A Software Development Kit to exploit RINA

Transcription

A Software Development Kit to exploit RINA
A Software Development Kit to
exploit RINA programmability
Eduard Grasa (presenter), Vincenzo Maffione, Francesco
Salvestrini, Leonardo Bergesio, Miquel Tarzan
FP7 PRISTINE
ICC 2016, Kuala Lumpur, May 24th 2016
An SDK to exploit RINA programmability
1
WHATISRINA?
2
RINA highlights
• 1 Network architecture resulting from a fundamental theory of
computer networking
• 2 Networking is InterProcess Communication (IPC) and only IPC.
Unifies networking and distributed computing: the network is a
distributed application that provides IPC
• 3 There is a single type of layer with programmable functions, that
repeats as many times as needed by the network designers
• 4 All layers provide the same service: communication (flows) between
two or more application instances, with certain characteristics
(delay, loss, in-order-delivery, etc)
• 5 There are only 3 types of systems: hosts, interior and border routers.
No middleboxes (firewalls, NATs, etc) are needed
• 6 Deploy it over, under and next to current networking technologies
3
From the “TCP/IP” protocol suite …
(Theory)
(Prac.ce)
•  Functional layers organized for modularity, each layer
provides a different service to each other
–  As the RM is applied to the real world, it proofs to be
incomplete. As a consequence, new layers are patched into
the reference model as needed (layers 2.5, VLANs, VPNs,
virtual network overlays, tunnels, MAC-in-MAC, etc.)
4
… to the RINA architecture
Single type of layer, consistent API, programmable policies
IPCAPI
DataTransfer
DataTransfer
DataTransfer
DataTransfer
Relayingand
MulNplexing
CACEP
StateVector
StateVector
StateVector
SDUDelimiNng
LayerManagement
DataTransferControl
Retransmission
Retransmission
Retransmission
Control
Control
Control
RIB
Daemon
FlowControl
FlowControl
FlowControl
RIB
AuthenNcaNon
ResourceAllocaNon
CDAPParser/
Generator
RouNng
Enrollment
Namespace
Management
SDUProtecNon
FlowAllocaNon
Security
Management
IncreasingNmescale(funcNonsperformedlessoUen)andcomplexity
App
B
App
A
DIF(DistributedIPCFacility)
DIF
DIF
DIF
Host
Consistent
APIthrough
layers
Host
DIF
DIF
Borderrouter
InteriorRouter
Borderrouter
5
Deployment
Clean-slate concepts but incremental deployment
RINA supported Applications
Sockets Applications
IP Network
RINA Network
IP or Ethernet or MPLS, etc
RINA Provider
•  IPv6 brings very small improvements to IPv4, but requires a
clean slate deployment (not compatible to IPv4)
•  RINA can be deployed incrementally where it has the right
incentives, and interoperate with current technologies (IP,
Ethernet, MPLS, etc.)
–  Over IP (just like any overlay such as VXLAN, NVGRE, GTP-U, etc.)
–  Below IP (just like any underlay such as MPLS or MAC-in-MAC)
–  Next to IP (gateways/protocol translation such as IPv6)
Large-scale RINA Experimentation on FIRE+
6
2
RECURSION,VIRTUALIZATION
ANDPROGRAMMABILITY
7
Recursion instead of virtualization (I)
•  RINA recursive layering structure
generalizes the current protocol stack.
cleans
up
and
•  Example 1: PBB-VPLS (Virtual Private LAN Service)
–  Uses MAC-in-MAC encapsulation to isolate provider’s core from
customers addresses and VLANs
8
Recursion instead of virtualization (I)
•  RINA recursive layering structure
generalizes the current protocol stack.
cleans
up
and
•  Example 1: PBB-VPLS (Virtual Private LAN Service)
–  Uses MAC-in-MAC encapsulation to isolate provider’s core from
customers addresses and VLANs
PtPDIF
PtPDIF
PtPDIF
PtPDIF
PtPDIF
PtPDIF
PtPDIF
PtPDIF
PtPDIF
PtPDIF
PtPDIF
9
Recursion instead of virtualization (I)
•  RINA recursive layering structure
generalizes the current protocol stack.
