An Efficient Flow Table Consistent Update Scheme for ... - IEEE Xplore

3 downloads 259 Views 496KB Size Report
OpenFlow-based SDN technology which is an effective solution for SDN. OpenFlow ... To address the consistency problem of flow tables updates, researchers ...
IEEE/CIC ICCC 2015 Symposium on Next Generation Networking

An Efficient Flow Table Consistent Update Scheme for Software Defined Network Gang Chen1, Hongyu Peng1, Shuaijun Liu1, Chaowei Wang1, Weidong Wang1,2 1

School of Electronic Engineering, Information and Electronic Technology Lab, Beijing University of Posts and Telecommunications 2 Key Laboratory of Universal Wireless Communication, Ministry of Education, Beijing, China [email protected] Abstract—Network updates can result in some problems such as lost connectivity and forwarding loops in the network. To solve the network update problems, the update consistency abstraction is proposed in SDN. OpenFlow is an effective solution for SDN and the update consistency in OpenFlow network is the consistency of the flow table updating. However, the update schemes proposed recently have high TCAM usage or high controller workload. The TCAM memory at switches is fundamentally limited and the controller is the core part of SDN. In this paper, a flow table update scheme called Time Stamp Packet Based (TSPB) is proposed to solve the problem of flow table update consistency based on OpenFlow. The correctness of the consistency of TSPB scheme is demonstrated in the view of logic. At last simulation results testify that proposed scheme TSPB can reduce TCAM usage with less update completion time and controller workload. Keywords—SDN; OpenFlow; update consistency; TCAM; Time Stamp Packet

I. INTRODUCTION The update of current networks has been a long recognized problem. Network is a real-time dynamic system, but the configuration of each switch has to be independent and asynchronous because of the current network’s distributed hopby-hop routing architecture. It leads to a lot of unpredictable problems when network updates, such as hiccups in VoIP, lost connections with servers, packet loss caused by the mixture of old and new routes. Software Defined Network (SDN) [1] is an emerging architecture which decouples the network control and forwarding planes .It lets network managers configure and update switches directly via SDN programs in the controller. OpenFlow [2] is the first standard communications interface defined between the control and forwarding layers of an SDN architecture. Open Networking Foundation (ONF) presents OpenFlow-based SDN technology which is an effective solution for SDN. OpenFlow uses the concept of flow tables to identify network traffic based on pre-defined match rules. Using OpenFlow protocol, the controller can modify flow tables on the OpenFlow switches directly. Therefore, network update in the OpenFlow network turns into the update of flow tables. To avoid the problems of network updates, the controller needs to guarantee the consistency of flow tables. There are two consistency abstractions: per-packet consistency and per-flow consistency [3]. Per-packet This work is supported by Doctoral Scientific Fund Project of the Ministry of Education of China (20120005110001) and National Natural Science Foundation of China (No. 61271186).

consistency is the fundamental consistent update abstraction, which guarantees that each packet flowing through the network will be processed according to a single network configuration— either the old configuration prior to the update, or the new one after the update, but not a mixture of the two. Per-flow consistency guarantees that all packets in the same flow are handled by the same version of the configuration, where a flow is a sequence of packets with related header fields, entering the network at the same port, and not separated by more than the specified time [4]. We focus on the per-packet consistency in this paper. To address the consistency problem of flow tables updates, researchers have proposed several schemes. A version tag based scheme is proposed [5]. It uses a header field to encode configuration version number which is used to distinguish the old and new ruleset (e.g., VLAN tags or MPLS labels).It installs the new ruleset on all of the switches. Once all packets following the old policy have left the network, the controller deletes the old configuration rules, completing the update. This scheme takes short time to complete update and generates little load to the controller, but it wastes the Ternary Content Addressable Memory (TCAM). TCAM has good performance on flow table look up, so it is widely used to store flow tables on OpenFlow switches. Version tag based update scheme wastes TCAM since it has to install two entire rulesets on all switches. However, TCAM is an expensive part of any switch and the most general matching engine available on most switches. As the TCAM memory at switches is fundamentally limited, the less the TCAM usage of the update scheme is, the better the update scheme is. Another scheme named the OpenFlow Safe Update Protocol uses the intermediate family of transfer functions to update flow tables consistently[6][7].The intermediate ruleset is defined as follows: if the switch handles a packet in the same way under either old or new ruleset, the switch sends this packet on, otherwise the switch sends this packet to the controller. It first installs the intermediate ruleset on all of the switches and wait for the maximum network latency. After that, it installs the new ruleset on all switches and wait the maximum network latency, completing the update. This scheme saves the TCAM space at the expense of the communication bandwidth between the controllers and switches. It not only increases the load of the controller, but also takes a long time to complete the update. However, update complete time and controller’s load are two important performance indicators of the flow table update

