and distributed control planes Ryan Beckett Ratul Mahajan Todd - PowerPoint PPT Presentation

Bridging centralized programming and distributed control planes Ryan Beckett Ratul Mahajan Todd Millstein Jitu Padhye David Walker

Hypothesis on smart solutions in networks Simple Overprovision, best effort, Present solutions (eng + ops + $/bit) optimize mean perf, relaxed (distributed) control, …. Past Total cost Smart Intelligent resource allocation, multiple priorities, optimize tail perf, tight (centralized) control, … solutions Infrastructure size or complexity

Network programming journey Distributed Centralized programming programming + Resilience Distributed control plane − Programmability Centralized Control plane

Programming (configuring) networks is error-prone

Programming (configuring) networks is error-prone 50-80% of outages are the 60% of network downtime is result of human error caused by human error -Yankee group 2002 -Juniper 2008

Network programming journey Distributed Centralized programming programming + Resilience + Resilience Distributed control plane − Programmability + Programmability − Resilience Centralized Control plane + Programmability Network verification

Programming distributed control planes is hard Network-wide policies Router-level mechanisms Prefer one neighbor over another Set consistent, per-link preferences Don’t use my network as transit Tag incoming routing info Keep traffic within a region Program import and export filters Aggregate prefixes externally based on various route attributes Prov Cust Peer R3 R2 R4 R1

Propane: Centrally programming distributed control planes A language for expressing A compiler that configures of network-level objectives router-level mechanisms • Path constraints and relative • Configurations are policy- preferences (fallbacks) compliant under all failures

Example #1: A backbone network  block “Peer”  block “Peer”  tag “Peer”  tag “Peer” Peer2 Peer1 R1 LP=99 R2 LP=99 LP=100 LP=101 filter 16.4.0.0/16 filter 16.4.0.0/16 Cust Goals define notransit = { true => not transit ({Peer1, Peer2})} • No transit between peers define preference = { true => exit (R2>R1>{Peer1, Peer2})} • Prefer R2 > R1 > Peer{1,2} define ownership = {16.4.0.0/16 => end (Cust)} • Limit Cust to 16.4.0.0/16 define main = notransit and preference and ownership

Example #2: A data center network Goals Backbone • Keep local prefixes internal • Aggregate global prefixes as PG X Y Y Attempt #1 C C D D G G H H • Don’t export from G, H to external A A B B E F E F • Aggregate externally as PG PG1 PG2 PL1 PL2 Global Local Services Services

Example #2: A data center network Goals Backbone • Keep local prefixes internal • Aggregate global prefixes as PG X Y Y Attempt #1 C C D D G G H H • Don’t export from G, H to external A A B B E F E F • Aggregate externally as PG PG1 PG2 PL1 PL2 Global Local Services Services

Example #2: A data center network Goals Backbone • Keep local prefixes internal PG • Aggregate global prefixes as PG X Y Y Attempt #2 C C D D G G H H • Don’t export from G, H to external A A B B E F E F • Aggregate externally as PG PG1 PG2 PL1 PL2 • Valley-free routing Global Local Services Services

Example #2: A data center network Goals Backbone • Keep local prefixes internal PG • Aggregate global prefixes as PG X Y Y Attempt #2 C C D D G G H H • Don’t export from G, H to external A A B B E F E F • Aggregate externally as PG PG1 PG2 PL1 PL2 • Valley-free routing Global Local Services Services

Example #2: A data center network Goals Backbone • Keep local prefixes internal PG • Aggregate global prefixes as PG X Y Y PG1 blackholed! Attempt #2 C C D D G G H H • Don’t export from G, H to external A A B B E F E F • Aggregate externally as PG PG1 PG2 PL1 PL2 • X, Y block routes through the other Global Local Services Services

Example #2: A data center network Goals Backbone • Keep local prefixes internal • Aggregate global prefixes as PG X Y Y define ownership = {PG1 => end (A), C C D D G G H H PG2 => end (B), PL1 => end (E), A A B B E F E F PL2 => end (F)} define locality = { {PL1, PL2} => always (in)} PG1 PG2 PL1 PL2 control { aggregate (PG , in -> out )} Global Local define main = routing and locality Services Services

Propane compiler Propane Front End Constraint Language Regular Expression-based IR Regular IR Topology Product graph Failure analyses Abstract BGP Vendor-independent BGP Cisco Vendor configurations Juniper

Propane Propane Regular IR Regular Step 1: Combine modular constraints IR Prefix-by-prefix intersection of constraints define ownership = {PG1 => end (A), PG2 => end (B), PG1 => end (A) PL1 => end (E), PG2 => end (B) PL2 => end (F)} PL1 => always(in) and end (E) define locality = { {PL1, PL2} => always (in)} PL2 => always ( in ) and end (F) control { aggregate (PG , in -> out )} define main = routing and locality

Propane Propane Regular IR Step 2: Expand constraints in to regular expressions Regular any = out*.in+.out* IR end (X) = (Σ*.X) always (X) = (X)* (out*.in*.(X ∩ in).out+)| exit (X) = (out*.in+.(X ∩ out).out*) start (X) = (X.Σ*) avoid (X) = (!X)* waypoint (X) = (Σ*.X.Σ*) Step 3: Reduced syntax true => A.(X >> Y). out * true => (A.X. out *) >> (A.Y. out *)

