Virtualization and Softwarization in 5G Systems finaltomasz/seminarios_2018s2/granelli.pdf ·...
Transcript of Virtualization and Softwarization in 5G Systems finaltomasz/seminarios_2018s2/granelli.pdf ·...
VIRTUALIZATION AND SOFTWARIZATION IN 5G SYSTEMS Fabrizio Granelli, University of Trento, [email protected]
1
TABLE OF CONTENTS
ØVirtualization and Softwarization in Networks and ServicesØSDN, NFV
Ø4G and Evolution to 5GØLTE, 5G requirements
ØNetwork SlicingØService support, multi-tenancy
ØCloud RANØQ&A
2
SOFTWARE DEFINED NETWORKING
• Separation of Control and Data Planes
Data-plane
Control-plane
Controller
Secure channel
Flow Table
OpenFlow Protocol
▸ Control logic is moved to a central controller▸ Switches only have forwarding elements▸ One expensive controller with a lot of cheap switches▸ OpenFlow is the protocol to send/receive forwarding rules from controller
to switches▸ By programming the controller, we can quickly change the entire network
behaviorà Software Defined Networking3
THE SDN PARADIGM 4
Data-plane
Control-plane
Data-plane
Control-plane
Data-plane
Control-plane
Switch
Traditional networking
Data-plane
Data-plane
Data-plane
Control-plane
Programmableswitch
Software-Defined Networking
dumb, fast
smart, slow, (logically) centralized
API to the data plane
(e.g., OpenFlow)
4
SDN ARCHITECTURE, SKETCH 5
Simple forwarding HW
Simple forwarding HW
Simple forwarding HW
Simple forwarding HW
SDN Controller or Network OS
App App App
HW open interface - Southbound
Network control API - Northbound
5
SDN ARCHITECTURE, SKETCH 6
Simple forwarding HW
Simple forwarding HW
Simple forwarding HW
Simple forwarding HW
Network OS
App App App
HW open interface
Network control API
HW forwarding abstractionlow-level primitives to describe packet forwarding
6
SDN ARCHITECTURE, SKETCH 7
Simple forwarding HW
Simple forwarding HW
Simple forwarding HW
Simple forwarding HW
Network OS
App App App
HW open interface
Network control APIGlobal Network view abstractionPermits programmer to focus on high level view of network topology and states
7
SDN ARCHITECTURE, SKETCH 8
Simple forwarding HW
Simple forwarding HW
Simple forwarding HW
Simple forwarding HW
Network OS
App App App
HW open interface
Network control APINetwork OS / SDN Controller:
Maps high level “commands” and programmer needs into low level switch configuration
8
SDN ARCHITECTURE, SKETCH 9
Simple forwarding HW
Simple forwarding HW
Simple forwarding HW
Simple forwarding HW
Network OS
App App App
HW open interface
Network control API
Net Apps / Services:Solve Distributed Systems problems ONCE rather than for every protocol(e.g. Dijkstra)
9
SDN ARCHITECTURE, SKETCH 10
Simple forwarding HW
Simple forwarding HW
Simple forwarding HW
Simple forwarding HW
Network OS
App App App
HW open interface
Network control APIA programming analogyWhat if you were to write a program which must
1) Know the details of the HW you are working on
2) Set yourself the content of each physical memory bit
Abstractions, for separating concerns and attain simplicity!
1) Machine independent language
2) Virtual memory
10
OPENFLOW V1.0• If header matches an entry, corresponding actions are
performed and counters are updated• If no header match, the packet is queued and the
header is sent to the controller, which sends a new rule. Subsequent packets of the flow are handled by this rule.
• Secure Channel: Between controller and the switch using TLS
Header fields Counters Actions
Header fields Counters Actions
… … …
Header fields Counters Actions
Flow Table:
IngressPort
EtherSource
EtherDest
VLAN ID
VLANPriority
IP Src IP Dst IP Proto
IP ToS Src L4 Port
Dst L4Port
11
FLOW TABLE EXAMPLE
• Idle timeout: Remove entry if no packets received for this time• Hard timeout: Remove entry after this time• If both are set, the entry is removed if either one expires.
Port SrcMAC
DstMAC
VLAN ID
Prio Ether Type
SrcIP
Dst IP IP Proto
IP ToS
SrcL4 Port
DstL4 Port
Action Counter
* * 0A:C8:*
* * * * * * * * * Port 1 102
* * * * * * * 192.168.*.*
* * * * Port 2 202
* * * * * * * * * * 21 21 Drop 420* * * * * * * * 0x806 * * * Local 444* * * * * * * * 0x1* * * * Controlle
r1
12
ACTIONS• Controller can send flow table entries beforehand
(Proactive) or Send on demand (Reactive). OpenFlowallows both models.
