Read Complexity Oblivious Network Management (CONMan) text version

Complexity Oblivious Network Management (CONMan) Hitesh Ballani, Paul Francis

Cornell University INM'06

Network Management is a Mess

Ad-Hoc Complex Error-Prone Expensive Worsening situation as network complexity increases 80% of IT budget in enterprises used to maintain status quo [Kerravala'04] Configuration errors account for 62% of network [Kerravala'04] downtime

Shortcomings of the existing architecture

Dependency of the Management Plane on the [4D, Greenberg et. al.'05] Data Plane Control Plane Complexity [4D, Greeenberg et. al.'05]

[RCP, Caesar et. al.'05]

...

Protocols expose their gory details

APPLICATIONS UDP TCP GRE Management Applications Get-info Detailed Protocol and Device specific MIBs

IP

ATM

ETH Frame Relay

Hundreds of MIBs and Thousands of MIB objects

Protocols expose their gory details

APPLICATIONS UDP TCP GRE

Approximate High-level Network Picture

Management Applications Get-info Detailed Protocol and Device specific MIBs

IP

ATM

ETH Frame Relay

Perception differs from reality Error-prone configuration Fragmentation of tools

Protocols expose their gory details

APPLICATIONS UDP TCP GRE

Approximate High-level Network Picture

Management Applications Get-info Detailed Protocol and Device specific MIBs Detailed Configuration

IP

ATM

ETH Frame Relay

Perception differs from reality Error-prone configuration Fragmentation of tools

Protocols expose their gory details

APPLICATIONS UDP TCP GRE

Approximate High-level Network Picture

Management Applications Get-info Detailed Protocol and Device specific MIBs Detailed Configuration

IP

ATM

ETH Frame Relay

Perception differs from reality Error-prone configuration Fragmentation of tools

Complexity Oblivious Network Management (CONMan)

A network management architecture that aims to Restrict protocol complexity to their implementation

Complexity Oblivious Network Management (CONMan)

A network management architecture that aims to Restrict protocol complexity to their implementation Assumptions and Caveats Presence of an independent management channel

[4D, Greenberg et. al.'05]

"Network" management; not "Service" management Management of data-plane protocols

Restrict protocol details to implementation

Scenarios where details need not be exposed Key values for GRE tunnels Sequence numbers for GRE tunnels Filtering undesired packets

Restrict protocol details to implementation

Scenarios where details need not be exposed Key values for GRE tunnels Sequence numbers for GRE tunnels Filtering undesired packets

Cust. 1

Edge Router A

ISP

GRE tunnel for Customer 1

Edge Router B

Cust. 1

Cust. N

Cust. N

ip tun add name A mode gre remote 12.8.2.2 local\ 12.8.2.1 ikey 200 okey 1001 icsum ocsum iseq oseq

Key Value

Restrict protocol details to implementation

Scenarios where details need not be exposed Key values for GRE tunnels Sequence numbers for GRE tunnels Filtering undesired packets

Cust. 1

Edge Router A

ISP

GRE tunnel for Customer 1

Edge Router B

Cust. 1

Cust. N

Cust. N

ip tun add name A mode gre remote 12.8.2.2 local\ 12.8.2.1 ikey 200 okey 1001 icsum ocsum iseq oseq

Seq. No. Usage

Restrict protocol details to implementation

Scenarios where details need not be exposed Key values for GRE tunnels Sequence numbers for GRE tunnels Filtering undesired packets

Cust. 1

Edge Router A

ISP

GRE tunnel for Customer 1

Edge Router B

Cust. 1

Cust. N

Cust. N

ip tun add name A mode gre remote 12.8.2.2 local\ 12.8.2.1 ikey 200 okey 1001 icsum ocsum iseq oseq

[Low Jitter/Delay] Vs [In-Order delivery]

Seq. No. Usage

Restrict protocol details to implementation

Scenarios where details need not be exposed Key values for GRE tunnels Sequence numbers for GRE tunnels Filtering undesired packets

"Filter packets from source address 128.19.2.3 and destined to address 20.3.4.5, port 592"

Abstract away the details

APPLICATIONS UDP TCP GRE

IP

Mgmt Channel Protocol and Device specific MIBs

NM

ATM

ETH Frame Relay

Protocols should not expose their gory details What do the protocols expose?

