Teemu Koponen, Martin Casado, Natasha Gude, Jeremy Stribling, Leon Poutievski, Min Zhu, Rajiv Ramanathan, Yuichiro Iwata, Hiroaki Inoue, Takayuki Hama, Scott Shenker
[1]GREENBERG, A., HJALMTYSSON, G., MALTZ, D. A., MYERS, A., REXFORD, J., XIE, G., YAN, H., ZHAN, J., AND ZHANG, H. A Clean Slate 4D Approach to Network Control and Management. SIGCOMM CCR 35, 5 (2005), 41–54
[2] CAESAR, M., CALDWELL, D., FEAMSTER, N., REXFORD,J., SHAIKH, A., AND VAN DER MERWE, K. Design and Implementation of a Routing Control Platform. In Proc. NSDI (April 2005)
[3] CASADO, M., GARFINKEL, T., AKELLA, A., FREEDMAN, M. J.,BONEH, D., MCKEOWN, N., AND SHENKER, S. SANE: A Protection Architecture for Enterprise Networks. In Proc. Usenix Security (August 2006).
[4] CASADO, M., FREEDMAN, M. J., PETTIT, J., LUO, J.,MCKEOWN, N., AND SHENKER, S. Ethane: Taking Control of the Enterprise. In Proc. SIGCOMM (August 2007).
[5] GUDE, N., KOPONEN, T., PETTIT, J., PFAFF, B., CASADO, M.,MCKEOWN, N., AND SHENKER, S. NOX: Towards an Operating System for Networks. In SIGCOMM CCR (July 2008).
I suspect that Onix is necessary to build a SDN network. The core data structure of the control platform is NIB, which collects information of devices and topology of the network. However, the functionality has already be implemented in some controllers like EThane and Floodlight. Except for this functionality, what Onix leaves for us is the API for SDN programmers and its distribution primitives. However, the functionalities of NIB API could also be achieved by other controllers, and certain design, other SDN controllers could also be distributed and cooperate with each other.
So in one sentence, is there a circumstance we must use distributed control platform? Or in other words, how large is the “production level” network which should we distribute the control platform to the network?
Paper
Onix: A Distributed Control Platform for Large-scale Production Networks
Authors
Teemu Koponen, Martin Casado, Natasha Gude, Jeremy Stribling, Leon Poutievskiy, Min Zhu, Rajiv Ramanathan, Yuichiro Iwata, Hiroaki Inoue, Takayuki Hama, Scott Shenker
Date
OSDI 10'
Novel Idea
This paper proposed Onix, a platform such that network control plane can be implemented on top of it. The authors argue that the basic network control primitives should be implemented ones and then be reused by multiple control tasks. Based on this idea, Onix provides a set of API that allows users to implement network control function on top of a high-level abstraction. This general API also provides scalability and reliability at low-level, and makes them separate from the control logic. They also define a data model called NIB that represents the network as a graph of objects. With all the information of a network topology, applications can control the network by reading and altering the state of the network elements, or registering for notifications of state changes on them. With all these abstractions, they proposed this network control paradigm as Software-Defined Network.
Main Results
SDN brings a paradigm shift in network architectures: it simplifies network control tasks by providing a general platform. The authors also give a caution that SDN does not solve all the problems of network management by itself. It only provides an abstraction such that each problem can be solved easier in its own level. The problems like scalability still limits the design of the control applications.
Evidence
The paper discusses four applications built on top of Onix: Ethane, distributed virtual switch, multi-tenant virtualized data center and scale-out carrier-grade IP router. And they also evaluate the performance of Onix as a platform and application running on top of it.
Prior Work
The idea of this paper derives from a long line of work, includes the 4D project, RCP, SANE, Ethane and NOX. Onix extends these existing works such that it provides a more general API as well as distribution primitives, which can be reused by network control applications.
Reproducibility
Their evaluation is based on a working implementation in C++. Therefore I guess it wouldn't be difficult to reproduce their result.
Question
The paper doesn't discuss about security issues. I can see that there are huge benefits for security, however it seems that the centralized controller could also be vulnerable. I'm wondering should security be one of the "low-level" features that are hidden behind the API, or should we run security software/hardware on top of the platform? Traditional OS seems to do both: OS provides low-level security while security application running in user mode.
