Safety Scalability and Efficiency of Network Function State Transfers Aaron GemberJacobson amp Aditya Akella 1 NFV start instances ondemand SDN reroute flows ondemand NF that is ID: 619580
Download Presentation The PPT/PDF document "Improving the" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Improving the Safety, Scalability, and Efficiencyof Network Function State Transfers
Aaron Gember-Jacobson & Aditya Akella
1Slide2
NFV: start instances on-demandSDN: re-route flows on-demandNF that is…
Dynamic NF deployments
Auto-scaled
Immediately
updated
Opportunistically
augmented
v2
v2
Hypervisor
2Slide3
E.g., endpoint metadata,packet payloads, countersPossible solutionsOnly re-route new flowsClone virtual machines
NF state management frameworksE.g., Split/Merge [NSDI’13], OpenNF [SIGCOMM’14]
What about NF state?
3Slide4
State transfers in OpenNF4
Control
App
move(
red
, IDS
1
→IDS
2
)
getState
(
red
)
putState
(…)
forward
(
red,IDS2)
IDS
2
IDS
1
redirectPkts(
red)
OpenNF
ControllerSlide5
Problems5
Control
App
move(
red
, Bro
1
, Bro
2
)
getState
(
red)
putState
(…)
forward
(
red
,Bro2)
IDS
2
IDS1
redirectPkts
(red
)
OpenNF
Controller
OpenNF
Controller
1) Efficiency
buffering → output delayed
2) Safety
overflow → loss → incomplete analysis
3) Scalability
transfer via controllerSlide6
This talk6
1) Efficiency
buffering → output delayed
3) Scalability
transfer via controller
2) Safety
overflow → loss → incomplete analysis
How do we solve
these issues?
1) Efficiency
buffering → output delayedSlide7
Output delayNo packet processing (+ output)during state transferLive virtual machine migration
State is small → memory page is too coarse
A B C
D E F
G H I
J K L
A B C
D E F
G H I
J K L
1 2 3
4 5 6
1 2 3
4 5 6
1 2 3
4 5 6
1 2 3
4 5 6
7 8 9
7
7 8 9Slide8
Controller
Packet reprocessing
NF
2
NF
1
P1
P2
P1’
move(
red
, NF
1
→NF
2
)
P2’
P2
Process packet
Process packet again
How do we suppress output?
wrappers for network and file I/O functions
8
S1
S1
S2
Recopy?
S2
Process packet again; no outputSlide9
Benefits of reprocessing (1)
Buffering does not impact output latency
4x lower
latency
9Slide10
S1
Controller
NF
2
NF
1
Always has
up-to-date state
Benefits of reprocessing (2)
P2
P3
P2’
P3’
We can safely recover from buffer overflow
P2
P3
P4
P4
P4’
10
S1
S2
S3
S4
S4
RecopySlide11
This talk11
3) Scalability
transfer via controller
2) Safety
overflow → loss → incomplete analysis
1) Efficiency
buffering → output delayed
1) Efficiency
buffering → output delayed
2) Safety
overflow → loss → incomplete analysis
3) Scalability
transfer via controller
Packet
reprocessingSlide12
Minimizing controller overheadWe don’t want to send state/packets through the controller
NF2
NF
1
OpenNF
Controller
12
Peer-to-peer transferSlide13
NF
1
Use virtual Ethernet (
veth
)
interfaces and bridging
NF
2
Challenge: injecting packets
13
bridge
vethP2Pbr
ethIn
vethNFin
vethNFbr
vethP2PinSlide14
Benefits P2P transfer (1)
State transfers occur over a direct connection
Up to 70% faster
14Slide15
Benefits P2P transfer (2)
Less work for the controller
Near Constant
15Slide16
Summary16
3) Scalability
transfer via controller
2) Safety
overflow → loss → incomplete analysis
1) Efficiency
buffering → output delayed
1) Efficiency
buffering → output delayed
2) Safety
overflow → loss → incomplete analysis
3) Scalability
transfer via controller
Packet
reprocessing
P2P
transfer
http://opennf.cs.wisc.edu