当前位置：网站首页>SDN system method | 10 The future of SDN

SDN system method | 10 The future of SDN

2022-06-25 17:10:00 【InfoQ】

With the explosive growth of Internet and data center traffic ,SDN It has gradually replaced the static route switching equipment as the mainstream way to build the network , This series is a free ebook 《Software-Defined Networks: A Systems Approach》 The Chinese version of , A complete introduction to SDN The concept of 、 principle 、 Architecture and implementation . original text :
Software-Defined Networks: A Systems Approach

null

SDN The future of

SDN It's still in its early stages , The cloud hosted control plane has been deployed in the production network , But in access network application SDN And the application of programmable pipeline in data plane is just beginning . Enterprises have adopted network virtualization and SD-WAN, But traditional networks are still far more than SDN The Internet .

As technology matures and API The stability of the , We expect to see more and more people adopt the use cases discussed above , But yes SDN The role that ultimately plays may have the greatest impact on new use cases that have not yet emerged . in fact , The ability to support functions that are not possible in traditional networks is SDN An important part of commitment .

This chapter looks at a promising opportunity : Verification around correctness . as everyone knows , The network is hard to deal with failure 、 Attack and configuration errors to verify robustness and security . Although network verification has been an interesting field for many years , However, due to the lack of clear abstract concept of the network , Limits the progress that can be made . Most networks still use closed / Proprietary software and complexity / Fixed function hardware , Its design source is unknown , Its correctness is difficult to prove . as everyone knows , Distributed algorithms that determine how networks work are difficult to reason about ,BGP It's a typical example , Its failure mode has kept researchers and practitioners busy for decades .

5G The emergence of networks and related applications will only exacerbate this situation .5G The Internet will not only connect smartphones and people , Also connect from the doorbell 、 The light 、 The refrigerator 、 Everything from autonomous vehicle to drones . If we don't configure and protect these networks properly , The risk of a cyber disaster will be far greater than anything that has been experienced so far .

The key capability of a reliable and secure Internet is verifiability , This ensures that each packet in the network follows the path specified by the operator , And only match a set of forwarding rules in the devices desired by the operator , No less .

Experience shows that , In the whole system in combination ( Decoupling ) The way to build the environment , Can best implement validation . Because it can reason about small components , This makes validation easy to handle , The reasoning required to assemble components into composite systems can also provide insight . Based on decoupling , Verifiability comes from (a) The ability to state intent at the network level rather than at the device level , as well as (b) The ability to observe behavior in fine-grained and real-time . That's exactly what it is. SDN Value brought , This makes people optimistic that , Verifiable closed-loop control is now within reach .

Extended reading :
N. Foster, et. al.
Using Deep Programmability to Put Network Owners in Control
. ACM SIGCOMM Computer Communication Review, October 2020.

chart 60 The basic idea is explained . The software stack described in this book enhances the measurements required for verifiable closed-loop control 、 Code generation and component validation capabilities . be based on INT(Inband Network Telemetry) Implementation of fine-grained measurement , Allow forwarding components to mark each packet , To indicate the path 、 Queue delay experienced and matching rules . These metrics can be analyzed , And feed back to code generation and formal validation tools . This closed loop complements the intrinsic value of understanding coupling , It makes it possible to reason correctly according to the structure .

chart 60. INT Generate fine measurements , These measurements in turn provide a closed-loop control loop that verifies the behavior of the network .

The goal is to enable network operators to specify network behavior from the top down , Verify correctness on each interface . At the bottom ,P4 The program specifies how to process packets , These programs are compiled and executed in the forwarding plane component . This method represents a new basic function that cannot be realized in traditional design , Two key insights are provided .

First , Although the NCP is complex in nature , But through P4 The data plane captures the reality of the network , Therefore, it is a very attractive platform for deploying authentication technology . By observing and validating data plane level behavior , It can reduce the foundation of trusted computing : Switch operating system 、 Drivers and other low-level components do not need to be trusted . Besides , Although the control plane tends to be written in a common language , And it's complicated , But the data plane must be relatively simple , Finally, it is compiled into an efficient feedforward pipeline architecture with simple data types and finite states . In general , It is impossible to verify general software , But data plane verification is powerful and practical .

This practical proposition is based on current advanced technology , Once you know the forwarding behavior , It can be defined by posting status . for example , If you know that all routers are IPv4 forward , Then the forwarding table status of all routers is enough to define the network behavior . This idea has been Veriflow and Header Space Analysis(HSA) And so on , Now it has been commercialized . Knowing this state is enough to verify a network with fixed forwarding behavior means that we " only " Added a new degree of freedom : Allow network operators to use P4 Program forwarding behavior ( And evolve over time ). Use P4 Programming the data plane is the key : The language carefully excludes features such as loops and pointer based data structures , These features often make analysis impractical . To learn more about this opportunity , recommend Jed Liu And his colleagues .