Paper Review - Christopher B. Picardo
Paper Title:
Onix: A Distributed Control Platform for Large Scale Production Networks
Author(s):
Teemu Koponen, Martin Casado, Natasha Gude, Jeremy Stribling, Leon Poutievski, Min Zhu, Rajiv Ramanathan, Yuichiro Iwata, Hiroaki Inoue, Takayuki Hama, Scott Shenker
Date:
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks 2010
Novel Idea:
Onix,
a platform on top of which a network control plane can be implemented as a distributed
system.
The control platform handles the lower level issues and allows developers to program their control logic on a high-level API. In so doing, Onix essentially turns networking problems into distributed systems problem, resolvable by concepts and paradigms familiar for distributed systems developers.
Main Results:
We can imagine of an application on top of Onix which allows the creation of
tenant-specific L2 networks. These networks provide a standard Ethernet service
model and can be configured independently of each other and can span physical
network subnets.
Onix is reliable in the face of failures.
Impact:
A system will stabilize only if the traffic sources throttle back at least as quickly as the queues are growing. Handles link failures, switch failures, and Onix instance failures.
Onix instances monitor their connections to switches using aggressive keepalives. Once a link or switch failure is reported to the control application, the latencies involved in disseminating the failure-related state updates throughout the Onix cluster become essential; they define the absolute minimum time the control application will take to react to the failure throughout the network.
Onix is currently being used by a number of organizations as the platform for building commercial applications. While scaling work and testing is ongoing, applications have managed networks of up to
64 switches with a single Onix instance, and Onix has been tested in clusters of up to 5 instances.
Rather than forcing developers to deal directly with the details of the physical infrastructure, the control platform handles the lower level issues and allows developers to program their control logic on a high-level API. In so doing, Onix essentially turns networking problems into distributed systems problem, resolvable by concepts and paradigms familiar for distributed systems developers.
Evidence:
The essence of the SDN philosophy is that basic primitives for state distribution should be implemented once in the control platform rather than separately for individual control tasks, and should use well-known and general-purpose techniques from the distributed systems literature rather than the more specialized algorithms found in routing protocols and other network control mechanisms.
The SDN paradigm allows network system implementors to use a single control platform to implement a range of control functions (e.g., routing, traffic engineering, access control, VM migration) over a spectrum of control granularities (from individual flows to large traffic aggregates) in a variety of contexts (e.g., enterprises, datacenters, WANs).
Prior work:
Onix descends from a long line of work in which the control plane is separated from the dataplane, but Onix’s focus on being a production-quality control platform for large-scale networks led us to focus more on reliability, scalability, and generality than previous systems.
[3] CAESAR, M., CALDWELL, D., FEAMSTER, N., REXFORD,
J., SHAIKH, A., AND VAN DER MERWE, K. Design and Implementation of a Routing Control Platform. In Proc. NSDI (April 2005).
[4] CAI, Z., DINU, F., ZHENG, J., COX, A. L., AND NG, T. S. E. The Preliminary Design and Implementation of the Maestro Network Control Platform. Tech. rep., Rice University, Department of Computer Science, October 2008.
[5] CASADO, M., FREEDMAN, M. J., PETTIT, J., LUO, J., MCKEOWN, N., AND SHENKER, S. Ethane: Taking Control of the Enterprise. In Proc. SIGCOMM (August 2007).
[6] CASADO, M., GARFINKEL, T., AKELLA, A., FREEDMAN, M. J., BONEH, D., MCKEOWN, N., AND SHENKER, S. SANE: A Protection Architecture for Enterprise Networks. In Proc. Usenix Security (August 2006).
[15] GREENBERG, A., HJALMTYSSON, G., MALTZ, D. A., MYERS, A., REXFORD, J., XIE, G., YAN, H., ZHAN, J., AND ZHANG, H. A Clean Slate 4D Approach to Network Control and Management. SIGCOMM CCR 35, 5 (2005), 41–54.
Question:
Why is the control platform not designed to allow multiple applications to control the network simultaneously? Why are limited to a single application per deployment?
Criticism:
In one of our upcoming deployments, if a single-instance application took one second to analyze the statistics of a single Port and compute a result (e.g., for billing purposes), that application would take two months to process all Ports in the NIB. Therefore the emphasis is on light weight analysis/monitoring.
--
You received this message because you are subscribed to the Google Groups "CSCI2950-u Spring 13 - Brown" group.
To unsubscribe from this group and stop receiving emails from it, send an email to csci2950u-sp13-b...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--