VNF Chain Allocation and Management at Data Center Scale Internet - PowerPoint PPT Presentation

VNF Chain Allocation and Management at Data Center Scale … Internet Cloud Provider Tenants Nodir Kodirov , Sam Bayless, Fabian Ruffy, Ivan Beschastnikh, Holger Hoos, Alan Hu

Network Functions (NF) are useful and widespread • Security DDoS protection • Firewall, DDoS protection, DPI • Monitoring session border controller load balancer ad insertion • QoE monitor, Network Stats • Services IDS WAN accelerator BRAS carrier-grade • Ad insertion, Transcoder NAT • Network optimization QoE monitor transcoder • NAT, Load-balancer, WAN accelerator firewall DPI Sherry et al. find # of middleboxes are ≈ to # of L2/L3 devices in enterprise Sherry et al. Making Middleboxes Someone Else's Problem: Network Processing as a Cloud Service, SIGCOMM'12 2

Network Functions (NF) are useful and widespread • Security • Firewall, DDoS protection, DPI DDoS protection • Monitoring session border controller load balancer ad insertion • QoE monitor, Network Stats • Services IDS WAN accelerator BRAS carrier-grade • Ad insertion, Transcoder NAT • Network optimization QoE monitor transcoder • NAT, Load-balancer, WAN accelerator firewall DPI Sherry et al. find # of middleboxes are ≈ to # of L2/L3 devices in enterprise Sherry et al. Making Middleboxes Someone Else's Problem: Network Processing as a Cloud Service, SIGCOMM'12 3

Benefits of Virtualized Network Functions (VNF) • Elasticity DDoS protection • Quick scale up and down NFs • Fast upgrades session border controller load balancer ad insertion • No need to wait for new hardware • Quick configuration, recovery IDS WAN accelerator BRAS carrier-grade NAT • Failover to the backup NF instance QoE monitor transcoder • Outsourcing firewall DPI Sherry et al. Making Middleboxes Someone Else's Problem: Network Processing as a Cloud Service, SIGCOMM’12 Rajagopalan et al., Split/Merge: System Support for Elastic Execution in Virtual Middleboxes, NSDI’13 4 Martins et al., ClickOS and the Art of Network Function Virtualization, NSDI'14

Outsourcing VNFs to the Cloud Cloud Provider 5

Outsourcing VNFs to the Cloud … Internet Tenants Cloud Provider 6

Outsourcing VNFs to the Cloud … Internet Tenants Cloud Provider 7

Outsourcing VNF Chains to the Cloud … Internet chain Tenants Cloud Provider 8

Outsourcing VNF Chains to the Cloud … Internet chain Tenants Cloud Provider 9

Challenges of outsourcing VNF Chains How can cloud providers achieve How can tenants allocate and high data center utilization? manage their VNF chains? … … Internet chain Tenants Cloud Provider 10

Our contributions: API and algorithm How can cloud providers achieve How can tenants allocate and high data center utilization? manage their VNF chains? • API to allocate and manage VNF chains • Three algorithms … • implement the API, and Internet • achieve high data center utilization Tenants Cloud Provider • Evaluation • simulate: in data center scale with 1000+ servers • Daisy: emulate chain management at rack-scale 11

VNF Chain: six API with use-cases 1 2 1 1 2 NAT 2 FW IDS VPN Initial chain cid ⟵ allocate-chain(C, bw) remove-link-bandwidth(a, b, bw, cid) remove-node(f, cid) add-link-bandwidth(a, b, bw, cid) remove-e2e-bandwidth(cid, bw) add-node(f, cid) 1 1 2 2 1 1 2 NAT FW IDS VPN 3 2 2 3 NAT 3 FW IDS VPN 1 1 IDS’ Chain scale-out Element upgrade 12

VNF Chain: API is expressive 1 2 1 1 2 NAT 2 FW IDS VPN Initial chain cid ⟵ allocate-chain(C, bw) remove-link-bandwidth(a, b, bw, cid) remove-node(f, cid) add-link-bandwidth(a, b, bw, cid) remove-e2e-bandwidth(cid, bw) add-node(f, cid) A graph can be transformed arbitrarily by manipulating individual nodes and edges. Chain scale-out Element upgrade Chain expand … 13

Scale-out beyond single physical resource capacity 1 2 1 1 2 NAT 2 FW IDS VPN Initial chain cid ⟵ allocate-chain(C, bw) (a, b, bw, cid) (f, cid) add-link-bandwidth(a, b, bw, cid) (cid, bw) (f, cid) 100 Gateway 10 40 40 50 40 50 50 NAT FW IDS 40 VPN ToR1 ToR2 40 40 Chain scale-out 14

Chain Abstraction: Abstract-Concrete VNF Chains 10 • Abstract VNF chain 50 40 50 40 50 NAT FW IDS VPN • what tenant requires to allocate Abstract chain (for Tenants) and operates on • Concrete VNF chain • cloud provider’s implementation of the abstract chain 1 • Chains abstraction advantages 5 5 4 4 5 NAT FW IDS VPN • facilitates high DC utilization 10× … 1 • Challenges 5 5 4 4 5 • low-latency, packet loss, NAT FW IDS VPN state synchronization, efficiency loss Concrete chains (see the paper and ANCS’18 poster) (for Cloud provider) 15

