gdt: Kangaroo road sign (Default)
Glen Turner ([personal profile] gdt) wrote2013-07-10 10:39 pm
  • Add Memory
  • Share This Entry
Entry tags:

SDN: Week 3: Network Virtualisation

Virtualisation

Network virtualisation is just like server virtualisation. Rather than virtualise CPUs are virtualise networks -- multiple networks on ne physical infrastructure. "Hypervisor" equivalent implements isolation and resource sharing. Nodes are VMs. Links are tunnels.

Motivation. "Ossification". Too difficult to change underlying IP infrastructure. Need a way of allowing technologies to evolve. Originally used overlay networks.

The promise. Rapid innovation (delivering services at software speed). New forms of network control. Vendor choice, as logical network decoupled from underlying physical infrastucture (all the magic happens in the virtual network). Simpler programming and operations, as details of physical network are hidden.

Distinguish SDN and Virtual networks. SDN does not abstract the details of the physical network. SDN separates control plane and forwarding plane. Virtual networks instantiate multiple networks one physical infrastructure.

Virtual private networks. A different thing, they connect distributed sites. VPNs don't allow multiple custom architectures to run.

Design goals of virtual networks. Flexibility, in topology, routing and forwarding architectures. Manageability, as separate control and data planes and distinct policy and implementation. Scalability, many multiple logical networks. Isolation of one network and its resources from another for robustness and security. Programmability, for test beds, etc. Hetrogeneity, to support many different topologies and techniques.

Building a virtual network

Virtual nodes. Xen. User-mode Linux and network name spaces. KVM, VMWare, VirtualBox.

Example VM environment: Xen. Multiple guest OSs. Domain0 runs the control software to arbitrate access to resources.

Virtual links, based on tunnel technologies. GRE (ethernet frames in IP packets). These may traverse multiple IP hops. Others: VXLAN.

Tunnels use interior and exterior interfaces. A "short-bridge" extended Linux bridging.  OpenVSwitch reimplemented bridging, with OpenFlow and JSON control access.

Summary. Motivation is flexible and agile deployment. Giving innvoation, vendor independence, scale. Technologies required are virtual nodes, links and switches. Distinction between SDN and Virtual networks. SDN separates control and data plan, Virtual networks separate logical and physical networks. SDN a useful tool for implementing virtual networks, but they remain distinct concepts.

Applications of virtual networks

Allows experimentation on production networks, virtual experimental infrastucture. Rapid development and deployment of new network services. Allows dynamic scaling of resources.

Experimentation on production networks

Historically new protocols and archectures were emulated and simulated, but deployment hit a Catch-22 roadblock: to show it will work in production it needs to be seen to work in production. So a VN allows a research network in parallel to a production network. eg: "FlowVisor", where a subset of a users flows (a "flowspace") can be send into differing logical networks with different controllers.

Rapid deployment of new services.

Nicira. Hosts see a virtual network. Provisioning done by a distributed controller. egs:  give each tenant their own VN, virtualisation allows the resources applied to be dynamically right-sized.

Dynamic security. Central management of access to virtual network.

Dynamic scaling of resources. Can logically knit together clouds to allow dynamic scaling. A Virtual private cloud allows "seemingly direct" connection of cloud servers to customer networks (eg, by Amazon). Useful for outsourcing management of servers.

Wide area virtual networks. Parallel experimentation: VINI, GENI. Value added services: CABO. Multiple control structures: Tempest.

"Virtual network in a box". Networking for VMs on a single server.

Network functions virtualisation. Unification of middleboxes: firewalls, load balancers, DPI. Let's replacement them with a distributed compute pool and run those as software, attach them to network using a VN.

Summary of applications: experimentation, isolation on shared resources, reuse of resrouces, dynamic scaling, easier management.

Mininet



Fast, custom topologies, real programs, programmable openflow switches, easy to use, open source.

Alternatives. Real system: pain to configure. Networked VMs: scalability. Simulator: no path to deployment.

How Mininet works. nm is controlling script. Uses namespaces, with a shell script and ethernet interfaces in each. The namespace interfaces (h2-eth0, etc) are veth-ed to switch interfaces (s2-eth0, etc). The switch is ofdatapath which is minded by ofprotocol. This switch is programmed by the controller.

Mininet itself runs in a VM, for ease of distribution.

Mininet examples



Single switch, three hosts: sudo mn --test pingall --topo single,3. Uses default controller and default switch.

Starting VM: User mininet, password mininet. dhclient ..., ifconfig ..., ssh -X mininet@....

Mininet options
--topo topology
--switch switch, uses OVSK by default
--controller uses a hub by default

Examples

One hub, two hosts: sudo mn --topo minimal

Four hosts, four switches, linear topology: sudo mn --topo linear,4

Three hosts, one switch: sudo mn --topo single,3

Tree with depth and fanout: sudo mn --topo tree,depth=2,fanout=2

Under the Mininet hood



mn is a launch script which runs Python. Consider mn --topo linear,4:

from mininet.net import Mininet
from mininet.topo import LinearTopo

Linear = LinearTopo(k=4)
net = Mininet(topo=Linear)
net.start()
net.pingAll()
net.stop()


Can also create you own code, such as this two hosts and one switch:

from mininet.net import Mininet
from mininet.util import createLink

net = Mininet()

# Create nodes in the network
c0 = net.addController()
h0 = net.addHost('h0')
h1 = net.addHost('h1')
s0 = net.addSwitch('s0')

# Create links between nodes
net.addLink(h0, s0)
net.addLink(h1, s0)

# Configure IP addresses
h0.ipSet('192.168.1.1', 24)
h1.ipSet('192.168.1.2', 24)

# Run
net.start()
net.pingAll()
net.end()


If you want to debug then before net.end() say mininet.cli.CLI(net)

addLink() has some parameters: bw, bandwidth in Mbps; delay; max_queue_size; loss, in percentage.

https://github.com/mininet/mininet/wiki/Introduction-to-Mininet

Things not covered:

- accessing files. They are shared between namespaces, use the usual Python methods.
- link speeds and properties
- custom controllers and switches
- host configuration (not just IP addresses)
- performance measurements.