cleans
up
and
•  Example 1: PBB-VPLS (Virtual Private LAN Service)
–  Uses MAC-in-MAC encapsulation to isolate provider’s core from
customers addresses and VLANs
PtPDIF
PtPDIF
PtPDIF
MetroDIF
PtPDIF
PtPDIF
PtPDIF
MetroDIF
PtPDIF
PtPDIF
PtPDIF
PtPDIF
PtPDIF
10
Recursion instead of virtualization (I)
•  RINA recursive layering structure
generalizes the current protocol stack.
cleans
up
and
•  Example 1: PBB-VPLS (Virtual Private LAN Service)
–  Uses MAC-in-MAC encapsulation to isolate provider’s core from
customers addresses and VLANs
PtPDIF
PtPDIF
PtPDIF
MetroDIF
PtPDIF
PtPDIF
CoreDIF
PtPDIF
PtPDIF
PtPDIF
MetroDIF
PtPDIF
PtPDIF
PtPDIF
11
Recursion instead of virtualization (I)
•  RINA recursive layering structure
generalizes the current protocol stack.
cleans
up
and
•  Example 1: PBB-VPLS (Virtual Private LAN Service)
–  Uses MAC-in-MAC encapsulation to isolate provider’s core from
customers addresses and VLANs
PtPDIF
ProviderVPNServiceDIF
PtPDIF
MetroDIF
PtPDIF
PtPDIF
CoreDIF
PtPDIF
PtPDIF
PtPDIF
PtPDIF
MetroDIF
PtPDIF
PtPDIF
PtPDIF
12
Recursion instead of virtualization (I)
•  RINA recursive layering structure
generalizes the current protocol stack.
cleans
up
and
•  Example 1: PBB-VPLS (Virtual Private LAN Service)
–  Uses MAC-in-MAC encapsulation to isolate provider’s core from
customers addresses and VLANs
GreenCustomerVPNDIF
PtPDIF
ProviderVPNServiceDIF
PtPDIF
MetroDIF
PtPDIF
PtPDIF
CoreDIF
PtPDIF
PtPDIF
PtPDIF
PtPDIF
MetroDIF
PtPDIF
PtPDIF
PtPDIF
13
Recursion instead of virtualization (II)
•  Example 2: LTE (Long Term Evolution)
–  Uses PDCP, GTP to transport user’s IP payload, and also relies on
internal IP network.
TCPorUDP
IP(e.g.Internet)
EPS bearer
EPS bearer
GTP-U
GTP-U
RLC
UDP
UDP
MAC
IP(LTEtransport)
IP(LTEtransport)
L1
UE
MAC
PDCP
LTE-Uu
Protocol
conversion
eNodeB
L1
MAC
. . .
MAC
MAC
. . .
MAC
L1
. . .
L1
L1
. . .
L1
S1-U
S-GW
S5/S8
P-GW
SGi
14
Recursion instead of virtualization (II)
•  Example 2: LTE (Long Term Evolution)
–  Uses PDCP, GTP to transport user’s IP payload, and also relies on
internal IP network.
TCPorUDP
IP(e.g.Internet)
EPS bearer
EPS bearer
GTP-U
RLC
UDP
UDP
MAC
IP(LTEtransport)
IP(LTEtransport)
L1
UE
MAC
PDCP
MAC
PtPDIF
L1
LTE-Uu
Protocol
conversion
eNodeB
GTP-U
PtPDIF
. . .
. . .
MAC
PtPDIF
S1-U
L1
MAC
PtPDIF
L1
S-GW
. . .
. . .
L1
MAC
PtPDIF
S5/S8
L1
P-GW
SGi
15
Recursion instead of virtualization (II)
•  Example 2: LTE (Long Term Evolution)
–  Uses PDCP, GTP to transport user’s IP payload, and also relies on
internal IP network.
TCPorUDP
IP(e.g.Internet)
EPS bearer
EPS bearer
PDCP
GTP-U
RLC
UDP
L1
UE
MAC
PtPDIF
L1
LTE-Uu
Protocol
conversion
PtPDIF
UDP
MobileOperator
TransportDIF
IP(LTEtransport)
MAC
eNodeB
MAC
GTP-U
. . .
. . .
MAC
PtPDIF
S1-U
L1
MobileOperator
TransportDIF
IP(LTEtransport)
L1
MAC
PtPDIF
L1
S-GW
. . .