Abstract away the details

APPLICATIONS UDP TCP GRE

IP

What are these protocol modules doing?

ATM

ETH Frame Relay

What are these protocols modules doing?

Abstract away the details

APPLICATIONS UDP TCP GRE Up Pipe

Queue IP Switching, Filtering and Security Down Pipe Module Abstraction

ATM

ETH Frame Relay

What are these protocols modules doing? Switching packets under some performance constraints while filtering unwanted traffic

Abstract away the details

Dependency

APPLICATIONS UDP TCP GRE Up Pipe Module

Queue IP Switching, Filtering and Security Down Pipe Module Abstraction

ATM

ETH Frame Relay

What are these protocols modules doing? Modules may depend on other modules for doing their job

Abstract away the details

Dependency

APPLICATIONS UDP TCP GRE Up Pipe Module

Queue IP Switching, Filtering and Security Down Pipe Module Abstraction

ATM

ETH Frame Relay

Abstraction models the capabilities and dependencies of modules

Abstract away the details

Dependency

APPLICATIONS UDP TCP GRE Up Pipe Module

Queue IP Switching, Filtering and Security Down Pipe Module Abstraction

ATM

ETH Frame Relay

Abstraction applies to (almost) all data plane modules

Abstract away the details

Dependency

APPLICATIONS UDP TCP GRE Up Pipe Module

Queue IP Switching, Filtering and Security Down Pipe Module Abstraction

ATM

ETH Frame Relay

Abstraction applies to (almost) all data plane modules

CONMan Abstraction and Primitives

Abstraction Components Name Up Pipes Down Pipes Physical Pipes Filter Switch Perf. Reporting Perf. Trade-off Security CONMan primitives show create conveyMessage test

Exceptions to the abstraction

Protocol details that need to be exposed IP address assignment Filtering based on regular expressions in HTML Broadcast suppression on switch ports

An example scenario : GRE Tunneling

Cust. 1

Edge Router A

ISP

GRE tunnel for Customer 1

Edge Router B

Cust. 1

Cust. N

Cust. N

#!/bin/bash # Inserting the GRE-IP kernel module insmod /lib/modules/2.6.10-1/ip_gre.ko # Creating the GRE module with the appropriate key ip tunnel add name greA mode remote 128.84.223.112 local \ 128.84.222.111 ikey 2001 okey 1001 icsum ocsum iseq oseq ifconfig greA 192.168.1.3 # Enable routing echo 1 > /proc/sys/net/ipv4/ip-forward # Create IP routing state from customer to tunnel echo 202 tun-1-2 > /etc/iproute2/rt_tables ip rule add iff eth0 table tun-1-2 ip route add default dev greA table tun-1-2 # Create IP routing state from tunnel to customer echo 203 tun-2-1 > /etc/iproute2/rt_tables ip rule add iff greA table tun-2-1 ip route add default dev eth0 table tun-2-1

Configuration at Router A "Today"

An example scenario : GRE Tunneling

Cust. 1

Edge Router A

ISP

GRE tunnel for Customer 1

Edge Router B

Cust. 1

Cust. N

Cust. N

#!/bin/bash # Inserting the GRE-IP kernel module End-point IP insmod /lib/modules/2.6.10-1/ip_gre.ko Addresses # Creating the GRE module with the appropriate key ip tunnel add name greA mode remote 128.84.223.112 local \ 128.84.222.111 ikey 2001 okey 1001 icsum ocsum iseq oseq ifconfig greA 192.168.1.3 Key # Enable routing echo 1 > /proc/sys/net/ipv4/ip-forward Values # Create IP routing state from customer to tunnel echo 202 tun-1-2 > /etc/iproute2/rt_tables ip rule add iff eth0 table tun-1-2 ip route add default dev greA table tun-1-2 # Create IP routing state from tunnel to customer echo 203 tun-2-1 > /etc/iproute2/rt_tables ip rule add iff greA table tun-2-1 ip route add default dev eth0 table tun-2-1