• Forward to Physical Port i or to Virtual Port:• All: to all interfaces except incoming interface• Controller: encapsulate and send to controller• Local: send to its local networking stack• Table: Perform actions in the flow table• In_port: Send back to input port• Normal: Forward using traditional Ethernet• Flood: Send along minimum spanning tree except the incoming
interface• Enqueue: To a particular queue in the port à QoS• Drop• Modify Field: E.g., add/remove VLAN tags, ToS bits,
Change TTL
13
FLOWVISOR• FlowVisor uses OpenFlow as a hardware
abstraction layer to sit logically between control and forwarding paths on a network device • OpenFlow provides an abstraction of the
networking forwarding path that allows FlowVisor to slice the network
“FlowVisor: A Network Virtualization Layer”, by Rob Sherwood, Glen Gibb, Kok-Kiong Yap, Guido Appenzeller, Martin Casado, Nick McKeown, Guru Parulkar, White paper, 2009.
14
FLOWVISOR CONCEPT
15
FLOWVISOR FEATURES
• FlowVisor intercepts OpenFlowmessages from guest controllers (1) and, using the user’s slicing policy (2), transparently rewrites (3) the message to control only a slice of the network.• Messages from switches (4) are
forwarded only to guests if it matches their slice policy
16
17
FLOWVISOR
BEYOND OPENFLOW
• OpenFlow does not represent the only possible architecture
• Distributed SDN Control Plane (ONOS)
• P4 (high level programming language for software-based switches)
18
NETWORK FUNCTION VIRTUALIZATION
“NFV is a network architecture concept that proposes using IT virtualization related
technologies to virtualize entire classes of network node functions into building blocks that
may be connected, or chained, together to create communication services”
Wikipedia: http://en.wikipedia.org/wiki/Network_Functions_Virtu
alization
19
NFV CONCEPT
20
Classical Network Model:Hardware Applicances
New Network Model:Virtual Applicances
Dedicated HW/SW Platform (e.g. firewall)
Firewall SW Appliance
Commodity Hardware
VIRTUALIZATION ALTERNATIVESShips within…
Manual deployment takes…
Automated deployment takes…
Boots in…
Bare Metal days hours minutes minutes
Virtualization
minutes minutes seconds less than a minute
Lightweight virtualization
seconds minutes seconds seconds
From: http://www.socallinuxexpo.org/sites/default/ les/presentations/Jerome-Scale11x%20LXC%20Talk.pdf
21
NFV VS SDN
• NFV (Network Function Virtualization) and SDN are complementary• One does not depend upon the other.
• Both have similar goals but approaches are very different• SDN needs new interfaces, control module applications.• NFV requires moving network applications from dedicated
hardware to virtual containers on commercial-off-the-shelf (COTS) hardware
https://portal.etsi.org/Portals/0/TBpages/NFV/Docs/NFV_White_Paper3.pdf
22
NFV COMPONENTS• Network Function (NF): Functional building block with
well defined interfaces and well defined functional behavior
• Virtualized Network Function (VNF): Software implementation of NF that can be deployed in a virtualized infrastructure
• VNF Forwarding Graph: Service chain when network connectivity order is important, e.g. firewall, NAT, load balancer
• NFV Infrastructure (NFVI): Hardware and software required to deploy, manage and execute VNFs including computation, networking and storage
• NFV Management & Orchestration: The orchestration of physical/software resources that support the infrastructure virtualisation, and the management of VNFs
23
OPENNFV
27
Operations Support System (OSS)Business Support System (BSS)Element Management System (EMS)
24
OPENNFV
28
25
VIRTUALIZATION CONCEPTS: EVERYTHING ISVIRTUAL!
Virtualization as a Paradigm
Virtual Machine
Guest OS
Guest Application
Virtual Machine
Guest OS
Guest Application
Virtual Machine
Guest OS
Guest Application
NF: Network Function VNF: Virtual Network Function NC: Network Controller VN: Virtual Network
Virtualization and
Application
Management
Hardware
Host OS
Hypervisor
Cloud Stack, Open Stack
Cloud API
VNF
VN VN NF
NF
VN
NaaS
IaaS
NC
VNC
Virtual Machine
Guest OS
Guest Application
Examples of VNFs: • Switching: BNG, CG-NAT, routers. • Mobile network nodes: HLR/HSS,
MME, SGSN, GGSN/PDN-GW, RNC. • Home routers and set top boxes. • Tunnelling gateway elements. • Traffic analysis: DPI. • Signalling: SBCs, IMS. • Network-wide functions: AAA servers,
policy control. • Application-level optimisation: CDNs,
Load Balancers. • Security functions: Firewalls, intrusion
detection systems.
