architecture of dynamic vpns in openflow
play

Architecture of dynamic VPNs in OpenFlow Michiel Appelman - PowerPoint PPT Presentation

Architecture of dynamic VPNs in OpenFlow Michiel Appelman michiel.appelman@os3.nl Supervisor: Rudolf Strijkers rudolf.strijkers@tno.nl 1 Observations Network Management Systems are growing in complexity VPNs used to share network


  1. Architecture of dynamic VPNs in OpenFlow Michiel Appelman michiel.appelman@os3.nl Supervisor: Rudolf Strijkers rudolf.strijkers@tno.nl 1

  2. Observations • Network Management Systems are growing in complexity • VPNs used to share network resources and growing in numbers ➡ complex network management • Growing demand for application specific VPNs • Leading to “Dynamic VPNs” 2

  3. Dynamic VPNs • Requirements: • All VPN features • Automated VPN creation, modification and deletion • Manage member ports • Adapt Paths to Network Resources and DVPN Requirements 3

  4. Problem • To implement DVPNs in the network: • Solve complexity of network management • Allow for granular control over network resources 4

  5. Potential Solution • OpenFlow and SDN • Why the momentum? • State of the art • “Not supported” 5 OSI Reference Model — H. Zimmermann — 1980

  6. Research Questions • Can DVPNs be implemented using contemporary technologies? • Can DVPNs be implemented using OpenFlow? • What are the di ff erences? 6

  7. VPN Service • Provider Provisioned VPN • Layer 2 Ethernet broadcast domain • Transparent to Customer Customer Networks • No exchange of routing info C between provider and customer C CE CE PE PE P C PE CE Provider Network 7

  8. VPN Transport DVPN X DVPN X MAC PORT MAC PORT CE1 1 CE2 1 CE2 ??? CE1 PE1 PDU SA DA Hdr PDU SA DA PDU SA DA CE1 PE1 P PE2 CE2 Hdr PDU SA DA PDU SA DA • VPN “coloring” • Ethernet frame encapsulation 8

  9. VPN Transport • Additional requirements for Carrier DVPN service: • MAC Scalability • Tra ffi c Engineering (TE) • Load Sharing (ECMP) • Operations, Administration and Management (OAM) • Fast Failover • Rate Limiting of DVPN tra ffi c • Rate Limiting of BUM tra ffi c 9

  10. DVPN Provisioning • Base network to provide VPNs • Install routes between PEs • Automated VPN creation, modification and deletion: • Manage member ports • Adapt Paths to Network Resources and DVPN Requirements 10

  11. MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies E-VPN LDP VPLS FRR • Complex configuration MP-BGP RSVP-TE BFD • Requires custom NMS OSPF • Lack of defined API IP Addressing • Fast Failover using RSVP (another label) • E-VPN MAC learning (draft) 11

  12. MPLS Implementation • Provisioning of DVPNs through NMS • Needs topology information to provide paths • Installs paths in RSVP , end-points in VPLS DATA NMS Control Plane VPLS VPLS LDP LDP RSVP RSVP RSVP RSVP MPLS MPLS MPLS MPLS CE PE P P PE CE Forwarding Plane 12

  13. OpenFlow Implementation • SDN Architecture with OpenFlow 1.3 • Abstraction of the network APP APP APP APP • Centralized Applications ??? Northbound • MAC Learning CONTROLLER • Tra ffi c Engineering Southbound OpenFlow • ECMP • Fast Failover.. • MPLS labels • Rate Limiting per Flow 13

  14. OpenFlow Implementation • Provisioning of DVPNs through Applications • Has topology information available • Tra ffi c Engineering Application allows rerouting • Install Paths in all intermediate P’s DATA APPS CONTROLLER Control Plane CE PE P P PE CE Forwarding Plane 14

  15. Research Answers • Can DVPNs be implemented using contemporary technologies? • Yes, but management is complex and lacks control • Can DVPNs be implemented using OpenFlow? • Yes, using MPLS labels and custom applications • What are the di ff erences? 15

  16. Comparison MPLS OpenFlow/SDN Tagging of VPN Tra ffi c VPLS MPLS MAC Scalability yes yes Topology Discovery OSPF centralized Path Provisioning RSVP / LDP centralized Tra ffi c Engineering RSVP centralized ECMP yes yes, using Groups BUM limiting dependent on HW per flow BUM tra ffi c handling flood controller Exchange C-MACs E-VPN (draft) centralized Tra ffi c Rate Limiting dependent on HW per flow Fast Failover FRR and BFD yes, using Groups* OAM LSP Ping centralized 16

  17. MPLS Pro’s Con’s • Known technology • Large protocol stack • No consistent management interface • Complex NMS • E-VPN in draft 17

  18. OpenFlow Pro’s Con’s • Learn from MPLS • No forwarding plane monitoring • MAC Exchange on PEs • No Northbound standard • Rate Limiting per Flow • Reimplement intelligence 18

  19. Conclusion • MPLS lacks in manageability • SDN architecture solves complexity • OpenFlow missing essential carrier function 19

  20. Questions? 20

Recommend


More recommend