Concise Encoding of Flow Attributes in SDN Switches Robert MacDavid - PowerPoint PPT Presentation

Concise Encoding of Flow Attributes in SDN Switches Robert MacDavid *, Rüdiger Birkner † , Ori Rottenstreich*, Arpit Gupta*, Nick Feamster*, Jennifer Rexford* *Princeton University, † ETH Zürich

Motivation Incoming Flows Classifier Switches 2

Motivation - Load Balancing 3

Motivation - Load Balancing LB Class 1 3

Motivation - Load Balancing LB Class 2 LB Class 1 3

Motivation - Quick Failover 4

Motivation - Quick Failover Backup Path Preferred Path 4

Motivation - Quick Failover Backup Path Preferred Path 4

Motivation - Quick Failover Backup Path Backup Path 4

Motivation - Service Chaining 5

Motivation - Service Chaining 5

Motivation - Service Chaining 5

Motivation - Service Chaining 5

Motivation - Access Control 6

Motivation - Access Control 6

Motivation - Access Control 6

Motivation - Access Control 6

Motivation - Access Control 6

Motivation - Access Control ? ? 6

Tagging Applications Existing Tag Conveyed Application Tag Field Solution By IP Fragment Service Chaining FlowTags First Middlebox Field Policy IP Source Alpaca DHCP Enforcement Address Destination SDN-Enabled IXP iSDX ARP MAC 7

Example: Service Chaining Path Tag A,C 00 A,D 01 B,C 10 B,D 11 C A n 3 n 1 n 2 Edge D B Switch 8

Example: Service Chaining Path Tag A,C 00 Exact-Match Rules A,D 01 00 → C 00 → A B,C 10 01 → D 01 → A 10 → C 10 → B B,D 11 11 → D 11 → B C A n 3 n 1 n 2 Edge D B Switch 8

Example: Service Chaining Path Tag A,C 00 A,D 01 Wildcard-Match Rules B,C 10 *0 → C 0* → A B,D 11 *1 → D 1* → B C A n 3 n 1 n 2 Edge D B Switch 8

Attribute-Encoding Tags Switch actions often depend on one attribute If ( C in Tag): goTo C If ( A in Tag): If ( D in Tag): goTo A goTo D If ( B in Tag): goTo B A C n 3 n 1 n 2 D B 9

Tagging Applications Typical Application Attributes Attribute Space Size Service Chaining Middleboxes O(10) Host Policy Enforcement O(100) Permissions Advertising SDN-Enabled IXP O(1000) Peers 10

Attribute-Encoding Tags Any tagging problem is composed of two parts: 11

Attribute-Encoding Tags Any tagging problem is composed of two parts: 1. A Tag for every FEC FEC Attributes Tag traverse A, 1 00 traverse C hit Mbox A, 2 01 hit Mbox D hit Mbox B, 3 10 hit Mbox C hit Mbox B, 4 11 hit Mbox D 11

Attribute-Encoding Tags Any tagging problem is composed of two parts: 2. Pattern-match strings 1. A Tag for every FEC to check for attributes FEC Attributes Tag Attribute Match Condition Compare Tag traverse A, hit Mbox A 1 00 to 0* traverse C Compare Tag hit Mbox A, hit Mbox B 2 01 to 1* hit Mbox D Compare Tag hit Mbox B, hit Mbox C 3 10 to *0 hit Mbox C Compare Tag hit Mbox B, hit Mbox D 4 11 to *1 hit Mbox D 11

Attribute-Encoding Tags Any tagging problem is composed of two parts: 2. Pattern-match strings 1. A Tag for every FEC to check for attributes FEC Attributes Tag Attribute Match Condition Compare Tag traverse A, hit Mbox A 1 00 to 0* traverse C Compare Tag hit Mbox A, hit Mbox B 2 01 to 1* hit Mbox D Compare Tag hit Mbox B, hit Mbox C 3 10 to *0 hit Mbox C Compare Tag hit Mbox B, hit Mbox D 4 11 to *1 hit Mbox D Tradeoff : Tag width vs. complexity of match conditions 11

PathSets Outline 1. Construct tagging scheme for unordered sets of attributes 2. Extend scheme to support ordered sequences of attributes 3. Using prefix codes to reduce tag size 12

Strawman Approach Attribute Sets Attribute Vectors Attributes Attributes FEC FEC S 1 S 1 B, C B C _ _ _ S 2 B, C, D S 2 B C D _ _ S 3 S 3 D _ _ D _ _ S 4 D, E S 4 _ _ D E _ S 5 D, E, F S 5 _ _ D E F 13

Strawman Approach Attribute Vectors Vector Bitmasks FEC Bitmask Attributes FEC 11000 S 1 S 1 B C _ _ _ S 2 11100 S 2 B C D _ _ Masks over 00100 S 3 S 3 _ _ D _ _ [B,C,D,E,F] 00110 S 4 S 4 _ _ D E _ S 5 00111 S 5 _ _ D E F 14

Strawman Approach Very simple match rules! Tags Match Patterns Set Bitmask Attribute Match 11000 1**** B,C B 11100 *1*** B,C,D C 00100 **1** D D 00110 ***1* D,E E 00111 ****1 D,E,F F 15

Strawman Approach Problem: Tag size is linear in the number of attributes to encode. Scales poorly Set Bitmask B,C 11000 B,C,D 11100 D 00100 00110 D,E 00111 D,E,F 16