Our contributions: API and algorithm How can cloud providers achieve How can tenants allocate and high data center utilization? manage their VNF chains? • API to allocate and manage VNF chains • Three algorithms … • implement the API, and Internet • achieve high data center utilization Tenants Cloud Provider • Evaluation • simulate: in data center scale with 1000+ servers • Daisy: emulate chain management at rack-scale 16

Algorithm inputs: DC topology and chain 1 Gateway 100 100 2 1 2 2 1 NAT FW IDS VPN 40 AggSw1 AggSw2 40 40 40 40 1/8 core 3/8 core 1/2 core 1/4 core 1/2 GB 1/2 GB 2 GB 1/2 GB ToR1 ToR2 [ 2048 TCAM ] [ 2048 TCAM ] 10 10 Expected resource consumption per Gbps of traffic ] ] [ [ 32 core 32 core (see the paper for VNF profile generation) 128 GB 128 GB Palkar et al., E2: A Framework for NFV Applications, SOSP’15 Naik et al., NFVPerf: Online performance monitoring and bottleneck detection for NFV, IEEE NFV-SDN 2016. 17 Nam et al., Probius: Automated Approach for VNF and Service Chain Analysis in Software-Defined NFV, SOSR'18

Algorithms for Chain Allocation and Management 1 2 2 1 1 2 NAT FW IDS VPN Gateway 100 100 40 AggSw1 AggSw2 40 40 40 40 ToR1 ToR2 [ 2048 TCAM ] [ 2048 TCAM ] 10 10 ] ] [ [ 32 core 32 core 128 GB 128 GB 18

Algorithms for Chain Allocation and Management • Random (baseline) 2 2 1 1 2 NAT IDS • Consider NFs and servers/switches in random order • Attempt the above step n times (e.g., n=100) Gateway • Choose the shortest path between chain NFs 100 100 40 AggSw1 AggSw2 40 40 40 40 FW ToR1 ToR2 [ 2048 TCAM ] [ 2048 TCAM ] 10 10 ] ] [ [ 32 core 32 core VPN 128 GB 128 GB 19

Algorithms for Chain Allocation and Management • Random (baseline) • Consider NFs and servers/switches in random order Commercial Facebook E2 • Attempt the above step n times (e.g., n=100) # of allocated chains • Choose the shortest path between chain NFs N NetPack NetPack • NetPack: Random + 3 simple heuristics NetPack NetPack NetPack Random • Consider the chain NFs in a topological order • Re-use the same server when allocating consecutive NFs Random • Gradually increase the network scope: rack, cluster, etc. R R R R 10-node Palkar et al., E2: A Framework for NFV Applications, SOSP’15 20 Bayless et al., SAT Modulo Monotonic Theories, AAAI'15

Algorithms for Chain Allocation and Management • Random (baseline) Commercial Facebook E2 • Consider NFs and servers/switches in random order # of allocated chains ? ? • Attempt the above step n times (e.g., n=100) ? ? ? ? N • Choose the shortest path between chain NFs NetPack NetPack NetPack NetPack NetPack • NetPack: Random + 3 simple heuristics Random • Consider the chain NFs in a topological order Random • Re-use the same server when allocating consecutive NFs R R R • Gradually increase the network scope: rack, cluster, etc. R 10-node • VNFSolver: how optimal is NetPack? • Constraint-solver based chain allocation algorithm • Slow, but complete: finds a solution when one exists Palkar et al., E2: A Framework for NFV Applications, SOSP’15 21 Bayless et al., SAT Modulo Monotonic Theories, AAAI'15

Our contributions: API and algorithm How can cloud providers achieve How can tenants allocate and high data center utilization? manage their VNF chains? • API to allocate and manage VNF chains • Three algorithms … • implement the API, and Internet • achieve high data center utilization Tenants Cloud Provider • Evaluation • simulate: in data center scale with 1000+ servers • Daisy: emulate chain management at rack-scale 22

Evaluation: Objectives • How good is the data center utilization? • Evaluate Random, NetPack, and VNFSolver • Consider three different data center topologies • Use five different VNF chains with varying length (2-10) • How fast is chain allocation? • Measure time it takes to saturate the data center • Does API reliably implement the use-cases? • Prototype scale-out and chain upgrade in Daisy • Use two different racks, two sources of packet traces 23

Data center utilization evaluation 1 2 2 1 1 2 NAT FW IDS VPN Palkar et al., E2: A Framework for NFV Applications, SOSP'15 24

Data center utilization evaluation NetPack achieves at least 96% of VNFSolver allocations. Chain allocation time: Random ≲ NetPack ≪ VNFSolver. Palkar et al., E2: A Framework for NFV Applications, SOSP'15 25