Virtual Network Functions (VNF)
2
26
UE
eNodeB S-GW
MME HSS
AAA
P-GW
P-GW
AdministrativePDN
Services PDN
(Internet)S1-MME
S1-U
S11
S6a
SWx
SGi
SGi
S5/S8
S5/S8
Evolved Packet Core (EPC)Radio Access Network (RAN)
LTE IN A NUTSHELL
27
UE
eNodeB S-GW
MME HSS
AAA
P-GW
P-GW
AdministrativePDN
Services PDN
(Internet)S1-MME
S1-U
S11
S6a
SWx
SGi
SGi
S5/S8
S5/S8
Evolved Packet Core (EPC)Radio Access Network (RAN)
The MME is the key control-node for the LTE access-network. It isresponsible for idle mode UE (User Equipment) paging and taggingprocedure including retransmissions. It is involved in the beareractivation/deactivation process.
28
LTE IN A NUTSHELL
UE
eNodeB S-GW
MME HSS
AAA
P-GW
P-GW
AdministrativePDN
Services PDN
(Internet)S1-MME
S1-U
S11
S6a
SWx
SGi
SGi
S5/S8
S5/S8
Evolved Packet Core (EPC)Radio Access Network (RAN)
The SGW routes and forwardsuser data packets, while alsoacting as the mobility anchor for the user plane during inter-eNodeB handovers and as the anchor for mobility between LTE and other 3GPP technologies.
29
LTE IN A NUTSHELL
UE
eNodeB S-GW
MME HSS
AAA
P-GW
P-GW
AdministrativePDN
Services PDN
(Internet)S1-MME
S1-U
S11
S6a
SWx
SGi
SGi
S5/S8
S5/S8
Evolved Packet Core (EPC)Radio Access Network (RAN)
The PDN Gateway providesconnectivity from the UE to external packet data networks by being the point of exit and entry of traffic for the UE.
30
LTE IN A NUTSHELL
UE
eNodeB S-GW
MME HSS
AAA
P-GW
P-GW
AdministrativePDN
Services PDN
(Internet)S1-MME
S1-U
S11
S6a
SWx
SGi
SGi
S5/S8
S5/S8
Evolved Packet Core (EPC)Radio Access Network (RAN)
The HSS is a centraldatabase that containsuser-related and subscription-relatedinformation (HLR+AuC).
31
LTE IN A NUTSHELL
5G IN A NUTSHELL 32
5G Disruptive
Capabilities
32
� Network slicing – new value creation opportunities(vertical segments)� enables a concurrent deployment of
multiple logical, self-contained networkson a common physical infrastructure platform with devise business demands
� offers dedicated resources that can be used in an isolated, disjunctive or shared manner and a customized network operation
� supports flexible, on-demand, provision of network resources, network functions and applications, even with short lifecycles - resource physical or virtual
THE NETWORK SLICING CONCEPT
33
VIRTUALIZATION AND SLICING•Network virtualization can be achieved by slicing
the available resources:• Bandwidth: each slice should have its own fraction of
bandwidth on a link• Topology: each slice should have its own view of
network nodes (switches, routers) and the connectivity between them• Traffic: to associate a specific setof traffic to one (or
more) virtual networks so that one set of traffic can be cleanly isolated from another• Device CPU: computational resources must also be
sliced• Forwarding tables
34
� In composing and allocating network slicing: � Software defined control and separation of control/data plane
• Network programming via SDN APPs� Network function virtualization
and resource orchestration• (De)compose/allocate VNFs
� Flexible service chaining and service provision
� Mobile edge computing services closer to the user
� QoS provision policy� Selection of RAT / fix access� Data offloading policies
NETWORK SLICING TECHNOLOGY ATTRIBUTES
35
HSS
PCRFMME
AAA
SGW + PGWU.P.
