architecture of dynamic vpns in openflow
play

Architecture of dynamic VPNs in OpenFlow Michiel Appelman - PowerPoint PPT Presentation

Aug 15, 2022 •165 likes •375 views

Architecture of dynamic VPNs in OpenFlow Michiel Appelman michiel.appelman@os3.nl Supervisor: Rudolf Strijkers rudolf.strijkers@tno.nl 1 Observations Network Management Systems are growing in complexity VPNs used to share network

  1. Architecture of dynamic VPNs in OpenFlow Michiel Appelman michiel.appelman@os3.nl Supervisor: Rudolf Strijkers rudolf.strijkers@tno.nl 1

  2. Observations • Network Management Systems are growing in complexity • VPNs used to share network resources and growing in numbers ➡ complex network management • Growing demand for application specific VPNs • Leading to “Dynamic VPNs” 2

  3. Dynamic VPNs • Requirements: • All VPN features • Automated VPN creation, modification and deletion • Manage member ports • Adapt Paths to Network Resources and DVPN Requirements 3

  4. Problem • To implement DVPNs in the network: • Solve complexity of network management • Allow for granular control over network resources 4

  5. Potential Solution • OpenFlow and SDN • Why the momentum? • State of the art • “Not supported” 5 OSI Reference Model — H. Zimmermann — 1980

  6. Research Questions • Can DVPNs be implemented using contemporary technologies? • Can DVPNs be implemented using OpenFlow? • What are the di ff erences? 6

  7. VPN Service • Provider Provisioned VPN • Layer 2 Ethernet broadcast domain • Transparent to Customer Customer Networks • No exchange of routing info C between provider and customer C CE CE PE PE P C PE CE Provider Network 7

  8. VPN Transport DVPN X DVPN X MAC PORT MAC PORT CE1 1 CE2 1 CE2 ??? CE1 PE1 PDU SA DA Hdr PDU SA DA PDU SA DA CE1 PE1 P PE2 CE2 Hdr PDU SA DA PDU SA DA • VPN “coloring” • Ethernet frame encapsulation 8

  9. VPN Transport • Additional requirements for Carrier DVPN service: • MAC Scalability • Tra ffi c Engineering (TE) • Load Sharing (ECMP) • Operations, Administration and Management (OAM) • Fast Failover • Rate Limiting of DVPN tra ffi c • Rate Limiting of BUM tra ffi c 9

  10. DVPN Provisioning • Base network to provide VPNs • Install routes between PEs • Automated VPN creation, modification and deletion: • Manage member ports • Adapt Paths to Network Resources and DVPN Requirements 10

  11. MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies E-VPN LDP VPLS FRR • Complex configuration MP-BGP RSVP-TE BFD • Requires custom NMS OSPF • Lack of defined API IP Addressing • Fast Failover using RSVP (another label) • E-VPN MAC learning (draft) 11

  12. MPLS Implementation • Provisioning of DVPNs through NMS • Needs topology information to provide paths • Installs paths in RSVP , end-points in VPLS DATA NMS Control Plane VPLS VPLS LDP LDP RSVP RSVP RSVP RSVP MPLS MPLS MPLS MPLS CE PE P P PE CE Forwarding Plane 12

  13. OpenFlow Implementation • SDN Architecture with OpenFlow 1.3 • Abstraction of the network APP APP APP APP • Centralized Applications ??? Northbound • MAC Learning CONTROLLER • Tra ffi c Engineering Southbound OpenFlow • ECMP • Fast Failover.. • MPLS labels • Rate Limiting per Flow 13

  14. OpenFlow Implementation • Provisioning of DVPNs through Applications • Has topology information available • Tra ffi c Engineering Application allows rerouting • Install Paths in all intermediate P’s DATA APPS CONTROLLER Control Plane CE PE P P PE CE Forwarding Plane 14

