HighLevel Programming for Programmable Networks Network OS Yang Richard Yang Computer Science Department Yale University 208A Watson Email yrycsyaleedu http zoocsyaleedu ID: 701513
Download Presentation The PPT/PDF document "CS43 4 /53 4 : Topics in Networked (Netw..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
CS43
4
/53
4
: Topics in Networked (Networking) Systems
High-Level
Programming for
Programmable
Networks
;
Network
OS
Yang (Richard) Yang
Computer
Science Department
Yale University
208A
Watson
Email:
yry@cs.yale.edu
http://
zoo.cs.yale.edu
/classes/cs434
/Slide2
2
Outline
Admin and recap
High-level
datapath
programming
b
lackbox
(trace-tree)
w
hitebox
c
ompact per-instruction table (PIT) pipeline
o
ptimized pipeline
Network OS supporting programmable networks
o
verview
OpenDaylightSlide3
3
Recap: Black vs
Whitebox
Approaches
Blackbox
(trace-tree)
Pros
Simple, language independent
Cons
Generate only a single table
Reactive, with potentially long latency
Whitebox
(compiler)
Goal:
p
roactive
, fully generated
datapathSlide4
Recap: Map Each Instruction to a Flow Table
4Map<MAC, Switch> hostTable; // {11->sw1, 22->sw1, 33->sw2,others swu
}
Map<MAC,
Cond>
condTable
; // {11->S, 22->C, 33->C, others UK}
Set
openPorts
;
//
{22
, 53, 80, 8000,
8080, 9090}
Route
onPacketIn
(
Packet
p) {
L1
if
(
p.dstPort
< 1025)
{ // privileged port, SW_FW
L2
:
dstSw
=
SW_FW;
L3:
dstCond
= S
;
L4
:
}
else if
(
openPorts.contains
(
p.dstPort
)) {
// spec user
L5
:
dstSw
=
hostTable
[
p.dstMac
];
L6
:
dstCond
=
condTable
[
p.dstMac
];
L7
:
}
else
{
L8
:
return
Drop; }
//
All pairs paths for all
dstConds
L9
:
allPaths
=
AllPairsCond.execute
( ...
);
L10
:
srcSw
=
hostTable
[
p.srcMac
];
L11
:
return
allPaths
[
dstCond
].get(
srcSw,dstSw
); }Slide5
Recap: Table-Friendly Instructions
5
p.dstPort
Action
1
Reg
g1
= true
jump L2
2
...
216Regg1=falsejump L2
L1
Naïve enumeration
L1. g1 = p.dstPort < 1025;
Prip.dstPortAction20000 00xx xxxx xxxxregg1=true jump L220000 0100 0000 0000regg1=true jump L21xxxx xxxxxxxx xxxxregg1=false jump L2
We say L1 is a
compact-mapable (CM) instruction: Despite large input domain, small # of rules to express.
Compact encodingSlide6
Recap: Table-Friendly
Instructions6
p.dstPort
Action
1
Reg
g2
= false;
jump L6
...
22
Regg2 = true; jump L6…216
Regg1
=false; jump L6L5
L5. g2 = openPorts.contains(p.dstPort);
// openPorts = {22, 53, 80, 8000, 8080, 9090};L5 is another type of CM instruction: Despite large input domain, system state already provides (small) potential values.Prip.dstPortAction222Regg2 = true; jump L6253Regg2 = true; jump L6
2
80
Reg
g2
= true;
jump L6
2
8000
Reg
g2 = true; jump L628080Regg2=true; jump L629090Regg2=true; jump L61*Regg2=false; jump L6
Naïve enumeration
Compact encoding using system stateSlide7
Summary
: Progress & Remaining Problems7Symbolic analysis/direct state-plugin cannot generate tables for
some instructions
Tables computed
in isolation can have
unnecessary
rules.Slide8
Recap: Observation
Both problems are essentially the same, we need to compute valid inputs to each instruction:g2 = openPorts.contains(p.dstPort);If we know valid inputs to dstPort (<1025), we can prune the extra rules (22, 53, 80)allPaths[dstCond
].get(
srcSw,dstSw
);
If we know the valid values of (
dstCond
,
srcSw
,
dstSw