Masking over Clusters FEC Bitmask Attributes S 1 11000 S 1 B C _ _ _ 11100 S 2 S 2 B C D _ _ Subsets of S 3 00100 S 3 _ _ D _ _ [B,C,D,E,F] S 4 00110 S 4 _ _ D E _ 00111 S 5 S 5 _ _ D E F 17

Masking over Clusters FEC Bitmask Attributes S 1 11000 S 1 B C _ _ _ 11100 S 2 S 2 B C D _ _ Subsets of S 3 00100 S 3 _ _ D _ _ [B,C,D,E,F] S 4 00110 S 4 _ _ D E _ 00111 S 5 S 5 _ _ D E F 17

Masking over Clusters FEC Bitmask Attributes S 1 11000 S 1 B C _ _ _ 11100 S 2 S 2 B C D _ _ Subsets of S 3 00100 S 3 _ _ D _ _ [B,C,D,E,F] S 4 00110 S 4 _ _ D E _ 00111 S 5 S 5 _ _ D E F 17

Masking over Clusters BCD DEF Attributes Subsets of S 1 110 S 1 B C _ _ _ Cluster [B,C,D] S 2 111 S 2 B C D _ _ 001 100 S 3 S 3 _ _ D _ _ S 4 110 S 4 _ _ D E _ Subsets of S 5 111 S 5 _ _ D E F Cluster [D,E,F] 17

Two-part Tag Cluster-0 Cluster-1 BCD DEF S 1 110 111 S 2 001 100 S 3 S 4 110 S 5 111 18

Two-part Tag ID of Cluster 1 BCD DEF S 1 110 111 S 2 001 100 S 3 S 4 110 1 Cl-ID S 5 111 18

Two-part Tag BCD DEF S 1 110 Mask of Cluster 1 111 S 2 001 100 S 3 S 4 110 1 1 1 0 Cl-ID D E F S 5 111 18

Two-part Tag • 4 bits instead of strawman’s 5 BCD DEF • Tag Size now = S 1 110 log 2 (Num Clusters) + Cluster Size 111 S 2 001 100 S 3 S 4 110 1 1 1 0 Cl-ID D E F S 5 111 18

Min Mask Size • Tag field at least as big as the largest set • Ok if assume sets are sparse Attributes . . . . S k ABCDEFGH Tag for set S k . . 0 1 1 1 1 1 1 1 1 . . ID A B C D E F G H 19

Matching not as easy • If X appears in multiple clusters, then multiple match patterns needed for X BCD DEF S1 110 S2 111 S3 001 100 S4 110 S5 111 20

Matching not as easy • If X appears in multiple clusters, then multiple match patterns needed for X D in both clusters BCD DEF S1 110 S2 111 S3 001 100 S4 110 S5 111 20

Matching not as easy • If X appears in multiple clusters, then multiple match patterns needed for X BCD DEF S1 110 0 1 1 1 S2 111 ID B C D S3 001 100 S4 110 1 1 1 0 S5 111 ID D E F 20

Matching not as easy • If X appears in multiple clusters, then multiple match patterns needed for X Att Match BCD DEF B 01** S1 110 C 0*1* 0 1 1 1 S2 111 ID B C D S3 001 100 D 0**1 OR 11** S4 110 E 1*1* 1 1 1 0 S5 111 F 1**1 ID D E F 20

Matching not as easy • If X appears in multiple clusters, then multiple match patterns needed for X 6 patterns (strawman had 5) Att Match BCD DEF B 01** S1 110 C 0*1* 0 1 1 1 S2 111 ID B C D S3 001 100 D 0**1 OR 11** S4 110 E 1*1* 1 1 1 0 S5 111 F 1**1 ID D E F 20

PathSets Outline 1. Construct tagging scheme for unordered sets of attributes 2. Extend scheme to support ordered sequences of attributes 3. Using prefix codes to reduce tag size 21

Ordered Attribute Checks Sequence A → B → C → D C → D → E B → E A → C → E 22

Ordered Attribute Checks One Cluster - ABCDE - No ID Sequence Tag A → B → C → D 11110 C → D → E 00111 B → E 01001 A → C → E 10101 22

Ordered Attribute Checks Sequence Tag A → B → C → D 11110 C → D → E 00111 B → E 01001 A → C → E 10101 22

Ordered Attribute Checks Att. Match String Sequence Tag A “1****” A → B → C → D 11110 B “*1***” C → D → E 00111 C “**1**” B → E 01001 D “***1*” A → C → E E “****1” 10101 22

Ordered Attribute Checks Doesn’t enforce attribute ordering Att. Match String Sequence Tag A “1****” A → B → C → D 11110 B “*1***” C → D → E 00111 C “**1**” B → E 01001 D “***1*” A → C → E E “****1” 10101 22

Ordered Attribute Checks Sequences ordered Left-to-Right Att. Match String Sequence Tag A “1****” A → B → C → D 11110 B “*1***” C → D → E 00111 C “**1**” B → E 01001 D “***1*” A → C → E E “****1” 10101 22

Ordered Attribute Checks Sequences ordered Left-to-Right Att. Match String Att. Match String Sequence Tag A A “1****” “1****” A → B → C → D 11110 B B “ 0 1***” “*1***” C → D → E 00111 C “**1**” C “ 00 1**” B → E 01001 D “***1*” D “ 000 1*” A → C → E E E “ 0000 1” “****1” 10101 Leftmost attribute takes priority 22