. . .
MAC
PtPDIF
S5/S8
L1
P-GW
SGi
16
Recursion instead of virtualization (II)
•  Example 2: LTE (Long Term Evolution)
–  Uses PDCP, GTP to transport user’s IP payload, and also relies on
internal IP network.
TCPorUDP
IP(e.g.Internet)
EPS bearer
EPS bearer
PDCP
GTP-U
RLC
UDP
L1
UE
MAC
PtPDIF
L1
LTE-Uu
Protocol
conversion
PtPDIF
UDP
MobileOperator
TransportDIF
IP(LTEtransport)
Mul>-accessradio
MAC
DIF
eNodeB
MAC
GTP-U
. . .
. . .
MAC
PtPDIF
S1-U
L1
MobileOperator
TransportDIF
IP(LTEtransport)
L1
MAC
PtPDIF
L1
S-GW
. . .
. . .
MAC
PtPDIF
S5/S8
L1
P-GW
SGi
17
Recursion instead of virtualization (II)
•  Example 2: LTE (Long Term Evolution)
–  Uses PDCP, GTP to transport user’s IP payload, and also relies on
internal IP network.
TCPorUDP
IP(e.g.Internet)
EPS bearer
EPS bearer
PDCP
MobileAccessNetworkTopLevelDIF
GTP-U
RLC
MAC
PtPDIF
L1
LTE-Uu
Protocol
conversion
UDP
MobileOperator
TransportDIF
IP(LTEtransport)
L1
UE
PtPDIF
UDP
Mul>-accessradio
MAC
DIF
eNodeB
MAC
GTP-U
. . .
. . .
MAC
PtPDIF
S1-U
L1
MobileOperator
TransportDIF
IP(LTEtransport)
L1
MAC
PtPDIF
L1
S-GW
. . .
. . .
MAC
PtPDIF
S5/S8
L1
P-GW
SGi
18
Recursion instead of virtualization (II)
•  Example 2: LTE (Long Term Evolution)
–  Uses PDCP, GTP to transport user’s IP payload, and also relies on
internal IP network.
TCPorUDP
PublicInternetDIF
IP(e.g.Internet)
EPS bearer
EPS bearer
PDCP
MobileAccessNetworkTopLevelDIF
GTP-U
RLC
MAC
PtPDIF
L1
LTE-Uu
Protocol
conversion
UDP
MobileOperator
TransportDIF
IP(LTEtransport)
L1
UE
PtPDIF
UDP
Mul>-accessradio
MAC
DIF
eNodeB
MAC
GTP-U
. . .
. . .
MAC
PtPDIF
S1-U
L1
MobileOperator
TransportDIF
IP(LTEtransport)
L1
MAC
PtPDIF
L1
S-GW
. . .
. . .
MAC
PtPDIF
S5/S8
L1
P-GW
SGi
19
Recursion instead of virtualization (III)
•  Example 3: Data Center Network with NVO3
–  Network Virtualization Over Layer 3, uses overlay virtual networks on
top of the DCN’s fabric layer 3 to support multi-tenancy
TCPorUDPorSCTP,…(transportlayer)
IPv4orIPv6(tenantoverlay)
802.3
VXLAN
802.1Q
VM
802.3
802.1Q
VM
UDP
Server
Server
IPv4orIPv6(Fabriclayer)
Protocolconversion,
Localbridging
ToR
Ethernet
Ethernet
Ethernet
Fabric
Spine
Ethernet
Fabric
ToR
•  Recursion provides a cleaner, simpler solution than
virtualization
–  Repeat the same building block, with the same interface.
20
Recursion instead of virtualization (III)
•  Example 3: Data Center Network with NVO3
–  Network Virtualization Over Layer 3, uses overlay virtual networks on
top of the DCN’s fabric layer 3 to support multi-tenancy
TCPorUDPorSCTP,…(transportlayer)
IPv4orIPv6(tenantoverlay)
802.3
PtPDIF
VXLAN
802.1Q
PtPDIF
VM
802.1Q
PtPDIF
802.3
PtPDIF
VM
UDP
Server
Server
IPv4orIPv6(Fabriclayer)
Protocolconversion,
Localbridging
Ethernet
PtPDIF
ToR
Ethernet
PtPDIF
Fabric
Ethernet
PtPDIF
Spine
Ethernet
PtPDIF
Fabric
ToR
•  Recursion provides a cleaner, simpler solution than
virtualization
–  Repeat the same building block, with the same interface.
