SDN-Ethane原版完整课件.pptx

《SDN-Ethane原版完整课件.pptx》由会员分享，可在线阅读，更多相关《SDN-Ethane原版完整课件.pptx（49页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、Ethane:Taking Control of the EnterpriseMartn Casado,Michael J.Freedman,Justin Pettit,Jianying Luo,Scott ShenkerACM SIGCOMM,2007Presented by Ye Tian for Course CS05112Overview Motivation Overview of Ethane Design Ethane in More Detail The POL-ETH Policy Language Prototype and PerformanceMotivation En

2、terprise network Run a wide variety of applications and protocols Operate under strict reliability and security constraintsMotivation Need manual configuration Expensive and error-prone 62%of network downtime in multi-vendor networks comes from human-error 80%of IT budgets is spent on maintenance an

3、d operations Network management approaches Introduces proprietary middle-boxes,placed at network choke-points.E.g,firewall Add functionality to existing networks.E.g.,add ACL on switch Only hide the complexity,not reduce it.Motivation Question:How could we change the enterprise network architecture

4、to make it more manageable?Three fundamental principles:The network should be governed by policies declared over high-level names.Policy should determine the path that packets follow.Policy might require packets to pass through an intermediate middlebox;Traffic can receive more appropriate service i

5、f its path is controlled;The network should enforce a strong binding between a packet and its origin.Desired RealityGoverned by policies declared over high-level names.Governed by low-level names such as IP address and MAC addressDetermine the path Determine next hopStrong binding between packets an

6、d originOnly inspect destination address in routingCurrent approachLevel-2:forwarding table,one entry per destination MAC addressLevel-3:routing table,one entry per IP address prefixOverview Motivation Overview of Ethane Design Ethane in More Detail The POL-ETH Policy Language Prototype and Performa

7、nceOverview Ethane controls the network by not allowing any communication between end-hosts without explicit permission.Two components A central Controller Contains the global network policy and topology Performs route computation for permitted flows.A set of Ethane switches Simple and dumb Consisti

8、ng of a simple flow table and a secure channel to the Controller Forward packets under the instruction of the Controller.Names,Bindings,and Policy Language Keep the namespace consistent as components join,leave and move around the network.How(machine address user)Ethane takes over all the binding of

9、 addresses,behave as a DHCP server Machine is registered on the network Users are required to authenticate with the network Such as the ones in WiFi hotpot.Benefits:The Controller can keep track of where any entity is located;The Controller can journal all bindings and flow-entries in a log for netw

10、ork event reconstruction.Ethane in Use Registration All switches,users,and hosts are registered at the Controller with the credentials necessary to authenticate them.Ethane in Use Bootstrap Switches bootstrap connectivity by creating a spanning tree rooted at the Controller.Each switch authenticates

11、 with and creates a secure channel to the Controller.Ethane in Use Authentication UserA joins the network with hostA,switch 1 initially forward all of hostAs packets to the Controller;HostA sends a DHCP request to the Controller.The Controller binds hostA to IPA,IPA to MACA,and MACA to a physical po

12、rt on switch 1.UserA opens a web browser,whose traffic is directed to the Controller,and authenticates through a web-form.Ethane in Use Flow Setup Switch 1 forwards the packet to the Controller after determining that the packet does not match any active entries in its flow table.The Controller decid

13、es whether to allow or deny the flow,or require it to traverse a set of waypoints.The Controller computes the flows path,adds a new entry to the flow tables of all the Switches along the path.Ethane in Use Forwarding If path is allowed,the Controller sends the packet back to switch 1 which forwards

14、it based on the new flow entry.Subsequent packets from the flow are forwarded directly by the Switch,and are not sent to the Controller.The flow-entry is kept in the switch until it times out.Overview Motivation Overview of Ethane Design Ethane in More Detail The POL-ETH Policy Language Prototype an

15、d PerformanceAn Ethane NetworkEthane Switch An Ethane switch is much simpler than conventional Ethernet switch Doesnt need to learn addresses,support VLANs,check for source-address spoofing,or keep flow-level statistics(?).If layer3,doesnt need to run routing protocols such as OSPF,ISIS,and RIP.Etha

16、ne switchs flow table can be much smaller than the forwarding table in an equivalent Ethernet switch.Ethernet switch needs to remember all the addresses its likely to encounter.Ethane Switch only needs to keep track of flows in-progress.Flow Table and Flow Entries Two common types of entry in the fl