  15. Research Answers • Can DVPNs be implemented using contemporary technologies? • Yes, but management is complex and lacks control • Can DVPNs be implemented using OpenFlow? • Yes, using MPLS labels and custom applications • What are the di ff erences? 15

  16. Comparison MPLS OpenFlow/SDN Tagging of VPN Tra ffi c VPLS MPLS MAC Scalability yes yes Topology Discovery OSPF centralized Path Provisioning RSVP / LDP centralized Tra ffi c Engineering RSVP centralized ECMP yes yes, using Groups BUM limiting dependent on HW per flow BUM tra ffi c handling flood controller Exchange C-MACs E-VPN (draft) centralized Tra ffi c Rate Limiting dependent on HW per flow Fast Failover FRR and BFD yes, using Groups* OAM LSP Ping centralized 16

  17. MPLS Pro’s Con’s • Known technology • Large protocol stack • No consistent management interface • Complex NMS • E-VPN in draft 17

  18. OpenFlow Pro’s Con’s • Learn from MPLS • No forwarding plane monitoring • MAC Exchange on PEs • No Northbound standard • Rate Limiting per Flow • Reimplement intelligence 18

  19. Conclusion • MPLS lacks in manageability • SDN architecture solves complexity • OpenFlow missing essential carrier function 19

  20. Questions? 20

Recommend

UNINETT OpenFlow testbed UNINETT OpenFlow testbed Terena Network Architecture Workshop,

UNINETT OpenFlow testbed UNINETT OpenFlow testbed Terena Network Architecture Workshop,

UNINETT OpenFlow testbed UNINETT OpenFlow testbed Terena Network Architecture Workshop, 13-14/11-2013 Terena Network Architecture Workshop, 13-14/11-2013 Olav Kvittem, Martin Osmundsvg, Otto Wittner, Gurvinder Singh UNINETT Aryan

366 views • 7 slides
Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC can be used with VPNs Identify areas where extensions to IPSEC could be useful Bryan Gleeson, Page-1 VPN Reference Model CE CE PE

352 views • 9 slides
OpenFlow and Software Defjned Networks Outline o The history of OpenFlow o What is OpenFlow? o

OpenFlow and Software Defjned Networks Outline o The history of OpenFlow o What is OpenFlow? o

OpenFlow and Software Defjned Networks Outline o The history of OpenFlow o What is OpenFlow? o Slicing OpenFlow networks o Software Defjned Networks o Industry interest Original Question How can researchers on college campuses test out new

718 views • 35 slides
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to Provide Security Monitoring as a Service in Clouds?) Seungwon Shin Guofei Gu SUCCESS Lab SUCCESS Lab Texas A&M University Texas A&M

314 views • 6 slides
Dynamic agent architecture for Dynamic agent architecture for open e- -commerce commerce open

Dynamic agent architecture for Dynamic agent architecture for open e- -commerce commerce open

Dynamic agent architecture for Dynamic agent architecture for open e- -commerce commerce open e Universit de Montral Nader Troudi ntroudi@newtrade.com & Peter Kropf kropf@IRO.UMontreal.ca 05/02/2003 AgentCities ID3 Plan

352 views • 21 slides
Flexible NFV WAN interconnections with Neutron BGP VPN Thomas Morin Orange OpenStack Summit,

Flexible NFV WAN interconnections with Neutron BGP VPN Thomas Morin Orange OpenStack Summit,

Flexible NFV WAN interconnections with Neutron BGP VPN Thomas Morin Orange OpenStack Summit, May 2018, Vancouver BC 2 Agenda BGP VPNs as a key building block for Telcos 1-slide reminder on BGP VPNs Why we like dynamic routing in

650 views • 17 slides
TouSIX First OpenFlow European IXP Marc Bruyre, CNRS 2 TouSIX First OpenFlow European IXP

TouSIX First OpenFlow European IXP Marc Bruyre, CNRS 2 TouSIX First OpenFlow European IXP