Extended reading :
J. Liu, et. al.
p4v: Practical Verification for Programmable Data Planes
. ACM SIGCOMM 2018.

Top down validation (Top-Down Verification)
The method of verifying the network described in this chapter is similar to the method used in chip design . At the top is the behavior model , Then at the register transfer level is Verilog or VHDL Model , Finally, below is the transistor 、 Polygons and metals . Formally validate correctness at each boundary and level of abstraction through the tool .
This is a model we are discussing here : Cross boundary validation in a top-down design approach . This is a new... Defined by the software stack SDN Interface and abstract implementation , It has been extended to the programmable forwarding pipeline provided by the switching chip .
The experience of hardware verification shows that , This method is most effective in combinatorial systems , Each minimal component can be independently verified or reliably tested . then , When components are combined on layer boundaries , Just use formal tools .

The second point is , In addition to building tools to analyze web applications , It is also important to develop techniques that map the high-level intent of the network operator to the code that implements that intent . One of the challenges facing current network verification methods is , They take the existing network equipment and its complex distributed control plane as the starting point , Establish mathematical models of these control plane behaviors . If reality doesn't exactly match the model , Then verification cannot ensure that the network is running as required . But in SDN In the centralized control model , The control plane is designed to map a centrally specified request into a set of control instructions that can be implemented in the data plane . We started to see SDN The control plane itself is a system compiled from a high-level specification of its required properties . therefore , You can expect to see that the control plane is built correctly , Instead of trying to model , To accurately capture historically difficult to analyze system behavior , such as BGP<sup>[1]</sup>.

[1] In the field of inter domain routing , It is hard to imagine BGP Will disappear completely , But at least for a large number of domain use cases , Opportunities to design for verifiability seem possible .

null

chart 61. Looking forward to the future ,SDN The third phase of focuses on verifiable 、 Top down network behavior control .

To put all this in the historical context , chart 61 Illustrates the SDN View of the three phases of . To be fair , We are in the early stages of the second stage , The most advanced operators have been able to control their software through decentralized control planes , adopt P4 Programmable data plane control data packet processing . We have seen the rise of the third stage , in the meantime , Verifiable closed-loop control will enable network operators to gain full ownership of the software that defines their networks . They can not only determine the behavior of the network through software , But also can provide the network to realize their intention . Just like the hardware industry has built a high degree of confidence before the chip is put into production , I believe the chip will work as expected , Network operators will also believe that their networks are reliable 、 Safe , And meet the goals they set .

Hands on programming

This book provides a set of programming exercises , Used to practice the software described in the book , Include :

Use Stratum Of P4Runtime、gNMI、OpenConfig and gNOI Interface

Use ONOS control P4 Programmable switch

To write ONOS The application program implements the control plane logic

stay Mininet Use in bmv2 Test the software stack

Use PTF The test is based on P4 The forwarding plane of

These exercises assume that you are familiar with Java and Python, Each exercise comes with beginner code , Therefore, a high level of proficiency is not required . Practice also uses

Mininet

Network Simulator , be based on P4 Of

bmv2

Switch simulator ,

PTF

Package test framework , as well as

Wireshark

Protocol Analyzer . Additional information about these software tools is provided in separate exercises .

These exercises originated from ONF To make the

The next generation SDN course

, Comes with a series of online tutorial slides , Introduced the topics covered in the exercise :

Advanced Next-Gen SDN Tutorial Overviewhttp

These slides overlap with the material covered in this book , So don't start with slides , But good supplementary resources .

Environmental Science

Can run on a laptop Linux Practice in a virtual environment . This section describes the preparation of the installation environment .

System requirements

The virtual machine is currently configured as 4GB Memory ,4 nucleus CPU, This is the recommended minimum system requirement to complete the exercise , The virtual machine also takes up about 8GB Hard disk space . For a smooth experience , It is recommended to run the virtual machine on a system with at least twice the resources .

Download virtual machine

Click the link below to download the virtual machine (4GB):

http://bit.ly/ngsdn-tutorial-ova

The format of the virtual machine is

.ova

, be based on VirtualBox v5.2.32 establish . Any modern virtualization system can be used to run virtual machines , But it is recommended to use VirtualBox. The following links provide how to get VirtualBox And import the description of the virtual machine :

https://www.virtualbox.org/wiki/Downloads

https://docs.oracle.com/cd/E26217_01/E26796/html/qs-import-vm.html

perhaps , have access to

Script

Pass on the machine Vagrant Building virtual machines .

Windows user
All the scripts are MacOS and Ubuntu It's been tested on the Internet , Although it should be possible to Windows Up operation , But it hasn't been tested yet , Suggest Windows The user downloads the provided virtual machine .

