SDN Abstractions

The Future of Networking,and the Past of ProtocolsScott Shenkerwith Martin Casado, TeemuKoponen, Nick McKeown(and many others….)

Developments in Network “Management”2004: Early work on new management paradigmsRCP, 4D, SANE, Ethane,…..2008: Software-Defined Networking (SDN)NOX Network Operating SystemOpenFlow switch interface2011: Open Networking FoundationOver 30 companies endorsing SDNBoard: Google, Yahoo!, Verizon, DT, Microsoft, FacebookMembers: Cisco, Juniper, HP, Dell, Broadcom, IBM,…..

Software-Defined Networking (SDN)Not just an idle academic daydreamTapped into some strong market needOne of those rare cases where we “know the future”Still in development, but consensus on inevitabilityMuch more to story than “OpenFlow” trade rag hypeA revolutionary paradigm shift in the network control planeThis talk will “derive” SDN from first principlesBy looking for key network control abstractions

I Will Address Two SDN QuestionsWhy is SDN the right choice for future networks?Obviously efficiency, scalability, security, functionality… Not directly.What are the fundamental aspects of SDN?Obviously OpenFlow… No, quite the opposite.

But Talk Is Not Primarily About SDNMain focus is on:The Role of Abstractionsin Networking

Weaving Together Three ThemesNetworking currently built on weak foundationLack of fundamental abstractionsNetwork control plane needs three abstractionsLeads to SDN v1 and v2Key abstractions solve other architecture problemsTwo simple abstractions make architectures evolvable

WeakIntellectualFoundationsOS courses teach fundamental principles Mutual exclusion and other synchronization primitivesFiles, file systems, threads, and other building blocks Networking courses teach a big bag of protocolsNo formal principles, just vague design guidelines

WeakPracticalFoundationsComputation and storage have been virtualizedCreating a more flexible and manageable infrastructureNetworks are still notoriously hard to manageNetwork administrators large share of sysadmin staff

WeakEvolutionaryFoundationsOngoing innovation in systems softwareNew languages, operating systems, etc.Networks are stuck in the pastRouting algorithms change very slowlyNetwork management extremely primitive

Why Are Networking Foundations Weak?Networks used to be simpleBasic Ethernet/IP straightforward, easy to manageNew control requirements have led to complexityACLs, VLANs, TE, Middleboxes, DPI,…The infrastructure still works...Only because of our great ability to master complexityAbility to master complexity both blessing and curse

A Story About Mastering Complexity~1985: Don Norman visits Xerox PARC At start of his talk on UI design he asks:“Who in the audience drives a stick shift”After most of the audience raises their hands, he looks sternly out over the crowd and says: “None of you should ever design a user interface

Two Points to StoryHis point: The ability to master complexity is not the same as the ability to extract simplicityWhen first getting system to work, focus on formerWhen making system easy to use, focus on latterMy point: Networking has never made the transition!

How Programming Made the TransitionMachine languages: no abstractionsHad to deal with low-level detailsHigher-level languages: OS and other abstractionsFile system, virtual memory, abstract data types, ...Modern languages: even more abstractionsObject orientation, garbage collection,...Abstractions simplify programmingEasier to write, maintain, reason about programs

Why Are Abstractions/Interfaces Useful?Interfaces are instantiations of abstractionsInterface shields a program’s implementation detailsAllows freedom of implementation on both sidesWhich leads to modular program structureBarbara Liskov: “Power of Abstractions” talk“Modularity based on abstraction is the way things get done”So, what role do abstractions play in networking?

Layers are Main Network AbstractionsLayers provide nice data plane service abstractionsIP's best effort deliveryTCP's reliable byte-streamAside: good abstractions, terrible interfacesDon’t sufficiently hide implementation detailsMain Point: Nocontrolplane abstractionsNo sophisticated management/control building blocks

No Abstractions = Increased ComplexityEach control requirement leads to new mechanismTRILL, LISP, etc.We are really good at designing mechanismsSo we never tried to make life easier for ourselvesAnd so networks continue to grow more complexBut this is an unwise course:Mastering complexity cannot be our only focusBecause it helps in short term, but harms in long termWe must shift our attention from mastering complexity to extracting simplicity….

Three Basic Themes of TalkNetworking currently built on weak foundationLack of fundamental abstractionsNetwork control plane needs three abstractionsLeads to SDN v1 and v2Key abstractions solve other architecture problemsTwo simple abstractions make architectures evolvable

How Do We Build Control Plane?We define a new protocol from scratchE.g., routingOr we reconfigure an existing mechanismE.g., traffic engineeringOr leave it for manual operator configurationE.g., access control, middleboxes

What Are The Design Constraints?Operate within the confines of a given datapathMust live with the capabilities of IPOperate without communication guaranteesA distributed system with arbitrary delays and dropsCompute the configuration of each physical deviceSwitch, router, middleboxFIB, ACLs, etc.This is insanity!

