May 28-29, 2002 1DANCE Exposition

Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines

Tal Lavian - tlavian@ieee.orgNortel NetworksAdvanced Technology Labs

Open Source - http://www.openetlab.org

May 28-29, 2002 2DANCE Exposition

Outline of the talk

• Driving Forces

• Openet

• AFM Enabling Mechanism

• Realization with Openet Passport

• Application Examples

• Openet Alteon: AN platform

• Next step

• Conclusion

May 28-29, 2002 3DANCE Exposition

Driving Forces

• Introducing services on-demand

• Assuring Quality of Service

• Addressing Impedance Mismatch

• Demanding Programmabil i ty

Users – Service Providers – Network Providers

May 28-29, 2002 4DANCE Exposition

Network Device

Dynamicloading

Introducing Services on-demandIntroducing Services on-demand

HWOS

VIRTUAL ENVIRONMENT

React

MonitorA

uthe

ntic

atio

n

Sec

urity

Services &Control Intelligenceapplication

May 28-29, 2002 5DANCE Exposition

Programmabili ty

• A signif icant challenge in today’s Internet is the abil i ty to eff iciently incorporate customizable network intell igence in commercial high performance network devices.— Framework for introducing services— API for programming network devices

May 28-29, 2002 6DANCE Exposition

Impedance Mismatch

Core Networks (WAN)

Residential

Enterprise

LAN

Intranet

Access(Edge)

Carrier Network

ISP Network

Access(Edge)

ISP NetworkUser Network

User ConnectionsHTTP, RTP,TCP, UDP, etc

Fiber 1Optical World

May 28-29, 2002 7DANCE Exposition

AN SolutionAN Solution

• Active networks (AN) approach opens an exciting opportunity for individual applications to define the service provided by the network through programmability.

• Active Networks technologies expose a novel approach that allows customer value-added services to be introduced to the network “on-the-fly”.

• Active Nets program has produced a new network platform flexible and extensible at runtime to accommodate the rapid evolution and deployment of network technologies.

• The exciting opportunity exists for network service providers and third parties, not just the network device providers, to program the network infrastructure and services.

May 28-29, 2002 8DANCE Exposition

AN issuesAN issues

• AN requires substantial supports from a NOS

• AN introduces substantial software component, hence delay on the data path

• AN lacks adequate measures to addressing integrity and security of network devices.

Lack of industrial-strength Active Network devices that dispel major concerns:

May 28-29, 2002 9DANCE Exposition

Openet PlatformOpenet Platform= Active Nets Enabling Platform = Active Nets Enabling Platform = Programmable Networking Solution= Programmable Networking Solution

• Passport Router

• Openet

• Active Flow Manipulation (AFM)

• Programmable Openet Passport Platform

May 28-29, 2002 10DANCE Exposition

Passport Router - Separation of Control and Forwarding Planes

Centralized, Centralized, CPU-based RouterCPU-based Router

Control + ForwardingControl + ForwardingFunctions combinedFunctions combined

CPU

Routing SW

Slow

Forwarding-ProcessorsForwarding-Processors Based RouterBased Router

Control separatedControl separatedfrom forwardingfrom forwarding

CPU

Control Plane

Forwarding Processor

Forwarding Processor

Forwarding Processor

Wire Speed

May 28-29, 2002 11DANCE Exposition

CPU

JVM

…MEM

JNI/Native Code

ORE JFWD

Filtered packets New forwarding rules

Forwarding Engine

Monitor status

User Oplets

OpletService, Shell, Logger

Jcapture, HTTP,IpPacket

Standard Services

ANTSFirewall, DiffServApplication services

Function Services

Control Plane

Data Plane

Openet: a view from a node

May 28-29, 2002 12DANCE Exposition

CE

FE

Control Functions

ControlIntensive

computation

(2)

(3)

(1)

1) Control functions that reside wholly in the control plane2) Control functions that insert software in the crit ical data path3) Control functions that allow control entit ies to act both in the

control plane and in the data forwarding plane without adding software in the data path

CE: Control ElementFE: Forwarding Element

May 28-29, 2002 13DANCE Exposition

Active Flow Manipulation Abstractions

• Aggregate data into traff ic f lows— Flows whose characteristics can be identified in real-time— E.g., “all UDP packets to a particular service”, “all TCP

packets from a particular machine”.

• Actions to be performed in the traff ic f lows— Actions that can be performed in real-time— E.g., “Change the priority of all traffic destined to a particular

service on a particular machine”, “Stop all traffic out of a particular link of a router”.

May 28-29, 2002 14DANCE Exposition

Active Flow Manipulation

ForwardingProcessor

ForwardingProcessor

Pac

ket

Policy

Filters

AFM

Packet

Filte

rPa

cket

Action

• A key enabling technology of Openet

• Two abstractions— Primitive flows— Primitive actions

• Customer network services exercise active network control— Identifying specific flows— Apply actions to alter

network behavior in real-time

May 28-29, 2002 15DANCE Exposition

Identif iable Elements of Primitive Flows

Destination Address (DA)

Range of Destination Address (RDA)

Source Address (SA)

Range of Source Address (RSA)

Exact TCP protocol match (TCP)

Exact UDP protocol match (UDP)

Exact ICMP protocol match (ICMP)

Source Port number, for both TCP and UDP (SP)

Destination Port number for both TCP and UDP (DP)