Regular PG construction: An Example IR Product graph Y X W A D B C E Z Policy: (W.A.C.D. out ) >> (W.B. in +. out )

Regular PG construction: An Example IR Product graph Y X W A D B C E Z Policy: (W.A.C.D. out ) >> (W.B. in +. out )

PG construction: Reversed policy automata Y X W A D B C E Z out D C A W 5 0 1 2 3 4 (W.A.C.D. out ) ACDE B in out W B (W.B. in +. out ) 0 1 2 3 4 ACDE

PG construction: Graph generation start Y X W (Z,1,1) (Y,1,1) (X,1,1) (W,1,1) A D B (B,-,2) (E,-,2) (D,2,2) (A,-,2) C E (C,3,2) (C,-,2) (D,-,2) Z (W.A.C.D. out ) >> (W.B. in +. out ) out D C A W (B,-,3) (A,4,2) 0 1 2 3 4 5 (W,-,4) (W,5,-) ACDE B in W out {2} {1} B 0 1 2 3 4 end ACDE

PG construction: Graph generation start Y X W (Z,1,1) (Y,1,1) (X,1,1) (W,1,1) A D B (B,-,2) (E,-,2) (D,2,2) (A,-,2) C E (C,3,2) (C,-,2) (D,-,2) Z (W.A.C.D. out ) >> (W.B. in +. out ) out D C A W (B,-,3) (A,4,2) 0 1 2 3 4 5 (W,-,4) (W,5,-) ACDE B in W out {2} {1} B 0 1 2 3 4 end ACDE

PG construction: minimization (loop analysis) start start (Z,1,1) (Y,1,1) (X,1,1) (W,1,1) (Z,1,1) (Y,1,1) (X,1,1) (B,-,2) (E,-,2) (D,2,2) (A,-,2) (E,-,2) (D,2,2) (C,3,2) (C,-,2) (C,3,2) (C,-,2) (D,-,2) (B,-,3) (B,-,3) (A,4,2) (A,4,2) (W,-,4) (W,-,4) (W,5,-) (W,5,-) {2} {1} {2} {1} end end

Product Compilation to ABGP graph Abstract start BGP (Z,1,1) (Y,1,1) (X,1,1) Idea 1: Restrict advertisements to PG edges (E,-,2) (D,2,2) • Encode PG state in community tag • Incoming edges — import filters (C,3,2) (C,-,2) • Outgoing edges — export filters (B,-,3) (A,4,2) Let BGP find some allowed path dynamically (W,-,4) (W,5,-) {2} {1} end

Product Compilation to BGP graph Abstract start BGP (Z,1,1) (Y,1,1) (X,1,1) (E,-,2) (D,2,2) C allows import from D with tag (2,2) (C,3,2) (C,-,2) C exports to A,B with tag (3,2) (B,-,3) (A,4,2) (W,-,4) (W,5,-) {2} {1} end

Compilation to BGP start A better path exists in the (Z,1,1) (Y,1,1) (X,1,1) network, but is not used! (E,-,2) (D,2,2) Y X W (C,3,2) (C,-,2) A D B C E (B,-,3) (A,4,2) (W,-,4) (W,5,-) Z (W.A.C.D. out ) >> (W.B. in +. out ) {2} {1} end

Compilation to BGP start Idea 2: Synthesize local preferences (Z,1,1) (Y,1,1) (X,1,1) • Direct BGP towards best path (E,-,2) (D,2,2) • Under all combinations of failures (C,3,2) (C,-,2) (B,-,3) (A,4,2) Let BGP find the best allowed path dynamically (W,-,4) (W,5,-) {2} {1} end

Compilation to BGP Router A start match peer=C comm=(3,2) export peer←W, comm←(4,2), comm← noexport, MED←80 (Z,1,1) (Y,1,1) (X,1,1) Router B match peer=C (E,-,2) (D,2,2) export peer←W, comm←( -,3), comm←noexport, MED←81 (C,3,2) (C,-,2) Router C match[lp=99] peer=E, comm=(-,2) export peer←B, comm←( -,2) (B,-,3) (A,4,2) match[lp=100] peer=D, comm=(2,2) export peer←A,B, comm←(3,2) (W,-,4) (W,5,-) Router D match regex=(X + Y) {2} {1} export peer←C, comm←(2,2) end …

Compilation to BGP Router A start match peer=C comm=(3,2) export peer←W, comm←(4,2), comm← noexport, MED←80 (Z,1,1) (Y,1,1) (X,1,1) Router B match peer=C (E,-,2) (D,2,2) export peer←W, comm←( -,3), comm←noexport, MED←81 (C,3,2) (C,-,2) Router C match[lp=99] peer=E, comm=(-,2) export peer←B, comm←( -,2) (B,-,3) (A,4,2) match[lp=100] peer=D, comm=(2,2) export peer←A,B, comm←(3,2) (W,-,4) (W,5,-) Router D match regex=(X + Y) {2} {1} export peer←C, comm←(2,2) end …