SGW + PGWC.P.
eNB + gNB
4G Arch
NSSF
DN2UPF2
Network Functions:-UDM: Unified Data Management-AUSF: Authentication Server Function-PCF: Policy Control Function-AMF: Core Access and Mobility Management Function-SMF: Session Management Function-UPF: User plane Function-DN: Data network, e.g., operator services, Internet access-(*) NSSF: Network Slice Selection Function
Interfaces:-NG1: NAS-NG2: AN-CN C-plane-NG3/NG9: per PDU Session tunnelling-NG7/8/10-15: C-Plane Service-based interface
3GPP NETWORK SLICING ARCHITECTURE
36
BASE STATION VIRTUALIZATION
• eNB virtualization in LTE: • via hypervisor means that shares
resources among different MNOs• consider radio conditions, sharing
contracts and traffic load
• Network Virtualization Substrate (NVS) operates closely to MAC scheduler and adopts a two-step process: • one managed by the infrastructure
provider for controlling the resource allocation towards each virtual instance of an eNB
• the second controlled by each VMNO providing scheduling customization for allocated resources
37
3GPP RAN FOR NETWORK SLICING
• Slice preference / Selection • The UE sends a RRC request specifying the Network Slice Selection Assistance
Information (NSSAI) indicator(s).• NSSAI has clear definition in SA2 TR 23.799 and TS 23.501.• NSSAI is a vector of slice ID preferences (e.g., slice-ids) the UE would like to join.• NSSAI information are pre-coded on the SIMcard (like the IMSI information) and
cannot be selected (for the moment) by the device user interface.• For signaling between RAN and CN a Slice ID is represented by an NSSAI or SM-NSSAI.
For the air interface, it is up to RAN groups to decide how to carry NSSAI information in RRC.
• In the RRC Connection Response, the eNB notifies the UE with allowed/accepted NSSAI, which will be stored and use for future messages.
RRC Connection Req.
RRC Connection Resp.
AMF Selection
Slice Availability
• Mobility• Slice availability during mobility, e.g.,
• Neighbours may exchange slice availability• core network could provide the RAN a mobility
restriction list• source gNB needs to pass on slices that a UE in
question is using to a target gNB• target AMF is responsible for removing (or
inactivating) at NAS level any slice no longer supported at the target node.
• Heterogeneous Slice Structure• Same number of slices available in the same
Tracking Area (or specified cell cluster)• AMF can deattach the UE from a specific slice,
e.g., Netflix when is not used.• HO procedures are required when moving to
areas with different slice availability, as AMFshould be changed.
• Different PDN-Ips can be assigned tothe same UE over time.
38
E2E SLICING CONCEPTJournal of Information Processing Vol.25 153–163 (Feb. 2017)
Fig. 1 End-to-end slicing concept [41].
radio boundary, so called mobile packet core slicing and RAN(Radio Access Network) slicing. Each network slice is made upof a virtualized air-interface, radio access network and mobilepacket core network, and transport network combined. We alsonote that mobile fronthaul and backhaul network slicing need tobe considered as well.
3. Packet Core Slicing
There are several research efforts to slice packet core networksusing virtual machines on top of white boxes with general pur-pose processors and network processors as well as FPGAs. Inthis section, we first review the components of packet core net-work and introduce our preliminary research efforts on slicingpacket core networks using deeply programmable network nodeswith general purpose processors and network processors, calledFLARE programmable nodes [6] and FPGA boards with Ope-nAirInterface (OAI) [39] on top of them.
3.1 Packet Core NetworkIn 3GPP, the current generation Evolvable Packet Core (EPC)
network has been designed and standardized as a flat architec-ture, where IP (Internet Protocol) is the only protocol to transportall services. A User Equipment (UE) can get Internet connectiv-ity when connected to EPC over RAN (radio access network). Inconsidering end-to-end network slicing, we must fist study packetcore network slicing as an extension to well studied transport net-work slicing, such as transport SDN.
3.2 MVNO as Precursor to SlicingMobile Virtual Network Operators (MVNOs) that obtain sliced
RAN resources from Mobile Network Operators (MNOs) act as aforerunner in mobile network slicing, which is a key technologyin the evolution towards 5G cellular wireless networks. Compar-ing to the traditional MNOs, MVNOs don’t need to build theirown RAN but focus on building new business models and newvalue-added network functions in their packet core networks.
We believe that an in-depth study of MVNO network not only
Fig. 2 Underlying infrastructure of FLARE [6].
help the current MVNOs improve their services but also benefitthe 5G research and development in terms of network slicing, es-pecially for allocating isolated resources for different applicationsand services.
