network function control
play

Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, - PowerPoint PPT Presentation

Nov 04, 2022 •471 likes •925 views

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1 Network functions (NFs) Perform sophisticated stateful actions

  1. OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1

  2. Network functions (NFs) • Perform sophisticated stateful actions on packets/flows • Important goals: 1. Satisfy SLAs 2. Minimize costs 3. Act correctly 2

  3. NF trends • Network Functions Virtualization (NFV) WAN optimizer Caching proxy Intrusion detection system (IDS) 3

  4. NF trends • Network Functions Virtualization (NFV) → dynamically allocate NF instances Hypervisor 3

  5. NF trends • Network Functions Virtualization (NFV) → dynamically allocate NF instances • Software-defined Networking → dynamically reroute flows Hypervisor 3

  6. NF trends • Network Functions Virtualization (NFV) → dynamically allocate NF instances • Software-defined Networking → dynamically reroute flows Dynamic reallocation Hypervisor of packet processing e.g., elastic NF scaling 3

  7. Why NFV + SDN falls short Packet loss 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  8. Why NFV + SDN falls short Packet loss SLA: <1% 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  9. Why NFV + SDN falls short ? Packet loss SLA: <1% 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  10. Why NFV + SDN falls short ? Packet loss SLA: <1% 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  11. Why NFV + SDN falls short ? Packet loss 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  12. Why NFV + SDN falls short ? Packet loss 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  13. Why NFV + SDN falls short ? Packet loss 1. SLAs 2. Cost 3. Accuracy Reroute new flows Reroute existing flows Wait for flows to die 4

  14. SLAs + cost + accuracy: What do we need? • Quickly move, copy, or share internal NF state alongside updates to network forwarding state • Guarantees: loss-free, order- preserving, …    … 1 2 3 … Also applies to other scenarios 5

  15. Outline • Motivation and requirements • Challenges • OpenNF architecture • Evaluation 6

  16. Challenges 1. Supporting many NFs with minimal changes 2. Dealing with race conditions 3. Bounding overhead 7

  17. OpenNF overview Control Application move/copy/share state OpenNF NF State Manager Flow Manager Controller export/import State 8

  18. NF state taxonomy State created or updated by an NF applies to either a single flow or a collection of flows Multi-flow state Per-flow state TcpAnalyzer Connection HttpAnalyzer ConnCount Connection TcpAnalyzer All-flows state HttpAnalyzer Statistics 9

  19. NF API: export/import state • Functions: get , put , delete put Per Scope Multi All Filter get NF No need to expose/change internal state organization! 10

  20. Control operations: move Control Application Flow Manager move (port=80, IDS 1 , IDS 2 ) NF State Manager IDS 1 IDS 2 11

  21. Control operations: move Control Application Flow Manager move (port=80, IDS 1 , IDS 2 ) NF State Manager get(per, port=80) [Chunk1] [Chunk2] IDS 1 IDS 2 11

  22. Control operations: move Control Application Flow Manager move (port=80, IDS 1 , IDS 2 ) NF State Manager get(per, port=80) [Chunk1] del(per, port=80) [Chunk2] IDS 1 IDS 2 11

  23. Control operations: move Control Application Flow Manager move (port=80, IDS 1 , IDS 2 ) NF State Manager get(per, port=80) put (per, Chunk1) [Chunk1] del(per, port=80) put (per, Chunk2) [Chunk2] IDS 1 IDS 2 11

  24. Control operations: move Control Application Flow Manager move (port=80, IDS 1 , IDS 2 ) forward(port=80, IDS 2 ) NF State Manager get(per, port=80) put (per, Chunk1) [Chunk1] del(per, port=80) put (per, Chunk2) [Chunk2] IDS 1 IDS 2 Also provide copy and share 11

  25. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check R1 B1 IDS 1 IDS 2 12

  26. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check R1 B1 IDS 1 IDS 2 12