17、ow table:Per-flow entries for flows that should be forwarded,Per-host entries for misbehaving hosts whose packets should be dropped.Entries are removed because Timeout due to inactivity Revoked by the Controller.Local Switch Manager To establish and maintain the secure channel to the Controller Two

18、ways:For Switches that are part of the same physical network as the Controller,use Minimum Spanning Tree protocol.For the Switch that is not within the same broadcast domain as the Controller,create an IP tunnel to it.Switches maintain a list of neighboring switches by broadcasting and receiving nei

19、ghbor-discovery messages.Neighbor lists are sent to the Controller periodically every 15 seconds.Controller The Controller holds the policy file,which is compiled into a fast lookup table The route computation uses the network topology to pick the flows route.The topology is maintained by the switch

20、 manager,which receives link updates from the Switches.Controller Registration All entities that are to be named by the network(i.e.,hosts,protocols,switches,users,and access points7)must be registered.They make up the policy namespace and is used to statically check the policy.Authentication.Does n

21、ot specify a particular host authentication mechanism:e.g.,802.1XController Tracking bindings Track all the bindings between names,addresses,and physical ports on the network event as switches,hosts,and users join,leave,and move around the network.Controller Namespace interface In current networks,i

22、t is almost impossible to figure out user activities very quickly An Ethane Controller can journal all the authentication and binding information,it is possible to determine exactly which user sent a packet,when it was sent,the path it took,and its destination.Controller Permission Check and Access

23、Granting Upon receiving a packet,the Controller checks the policy to see what actions apply to it Enforcing Resource Limits Controller can limit a flows rate,limit the rate at which new flows are setup,or limit the number of IP addresses allocated.Broadcast and Multicast Handling multicast:The Switc

24、h keeps a bitmap for each flow to indicate which ports the packets are to be sent to along the path.The Controller can calculate the multicast tree and assign the appropriate bits during path setup.Example,a 24-bit bitmap for 24 ports on a switch,0/1 means packet should be forwarded/dropped on corre

25、sponding port Handling broadcast discovery protocols:A host is trying to find a server or an address;e.g,ARP,DHCP Given that the Controller knows all,it can reply to a request without creating a new flow and broadcasting the traffic.Replicating the Controller:Fault-Tolerance and Scalability Three te

26、chniques for replicating Cold standby:Backup Controllers sit idly-by waiting to take over if needed.If failure,the network will converge on a new root for MST.The backups need only contain the registration state and the network policy.The main advantage is simplicity;the downside is that hosts,switc

27、hes,and users need to re-authenticate and re-bind upon the primarys failure.Paths need to be re-computed.Replicating the Controller Warm-standby:a separate MST is created for every Controller.The Controllers monitor one anothers liveness and,upon detecting the primarys failure,a secondary Controller

28、 takes over based on a static ordering.Need to replicate bindings across Controllers.Some new users and hosts need to re-authenticate.Replicating the Controller Fully-replication:two or more active Controllers.A Switch need only authenticate itself to one Controller and can then spread its flow-requ

29、ests over the Controllers(e.g.,hashing or round-robin)Gossip to provide a weakly-consistent ordering over events.Others Link failure The Switch removes all flow table entries tied to the failed port and sends its new link-state information to the Controller.The Controller learns the new topology.Boo

30、tstraping On startup,the network creates a minimum spanning tree with the Controller advertising itself as the root.If a Switch finds a shorter path to the Controller,it attempts two-way authentication before advertising that path as a valid route.Overview Motivation Overview of Ethane Design Ethane

31、 in More Detail The POL-ETH Policy Language Prototype and PerformanceOverview Ethane network policy is declared as a set of rules,each consisting of a condition and a corresponding action.Example Condition:if the user initiating the flow is“bob”and the flow protocol is“HTTP”and the flow destination

32、is host“websrv”Action:Actions include allo w,den y,waypoin ts,and outbound-only.Rules are independent and dont contain an intrinsic orderingExample Two parts:group declarations and rules#Groups desktops=griffin,roo;laptops=glaptop,rlaptop;phones=gphone,rphone;server=http_server,nfs_server;private=de