21
Recursion instead of virtualization (III)
•  Example 3: Data Center Network with NVO3
–  Network Virtualization Over Layer 3, uses overlay virtual networks on
top of the DCN’s fabric layer 3 to support multi-tenancy
TCPorUDPorSCTP,…(transportlayer)
IPv4orIPv6(tenantoverlay)
802.3
PtPDIF
VXLAN
802.1Q
PtPDIF
VM
802.1Q
PtPDIF
802.3
PtPDIF
VM
UDP
DCFabricDIF
Server
Server
IPv4orIPv6(Fabriclayer)
Protocolconversion,
Localbridging
Ethernet
PtPDIF
ToR
Ethernet
PtPDIF
Fabric
Ethernet
PtPDIF
Spine
Ethernet
PtPDIF
Fabric
ToR
•  Recursion provides a cleaner, simpler solution than
virtualization
–  Repeat the same building block, with the same interface.
22
Recursion instead of virtualization (III)
•  Example 3: Data Center Network with NVO3
–  Network Virtualization Over Layer 3, uses overlay virtual networks on
top of the DCN’s fabric layer 3 to support multi-tenancy
TCPorUDPorSCTP,…(transportlayer)
TenantDIF
IPv4orIPv6(tenantoverlay)
802.3
PtPDIF
VXLAN
802.1Q
PtPDIF
VM
802.1Q
PtPDIF
802.3
PtPDIF
VM
UDP
DCFabricDIF
Server
Server
IPv4orIPv6(Fabriclayer)
Protocolconversion,
Localbridging
Ethernet
PtPDIF
ToR
Ethernet
PtPDIF
Fabric
Ethernet
PtPDIF
Spine
Ethernet
PtPDIF
Fabric
ToR
•  Recursion provides a cleaner, simpler solution than
virtualization
–  Repeat the same building block, with the same interface.
23
Network Programmability
•  Centralized
control
data forwarding
of
ONF‘s SDN architecture
–  GSMPv3 (label switches:
ATM,
MPLS,
optical),
OpenFlow (Ethernet, IP,
evolving)
•  APIs for controlling network
services & network devices
–  ONF SDN architecture,
IEEE
P1520
(P1520
distinguished
between
virtual
devices
and
hardware)
24
Separation of mechanism from policy
IPCAPI
DataTransfer
DataTransfer
DataTransfer
DataTransfer
Relayingand
MulNplexing
SDUProtecNon
CACEP
StateVector
StateVector
StateVector
SDUDelimiNng
LayerManagement
DataTransferControl
Retransmission
Retransmission
Retransmission
Control
Control
Control
RIB
Daemon
FlowControl
FlowControl
FlowControl
RIB
FlowAllocaNon
AuthenNcaNon
ResourceAllocaNon
CDAPParser/
Generator
RouNng
Enrollment
Namespace
Management
Security
Management
•  All layers have the same mechanisms and 2 protocols (EFCP for data
transfer, CDAP for layer management), programmable via policies.
–  All data transfer and layer management functions are programmable!
•  Don’t specify/implement protocols, only policies
–  Re-use common layer structure, re-use policies across layers
•  This approach greatly simplifies the network structure, minimizing the
management overhead and the cost of supporting new
requirements, new physical media or new applications
25
3
DESIGNANDIMPLEMENTATION
OFANSDKFORIRATI
26
IRATI design: decisions and tradeoffs
Decision
Pros
Cons
Linux/OSvsother
Opera.ngsystems
Adop%on,Community,Stability,
Documenta%on,Support
Monolithickernel(RINA/
IPCModelmaybebe@er
suitedtomicro-kernels)
User/kernelsplit
vsuser-spaceonly
IPCasafundamentalOSservice,
accessdevicedrivers,hardware
offload,IPoverRINA,performance
Morecomplex
implementa%onand
debugging
C/C++
vsJava,Python,…
Na%veimplementa%on
Portability,Skillstomaster
language(users)
MulNpleuser-space
daemonsvssingleone
Reliability,Isola%onbetweenIPCPs
andIPCManager
Communica%onoverhead,
morecompleximpl.