978-1-5090-0243-6/15/$31.00 ©2015 IEEE

IEEE/CIC ICCC 2015 Symposium on Next Generation Networking

scheme. If update complete time is very long, it will increase the network latency, influence users’ experience and rise the incidence of network anomalies because the new ruleset can’t be deployed in time. If the controller’s load is too heavy, it will decrease the performance of the whole network as the controller is the core in SDN. This paper puts forward a new scheme called Time Stamp Packet Based scheme (TSPB) to update flow tables consistently. TSPB scheme aims to save the TCAM of each OpenFlow switch, shorten update complete time and reduce controller workload under the condition of ensuring consistency of flow table updates. The paper is organized as follows. In Section II, the network architecture and some formalisms which are used in this paper are stated. Section III presents Time Stamp Packet Based scheme (TSPB) and proves the correctness of that TSPB scheme can ensure the update consistency. In Section IV, the simulation parameters and scenarios are given, and the results confirm the low-latency and low-load advantages of TSPB scheme compared with the schemes in [5] [7].Section V concludes the paper. II. NETWORK ARCHITECTURE AND CONVENTIONS

Fig. 1. Network Architecture.

Fig. 1 describes the network architecture adapted in this paper. The switches used are all OpenFlow switches. The communication between the controller and OpenFlow switches is structured by OpenFlow Switch Specification Version 1.5.0[8]. The solid lines are datapaths which are the links between switches to forward packets, and the dashed lines are control links (the OpenFlow channel) which are the links between controller and the OpenFlow switches. Network Updates are based on planned change or unplanned events. Planned change means that managers change the network configurations initiatively, and unplanned events such as link failure lead to the unpredictable network changes and passive updates. Planned change accounts for a significant percentage of failures, so this paper focuses on planned change. The planned change discussed in this paper is rerouting of the network links, for example, when the operator needs to deploy a new routing strategy, the operator knows the new flow tables which need to be installed on the switches clearly. The controller initially sends the control messages to each switch, then the switches which receive the control messages modify the related flow tables, completing the network update. As it is planned, the controller can get a switch set V which contains all of the update-related switches in advance.

According to the network topology and update rules, the controller can classify the update-related switches and divide the set V into three disjoint subsets: the head switch set Vh , the remaining switch set Vr and the added switch set Va . Vh (the head switch set):the head switch is the first switch through which the update-related packets flow. The number of the head switches equals the number of the update-related packet sources, so it can be one or several. Vr (the remaining switch set): the remaining switches are the switches which have installed the old ruleset and need to update the flow tables except the first switches. Va (the added switch set): the added switches are the switches which only need to install the new ruleset and add flow entries into the flow tables. The set Va is empty when there are no new switches added according to the comparation of the old and new ruleset. Based on the components of the flow table in the OpenFlow protocol, the processing of the packet p in the switch s can be characterized as a Boolean function f s (p) : X  Y , where X is match fields (the domain of the rule including the ingress port and packet headers) and Y is introductions (the result of the rule including actions with respect to the packet p such as forward to another switch or forward to the controller) [8]. The network transfer function F(p) is defined as the operations of the packet p in the network, for example, if the data path of the packet p is (s, t, u, v), then the transfer function is F(p) = f v (f u (f t (f s (p)))) , where s, t, u, v are the switches which p traverses in the network. If F1 (p) refers that the packet p is dealt with by the old ruleset and F2(p) refers to the new ruleset, then per-packet consistency means that the transfer function of each packet p should equal only one ruleset-either F(p) = F1 (p) or F(p) = F2 (p) .This convention will be used to prove the update consistency of TSPB scheme. III. TIME STAMP PACKET BASED SCHEME In part A, the definition and function of Time Stamp Packet are described in detail. In part B, the procedure of TSPB scheme is presented. In part C, the update consistency of this scheme is demonstrated. A. Time Stamp Packet As is described in the OpenFlow protocol, the controller can use Controller/switch Packet-out messages to send packets out of a specified port on the switch. This Packet-out message is used by TSPB scheme in a special way. At the beginning of network updates, the controller sends a Packet-out message containing a special packet to the head switches. This special packet is named Time Stamp Packet. Time Stamp Packet is defined as follows: the source address is the controller. The controller sends it to the head switch. Then this packet is forwarded into the network out of the port which is ordered by the old ruleset on the head switch. The forwarding path follows the old ruleset. The destination address is the last one of the remaining switches, in other words, the last switch in the forwarding path. To avoid that the packet flows out of the network, the destination switch drops this special packet at last. The goal of Time Stamp Packet is to be the last packet which is