Then you can start the virtual machine (Ubuntu System ), And use

sdn

rocks

Sign in . Instructions given in the remainder of this section ( And the exercise itself ) Will be running on VM In the implementation of .

Cloning of warehouse

For practice , The following repositories need to be cloned :

$ cd ~
$ git clone -b advanced https://github.com/opennetworkinglab/ngsdn-tutorial --depth 1

ngsdn-tutorial

The directory already exists in the virtual machine , Please make sure to update its content :

$ cd ~/ngsdn-tutorial 
$ git pull origin advanced

Please note that , The warehouse has multiple branches , Each branch has a different exercise configuration , Make sure it's in

advanced

On the branch .

Upgrade dependency

The virtual machine may come with an older dependent version than required for the exercise , You can use the following command to upgrade to the latest version :

$ cd ~/ngsdn-tutorial 
$ make deps

This command will download all necessary Docker Mirror image ( about 1.5 GB), This allows us to complete the exercise offline .

Use IDE

You will need to use multiple languages in the exercise ( Such as P4, Java, Python) Write code , Although there is no need to use any specific IDE Or code editor , But recommended

Java IDE IntelliJ IDEA Community Edition

, It is pre installed for P4 Syntax highlighting and Python Developed plug-ins , Especially in ONOS Application development , Can be for all ONOS API Provide code completion .

Code base structure

The code base structure is as follows :

p4src\
→ Data plane implementation (P4)

yang\
→ Configuration model (YANG)

app\
→ Customize ONOS Applications (Java)

mininet\
→ 2x2 Leaf spine network (Mininet)

util\
→ Tool scripts (Bash)

ptf\
→ Data plane unit test (PTF)

Be careful , Practice requires GitHub Links to various files on , Don't forget to clone the files on your laptop .

command

For the convenience of practice , The code base provides a set of

make

The goal is , To control different aspects of the process . Specific commands are introduced in the exercise , Here is a quick reference :

make deps
→ Pull and build all necessary dependencies

make p4-build
→ structure P4 Program

make p4-test
→ perform PTF test

make start
→ start-up Mininet and ONOS Containers

make stop
→ Stop all containers

make restart
→ Restart the container and clear any previous states

make onos-cli
→ Get into ONOS CLI( password :
rocks
, Ctrl-D sign out )

make onos-log
→ Show ONOS journal

make mn-cli
→ Get into Mininet Command line (Ctrl-D sign out )

make mn-log
→ Show Mininet journal ( for example CLI Output information of )

make app-build
→ Build custom ONOS Applications

make app-reload
→ Install and activate ONOS Applications

make netcfg
→ Set the network profile
netcfg.json
Pushed to the ONOS

Carry out orders
As a reminder , These commands need to be executed in the terminal window opened in the virtual machine just created , Also make sure it is in the root directory of the cloned code base ( Lord
Makefile
Where it is ).

practice

The following is a list ( And link ) Every exercise . practice 1 and 2 The point of this is Stratum, It's best to finish reading 5 Post chapter attempt . practice 3 to 6 Focus on ONOS, It's best to read the 6 Post chapter attempt . practice 7 and 8 Main concern SD-Fabric, It's best to read chapter 7 After chapter <sup>[1]</sup>. Be careful , These exercises are built on each other , So it's best to do them in sequence .

[1] SD-Fabric Formerly known as Trellis, You can still see in the code .UPF Formerly known as SPGW, Now you can also see in the code .

P4Runtime Basics

YANG, OpenConfig, gNMI Basics

Using ONOS as the Control Plane

Enabling ONOS Built-in Services

Implementing IPv6 Routing with ECMP

Implementing SRv6

SD-Fabric (Trellis) Basics

GTP Termination with fabric.p4

It can be found in the code base

solution

Subdirectories find solutions for each exercise , If there is a problem , You can compare your own solution with the reference solution .

The graphical interface
When the exercise requires viewing the drawing output , You'll see right
ONF Cloud Tutorial Portal
References to , This is a ONF Cloud hosted virtual machines used during the tutorial , Therefore, it does not apply . In the same place, you can also see how to access locally running GUI Introduction to .

About this book

This warehouse

contain

Software-Defined Networks: A Systems Approach

All source files for , According to the

Creative Commons (CC BY-NC-ND 4.0) License terms

get . We invite the community to provide corrections under the same terms 、 improvement 、 Updates and new materials . Although this license does not automatically grant the right to make derivative works , But I really hope to discuss derivative works with interested parties ( Such as translation ). Please contact the [email protected]

If the work is used , The copyright ownership shall include the following information :

Title: Software-Defined Networks: A Systems Approach

Authors: Larry Peterson, Carmelo Cascone, Brian O’Connor, Thomas Vachuska, and Bruce Davie

Source: https://github.com/SystemsApproach/SDN

License: CC BY-NC-ND 4.0

Read this book

This book is

System method series

Part of , Its online version is published in https://sdn.systemsapproach.org.