) reaching this instruction, we can compute a compact flow table for it (not all potential values).8Slide9
Recap: Naïve Approach can Compute Non-Valid Inputs
L1: m1 -> s1, m2 -> s2, …, mn -> snL2: m1 -> c1, m2 -> c2, …, mn-> cnL4 sees only n (sw, cond) combinations, not n
2 combinationsThis is called
dependent
inputs
9
Map<MAC, Switch>
hostTable
; // {11->sw1, 22->sw2,
33->sw2,
others
swu
} Map<MAC, Cond> condTable; // {11->S, 22->C, 33->C, others UK}0. Route onPacketIn(Packet p) {L1. Switch dstSw = hostTable.get( p.dstMac() );L2. Cond dstCond = condTable.get( p.dstMac() );L3. Route aRoutes = AllPairCondRoutes();L4. return aRoutes.get(dstSw, dstCond); Slide10
Basic Approach: The
FlowExplore AlgorithmComputes (I, state) to each instruction, using flow tables as edges10Slide11
11
L1, EMPTYL2,
dstSw
=sw1,
dstMac
=11
L2,
dstSw
=sw2,
dstMac
=22
L2,
dstSw=sw2, dstMac=33L2, dstSw=swu, dstMac=*Prip.dstMacAction211
dstSw=sw1
2
22
dstSw=sw2233dstSw=sw21*dstSw=swuSlide12
12
L1, EMPTYL2,
dstSw
=sw1,
dstMac
=11
L2,
dstSw
=sw2,
dstMac
=22
L2,
dstSw=sw2, dstMac=33L2, dstSw=swu, dstMac=*L4, dstCond=C, dstMac=22Prip.dstMac
Action2
11
dstCond
=S 222dstCond=C233dstCond=C1*dstCond=UKL4, dstCond=S, dstMac=11L4, dstCond=C, dstMac=33dstMac is already part of state, no need to use flow table, use state propagationL4,
dstCond=UK, dstMac=*
Pri
p.dstMac
Action
2
11
dstSw
=sw1
2
22dstSw=sw2233dstSw=sw21*dstSw=
swuSlide13
13
L1, EMPTYL2,
dstSw
=sw1,
dstMac
=11
L2,
dstSw
=sw2,
dstMac
=22
L2,
dstSw=sw2, dstMac=33L2, dstSw=swu, dstMac=*L4, dstSw=sw1, dstCond=S, dstMac=11dstMac is a dead variable and hence should be removed.Pri
p.dstMac
Action
2
11dstSw=sw1 222dstSw=sw2233dstSw=sw21*dstSw=swuSlide14
14
L1, EMPTYL2,
dstSw
=sw1,
dstMac
=11
L2,
dstSw
=sw2,
dstMac
=22
L2,
dstSw=sw2, dstMac=33L2, dstSw=swu, dstMac=*L4, dstSw=sw1, dstCond=SL4, dstSw=sw2, dstCond=CL4, dstSw=sw2, dstCond=C
Pri
p.dstMac
Action
211dstSw=sw1 222dstSw=sw2233dstSw=sw21*dstSw=swu
Same state and hence should merge.
Same state and hence should merge.Slide15
15
L1, EMPTYL2,
dstSw
=sw1,
dstMac
=11
L2,
dstSw
=sw2,
dstMac
=22
L2,
dstSw=sw2, dstMac=33L2, dstSw=swu, dstMac=*L4, dstSw=sw1, dstCond=SL4, dstSw=sw2, dstCond=CPri
p.dstMac
Action
2
11dstSw=sw1 222dstSw=sw2233dstSw=sw21*dstSw=swuSlide16
16
L1, EMPTYL2,
dstSw
=sw1,
dstMac
=11
L2,
dstSw
=sw2,
dstMac
=22
L2,
dstSw=sw2, dstMac=33L2, dstSw=swu, dstMac=*L4, dstSw=sw1, dstCond=SL4, dstSw=sw2, dstCond=CPri
p.dstMac
Action
2
11dstSw=sw1 222dstSw=sw2233dstSw=sw21*dstSw=swuPri
p.dstMac
Action2
11
dstCond
=S
2
22
dstCond
=C
233dstCond=C1*dstCond=UKL4, dstSw=swu, dstCond=SdstMac is binded, Is there an ancestor binds to dstMac=11? Yes. BlockedSlide17
17
L1, EMPTYL2,
dstSw
=sw1,
dstMac
=11
L2,
dstSw
=sw2,
dstMac
=22
L2,
dstSw=sw2, dstMac=33L2, dstSw=swu, dstMac=*L4, dstSw=sw1, dstCond=SL4, dstSw=sw2, dstCond=CPri
p.dstMac
Action
2
11dstSw=sw1 222dstSw=sw2233dstSw=sw21*dstSw=swuPri
p.dstMac
Action2
11
dstCond
=S
2
22
dstCond
=C
233dstCond=C1*dstCond=UKL4, dstSw=swu, dstCond=UKL∞, aRoutes(sw1, S)L∞, aRoutes(sw2, C)
L∞,
aRoutes
(
swu
, UK)Slide18
18
L1, EMPTYL2,
dstSw
=sw1,
dstMac
=11
L2,
dstSw
=sw2,
dstMac
=22
L2,
dstSw=sw2, dstMac=33L2, dstSw=swu, dstMac=*L4, dstSw=sw1, dstCond=SL4, dstSw=sw2, dstCond=CPri
p.dstMac
Action
2
11dstSw=sw1 222dstSw=sw2233dstSw=sw21*dstSw=swuPri
p.dstMac