For example, in Refs. [25], [37], we create application specificslices and characterize the flow properties of popular mobile ap-plications. We have studied how to create per-application sliceswithin an MVNO using deeply programmable FLARE [6] nodes.Since the data plane of our MVNO is enabled to be deeply pro-grammable by FLARE nodes, from given flows observed at thedata plane, we can identify applications that transmit those flowswith 100% accuracy. We also develop an application-specificin-network processing mechanism to optimize MVNO networkthrough applying different virtual network functions to differentapplications.
3.3 FLARE Programmable NodeFLARE [6] is an open deeply programmable node architecture
that can concurrently run multiple isolated virtual network func-tions on a physical node. As shown in Fig. 2, a FLARE nodeconsists of a combination of many-core network processors andIntel x86 processors. With various virtualization techniques, weslice both resources (CPUs, memory and link bandwidth) in bothmany-core processors and x86 processors. We define sliver as a
c⃝ 2017 Information Processing Society of Japan 155
A. Nakao, et al., “End-to-end Network Slicing for 5G Mobile Networks,” J. Of Information Processing, Vol. 25, pp. 153-163, Feb.’17.39
� 5G Network slice broker� Perfrom admission control based-on
indicated SLA � Use Itf-N and Itf-B to monitoring KPIs and
configure slice on RAN � Receive on-demand slice request from
• MVNOs via the Type 5.• verticals and OTT providers, through SCEF
� Itf-N, Itf-B and Type 5 interface enhancements: � PLMN-id or vertical-id � type of resources and QoS� starting time, duration or periodicity � amount of resource blocks or capacity � size of file to be downloaded� mobility (stationary, low, medium, high) � service disruption tolerance� performance measurement info
MULTI-TENANCY SUPPORT IN 3GPP NETWORKS
40
CLOUD RAN - DEFINITION• C-RAN (Cloud-RAN), sometimes referred to as Centralized-RAN, is a
proposed architecture for future cellular networks.• Motivation: BTS are designed to handle the maximum traffic, not average
traffic, resulting in a waste of processing resources and power at idle times à a more flexible solution is needed.
41
BBU Pool RRH
RRHRRH
Fronthaul links
C-RAN CONCEPT
• C-RAN may be viewed as an architectural evolution of the above distributed base station system.
• It takes advantage of many technological advances in wireless, optical and IT communications systems.• It uses the latest CPRI standard, low cost Coarse or Dense Wavelength Division
Multiplexing (CWDM/ DWDM) technology, and mmWave to allow transmission of baseband signal over long distance, thus achieving large scale centralised base station deployment.
• It applies recent Data Centre Network technology to allow a low cost, high reliability, low latency and high bandwidth interconnect network in the BBU pool.
• It utilises open platforms and real-time virtualisation technology rooted in cloud computing to achieve dynamic shared resource allocation and support of multi-vendor, multi-technology environments.
42
CLOUD RAN ARCHITECTURE
• Large scale centralized deployment:• It allows hundreds of thousands of remote RRH connect to a centralized BBU
pool. The maximum distance can be 20 km in fiber link for 4G (LTE/LTE-A) system, even longer distance (40 km~80 km) for 3G (WCDMA/TD-SCDMA) and 2G (GSM/CDMA) systems.
• Apparently, some Asia operators have deployments of C-RAN systems with 1200 RRHs centralized to one central office.
• Native support to Collaborative Radio technologies:• Any BBU can talk with other BBU within the BBU pool with very high bandwidth
(10Gbit/s and above) and low latency (10us level). This is enabled by the interconnect of BBU in the pool.
• This is one major difference from BBU Hoteling, or base station hoteling. In the latter case, the BBU of different base stations are simply stacked together and has no direct link among them to allow physical layer co-ordination.
43
CLOUD RAN ARCHITECTURE
• Real-time virtualization capability based on open platform:• This is different from the traditional base station built on proprietary hardware,
where the software and hardware are closed-sources and provided by one single vendor. C-RAN BBU pool is built on open hardware, like x86/ARM CPU based servers, plus interface cards to handle fiber link to RRH and inter-connection in the pool.
• Real-time virtualization make sure the resources in the pool can be allocated dynamically to base station software stacks, say 4G/3G/2G function modules from different vendors according to network load.
• To satisfy the strict timing requirement of wireless communication system, the real-time performance for C-RAN is at the level of 10s of micro-seconds, which is two magnitude higher than the milli-second level 'real-time' performance usually seen in Cloud Computing environment.
44
CONCLUSIONS
• This seminar introduced SDN and VNF methodologies
• 5G seems a relevant scenario where such technologies will be implemented
• Several aspects need to still be analyzed
• Open topic, both for research and implementation/deployment
45