IEEE/CIC ICCC 2015 Symposium on Next Generation Networking

handled by the old ruleset when starting the network updates. It means that after receiving and processing of this stamp packet on one of the update-related remaining switches, there are no more update-related packets flowing into this switch, and then this switch can update its flow tables because no more packets need to be dealt with by the old ruleset.

flow table, Time Stamp Packet will be sent to the controller over the control channel via packet-in message according to the table miss flow entry. 

Step 4. It refers that all switches in the subset Vr have updated or are updating the flow tables when the controller receives the Time Stamp Packet which is sent back from the last Vr switch in Step 3. Because the path traversed by Time Stamp Packet is specified by the old ruleset, it doesn’t include the switches in the subset Va. To respond to the receiving of Time Stamp Packet, the controller sends Modify-State messages to all switches in Va to add flow entries in their flow tables.



Step 5. The controller begins to update the flow tables on Vh after completing the updates of Va . When the updates are finished, the controller sends the packets which are buffered to the controller as part of Packet-in event back to the head switches via Packet-out messages. The packets are handled by the new ruleset at this moment.

B. The Scheme

Fig. 2. Procedure of Time Stamp Packet Based scheme.

Figure 2 is the procedures of TSPB scheme. TSPB scheme can be divided into five steps as follows. 





Step 1. When update begins, the controller analyzes the new ruleset and obtains the update-related switch set V which consists of three subsets (Vh ,Vr ,Va ) .After analysis, the controller sends control messages to the switches in the set Vh . The control messages contains two types of Controller-to-switch messages. One is Packet-out message, which consists of Time Stamp Packet and a list of actions to be applied in the order they are specified by the old ruleset. The other one is ModifyState message, which is used to modify the flow entries. This message in Step 1 changes the entry Output of the update-related flow tables on the head switches Vh to CONTROLLER so that Vh can buffer the update-related packets to the controller without handling these packets until network updates complete. Step 2. As soon as Vh receive the control messages containing Time Stamp Packet, Vh forward Time Stamp Packet to the remaining switches Vr . If there are new update-related packets flowing into Vh , Vh encapsulate these packets in packet-in messages which is one type of the Asynchronous messages and send them to the controller using the OpenFlow protocol. Step 3. After receiving Time Stamp Packet, Vr generate a Packet-in message which contains the request to update the flow tables and send this message to the controller. To respond to the update request, the controller sends a Modify-State message to the switch which has just handled Time Stamp Packet. Time Stamp Packet is dealt with by the old ruleset on the Vr switch. It is processed with its associated action set which is specified in the flow entry it matches and usually forwarded to the next switch in Vr . If the current switch is the last one in Vr and no flow entry is matched in the

C. Demonstration of the Consistency To prove the correctness with generality, assuming that there are two switches in each subset (Vh ,Vr ,Va ) . The switches are distinguished as Vh1 , Vh2 , Vr1 , Vr2 , Va1 , Va2 .The packet flowing into the network from Vh1 is p1 ,and another packet flowing from Vh2 is p2 .For a packet p, if it is sent to the controller by the head switch, the transfer function of this packet p is F(p) = C . 

At the time epoch t0 , the updates begin, the controller sends the control messages containing the packet TSP1 to Vh1 and sends the messages containing TSP2 to Vh2 .



At the epoch t1 , Vh1 receives the control messages, and then it forwards TSP1 and sends the update-related packets to controller. At the epoch t2 , Vh2 does the similar things as Vh1 .



The epoch t 3 and t4 , the controller receives TSP1 and TSP2 .At the epoch max(t3 ,t4 ) (the bigger one of t 3 and t4 ), the controller sends the update control messages to Va1 and Va2 . The reason why not start updating all switches in the set Va at the start of the update is to use additional TCAM as little time as possible. During the periods of t1 - t3 and t2 - t4 when TSP1 and TSP2 traverse the network, Vr1 and Vr2 may receive either two Time Stamp Packets or one of them, this depends on the actual paths which are specified by the old ruleset. But at the epoch max(t3 ,t4 ) , the controller has finished the updates of all switches in Vr . As Vr1 and Vr2 update their flow tables after forwarding Time Stamp Packet, the packets flowing to

IEEE/CIC ICCC 2015 Symposium on Next Generation Networking

Vr1 (or Vr2 ) before TSP1 (or TSP2 ) is handled under the old ruleset.

scenario

nodes

links

paths changed

1

108

306

3455

 At the time epoch t5 , Va1 and Va2 complete their updates, the controller starts to update Vh1 and Vh2 . After the epoch max(t3 ,t4 ) , the packets which are related with updates are sent to the controller.