TCP connection request (TCPReg)

ICMP request (ICMPReg)

DS field of a datagram (DS)

IP Frame fragment (FrameFrag)

May 28-29, 2002 16DANCE Exposition

Primitive Permissible actions

Drop

Forward

Mirror

Stop on Match (SOM)

Detect Out of Profile behaviour (Out)

Change DSCP value (DSCP)

Prevent TCP Connect Request

Modify IEEE 802.1p bit

May 28-29, 2002 17DANCE Exposition

Switching Fabric

CPU System

Data Plane(Wire Speed Forwarding)

Control Plane ORE

Active Services

Traffic Packets

Monitor status New rules

System Services

Openet on Passport Router

ForwardingProcessor

Forwarding

Rules

Statistics&Monitors

. . .ForwardingProcessor

Forwarding

Rules

Statistics&Monitors

ForwardingProcessor

Forwarding

Rules

Statistics&Monitors

Active NetworksServices

May 28-29, 2002 18DANCE Exposition

Openet Framework

• Openet Architecture with Passport Switches

May 28-29, 2002 19DANCE Exposition

Example 1: Active Flow Priority Change in Real-t ime

0

20

40

60

80

100

0 1 2 3 4 5 6 7 8 9 10Seconds

Mbps

Low Priority

High Priority

Start2nd Flow

ChangePriority

End2nd Flow

May 28-29, 2002 20DANCE Exposition

Example 2 : JDiffserv on Passport

Linux PC

Linux PC

Passport 8600Passport 1100BPassport 1100B

UDP UDP UDP

UDP sender

UDP receiver

Diffserv Monitor

Device Console

Linux PC

HTTP server

JDiffserv

Differv-enabled Network

May 28-29, 2002 21DANCE Exposition

Example 3 : Regatta - Fault Recovery

• Automated supervision

• Minimal service interruption

• Heartbeats

May 28-29, 2002 22DANCE Exposition

Current Development: Programmable Programmable Services SolutionServices Solution

• Alteon-iSD

• Openet

• Extended Active Flow Manipulat ion (AFM)

• Openet Alteon-based Active Nets Platform

May 28-29, 2002 23DANCE Exposition

Openet Alteon Active Nets Platform= A Powerful Platform for AN Technologies Transfer

• A powerful and extensible control and computational plane— Partitioning hardware/software resources— Active service enabling— content filtering in real-time— active services accommodation

L2-L7 filtering

Contentprocessing

Powercomputing

OpticalWireless

router Contentgateway

Edge Device

Openet

May 28-29, 2002 24DANCE Exposition

Solutions’ Features Solutions’ Features • Real-t ime Filtering

— Ability to poke at the device’s data flows

• Processing Power— Ability to perform intensive processing

• Enabling Services— Introducing services on-demand

• Programmable Services— Enabling active and adaptive services

• Impedance Matching— Addressing mismatches between disparate domains, disparate

technologies

May 28-29, 2002 25DANCE Exposition

Openet Alteon AN Platform for SMDS� 1 Real server on Linux or NT, 2~8 Real Players on Solaris� SMDS on iSD

� Real Player RTSP request filter and interception� Real Server reply real-time stream filter and replication� RTSP session setup by replicating first 16 packets cached

Real Server 8

SMDS service

Real Player 1

Linux/X86

Sun/Solaris

Real Player 2

Alteon

1st Client RTSP Request

Server reply

Packet Redirection

rtsp://pcary1gc/real8video

rtsp://pcary1gc:5454/real8video

iSD

Packet Writeback

RTSPintercept

Packet Replicate

ClientRegister

Streaming Media Distribution Service

May 28-29, 2002 26DANCE Exposition

Control Mesg

A Simple EvaQ8 concept

8600

8600

OmniNet

8600

10G10G

10G

1G

1G

1G

AB

C

D

X

Y

Z

B2

B3

OmniNet Control Plane [Linux]

TL1

Alteon

iSD

Alteon

iSD

Alteon

iSD

EvaQ8 OG - 1

EvaQ8 OG -2

EvaQ8 OG - 3

1. Normal App flow : Client X -> Server Z

2. Disaster Strikes at Location Z

3. EvaQ8 OG 3 sends a signal[RSVP] to OG1

4. OG1 instructs Omnit net to connect B2 & B3 ; Server Z and Server Y data syncd

5. On successful sync, OG2 instructs OmniNet to connect B1->B2.

6. Service Restored for Client X ->server Y

Disaster Event/Environ. Sensor

B1

Control Mesg

May 28-29, 2002 27DANCE Exposition

What next?

Service-centric Active Nets Platform

SERVICES

ManageServiceEnabling

Control

Impedance

Matching

Intra-Serv

ice

Comm

Secu

rity

• Service Enabling API

• Control API

• Impedance Matching API

• Security API

• Management API

• Intra-service Communications API

May 28-29, 2002 28DANCE Exposition

Summary

• Openet – our Networking Programmabil ity

• Commercial network programmable hardware

• New AN platform: Openet + Alteon + iSD— Alteon: AN platform on an advanced content switch— iSD: powerful & extensible computation plane

• Enables AN technologies transfer

• Promoting an edge device service-centric

platform

May 28-29, 2002 29DANCE Exposition

Q&AQ&AOpenetLab – Nortel Networks: http://www.openetlab.org/