A Softwaredefined Cloud Gateway Automation System using Open

Software-defined Networking (SDN) Open standards R&D effort Orchestration Applications Networks - State of the

Agenda © 2013 NTT • Introduction • Cloud-Gateway Automation System • Development and Deployment

Enterprise Cloud Service Features Challenges • Self-provisioning via web-portal • • Flexible resource building

Cloud - Gateway Automation Manual provisioning & SDN Controller configuration Open. Flow 1. 3

SDN Architecture Cloud Statistics & BGP, VRRP, Orchestration Debugger BFD, IPv 6 etc BSS/OSS

Programming Challenges Scheduling Control updates Reactive programming issues Protocol and architecture vulnerabilities Open. Flow

Communication Channel Challenges Connection Interruption Issues TCP Channel Issues - Fail Secure mode (Packets

Flow Programming Design © 2013 NTT Design Choice Design Decision Flow Programming Reactive handling

Deployment Challenges Hardware Challenges Open. Flow Missing Features • Flow Table capacity • Longest

SDN Stack Extensions Cloud Statistics & BGP, VRRP, Orchestration Debugger BFD, IPv 6 BSS/OSS

Benefits and Roadmap Benefits • Integrated provisioning of Cloud and Network • Service Order

Questions? © 2013 NTT 20 September 2021 15

Slides: 15

Download presentation

A Software-defined Cloud Gateway Automation System using Open. Flow Sriram Natarajan, Anantha Ramaiah, Mayan Mathen NTT Innovation Institute Inc.

Software-defined Networking (SDN) Open standards R&D effort Orchestration Applications Networks - State of the Art ● Ossified architecture Application Plane RYU ● Level of complexity ● Lack of dynamic response ● Big obstacle toward “Software -defined DC” Control Plane SDN Controller Industry standards SDN enables Business Agility ● Enable migration paths for enterprises to hybrid environments ● Evolving open standards ● In-house R&D effort Data Plane © 2013 NTT OS Switch Hardware Hypervisor p. Switch v. Switch ● Leverage both open and standards-driven approaches 20 September 2021 2

Enterprise Cloud Service Features Challenges • Self-provisioning via web-portal • • Flexible resource building based on customer requirements VPN setup requires manual intervention • Dynamic cloud updates require additional configuration at the edge routers • System modification requires complex operation and configuration • Unified service management through customer portal • Cost optimization through minimal resource contract • Pay-per-use model © 2013 NTT • Legacy devices are closed and non-programmable SDN Expectations • New concept to realize network function by software with control plane flexibiltiy • Automatic VPN connection via API from portal site • Shorten time to market • Service differentation • CAPEX-OPEX reduction 20 September 2021 4

Cloud - Gateway Automation Manual provisioning & SDN Controller configuration Open. Flow 1. 3 e. BGP / MPLS Data Center Network Enterprise MPLS / VPN Gateway Provider • Seamless operation between cloud and network services by automating network provisioning and connection setup process • Dynamic instantiation of value add-on network services using our SDN platform • Improved network operation by leveraging network programmability provided by Open. Flow RYU: http: //osrg. github. io/ryu/ © 2013 NTT 20 September 2021 5

SDN Architecture Cloud Statistics & BGP, VRRP, Orchestration Debugger BFD, IPv 6 etc BSS/OSS Gateway Automation Application Layer RYU: Open. Flow Controller Open. Flow 1. 3 Open. Flow-based Hardware L 3 VPN - Inter-AS Option B In-house orchestration layer In-house, customized network protocol suite BSS / OSS SDN Applications on-top of RYU Configuration and other libraries © 2013 NTT Python-based Open. Flow controller Open. Flow version 1. 3 Partnering with hardware vendor 20 September 2021 7

Programming Challenges Scheduling Control updates Reactive programming issues Protocol and architecture vulnerabilities Open. Flow Controller Handling Malformed Packets Flow Modification Open. Flow 1. 3 ✕(lack of Acknowledgement) SEND_FLOW_REM – Consistent forwarding state view Idle & hard timeouts = 0 Timeouts Flow Table Size CHECK_OVERLAP – Performance (processing time) In-correct Flow attributes Correct priority field to reflect LPM ∞ © 2013 NTT 20 September 2021 8

Communication Channel Challenges Connection Interruption Issues TCP Channel Issues - Fail Secure mode (Packets to controller - DROPPED) - Intermediate Layer 2 / 3 network (e. g. , firewall) - Fail Standalone mode (Switch acts as a legacy device) - Inband / Out-of-band channel - Qo. S requirements (prioritizing OF traffic, SLAs) - Security issues Open. Flow Controller Open. Flow 1. 3 ✕ Connection Reconnection Issues Performance Issues - Retain existing flows (Does not break forwarding, might be Inconsistent) - Flow updates TCP Flow control and impact of channel characteristics - Delete all flows (Non-stop forwarding behavior? ) - Use of Auxiliary channels to segregate Open. Flow messages ∞ © 2013 NTT 20 September 2021 9

Flow Programming Design © 2013 NTT Design Choice Design Decision Flow Programming Reactive handling when required (ARP, TTL) Proactive otherwise Open. Flow Attributes Timeouts set to 0 Priorities based on IP Prefix Length Flags to notify state change and overlap check Cookies to identify unique flows based on tenant information Barrier message for consistency checks (after multiple flow-mods) Avoid Packet-Ins Co-location Avoid channel issues (Connection interruption, re-connection impact on Flow Table state) Avoid latency intense TLS connection Control Plane ARP, ICMP, BFD, VRRP, Platform specific Policies Drop Open. Flow messages from other than management port Table-Miss flow drops unmatched packets Use OF Metering for rate-limiting 20 September 2021 10

Deployment Challenges Hardware Challenges Open. Flow Missing Features • Flow Table capacity • Longest Prefix Match • Scheduling control updates • Encapsulation / tunnels Open. Flow features and its impact on performance (e. g. , muli-table) • OAM features • Security Implications Time to market and stability issues • FIB download rate • • • © 2013 NTT IPv 6, OF-Config support SDN Stack Extensions • Network OS vs. Controller (or is it just OF Driver? ) • Abstraction layer to hide OF primitives from application developers • Runtime system for Flow Table management • Portable API to abstract low-level heterogeneity 20 September 2021 11

SDN Stack Extensions Cloud Statistics & BGP, VRRP, Orchestration Debugger BFD, IPv 6 BSS/OSS Next Steps • Gateway Automation Application Layer Abstraction Layer Open. Flow Controller • Flow. Table Manager Open. Flow 1. 3 © 2013 NTT Flow. Table Manager: • Flow Aggregation (e. g. , simple-VA) • Flow Correctness • Multi-table based programming Abstraction Layer • Avoid exposing Open. Flow attributes to applications • Driving Standardization Efforts • Instantiate Service Chaining & Composition 20 September 2021 13

Benefits and Roadmap Benefits • Integrated provisioning of Cloud and Network • Service Order Automation, Bandwidth Change, Network Configuration • Improve user experience with VPN setup automation – Key to Business Agility • On-demand dynamic service provisioning • Seamless operation between Cloud-VPN services Roadmap © 2013 NTT • Completed • Beta Testing Phase and Trial Deployment • Evaluation at NTT Communication, Japan • Next Steps: • Full Service Deployment 20 September 2021 14