Transcript Problems and Solutions in Enterprise Network Control: Motivations for a 4D Architecture David A.

Problems and Solutions in Enterprise
Network Control:
Motivations for a 4D Architecture
David A. Maltz
Microsoft Research
Joint work with
Albert Greenberg, Gisli Hjalmtysson
Andy Myers, Jennifer Rexford, Geoffrey Xie,
Hong Yan, Jibin Zhan, Hui Zhang
1
Isolation, VLANs, and the Spaghetti that Results
• Network designers want to deal in groups
– Collect users/host into group
– Measure, restrict/permit, QoS, a group’s traffic
• Routing designs to do this are horribly
complicated
– VLANs
– Clever IP address assignment
– Packet filters everywhere
Let the designers configure policy in terms of groups
• Shouldn’t have to worry about L2/L3 etc.
2
Device Configuration is a Nightmare
interface Ethernet0
ip address 6.2.5.14 255.255.255.128
interface Serial1/0.5 point-to-point
ip address 6.2.2.85 255.255.255.252
ip access-group 143 in
frame-relay interface-dlci 28
access-list 143 deny 1.1.0.0/16
access-list 143 permit any
route-map 8aTzlvBrbaW deny 10
match ip address 4
route-map 8aTzlvBrbaW permit 20
match ip address 7
ip route 10.2.2.1/16 10.2.1.7
router ospf 64
redistribute connected subnets
redistribute bgp 64780 metric 1 subnets
network 66.251.75.128 0.0.0.127 area 0
router bgp 64780
redistribute ospf 64 match route-map 8aTzlvBrbaW
neighbor 66.253.160.68 remote-as 12762
neighbor 66.253.160.68 distribute-list 4 in
3
Device Configuration is a Nightmare
• Thousands of lines of configuration
• Make a configuration mistake, router becomes
unreachable over the network
Want zero device-specific configuration
4
Network Designers Want “Simple” Things
(But Achieving Them is Incredibly Hard)
Data Center
Infrastructure
Servers
5
Network Designers Want “Simple” Things
(But Achieving Them is Incredibly Hard)
Support customized responses
• Enable designers to express desired
behaviors
6
Embrace Heterogeneity or Die!
• No two router versions have the same capabilities
– That’s why they have different version #s
• Device vendors add features to differentiate their products
– No one wants to be made a commodity
Management/control systems that treat devices as generic
are doomed to be stillborn
• Must make use of new features that vendors innovate
• Common format for configuration state - okay
• One-size-fits all logic computing that state – not okay
7
Good Abstractions Reduce Complexity
Management
Plane
Control
Plane
Data Plane
Configs
FIBs, ACLs
Decision
Plane
FIBs, ACLs Dissemination
Data Plane
All decision making logic lifted out of control plane
• Routers no longer run routing protocols
• Dissemination plane provides robust
communication to/from data plane switches
8
A Clean-Slate Approach: The 4D Architecture
Generating table entries
Decision Plane
Dissemination Plane
Routing Table
Access Control Table
NAT Table
Tunnel Table
Install table entries
Discovery Plane
Data Plane
Modeled
as a set
of tables
9
Using the 4D Architecture
• Install a security key on each device
• Connect them together
• Connect Decision Elements
Example network with
49 switches and 5 DEs
10
Does it work? Yes.
• 4D designed so performance can be predicted
• Recovers from single link failure in < 120 ms
– < 1 s response considered “excellent”
– Faster forwarding reconvergence possible
• Survives failure of master Decision Element
– New DE takes control within 170 ms
– No disruption unless second fault occurs
• Gracefully handles complete network partitions
– Less than 170 ms of outage
– At no point did two DEs attempt to master the same
switch
11
4D Enables Customized Decision Logic
• Example also illustrates the 4D controlling both L2
and L3 (Ethernet and IP)
12
Tying the Hosts and Users Back Into the Network
• 4D gets us back to every Ethernet jack on the wall
is the same
– Now how to differentiate them based on what
user/hosts connects?
Extend 4D into the hosts (a little bit)
• 4D creates paths between newly connected hosts
and authentication server (DHCP/DC/BRAS)
• Hosts bootstrap, users login
• Discovery Plane finds the new host
• Routes pushed to switches
• DNS/printer/IPSEC policies/etc pushed to host
13
4D as the Framework for Network Control (?)
• Decision Plane must be modular/extensible
– Isolation: each group specifies the decision logic used
to control traffic among the group
– Device heterogeneity: vendor ships decision logic that
leverages their cool new feature along with the router
Grand Vision: 4D must arbitrate access to resources
• Different decision logics may output conflicting state
• The operating system for the network
Step 1: 4D is the easiest framework in which to implement
cool routing/control ideas
• What Click did for routers, 4D should do for the network
14
Backup Slides
15
16
17
Simple Questions
• Should switches/routers be in the same address
space as end hosts?
– End hosts hack into routers?
• Communication channel for control and
management
– Operational when data channel fails?
18
Routers Serve Different Functions
19