SoU-irqs/taskletsvs.
workqueues(kernel)
Minimizelatencyandcontext
switchesofdatagoingthroughthe
“stack”
Morecomplexkernel
lockinganddebugging
27
Overview of IRATI and its SDK
RouNng
policy
SDKsupport
SDKsupport
Rou%ng
Enrollment
SDKsupport
Namespace
Management
librina
Security
Management
SDKsupport
RIB&RIB
Daemon
Resource
alloca%on
Flow
alloca%on
zoomin
ECN
policy
Txctrl
policy
RTT
policy
ErrorandFlowControl
Protocol
zoomin
SDUProtec%on
Relayingand
Mul%plexingTask
SDKsupport
SDKsupport
Monit
policy
IRATIRINAimplementaNon
NormalIPCP
(DataTransfer)
NormalIPCProcess
(DataTransfer/Control)
MaxQ
policy
Shim
IPCP
Schedu
policy
Shim
IPCP
Forwar
policy
IPCP
...
SDKsupport
Encryp
policy
ShimIPCP
SHIM
over802.1Q
KernelIPCManager
CRC
policy
Kernel
Newflow
policy
librina
NormalIPCP
(Datatransfer)
Userspace
SDKsupport
Coord
policy
Auth.
policy
NormalIPCProcess
IPCPDaemon
(LayerManagement)
(LayerMgmt)
TTL
policy
App
IPCManager
Daemon
Acc.ctrl
policy
SDKsupport
zoomin
Pushbak
noNfy
Manag
ement
Agent
Enroll.
sequence
PFTgen
policy
RIB&RIB
Daemon
Address
validat
IPCM
logic
Address
assign
Network
Manager
(NMSDAF)
Directory
replica
NormalIPCP
(LayerMgmt)
IPCManager
RINA Plugins Infrastructure (RPI)
Kernel RPI (kRPI)
● 
PluginsareLoadableKernelModules(LKM)
● 
● 
Theypublishasetofpolicysets,becomesavailabletotheRINAstack.
Factories, named aXer each policy set, provide opera.ons to create/delete instances of
policysetclasses
PolicySetlifecycle
• 
Different
policy-set class per
PolicySetclasses
component,
since
each
component
has
different
policies.
“OO”approach
● 
● 
● 
All policy set classes derive
frombaseclass
All components derive from
baseclass
29
RINA Plugins Infrastructure (RPI)
User-space RPI uRPI)
● 
SameconceptsaskRPI(factories,lifecycle,policyclasses),differentimpl
● 
PluginsaresharedobjectsdynamicallyloadedbytheIPCPDaemon,loaded
throughthelibdllibrary
30
SDK Usage: Experimentation with IRATI
Data transfer policies: RMT and EFCP
•  Programmed data transfer
policies to manage congestion
in
a
distributed
cloud
environment.
DECBinaryfeedback(EFCPandRMT)
•  Two touch points: i) ECNmarking policies for the RMT; ii)
flow control policies that react
to ECN-marked PDUs in EFCP
“TCPTahoe”(EFCP)+RED(RMT)
31
4
ONGOINGRINAINITIATIVES
32
Research, open source, standards
•  Current research projects
1
– 
2
– 
3
– 
– 
4
FP7 PRISTINE (2014-2016) http://ict-pristine-eu
H2020 ARCFIRE (2016-2017) http://ict-arcfire.eu
Norwegian project OCARINA(2016-2021)
BU RINA team http://csr.bu.edu/rina
•  Open source implementations
1 IRATI (Linux OS, C/C++, kernel components, policy framework, RINA
– 
over X) http://github.com/irati/stack
2
– 
RINASim (RINA simulator, OMNeT++)
3 ProtoRINA (Java, RINA over UDP, quick prototyping)
– 
•  Key RINA standardization activities
– 
1 Pouzin Society (experimental specs) http://pouzinsociety.org
– 
2 ISO SC6 WG7 (2 new projects: Future Network – Architectures, Future
Network- Protocols)
3 ETSI Next Generation Protocols ISG
– 
33