consistency Temporary identifiers Basic algorithm has 4 phases Distribute tags for each config C-old for current real config C-new for current shadow config C-old 0 Routers mark packets with tags Packets forwarded according to tags C-old C-new 0 1 C-new C-old February 16, 2009 Yale University C-old C-new 0 1 C-old C-new 35

Commitment Protocol Idea: Use tags to achieve consistency Temporary identifiers Basic algorithm has 4 Commitment Protocol Idea: Use tags to achieve consistency Temporary identifiers Basic algorithm has 4 phases Distribute tags for each config 0: C-new 1: C-old Routers mark packets with tags C-old for current real config C-new for current shadow config Packets forwarded according to tags Swap configs (tags still valid) C-old 1 C-old C-new 1 0 C-new C-old February 16, 2009 Yale University C-old C-new 1 0 C-old C-new 36

Commitment Protocol Idea: Use tags to achieve consistency Temporary identifiers Basic algorithm has 4 Commitment Protocol Idea: Use tags to achieve consistency Temporary identifiers Basic algorithm has 4 phases Distribute tags for each config 1 Routers mark packets with tags C-old for current real config C-new for current shadow config Packets forwarded according to tags Swap configs (tags still valid) Remove tags from packets 1 0 0 Resume use of shadow bit February 16, 2009 Yale University 37

Commitment Protocol Idea: Use tags to achieve consistency Temporary identifiers Basic algorithm has 4 Commitment Protocol Idea: Use tags to achieve consistency Temporary identifiers Basic algorithm has 4 phases Distribute tags for each config 1 Routers mark packets with tags C-old for current real config C-new for current shadow config Packets forwarded according to tags Swap configs (tags still valid) Remove tags from packets 1 0 0 Resume use of shadow bit February 16, 2009 Yale University 38

Transient States Definition: State in which some packets use C-old and others use C-new. Transient States Definition: State in which some packets use C-old and others use C-new. C-old February 16, 2009 C-new Transient State Yale University C-new 39

Transient States Definition: State in which some packets use C-old and others use C-new. Transient States Definition: State in which some packets use C-old and others use C-new. C-old C-new February 16, 2009 Yale University 40

Transient States Definition: State in which some packets use C-old and others use C-new. Transient States Definition: State in which some packets use C-old and others use C-new. C-old C-new C-old Possible overutilization! Should be short-lived, even with errors February 16, 2009 Yale University 41

Error Recovery During Swap If ACK missing from at least one router, two cases: Error Recovery During Swap If ACK missing from at least one router, two cases: (a) Router completed SWAP but ACK not sent (b) Router did not complete SWAP Transient State C-new C-old February 16, 2009 Yale University 42

Error Recovery During Swap If ACK missing from at least one router, two cases: Error Recovery During Swap If ACK missing from at least one router, two cases: (a) Router completed SWAP but ACK not sent (b) Router did not complete SWAP Transient State Detect (b) and rollback quickly Querying router directly may be impossible C-new C-old February 16, 2009 Yale University 43

Error Recovery During Swap If ACK missing from at least one router, two cases: Error Recovery During Swap If ACK missing from at least one router, two cases: (a) Router completed SWAP but ACK not sent (b) Router did not complete SWAP Transient State Detect (b) and rollback quickly Querying router directly may be impossible Solution: Ask neighboring routers C-new C-old Do you see C-old data packets? February 16, 2009 If YES: Case (b): rollback other routers Otherwise, Case (a): no transient state Yale University 44

Roadmap Motivation and Overview System Basics and Usage System Components Design and Architecture Performance Roadmap Motivation and Overview System Basics and Usage System Components Design and Architecture Performance Testing Transaction Support Implementation and Evaluation February 16, 2009 Yale University 45

Implementation Kernel-level (based on Linux 2. 6. 22. 9) Tools TCP/IP stack support FIB Implementation Kernel-level (based on Linux 2. 6. 22. 9) Tools TCP/IP stack support FIB management Commitment hooks Packet cancellation Transparent software router support (Quagga + XORP) Full commitment protocol Configuration UI (command-line based) Evaluated on Emulab (3 Ghz HT CPUs) February 16, 2009 Yale University 46

Static FIB 300 B pkts No route caching Static FIB 300 B pkts Static FIB 300 B pkts No route caching Static FIB 300 B pkts No route caching With FIB updates 300 B pkts @ 100 Mbps 1 -100 updates/sec No route caching February 16, 2009 Yale University 47

Evaluation: Memory Overhead FIB storage overhead for US Tier-1 ISP February 16, 2009 Yale Evaluation: Memory Overhead FIB storage overhead for US Tier-1 ISP February 16, 2009 Yale University 48

Evaluation: Packet Cancellation Accurate streaming throughput measurement Abilene topology Real transit traffic duplicated to Evaluation: Packet Cancellation Accurate streaming throughput measurement Abilene topology Real transit traffic duplicated to shadow Video streaming traffic in shadow February 16, 2009 Yale University 49

Evaluation: Packet Cancellation Limited interaction of real and shadow Intersecting real and shadow flows Evaluation: Packet Cancellation Limited interaction of real and shadow Intersecting real and shadow flows CAIDA traces Vary flow utilizations February 16, 2009 Yale University 50

Evaluation: Packet Cancellation Limited interaction of real and shadow Intersecting real and shadow flows Evaluation: Packet Cancellation Limited interaction of real and shadow Intersecting real and shadow flows CAIDA traces Vary flow utilizations February 16, 2009 Yale University 51

Evaluation: Commitment Applying OSPF link-weight changes Abilene topology with 3 external peers Configs translated Evaluation: Commitment Applying OSPF link-weight changes Abilene topology with 3 external peers Configs translated to Quagga syntax Abilene BGP dumps February 16, 2009 Yale University 52

Evaluation: Commitment Reconvergence in shadow Applying OSPF link-weight changes Abilene topology with 3 external Evaluation: Commitment Reconvergence in shadow Applying OSPF link-weight changes Abilene topology with 3 external peers Configs translated to Quagga syntax Abilene BGP dumps February 16, 2009 Yale University 53

Evaluation: Router Maintenance Temporarily shutdown router Abilene topology with 3 external peers Configs translated Evaluation: Router Maintenance Temporarily shutdown router Abilene topology with 3 external peers Configs translated to Quagga syntax Abilene BGP dumps February 16, 2009 Yale University 54

Evaluation: Router Maintenance 41 ms latency Temporarily shutdown router C-old Abilene topology with 3 Evaluation: Router Maintenance 41 ms latency Temporarily shutdown router C-old Abilene topology with 3 external peers Configs translated to Quagga syntax Abilene BGP dumps February 16, 2009 Yale University C-new 51 ms latency 55

Conclusion and Future Work Shadow configurations is new management primitive Realistic in-network evaluation Network-wide Conclusion and Future Work Shadow configurations is new management primitive Realistic in-network evaluation Network-wide transactional support for configuration Future work Evaluate on carrier-grade installations Automated proactive testing Automated reactive debugging February 16, 2009 Yale University 56

Thank you! February 16, 2009 Yale University 57 Thank you! February 16, 2009 Yale University 57