  27. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check Missing R1 state B1 R2 IDS 1 IDS 2 12

  28. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check Missing R2 R1 state B1 IDS 1 IDS 2 12

  29. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check Missing R2 R1 state B1 IDS 1 IDS 2 12

  30. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check Missing Missing R2 R1 state updates B1 R3 IDS 1 IDS 2 12

  31. Lost updates during move Malware hash move(red,Bro 1 ,Bro 2 ) check Missing Missing R2 R1 state updates B1 R3 IDS 1 IDS 2 Loss-free: All state updates should be reflected in the transferred state, and all packets should be processed 12

  32. NF API: observe/prevent updates using events NF R1 Only need to change an NF’s receive packet function! 13

  33. Use events for loss-free move R1 IDS 1 IDS 2 14

  34. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 R1 NoProc IDS 1 IDS 2 14

  35. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 NoProc IDS 1 IDS 2 R1 14

  36. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 NoProc R2 IDS 1 IDS 2 R1 14

  37. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 3. Buffer events at controller NoProc IDS 1 IDS 2 R1 R2 14

  38. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 3. Buffer events at controller 4. put on IDS 2 R1 NoProc IDS 1 IDS 2 R2 14

  39. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 3. Buffer events at controller 4. put on IDS 2 5. Flush packets in events to IDS 2 R1,R2 R1 NoProc IDS 1 IDS 2 14

  40. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 3. Buffer events at controller 4. put on IDS 2 5. Flush packets in events to IDS 2 R1,R2 R1 NoProc 6. Update IDS 1 IDS 2 forwarding 14

  41. Use events for loss-free move 1. enableEvents(red,noproc) on IDS 1 2. get / delete on IDS 1 3. Buffer events at controller 4. put on IDS 2 5. Flush packets in events to IDS 2 R1,R2,R3 R1,R2 R1 NoProc 6. Update IDS 1 IDS 2 forwarding 14

  42. Implementation • Controller ( 3.8K lines of Java ) • Communication library (2.6K lines of C) • Modified NFs (3-8% increase in code) Bro IDS iptables Squid Cache PRADS 15

  43. Evaluation: benefits for elastic scaling • Bro IDS processing 10K pkts/sec – At 180 sec: move HTTP flows (489) to new IDS – At 360 sec: move back to old IDS • SLAs: 260ms to move (loss-free) • Accuracy: same log entries as using one IDS – VM replication: incorrect log entries • Cost: scale in after state is moved – Wait for flows to die: scale in delayed 25+ minutes 16

  44. Conclusion • Realizing SLAs + cost + accuracy requires quick, safe control of internal network function state • OpenNF provides flexible and efficient control with few modifications to NFs Learn more and try it! http://opennf.cs.wisc.edu 17

Recommend

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash,

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash,

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1 Network functions (NFs) Perform sophisticated stateful actions

770 views • 76 slides
Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert

Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1 Network functions (NFs) Perform sophisticated stateful actions

1.16k views • 88 slides
OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash,

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash,

OpenNF: Enabling Innovation in Network Function Control Aaron Gember-Jacobson , Chaithan Prakash, Raajay Viswanathan, Robert Grandl, Junaid Khalid, Sourav Das, Aditya Akella 1 Network functions (NFs) Perform sophisticated stateful actions

361 views • 32 slides
Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport

Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport

Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport Deniz Gurkan, Nicholas Bastin, Stuart Baxley University of Houston Funded by the U.S. Department of Energy and the U.S. Department of Homeland

541 views • 15 slides
Value function and optimal trajectories for a control problem with supremum cost function and

Value function and optimal trajectories for a control problem with supremum cost function and

Value function and optimal trajectories for a control problem with supremum cost function and state constraints Hasnaa Zidani ENSTA ParisTech, University of Paris-Saclay joint work with: A. Assellaou, &amp; O. Bokanowski, &amp; A. Desilles