Programming AnalogyWhat if programmers had to:Specify where each bit was storedExplicitly deal with all internal communication errorsWithin a programming language with limited expressabilityProgrammers would redefine problem by:Defining higher level abstractions for memoryBuilding on reliable communication primitivesUsing a more general languageAbstractions divide problem into tractable piecesWhy aren’t we doing this for network control?

Central QuestionWhat abstractions can simplify the control plane?i.e., how do we separate the problems?Not about designing new mechanisms!We have all the mechanisms we needExtracting simplicity vs mastering complexitySeparating problems vs solving problemsDefining abstractions vs designing mechanisms

Abstractions Must Separate 3 ProblemsConstrained forwarding modelDistributed stateDetailed configuration

Forwarding AbstractionControl plane needs flexible forwarding modelWith behavior specified by control programThis abstracts away forwarding hardwareCrucial for evolving beyond vendor-specific solutionsFlexibility and vendor-neutrality are both valuableBut one economic, the other architecturalPossibilities:General x86 program, MPLS, OpenFlow,…..Different flexibility/performance/deployment tradeoffs

State Distribution AbstractionControl program should not have to deal with vagaries of distributed stateComplicated, source of many errorsAbstraction should hide state dissemination/collectionProposed abstraction: global network viewDon’t worry about how to get that view (next slide)Control program operates on network viewInput: global network view (graph)Output: configuration of each network device

Network Operating System (NOS)NOS: distributed system that creates a network viewRuns on servers (controllers) in the networkCommunicates with forwarding elements in networkGets state information from forwarding elementsCommunicates control directives to forwarding elementsUsing forwarding abstractionControl program operates on view of networkControl program is not a distributed systemNOS plus Forwarding Abstraction = SDN (v1)

Current NetworksSoftware-Defined Networking (v1)ProtocolsProtocolsControl ProgramGlobal Network ViewNetwork Operating SystemControl via forwarding interface

Major Change in ParadigmNo longer designing distributed control protocolsNow just defining a centralized control functionControl program: Configuration= Function(view)Why is this an advance?Much easier to write, verify, maintain, reason about, ….NOS handles all state dissemination/collectionAbstraction breaks this off as tractable pieceServes as fundamental building block for control

WhatAboutConsistency?NOS must achieve eventual consistencyView eventually consistent with real networkThe configuration is therefore eventually correctSimple function of viewWhat about transient conditions?Hard to ensure good transient behavior with protocolsMuch easier with NOSWhat about distributed NOS (multiple controllers)?Need to split up decisions among controllers sensibly

Why Does This Approach Scale?Modification of Control ProgramStrong Consistency0 - 10/sPer Network EventEventual Consistency101 – 103/sPer FlowNo Consistency 103 – 106/sPer PacketNo Consistency106 – 108/s

Is Performance Good Enough?Architect for simplicity, engineer for performanceMany engineering tricks can help SDN performanceCaching stateBackup paths…..Don’t overly restrict vision of SDNKey SDN principle: configuration derived from global state“Configuration” can include more general device behaviorsSDN ≠ OpenFlow

What Role Does OpenFlow Play?NOS conveys configuration of global network view to actual physical devicesBut nothing in this picture limits what the meaning of “configuration” isOpenFlow is one possible definition of how to model the configuration of a physical deviceIs it the right one? Absolutely not.Crucial for vendor-independenceBut not the right abstraction (yet)

Alternative SDN ImplementationLinecard forwarding model: (per packet behavior)Supports OpenFlow plus x86 (and perhaps GPU)Switch configuration model: (management CPU)Supports JVM (controller can download code)NOS distributed state model: Key-value storeMerely an illustration of a richer form of SDNEnables features to emerge in software, migrate to HW

Are We Done Yet?This approach requires control program (or operator) to configure each individual network deviceThis is much more complicated than it should be!NOS eases implementation of functionalityBut does not help specification of functionality!We need a specification abstraction

Specification AbstractionGive control program abstract view of networkWhere abstract view is function of global viewThen, control program is abstract mappingAbstract configuration = Function(abstract view) Model just enough detail to specify goalsDon’t provide information needed to implement goals

One Simple Example: Access ControlAbstract NetworkViewFull Network View

More Detailed ModelService model can generally be described by a table pipelinePacket InPacket OutL2L3ACL

Implementing Specification AbstractionGiven: Abstract Table PipelineL3ACLL2Network Hypervisor (Nypervisor)Compiles abstract pipeline into physical configurationNeed: pipeline operations distributed over network of physical switches