Configuration at Router A "Today"

An example scenario : GRE Tunneling

Edge router (A) Edge router (B)

Cust. 1

ISP

Cust. 1

Cust. N

Cust. N

CONMan Goal: "Create virtual connectivity between the customer-side interfaces for Customer-1"

An example scenario : GRE Tunneling

Edge router (A)

IP(a) GRE(d) Cust. 1 IP(b) ETH(e) ETH ETH(c) Cust. N GRE

Edge router (B)

IP

ISP

IP ETH ETH ETH

Cust. 1

Cust. N

NM discovers routers through the management channel Uses show to determine the abstraction for the modules

An example scenario : GRE Tunneling

Edge router (A)

IP(a) 3 GRE(d) 4 2 IP(b) 5 ETH(e) ETH ETH(c)

Edge router (B)

9 GRE IP 10 IP 7 ETH ETH ETH 6 11 Cust. N

Cust. 1 1 Cust. N

ISP

8

Cust. 1

Map the high-level goal to the construction of path labeled (1) through (11)

An example scenario : GRE Tunneling

Edge router (A)

IP(a) 3 GRE(d) 4 2 IP(b) 5 ETH(e) ETH ETH(c)

Edge router (B)

9 GRE IP 10 IP 7 ETH ETH ETH 6 11 Cust. N

Cust. 1 1 Cust. N

ISP

8

Cust. 1

create (pipe, e, a) create (pipe, a, d) create (switch-state, a, pipe-2, pipe-3) create (pipe, d, b) create (pipe, b, c)

Configuration at Router A with CONMan

An example scenario : GRE Tunneling

Edge router (A)

IP(a) 3 GRE(d) 4 2 IP(b) 5 ETH(e) ETH ETH(c)

Edge router (B)

9 GRE IP 10 IP 7 ETH ETH ETH 6 11 Cust. N

Cust. 1 1 Cust. N

ISP

8

Cust. 1

GRE Modules use conveyMessage to exchange key values, seq numbers, etc.

create (pipe, e, a) create (pipe, a, d) create (switch-state, a, pipe-2, pipe-3) create (pipe, d, b) create (pipe, b, c)

Configuration at Router A with CONMan

An example scenario : GRE Tunneling

Edge router (A)

IP(a) 3 GRE(d) 4 2 IP(b) 5 ETH(e) ETH ETH(c)

Edge router (B)

9 GRE IP 10 IP 7 ETH ETH ETH 6 11 Cust. N

Cust. 1 1 Cust. N

ISP

8

Cust. 1

create (pipe, e, a) Configuration create (pipe, a, d) at Router A create (switch-state, a, pipe-2, pipe-3) with CONMan create (pipe, d, b) create (pipe, b, c) IP modules use conveyMessage

to exchange and test IP addresses

Conclusion

CONMan : a coherent network management architecture Moves operational complexity of protocols to their implementation Protocols and devices modelled GRE protocol (tunnel configuration) IP protocol (performance management) Layer-2 switches (VLANs, VLAN tunneling, etc.)

Work in progress

Open Issues Evaluation strategies Scalability, performance and reliability issues Impact on security Deployment strategies ...

Work in progress

Open Issues Evaluation strategies Scalability, performance and reliability issues Impact on security Deployment strategies ...

Thank You!

Information

Complexity Oblivious Network Management (CONMan)

34 pages

Find more like this

Report File (DMCA)

Our content is added by our users. We aim to remove reported files within 1 working day. Please use this link to notify us:

Report this file as copyright or inappropriate

761232


You might also be interested in

BETA
Application Notes
ManageEngine OpManager 9 :: User Guide
Arthur Andersen: Customer Profile
CradlePoint Mobile Broadband Router
EPSON EMP-83/822/X5/S5 User's Guide