Action2
11
dstCond
=S
2
22
dstCond
=C
233dstCond=C1*dstCond=UKL4, dstSw=swu, dstCond=UKL∞, aRoutes(sw1, S)L∞, aRoutes(sw2, C)
L∞,
aRoutes
(
swu
, UK)
Q: How to obtain the flow table of each instruction?Slide19
Assignment
Compute the reachable inputs of the complete example program19Slide20
20
Outline
Admin and recap
High-level
datapath
programming
b
lackbox
(trace-tree)
w
hitebox
c
ompact per-instruction table (PIT) pipelineoptimized pipelineSlide21
Issues of PIT Pipelines
21This example needs 10 tables, but a hardware may support only 2.
Unnecessary separate
matching resources can be wasteful.
Both problems require evaluating merging of instructions (tables
).
Map<MAC, Switch>
hostTable
; // {11->sw1, 22->sw1, 33->sw2,others
swu
}
Map<MAC,
Cond> condTable; // {11->S, 22->C, 33->C, others UK}Set openPorts; // {22, 53, 80, 8000, 8080, 9090} Route onPacketIn(Packet p) {L1 if (p.dstPort < 1025) { // privileged port, SW_FWL2: dstSw = SW_FW; L3: dstCond = S;L4: } else if (openPorts.contains(p.dstPort)) { // spec user
L5: dstSw =
hostTable[p.dstMac];L6:
dstCond = condTable[p.dstMac];L7
: } else {L8: return Drop; } // All pairs paths for all dstConds L9: allPaths = AllPairsCond.execute( ... ); L10: srcSw = hostTable[p.srcMac];L11: return allPaths[dstCond].get(srcSw,dstSw); }Slide22
Algorithm Framework
Assume P is the set of pipelines eval’dp0 = empty; resource0 = INFforeach p in P if hw_oracle(p) && resource(p) < resource0 p0 = p; resource0 = resource(p)
22
How many pipelines in P if P is generated from full enumeration. Assume N instructions and <= M tables?Slide23
23
g1
!g1
src
Mac
d
st
Port
dst
Mac
g1 =
dstPort
< 1025dstSw = SW_FWdstCond = Vg2=openPorts.contain(dstPort)egress=DropdstSw = hostTable(dstMac)dstCond
= condTable(dstMac
)
g1g2
g2phi(dstSw)phi(dstCond)!g2srcSw = hostTable(srcMac)egress=f(dstCond, dstSw, srcSw)Slide24
24
g1
!g1
src
Mac
d
st
Port
dst
Mac
g1 =
dstPort
< 1025dstSw = SW_FWdstCond = Vg2=openPorts.contain(dstPort)egress=DropdstSw = hostTable(dstMac)dstCond
= condTable(dstMac
)
g1g2
g2phi(dstSw)phi(dstCond)!g2srcSw = hostTable(srcMac)egress=f(dstCond, dstSw, srcSw)Insight: Suppose we have a table T matching on (dstPort, dstMac). What should be handled by T?Slide25
25
Summary:
Whitebox
Whitebox
(compiler)
Pros
ConsSlide26
Programmable Networks
Network
View
NE
Datapath
Service/
Policy
NE
Datapath
logically centralized
data store
Program
26Slide27
27
Outline
Admin and recap
High-level
datapath
programming
Network OS supporting programmable networksSlide28
Discussion
What support does a network OS (NOS) provide to programmable networks?28Slide29
NOS Design Goals
Provide applications w/ high-level viewsMake the views highly available (e.g., 99.99%)Make view access and update highly-scalableAllow/control the interactions among applications29Slide30
NOX [2008]
High-level views:Topology (who connects to whom)Topology obtained by capturing packet-misses (flow initiation), DNS, LLDP packetsMake the views highly available and allow scalable accessDistributed cluster30Slide31
ONOS Design Decisions [2011-]
High-level views:Topology, initially Blueprint API, Titan graph databases, later customized topology data structuresMake the views highly available and allow scalable accessDistributed cluster using RAMCloud31Slide32
32
Outline
Admin and recap