2

315

1944

61080

3

87

322

3334

4

161

656

16241

5

79

294

2064

 At the epoch t6 , Vh1 and Vh2 complete their updates and begin to download the buffer packets from the controller. All of the packets sent to the controller are dealt with under the new ruleset, which means that F(p1 ) = C is equivalent to F(p1 ) = F2 (p1 ) and F(p2 )= C is equivalent to F(p2 )= F2 (p2 ) .

6

141

748

9425

This shows the function of p1 or p2 while traversing the network. For the packet p1 ,  F1 (p1 ),t0 - t1  F(p1 ) =  F1 (p1 ) or F2 (p1 ),t1 - t3  F (p ),t - t  2 1 3 6

(1)

For the packet p2 ,  F1 (p2 ),t0 - t2  F(p2 ) =  F1 (p2 ) or F2 (p2 ),t2 - t4  F (p ),t - t  2 2 4 6

(2)

As the communication between the controller and switches needs to keep stable and timely along with the control messages are simple and short, the communication latency of the OpenFlow channel is shorter than that of data path. For simplicity, the simulation parameters of this simulation are set as follows: the latency of the OpenFlow channel obey the uniform distribution of 0 to 10 unit of time and the latency of the data path obey the uniform distribution of 0 to 100 unit of time (1 unit of time is modeled as 1 millisecond). The arrival of the packets follows the Poisson distribution and the rate of the arrival is 200 packets/s. B. Simulation Results In our testbed, the size of TCAM used for network updates can’t be counted directly. The quantity of flow tables installed on the OpenFlow switches are linearly proportional to the size of TCAM because the flow tables are stored in the TCAM. So the quantities of flow tables which are related to the network updates are counted in our testbed. The quantity of added flow tables is described in Fig.3.

Given the above, for any packet p flowing into the network during the updates, the packet p satisfies only one of the equations F(p) = F1 (p) or F(p) = F2 (p) , which means that TSPB scheme can keep the consistency of the flow tables while doing the updates. IV. SIMULATION In this section, TSPB performance is evaluated compared with Scheme 1 which is based on version tag in [5] and Scheme 2 which uses the intermediate ruleset in [7]. Scheme 1 and 2 are described in detail in Introduction. In part A, the network topologies and scenario setup for simulation are presented. In part B, the results including the quantity of flow tables used, update time and the controller’s workload are discussed. A. Simulation Setup A new routing strategy called ESIR for IP backbone network is proposed in [10]. It can switch off network links and recalculate the paths between the network nodes in order to save the energy. For lack of space, the details of ESIR are not given. To deploy this strategy, the flow tables on the switches must be updated [11]. Six real network topologies obtained by Rocketfuel project [12] are used in our testbed. The details of the topologies are shown in TABLE I. The number of the paths which are changed by the new ruleset is also shown in TABLE I. TABLE I.

TOPOLOGIES AND RESULTS OF EISR

Fig. 3. Quantity of Added Flow Tables

Fig. 4. Times of Changing Flow Tables

From Fig.3: for Scheme 1, the flow tables are added with a new version tag on all the switches which are in the new path. For Scheme 2 and TSPB, only the nodes which are not in the old path but in the new path need to install new flow tables. Because Scheme 1 has to install the new ruleset on all the update-related switches, the quantity of added flow tables of Scheme 1 is much

IEEE/CIC ICCC 2015 Symposium on Next Generation Networking

bigger than that of Scheme 2 and TSPB. In other word, the additional size of TCAM used by Scheme 1 is much bigger than that of Scheme 2 and TSPB. The times of changing flow tables during updates are displayed in Fig.4. For Scheme 1, the times of changing the flow tables is equal to the quantity of the old flow tables since they are deleted after updates complete For Scheme 2, the times of changing flow tables is double of the quantity of flow tables belong to the old ruleset. Because Scheme 2 first modifies the Actions of the old flow tables to Controller as the intermediate ruleset, which means that all the packets related to network updates are buffered to the controller. Then it modifies the intermediate ruleset to the new ruleset. The flow tables on the switches are modified twice during the updates. For our scheme TSPB, the flow tables are modified to the new ones or deleted directly and the consistency of TSPB is above in part C of section III. Therefore, for TSPB, the flow tables are modified only once and the times of changing flow tables is equal to the quantity of the old ones installed on the switches.

