1 / 19

Problems and Solutions in Enterprise Network Control: Motivations for a 4D Architecture

This article discusses the problems faced by network designers and provides solutions for enterprise network control, including VLANs, IP address assignment, and packet filters. It also introduces the concept of a 4D architecture for simplified network management.

jamescthomas
Download Presentation

Problems and Solutions in Enterprise Network Control: Motivations for a 4D Architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Problems and Solutions in Enterprise Network Control:Motivations for a 4D Architecture David A. Maltz Microsoft Research Joint work with Albert Greenberg, Gisli Hjalmtysson Andy Myers, Jennifer Rexford, Geoffrey Xie, Hong Yan, Jibin Zhan, Hui Zhang

  2. Isolation, VLANs, and the Spaghetti that Results • Network designers want to deal in groups • Collect users/host into group • Measure, restrict/permit, QoS, a group’s traffic • Routing designs to do this are horribly complicated • VLANs • Clever IP address assignment • Packet filters everywhere Let the designers configure policy in terms of groups • Shouldn’t have to worry about L2/L3 etc.

  3. Device Configuration is a Nightmare interface Ethernet0 ip address 6.2.5.14 255.255.255.128 interface Serial1/0.5 point-to-point ip address 6.2.2.85 255.255.255.252 ip access-group 143 in frame-relay interface-dlci 28 router ospf 64 redistribute connected subnets redistribute bgp 64780 metric 1 subnets network 66.251.75.128 0.0.0.127 area 0 router bgp 64780 redistribute ospf 64 match route-map 8aTzlvBrbaW neighbor 66.253.160.68 remote-as 12762 neighbor 66.253.160.68 distribute-list 4 in access-list 143 deny 1.1.0.0/16 access-list 143 permit any route-map 8aTzlvBrbaW deny 10 match ip address 4 route-map 8aTzlvBrbaW permit 20 match ip address 7 ip route 10.2.2.1/16 10.2.1.7

  4. Device Configuration is a Nightmare • Thousands of lines of configuration • Make a configuration mistake, router becomes unreachable over the network Want zero device-specific configuration

  5. Network Designers Want “Simple” Things(But Achieving Them is Incredibly Hard) Data Center Infrastructure Servers

  6. Network Designers Want “Simple” Things(But Achieving Them is Incredibly Hard) Support customized responses • Enable designers to express desired behaviors

  7. Embrace Heterogeneity or Die! • No two router versions have the same capabilities • That’s why they have different version #s • Device vendors add features to differentiate their products • No one wants to be made a commodity Management/control systems that treat devices as generic are doomed to be stillborn • Must make use of new features that vendors innovate • Common format for configuration state - okay • One-size-fits all logic computing that state – not okay

  8. Good Abstractions Reduce Complexity All decision making logic lifted out of control plane • Routers no longer run routing protocols • Dissemination plane provides robust communication to/from data plane switches Management Plane Configs Decision Plane Control Plane FIBs, ACLs FIBs, ACLs Dissemination Data Plane Data Plane

  9. A Clean-Slate Approach: The 4D Architecture Generating table entries Decision Plane Routing Table Access Control Table NAT Table Tunnel Table DisseminationPlane Install table entries Discovery Plane Modeled as a set of tables Data Plane

  10. Using the 4D Architecture • Install a security key on each device • Connect them together • Connect Decision Elements Example network with 49 switches and 5 DEs

  11. Does it work? Yes. • 4D designed so performance can be predicted • Recovers from single link failure in < 120 ms • < 1 s response considered “excellent” • Faster forwarding reconvergence possible • Survives failure of master Decision Element • New DE takes control within 170 ms • No disruption unless second fault occurs • Gracefully handles complete network partitions • Less than 170 ms of outage • At no point did two DEs attempt to master the same switch

  12. 4D Enables Customized Decision Logic • Example also illustrates the 4D controlling both L2 and L3 (Ethernet and IP)

  13. Tying the Hosts and Users Back Into the Network • 4D gets us back to every Ethernet jack on the wall is the same • Now how to differentiate them based on what user/hosts connects? Extend 4D into the hosts (a little bit) • 4D creates paths between newly connected hosts and authentication server (DHCP/DC/BRAS) • Hosts bootstrap, users login • Discovery Plane finds the new host • Routes pushed to switches • DNS/printer/IPSEC policies/etc pushed to host

  14. 4D as the Framework for Network Control (?) • Decision Plane must be modular/extensible • Isolation: each group specifies the decision logic used to control traffic among the group • Device heterogeneity: vendor ships decision logic that leverages their cool new feature along with the router Grand Vision: 4D must arbitrate access to resources • Different decision logics may output conflicting state • The operating system for the network Step 1: 4D is the easiest framework in which to implement cool routing/control ideas • What Click did for routers, 4D should do for the network

  15. Backup Slides

  16. Simple Questions • Should switches/routers be in the same address space as end hosts? • End hosts hack into routers? • Communication channel for control and management • Operational when data channel fails?

  17. Routers Serve Different Functions

More Related