Two ExamplesScale-out router:Abstract view is single routerPhysical network is collection of interconnected switchesNypervisor allows routers to “scale out, not up”Multi-tenant networks:Each tenant has control over their “private” networkNypervisor compiles all of these individual control requests into a single physical configuration“Network Virtualization”

Abstract Network ViewNypervisorControl ProgramGlobal Network ViewNetwork Operating SystemMoving from SDNv1 to SDNv2

Clean Separation of ConcernsNetwork control program specifies the behavior it wants on the abstract network viewControl program: maps behavior to abstract viewAbstract model should be chosen so that this is easyNypervisor maps the controls expressed on the abstract view into configuration of the global viewNypervisor: abstract model to global viewModels such as single cross-bar, single “slice”,…NOS distributes configuration to physical switchesNOS: global view to physical switches

Three Basic Network InterfacesForwarding interface: abstract forwarding modelShields higher layers from forwarding hardwareDistribution interface: global network viewShields higher layers from state dissemination/collectionSpecification interface: abstract network viewShields control program from details of physical network

More General Use of AbstractionsSo far, focus was on network “management”Operator control within a single domainIgnores host and interdomain issuesDid not address basic network “architecture”Naming, addressing, interdomain routing, security,…What abstractions describe Internet architecture?Too general a question….How can abstractions help clean-slate redesign?

What is Goal for Architectural Redesign?A more functional architecture?Pro: We know how to improve security, reliability, etc.Con: Design will be fixed for a generationLike today’s architectureA more evolvable architecture!Pro: Allows functionality to evolve over timeCon: We don’t know how to build oneMuch talk about architectural evolution, no progressTwo simple abstractions sufficient to solve problem

Why Is Current Architecture Rigid?IP is central component of architectureIP is embedded in interdomain routingAnd interdomain routing is hard to changeIP is embedded in applications (via API)And hard to change all applicationsTherefore, very hard to change IP!

The Current InternetApplicationNetwork StackArchitecture is very rigidIPDomainBGPRest of Internet

Insert Two Architectural AbstractionsClean IDR interface:No leakage of intradomain routing across interfaceFlexible route computationClean network API (netAPI)No leakage of network architecture across interfaceFlexible interface semanticsArchitecture is then evolvable!By making both interfaces abstract and extensible!

A More Evolvable InternetApplicationnetAPIExtensible and AbstractNetwork StackNetwork stack and domain have complete freedom to innovateArchitecture is very rigidIPDomainBGPExtensible and AbstractIDRRest of Internet

Two Abstractions EvolvabilityDomains can independently adopt new protocolsIPv6, AIP, and other network-level protocolsNo need for interdomain agreements on L3New naming systems, APIs can be introducedDONA, CCN, and other data-oriented architecturesNo need to change existing applicationsNew forms of QoS and other path servicesNo need to change interdomain routing

Evolvabilityvs FunctionalityThe IDR/netAPI abstractions help evolvabilitySpecific architectures need functionality abstractionsSockets vsPubSubDelivery models….Once we fix evolution, we can then take our time to get these other abstractions right!

End of Three Themes, Back to SDNSDN not about new mechanisms; can use currentForwarding primitives (e.g., MPLS)State distribution primitives (e.g., flooding as in OSPF)Operator control programs (e.g., BGP on scale-out router)SDN is all about modularityGiving networking the benefits of modular programmingCan reliably build more complicated functionalityNo more designing distributed control protocolsMerely define control programs over abstract modelGiven abstract network, what behavior do you want?

Control Plane Research AgendaCreate three modular, tractable piecesNypervisorNetwork Operating SystemDesign and implement forwarding modelBuild control programs over abstract modelsIdentify appropriate models for various applicationsVirtualization, Access Control, TE, Routing,…

Implementations vs AbstractionsSDN is an instantiation of fundamental abstractionsDon’t get distracted by the mechanismsThe abstractions were needed to separate concernsNetwork challenges are now modular and tractableThe abstractions are fundamentalSDN implementations are ephemeralOpenFlow/NOX/etc. particular implementations

Future of Networking, Past of ProtocolsThe future of networking lies in cleaner abstractionsNot in defining complicated distributed protocolsSDN is only the beginning of needed abstractionsTook OS researchers years to find their abstractionsFirst they made it work, then they made it simpleNetworks work, but they are definitely not simpleIt is now networking’s turn to make this transitionOur task: make networking a mature disciplineBy extracting simplicity from the sea of complexity…

SDN Abstractions

More Related Content

What's hot(20)

Viewers also liked(20)

Similar to SDN Abstractions(20)

Recently uploaded(20)

SDN Abstractions

Editor's Notes