TouSIX First OpenFlow European IXP Marc Bruyre, CNRS 2 TouSIX First OpenFlow European IXP What is an IXP ? Today IXP switching fabric Operator-oriented OpenFlow IXP fabric The Toulouse IXP : TouIX Migrating TouIX in TouSIX TouSIX-Manager

850 views • 41 slides
Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes

Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes

Dynamic IPv6 Prefix Problems and VPNs Johannes Weber Webernetz.net Network Security Consulting #whoami: Johannes Weber Network Security Consultant @ TV Rheinland i-sec GmbH Firewall VPN/Crypto Routing/Switching Mail

453 views • 30 slides
Applying F(I)MEA Technique for SDN/OpenFlow Security Analysis Green Kim greenkim@konkuk.ac.kr

Applying F(I)MEA Technique for SDN/OpenFlow Security Analysis Green Kim greenkim@konkuk.ac.kr

Applying F(I)MEA Technique for SDN/OpenFlow Security Analysis Green Kim greenkim@konkuk.ac.kr Contents 1. Introduction 1.1 Motivation 1.2 Related Works Analysis 1.2.1 OpenFlow: A Security Analysis 1.2.2 OpenFlow Vulnerability Assessment

345 views • 30 slides
Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations

Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations

Virtual Private Networking Outline Introduction Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations Encryption November 25 - 2004 Future of VPNs VPN - Definition a way to provide

595 views • 11 slides
Networking and OpenFlow Jeffrey Dalla Tezza and Nate Schloss Agenda What is SDN SDN Today

Networking and OpenFlow Jeffrey Dalla Tezza and Nate Schloss Agenda What is SDN SDN Today

Software Defined Networking and OpenFlow Jeffrey Dalla Tezza and Nate Schloss Agenda What is SDN SDN Today What is OpenFlow Why OpenFlow Whats next for SDN Our OpenFlow Demonstration Software Defined Networking

274 views • 26 slides
SSL VPNs: An IETF Perspective IETF 72, Dublin Paul Hoffman, VPNC Overview Why this might be

SSL VPNs: An IETF Perspective IETF 72, Dublin Paul Hoffman, VPNC Overview Why this might be

SSL VPNs: An IETF Perspective IETF 72, Dublin Paul Hoffman, VPNC Overview Why this might be interesting Intro to SSL VPN technologies Where SSL VPNs use IETF technologies, and where they make up their own Some lessons learned

436 views • 14 slides
Requ quirement ments for or Requ quirement ments for or Mult ulticas icast in L3 VPNs

Requ quirement ments for or Requ quirement ments for or Mult ulticas icast in L3 VPNs

IETF 64 th 2005-11-10 Vancouver Requ quirement ments for or Requ quirement ments for or Mult ulticas icast in L3 VPNs Mult ulticas icast in L3 VPNs draft-ietf-l3vpn-ppvpn-mcast-reqts-02 Thomas Morin (France Telecom) Renaud Moignard

423 views • 15 slides
Optimizing Rules Placement in OpenFlow networks: Trading routing for better efficiency NGUYEN

Optimizing Rules Placement in OpenFlow networks: Trading routing for better efficiency NGUYEN

Optimizing Rules Placement in OpenFlow networks: Trading routing for better efficiency NGUYEN Xuan-Nam , Damien Saucez, Chadi Barakat, Thierry Turletti DIANA INRIA Sophia Antipolis, France Motivation Today With SDN/OpenFlow Manual

394 views • 6 slides
OpenFlow Workshop APAN FIT Workshop Hong Kong APAN FIT Workshop Hong Kong Chris Small

OpenFlow Workshop APAN FIT Workshop Hong Kong APAN FIT Workshop Hong Kong Chris Small

OpenFlow Workshop APAN FIT Workshop Hong Kong APAN FIT Workshop Hong Kong Chris Small Indiana University Feb 22 2011 Sections Sections OpenFlow concepts, hardware and software l h d d f OpenFlow use cases Network Operators