start, but TSPB only needs to buffer the packets on the head switches. Both the times of changing flow tables and the quantity of buffered packets have positive influence on the controller’s workload of the update scheme. In a word, Scheme 2 takes more time to complete updates and more controller’s workload than those of TSPB. To sum up, TSPB scheme saves more than half of the TCAM used by Scheme 1. TSPB uses the same size of TCAM as Scheme 2 but it costs less update time and less controller’s workload than those of Scheme 2. V. CONCLUSION AND FUTURE WORK This paper proposes a novel flow table update scheme TSPB and demonstrates its correctness of keeping the update consistency. It costs less TCAM than that of Scheme 1 which is based on version tags. It spends less update time and less working load than Scheme 2 which uses the intermediate family of transfer functions, because TSPB doesn’t need to install the intermediate ruleset and wait the maximum network latency. The work presented in this paper is still in the early stage, and lots of work remains. For example, the scheme can be optimized to keep the per-flow consistency. The research of the update scheme for unplanned events is also part of the future work. REFERENCES [1]

Fig. 5. Update Time

Fig. 6. Quantity of Buffered Packets

Scheme 1 updates the flow tables by changing the version tag of the packets simply so it takes little time to complete the updates and there are no packets buffering to the controller. We only compare the update time and the quantity of buffered packets of Scheme 2 and TSPB. The results are shown in Fig.5 and 6. From Fig.5, we can observe that the update time of Scheme 2 is bigger than that of TSPB. As Scheme 2 modifies the flow tables too often, the time for the controller to communicate with the switches increases. Besides, it has to wait the maximum network latency to make sure that all the packets handled by the old ruleset have been buffered to the controller, which also increases the update time. From Fig.6, the quantity of buffered packets of Scheme 1 is bigger than that of TSPB. The reasons are as follows: 1) the update time of Scheme 2 is bigger than that of TSPB. Both Scheme 2 and TSPB send the packets to the controller during the updates, the longer the updates take, the more packets are buffered to the controller. 2) Scheme 2 sends the packets of all the switches when the updates

Software-Defined Networking:The New Norm for Networks. Available: https://www.opennetworking.org/images/stories/downloads/sdnresources/white-papers/wp-sdn-newnorm.pdf [2] McKeown, Nick, et al. "OpenFlow: enabling innovation in campus networks." ACM SIGCOMM Computer Communication Review 38.2 (2008): 69-74. [3] Reitblatt, Mark, et al. "Consistent updates for software-defined networks: Change you can believe in!." Proceedings of the 10th ACM Workshop on Hot Topics in Networks. ACM, 2011. [4] Jiang, Xiaoxiao, and David HC Du. "A BUS vehicular network integrated with traffic infrastructure." Connected Vehicles and Expo (ICCVE), 2013 International Conference on. IEEE, 2013. [5] Reitblatt, Mark, et al. "Abstractions for network update." Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication. ACM, 2012. [6] Wang, Shoufeng, Yinghai Zhang, Yu Liu, Zongwen Wang, Weidong Wang, and Xiaoxiao Jiang. "A novel routing algorithm based on ORF in mobile Ad hoc networks." In Network Infrastructure and Digital Content, 2009. IC-NIDC 2009. IEEE International Conference on, pp. 124-128. IEEE, 2009. [7] McGeer, Rick. "A safe, efficient update protocol for OpenFlow networks." Proceedings of the first workshop on Hot topics in software defined networks. ACM, 2012. [8] OpenFlow Switch Specification Version 1.5.0. Available: https://www.opennetworking.org/images/stories/downloads/sdnresources/onf-specifications/openflow/openflow-switch-v1.5.0.noipr.pdf [9] McGeer, Rick. "Verification of switching network properties using satisfiability." Communications (ICC), 2012 IEEE International Conference on. IEEE, 2012. [10] Cianfrani, Antonio, et al. "An OSPF-integrated routing strategy for QoSaware energy saving in IP backbone networks." Network and Service Management, IEEE Transactions on 9.3 (2012): 254-267. [11] Pei, Zhang, Huang Xiaohong, Jiang Xiaoxiao, and Ma Yan. "An Enhanced and Extensible Data Structure for Flow Export Engine." CHINA COMMUNICATIONS 6, no. 4 (2009): 121-126. [12] Rocketfuel Project. Available: http://www.cs.washington.edu/research/networking/rocketfuel/