448 views • 41 slides
1 b. Implement the function using a minimal network of 4:1 multiplexers. The truth table using a ,

1 b. Implement the function using a minimal network of 4:1 multiplexers. The truth table using a ,

CSE140 Exercise Solutions m (0 , 2 , 4 , 6 , 7) + d (1). I. Given a three-input Boolean function f ( a, b, c ) = a. Implement the function using a minimal network of 2:4 decoders and OR gates. Standard solution : Use a as the enable signal,

407 views • 12 slides
SLAC Control Network SLAC Control Network Campaign 1 12/13/01,12/17/01 01/18/02 Purpose

SLAC Control Network SLAC Control Network Campaign 1 12/13/01,12/17/01 01/18/02 Purpose

SLAC Control Network SLAC Control Network Campaign 1 12/13/01,12/17/01 01/18/02 Purpose Purpose To tie SLAC control points to existing coordinate system &amp; datum. (ie. NAD 83 CA State Plane Zone 3, UTM Zone 10, WGS84) Network

372 views • 14 slides
Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function

Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function

Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function Offloading Mario Almeida, Liang Wang*, Jeremy Blackburn, Konstantina Papagiannaki, Jon Crowcroft* Telefonica Research, ES University of

903 views • 26 slides
Network Layer: Control Plane Goal: understand principles behind network control plane

Network Layer: Control Plane Goal: understand principles behind network control plane

Network Layer: Control Plane Goal: understand principles behind network control plane traditional (intra-domain) routing algorithms SDN controllers and their instantiation, implementation in the Internet: OSPF, RIP, OpenFlow, ODL

1.31k views • 75 slides
Maria Bulatova, Daria Kolistratova Background Network Function (NF) a component of a network

Maria Bulatova, Daria Kolistratova Background Network Function (NF) a component of a network

Maria Bulatova, Daria Kolistratova Background Network Function (NF) a component of a network infrastructure with well defined interfaces and behavior ( routing, network address translation (NAT), firewall, etc.). Traditional NFs:

224 views • 19 slides
Eliminating Adverse Control Plane Interactions in Independent Network Systems Matthew K.

Eliminating Adverse Control Plane Interactions in Independent Network Systems Matthew K.

Eliminating Adverse Control Plane Interactions in Independent Network Systems Matthew K. Mukerjee Computer Science PhD Thesis Defense May 1st, 2018 Network Control CDN server selection Routing Congestion Control VM migration Network

1.71k views • 131 slides
CONTROL YOUR CARGO. CONTROL YOUR NETWORK. CONTROL YOUR BRAND. APRIL 2019

CONTROL YOUR CARGO. CONTROL YOUR NETWORK. CONTROL YOUR BRAND. APRIL 2019

CONTROL YOUR CARGO. CONTROL YOUR NETWORK. CONTROL YOUR BRAND. APRIL 2019 annika@sensortransport.com THE PROBLEM Status of Cargo Status of Shipment $100 BILL LOST ANNUALLY FROM DAMAGE Manual Delivery AND THEFT THE SOLUTION A

2.74k views • 9 slides
Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control Systems Research Philipp Mieden &amp; Rutger Beltman, 2020 Supervisor: Bartosz Czaszynski, Deloitte Industrial Network VS Corporate Network 2

379 views • 35 slides
Function Approximation for (on policy) Prediction and Control Lecture 8, CMU 10-403 Katerina

Function Approximation for (on policy) Prediction and Control Lecture 8, CMU 10-403 Katerina

Carnegie Mellon School of Computer Science Deep Reinforcement Learning and Control Function Approximation for (on policy) Prediction and Control Lecture 8, CMU 10-403 Katerina Fragkiadaki Used Materials Disclaimer : Much of the material

642 views • 41 slides
The Gas Network Control Problem and How to Approach It Felix Hennings Combinatorial Optimization

The Gas Network Control Problem and How to Approach It Felix Hennings Combinatorial Optimization