910 views • 73 slides
The Beacon OpenFlow Controller www.beaconcontroller.net David Erickson Stanford Motivation

The Beacon OpenFlow Controller www.beaconcontroller.net David Erickson Stanford Motivation

The Beacon OpenFlow Controller www.beaconcontroller.net David Erickson Stanford Motivation Back to circa 2008-2009 The OpenFlow controller world == NOX Single threaded event based C++ with SWIG glue to Python Python apps C++

513 views • 18 slides
OpenFlow Campus Trials GEC7 Stanford University Continued progress Increasing provider

OpenFlow Campus Trials GEC7 Stanford University Continued progress Increasing provider

OpenFlow Campus Trials GEC7 Stanford University Continued progress Increasing provider OpenFlow 1.0 interest and engagement Spec released in Dec 2009 Google, Amazon, Yahoo, Reference implementations Microsoft, and

656 views • 26 slides
HyperFlow A Distributed Control Plane for OpenFlow Amin Tootoonchian Yashar Ganjali System and

HyperFlow A Distributed Control Plane for OpenFlow Amin Tootoonchian Yashar Ganjali System and

HyperFlow A Distributed Control Plane for OpenFlow Amin Tootoonchian Yashar Ganjali System and Networking Group Department of Computer Science University of Toronto Brief Overview of OpenFlow Root cause of network mgmt. & control

659 views • 14 slides
Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison , Matthew L.

Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison , Matthew L.

Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison , Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker PRESTO 2010, Philadelphia, PA 11.28.2010 Background OpenFlow/NOX allowed us to take back

858 views • 21 slides
Overview Distributed Services for Distributed VPNs Objectives for Robust Time

Overview Distributed Services for Distributed VPNs Objectives for Robust Time

Michael Rossberg, Rene Golembewski, Guenter Schaefer Ilmenau University of Technology, Germany ICCCN 2012 Attack-Resistant Distributed Time Synchronization for Virtual Private Networks Overview Distributed Services for Distributed VPNs

212 views • 9 slides
OFELIA Pan European OpenFlow Testbed OFELIA Pan European OpenFlow Testbed Hagen Woesner

OFELIA Pan European OpenFlow Testbed OFELIA Pan European OpenFlow Testbed Hagen Woesner

OFELIA Pan European OpenFlow Testbed OFELIA Pan European OpenFlow Testbed Hagen Woesner EICT GmbH Coordinator, OFELIA project APAN meeting 32st New Delhi APAN meeting 32st New Delhi (Future Internet Testbed Workshop) Agenda Future Internet

416 views • 18 slides
Deeply Programmable Network (DPN) and Advanced Network Virtualization Aki Nakao The University

Deeply Programmable Network (DPN) and Advanced Network Virtualization Aki Nakao The University

Deeply Programmable Network (DPN) and Advanced Network Virtualization Aki Nakao The University of Tokyo 2012/11/27 1 OpenFlow SDN OpenFlow Controller Fixed Data Plane Fixed Control Plane (OpenFlow API) Flow Pattern Match

626 views • 23 slides
Virtual Topologies for Service Chaining in BGP IP MPLS VPNs

Virtual Topologies for Service Chaining in BGP IP MPLS VPNs

Virtual Topologies for Service Chaining in BGP IP MPLS VPNs (dra?-rfernando-l3vpn-service-chaning-03) Dhananjaya Rao Rex Fernando Luyuan Fang

353 views • 8 slides
An Energy-Efficient Near/Sub-Threshold FPGA Interconnect Architecture Using Dynamic Voltage

An Energy-Efficient Near/Sub-Threshold FPGA Interconnect Architecture Using Dynamic Voltage

An Energy-Efficient Near/Sub-Threshold FPGA Interconnect Architecture Using Dynamic Voltage Scaling and Power-Gating He Qi, Oluseyi Ayorinde, and Benton H. Calhoun Charles L. Brown Department of Electrical and Computer Engineering University of

711 views • 20 slides

More recommend