33、sktops,laptops;computers=private,server;students=bob,bill,pete;profs=plum;group=students,profs;waps=wap1,wap2;Example Rules#Rules(hsrc=in(server)(hdst=in(private):deny;#Do not allow phones and private computers to communicate(hsrc=in(phones)(hdst=in(computers):deny;(hsrc=in(computers)(hdst=in(phones

34、):deny;#NAT-like protection for laptops(hsrc=in(laptops):outbound-only;#No restrictions on desktops communicating with each other(hsrc=in(desktops)(hdst=in(desktops):allow;#For wireless,non-group members can use http through#a proxy.Group members have unrestricted access.(apsrc=in(waps)(user=in(grou

35、p):allow;(apsrc=in(waps)(protocol=http):waypoints(http-proxy);(apsrc=in(waps):deny;:allow;#Default-on:by default allow flowsOverview Motivation Overview of Ethane Design Ethane in More Detail The POL-ETH Policy Language Prototype and Performance ReviewImplementation:Switch Three different Ethane Swi

36、tches:An 802.11g wireless access point(based on a commercial access point)A wired 4-port Gigabit Ethernet Switch that forwards packets at line-speed(based on the NetFPGA programmable switch platform and written in Verilog)A wired 4-port Ethernet Switch in Linux on a desktop PC Flow table The main ta

37、blefor packets that should be forwardedhas 8,192 flow entries A second table with 32K entries for return route of outbound trafficImplementation:Controller Policy compiler:a source-to-source compiler that generates C+from a Pol-Eth policy file.Implemented the Controller on a standard Linux PC Regist

38、ration:standard database Authentication:use university authentication system Bind Journal and Namespace Interface:use BerkeleyDB for the log,keyed by timestamps Route Computation:using an all pairs shortest path algorithm.Deployment Stanford CS department 19 Ethane switches:11 wired and 8 wireless;A

39、bout 300 hosts Policy Non-servers are protected from outbound connections from servers.Workstations can communicate uninhibited.Hosts must register a MAC address,but no user authentication.Wireless nodes do not require user authentication.Deployment Policy The VoIP phones are restricted from communi

40、cating with non-phones and are statically bound to a single access point to prevent mobility.Performance:Controller Scalability Experiment:30-40 new flow requests per second with a peak of 750 flow requests per second.A single Controller could comfortably handle 10,000 new flow requests per second.P

41、erformance During Failures Controller failure:measure the completion time of 275 consecutive HTTP requests,retrieving 63MB in total,under cold-standby failure recovery While the requests were ongoing,we crashed the Controller and restarted it multiple times.Performance During Failures Link failure:A

42、ll outstanding flows re-contact the Controller in order to re-establish the path Created a topology with redundant pathsso the network can withstand a link-failureand measured the latencies experienced by packets.Performance During Failures Path re-converges in under 40ms,but a packet could be delay

43、ed up to a second while the Controller handles the flurry of requests.Performance:Flow Table Sizing Use two network database:An 8,000-host network at Lawrence Berkeley National LAB A 22,000-host network at Stanford Active flows Never exceed 500Performance:Flow Table Sizing Switches closer to the edg

44、e will see a number of flows proportional to the number of hosts they connect to.A Switch at the center of a network will likely see more active flows,and so we assume it will see all active flows.Overview Motivation Overview of Ethane Design Ethane in More Detail The POL-ETH Policy Language Prototy

45、pe and Performance Ethanes shortcoming ReviewEthanes shortcoming Broadcast and Service Discovery Protocols Create large numbers of flow entries,lead to lots of traffic.Unless Ethane can interpret the protocol and respond on its behalf.Application-layer routing Ethanes policy can be compromised by co

46、mmunications at a higher layer.For example,if A is allowed to talk to B but not C,and if B can talk to C,then B can relay messages from A to C.Example,TorEthanes shortcoming Knowing what the user is doing Ethanes policy assumes that the transport port numbers indicate what the user is doing.Colludin

47、g malicious users or applications can fool Ethane by agreeing to use nonstandard port numbers.Spoofing Ethernet addresses Ethane Switches rely on the binding between a user and Ethernet addresses to identify flows.If a user spoofs a MAC address,it might be possible to fool Ethane into delivering pac

48、kets to an end-host.Ethanes shortcoming Denial of service attack On switch:flush the flow table On controller:Review Principles Govern by policy with high-level names Policy determine path Know packets origin Component of Ethane Controller Ethane switch Name binding in a Ethane network How two hosts communicate in a Ethane network?Controller replicating Policy Language