The Gas Network Control Problem and How to Approach It Felix Hennings Combinatorial Optimization @ Work 2020 The Gas Network Control Problem General description Optimization of short-term transient gas network control of large real-world

917 views • 39 slides
Unemployment Duration and Re-employment Wages: A Control Function Approach Marta C. Lopes 1 1

Unemployment Duration and Re-employment Wages: A Control Function Approach Marta C. Lopes 1 1

Unemployment Duration and Re-employment Wages: A Control Function Approach Marta C. Lopes 1 1 NovaSBE, Universidade Nova de Lisboa 23 rd London Stata User Group Meeting September 7, 2017 Marta C. Lopes (NovaSBE) A Control Function Approach

669 views • 38 slides
Tiny%Packet%Programs% for%low4latency%network%control% Vimal %

Tiny%Packet%Programs% for%low4latency%network%control% Vimal %

Tiny%Packet%Programs% for%low4latency%network%control% Vimal % Mohammad%Alizadeh,%Yilong%Geng,%Changhoon%Kim,%David%Mazires% Timescales%of%Network%FuncFons% Network% Load%Balancing% Virtual%Network% CongesFon% Forwarding%% Provisioning%

567 views • 29 slides
Finding the Optimal Reconfiguration for Network Function Virtualization Orchestration with

Finding the Optimal Reconfiguration for Network Function Virtualization Orchestration with

Finding the Optimal Reconfiguration for Network Function Virtualization Orchestration with Time-varied Workload Satyajit Padhy, Jerry Chou National Tsing Hua University The Third International Workshop on Systems and Network Telemetry and

725 views • 26 slides
Topic #38 Transfer function to state-space Reference textbook : Control Systems, Dhanesh N.

Topic #38 Transfer function to state-space Reference textbook : Control Systems, Dhanesh N.

ME 779 Control Systems Topic #38 Transfer function to state-space Reference textbook : Control Systems, Dhanesh N. Manik, Cengage Publishing, 2012 1 Transfer function to state-space Phase-variable and controller canonical forms

947 views • 36 slides
Session #4: Transport Network Control (ASON, Session #4: Transport Network Control (ASON, GMPLS

Session #4: Transport Network Control (ASON, Session #4: Transport Network Control (ASON, GMPLS

I nternational Telecom m unication Union ITU-T Session #4: Transport Network Control (ASON, Session #4: Transport Network Control (ASON, GMPLS and Control plane management) GMPLS and Control plane management) Highlights &amp; Conclusions

420 views • 7 slides
NETWORK FLOWS NETWORK FLOWS A network consists of a loopless digraph D = ( V , A ) plus a function

NETWORK FLOWS NETWORK FLOWS A network consists of a loopless digraph D = ( V , A ) plus a function

NETWORK FLOWS NETWORK FLOWS A network consists of a loopless digraph D = ( V , A ) plus a function c : A R + . Here c ( x , y ) for ( x , y ) A is the capacity of the edge ( x , y ) . We use the following notation: if : A R and S , T

566 views • 17 slides
What is executive function? There are many brain-based abilities that make up executive

What is executive function? There are many brain-based abilities that make up executive

10/27/2014 Executive Function MAKING THE WORLD A BIT EASIER TO NAVIGATE: USING EXECUTIVE FUNCTION SKILLS Brenda Smith Myles, Ph.D. brenda_myles@mac.com Executive Function The set of brain-based abilities that help people control their

617 views • 39 slides
Network Components Component Names Component Function Example Application, or app, user Uses

Network Components Component Names Component Function Example Application, or app, user Uses

Network Components Component Names Component Function Example Application, or app, user Uses the network Skype, iTunes, Amazon Host, or end-system, edge Supports apps Laptop, mobile, desktop device, node, source, sink Router, or switch,

1.25k views • 37 slides
Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File Systems Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science Rutgers, The State University

667 views • 23 slides

More recommend