To track progress and receive notifications about new versions , Can pay attention to

Facebook

and

Twitter

. Read a series of reviews on how the Internet has developed , Please pay attention to

Substack

Release and version

We are constantly GitHub Publish open source content on , Print and e-book versions are released from time to time . The latest printing and e-books ( The second edition ) Corresponding to

v2.0

label .

Generally speaking ,

master

Materials that contain consistent and internally consistent versions .( If it's a code , Then the book will build and run .) Small patches will be directly checked into

master

in , But new content under development will be checked into the branch , Until it can be merged into

master

Without breaking consistency . The web version of the book will continue to change from

master

Generated and available in https://sdn.systemsapproach.org Visit .

As long as there is enough improvement or new content , Will mark the small version ( for example

v1.1

). This is mainly done to create snapshots , So that everyone in the course can know that they are using the same version .

Build this book

To build a web browsing version , First, you need to download the source code :

$ mkdir ~/SDN
$ cd ~/SDN
$ git clone https://github.com/SystemsApproach/SDN.git

The build process is maintained in Makefile in , And you need to install Python.Makefile Will create a virtual environment (

doc_venv

), Used to install the document generation tool set . You may also need to use the system's package manager to install

enchant

C library , For the spelling checker to work properly .

perform

make HTML

, stay

_build/html

In the middle of HTML.

perform

make lint

Check the format of this book .

perform

make spelling

Check spelling . If there are words that are spelled correctly but not in the dictionary 、 Name or acronym , Please add to

dict.txt

In file .

function

make

View other available output formats .

contribution

If you use these materials , Hope and willing to give back . If you are new to open source , You can see

How to Contribute to Open Source

. You can learn how to publish Issue, How to send Pull Request Incorporate your improvements , And everything else .

If you want to contribute , And is looking for something to pay attention to , Please check out

wiki

Current to-do list on .

About author

Larry Peterson

, Department of computer science, Princeton University Robert E. Kahn Honorary Professor , from 2003 Year to 2009 Served as chairman in . The research mainly focuses on the design of Internet large-scale distributed systems 、 Implementation and operation , Including widely used PlanetLab and MeasurementLab platform . He is currently working for the open network foundation (ONF) Of Aether The edge cloud project contributes , And provide advice as the chief scientist .Peterson Is a member of the National Academy of Engineering ,ACM and IEEE academician ,2010 year IEEE Kobayashi Computer and communication award winner ,2013 year ACM SIGCOMM Prize winner .1985 Received a doctorate from Purdue University in .

Carmelo Cascone

, Open network foundation (ONF) Technical personnel , Currently in ONF project ( Such as ONOS、CORD and Aether) Leading programmable switches in 、P4 and P4Runtime Technical activities of .2017 year ,Cascone With the École Polytechnique de Montréal In the joint project, he obtained a doctor's degree from the Politecnico di Milano . He has a broad interest in computer networks and systems , Focus on data plane programmability and software defined networks (SDN).

Brian O’connor

, Open network foundation (ONF) Technical personnel , At present, he is leading the technical activities of switch operating system .O’connor On 2012 Years and 2013 He received his bachelor's and master's degrees in computer science from Stanford University .

Thomas Vachuska

, Open network foundation (ONF) chief architect , Leader ONOS project . Prior to joining ONF Before ,Vachuska Is a software architect at HP .Vachuska On 1994 Received a bachelor's degree in mathematics from California State University, Sacramento .

Bruce Davie

, Computer scientists , It is famous for its contribution in the network field .Davie yes VMware Former vice president and chief technology officer, Asia Pacific , In the acquisition of software to define the network (SDN) Start-up company Nicira Join during VMware. Before that , He is Cisco Systems Research Fellow , Lead a team of architects , Responsible for multi protocol label exchange (MPLS).Davie Have more than 30 Years of network industry experience , And co authored 17 individual RFC. He is in 2009 Become a year ACM researcher , And in 2009 - 2013 Served as ACM SIGCOMM chairman . He also worked as a visiting lecturer at MIT for five years .Davie He is the author of many books , Have 40 Several US patents .

Hello , I'm Yu fan , stay Motorola Have done research and development , Now in Mavenir Do technical work , Pair communication 、 The Internet 、 Back end architecture 、 Cloud native 、DevOps、CICD、 Blockchain 、AI And other technologies have always maintained a strong interest , I usually like reading 、 reflection , Believe in continuous learning 、 Lifelong growth , Welcome to exchange and study together .
WeChat official account ：DeepNoMind

原网站

版权声明
本文为[InfoQ]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/176/202206251612465340.html