High-level
datapath
programming
Network OS supporting programmable networks
o
verview
o
penDaylight
https://
wiki.opendaylight.org/view/Controller_Core_Functionality_Tutorials:Application_Development_TutorialSlide33
33
Outline
Admin and recap
High-level
datapath
programming
Network OS supporting programmable networks
o
verview
OpenDaylight
data model and
store/views
(slides based on OpenDaylight tutorial, 2016)Slide34
Data Model
Not a fixed model/view, but models described by Yang and loaded into the system by OSGiYang: a modeling language describing data as a tree, as well as RPCs and notificationsBased on RFC 6020Module systemOSGi:Allows dynamically loading bundlesAllows registering dependencies andservices exportedFor exchanging information across bundles
Karaf: Light-weight Runtime for loading modules/bundles
OSGi
based. Primary distribution mechanism since Helium
34
OSGi Framework (Equinox)
FeatureA
SAL
FeatureB
…
KarafSlide35
Yang Example
35Slide36
The Service Development Process
36YANG Model (s)Yang Tools
Generated API
Service Implementation
Maven Build Tools
Karaf
Feature
Definition
Maven Build Tools
Maven Build Tools
1
2
3OSGi API JAROSGi IMPL JARKaraf KAR4Controller5OSGi API JAROSGI IMPL JARFeatures.xmlGenerate API
DeploySlide37
OpenDaylight Platform
NETCONFMD-SAL
...
Flow-Capable Node Inventory Manager
Model
Statistics Manager
Model
OpenFlow
Topology
Exporter
Model
BGP-LS Topology Exporter
ModelData Tree: Details37data store as a treeTwo Logical Data StoresconfigoperationalUnified ViewInstanceIdentifier:Pointer to a node
p1
p2
BGP-LS
BGPv4BGPv6nodes
links
prefixes
n1
n2
n
x
l2
l1
...
...
l
x
...
p
x
OpenFlow
Groups
Table/1
nc:1
nc:2
/operational
/
config
network-
topo
nodes
Flow/2
of:1
of:2
Of:n
...
Tables
Meters
Table/2
Table/n
Flow/1
Flow/n
...
Ports
Table-stats
Flow-stats
Flow-statsSlide38
Yang Data Tree
https://wiki.opendaylight.org/view/OpenDaylight_Controller:Architectural_Framework
38Slide39
ReadWriteTransaction
transaction = dataBroker.newReadWriteTransaction();Optional<Node> nodeOptional;nodeOptional = transaction.read( LogicalDataStore.OPERATIONAL,
n1InstanceIdentifier
);
transaction
.
put
(
LogicalDataStore.CONFIG
,
n2InstanceIdentifier, topologyNodeBuilder.build());transaction.delete( LogicalDataStore.CONFIG, n3InstanceIdentifier);CheckedFuture future;future = transaction.submit(); 39n1/operational/config
network-
topo
BGPv4
overlay1nodesnodesDatastore
n3
n1
transaction
n2
n3
Data Store: Read/Write ExampleSlide40
Datastore
ShardedReplicatedBut not everywhere
RAFT algorithm for consistency
40
n1
/operational
/
config
network-
topo
BGPv4
overlay1
nodes
nodes
Node -3
n3
n1
n4
n1
/operational
/
config
network-
topo
BGPv4
overlay1
nodes
nodes
Node -2
n3
n1
n4
n1
/operational
/
config
network-
topo
BGPv4
overlay1
nodes
nodes
Node -1
n3
n1
n4
Distributed Data Store for ScalabilitySlide41
41
Outline
Admin and recap
High-level
datapath
programming
Network OS supporting programmable networks
overview
OpenDaylight
d
ata model and store
i
nteractions, services, and compositionSlide42
OpenDaylight
Architecture: Big PictureSource: Neela Jacques, July 2015. 42Slide43
Software Architecture
43ControllerModel-Driven SAL (MD-SAL)
Protocol Plugin
RESTCONF
NETCONF SERVER
Network Devices
Applications
App/Service Plugin
App/Service Plugin
...
...
Protocol Plugin
Config SubsystemMessagingData StoreRemote Controller InstanceRemote Controller InstanceNetwork Applications Orchestration & Services
Controller Platform
Plugins & ApplicationsClustering
Network DevicesNetwork Devices
ApplicationsApplicationsSlide44
3 Brokers
44Notification Broker
publish
notify
Data Broker
notify
put
store
RPC Broker
callSlide45
WriteOnlyTransaction
transaction = dataBroker.newWriteOnlyTransaction();InstanceIdentifier<Node> path = InstanceIdentifier .create(NetworkTopology.class) .child(Topology.class,
new TopologyKey(
“overlay1”));
transaction
.
merge
(
LogicalDataStore.CONFIG
,
path, topologyBuilder.build());CheckedFuture future;future = transaction.submit(); 45n1/operational/confignetwork-topo
BGPv4
overlay1
nodes
nodesDatastore
n3
n1
transaction
nodes
n4
overlay1
n4
Data Store: Merging ExampleSlide46
n3
46
n1
/operational
/
config
network-
topo
BGPv4
overlay1
nodes
nodes
Datastore
n3
n1
transaction
nodes
n4
overlay1
n4
dataBroker.registerDataChangeListener
(
LogicalDatastoreType.CONFIGURATION
,
myInstanceId
, myDataChangeListener, DataChangeScope.SUBTREE);myDataChangeListenerAsyncDataChangeEventcreated
deletedupdated
original
n4
overlay1
n3
nodes
n4
n4
overlay1
nodes
DataChangeListenerSlide47
Backup SlidesSlide48
RPC Messages
Using RPCs to: Send a messageReceive a responseAsynchronouslyWithout knowledge of provider of implementationRPCs come in two flavors:Global – One receiverRouted – One receiver per context48
Consumer
MD-SAL
ProviderSlide49
Sending an Asynchronous
RPC MessageHelloService helloService= session.getRpcService(HelloService.class);Future<RpcResult<HelloWorldOutput
>> future
;
future
=
helloService
.
helloWorld
(
helloWorldInput
);while(! future.isDone()) { /* Do other work */} HelloWorldOutput helloWorldOutput = future.get().getResult();49consumerMD-SALgetRpcService()return: helloServicehelloServicefuturehelloWorld(helloWorldInput)return: futureget()return: RpcResult<HelloWorldOutput>set(helloOutput
)
isDone()false
isDone()
trueSlide50
Global RPCs
– Processing a Message - Asyncpublic class HelloWorldImpl implements HelloService { public HelloWorldImpl(ProviderContext session){ session.addRpcImplementation
(
HelloService.class
,
this
);
}
@Override
public Future<
RpcResult
<
HelloWorldOutput>> helloWorld(HelloWorldInput input) { SettableFuture future = new SettableFuture(); process (input,future); return future; }}50MD-SALaddRpcImplementation(this)helloWorldImplhelloWorld(helloWorldInput)return: futurefutureprocess(helloWorldInput,future)Slide51
Global RPCs
– Processing a Message - Asyncpublic class HelloWorldImpl implements HelloService { /* * see previous slide for * calls to addRpcImplementation * and the helloWorld method
*/ private
process
(
HelloWorldInput
input,
SettableFuture
future) {
/* process in new thread */ future.set(RpcResultBuilder .success(helloWorldOutput) .build()); }}51MD-SALaddRpcImplementation(this)helloWorldImplhelloWorld(helloWorldInput)return: futurefutureset(helloOutput)process(helloWorldInput,future)Slide52
Routed RPCs: What are They?
A Unicast MessageWell defined Input/OutputProcessor is context dependentInput includes ‘Context’InstanceIdentifierPointer to a place in the tree defining message contextConsumer is unaware RPC is routedRegistration includes ‘Context’MD-SAL ‘routes’ to correct message processor for ‘Context’52
Consumer
MD-SAL
Provider1
Provider2Slide53
Clustering RPCs
RPCsRouted across the cluster53ConsumerMD-SAL
Provider
Node -1
MD-SAL
Node -2 Slide54
Discussion:
OpenDaylight NOS DesignWhat you like and do not like about the design?54Slide55
ONOS Architecture: Big Picture
55Source: ON.LABSlide56
ONOS Architecture: Some Key Abstractions
https://wiki.onosproject.org/display/ONOS/System+Components56Slide57
Controller
Service Adaptation LayerInventory Manager
Base Network Functions
Topology Exporter
Statistics Manager
Forwarding Rules Manager
Topology Exporter
Topology Exporter
Inventory Manager
Inventory Manager
OpenFlow
1.0/1.3
BGP-LSPCEPNetconf ClientOVSDBREST APIs...Service FunctionsPCEP...Configuration SubsystemNETCONFLISPNetwork DevicesApplications
Network Applications Orchestration & Services
Controller Platform
Southbound Interfaces& Protocol PluginsController Architecture