지난 시간 배운 내용
inter-AS. 여러 AS들을 넘어가는 routing을 하는 BGP를 봤음. BGP는 TCP위에서 TCP 세션을 열고 활동.
ASBR, AS의 border router에서 eBGP로 다른 AS에 있는 eBGP들과 통신하고, ASBR의 inside쪽에 있는 port에선 iBGP를 running하면서 외부에서 learn한 것을 자기 AS 안에있는 라우터들에게 propagate해주고
저 너머에 있는 AS에서 learning한 것을 다른 AS로 넘겨줄 때, 기준은 policy.
특히, stub AS인 경우, 내 AS 안에서 traffic이 시작하거나 끝나는 건 있어도 transit하진 않음. 만약 multi-homed 되어있는 stub AS라면 더욱 조심해서 내 provider ISP에게 받은 정보를 다른쪽 provider ISP에겐 주면 안 됨(advertise 했다는 것은 자신이 transit 된다는 것)
⇒ source로부터 다른 AS에 있는 destination으로 가는 traffic은 결과적으로, 어떤 output port로 갈지 결정할 땐, inter-AS routing(BGP)과 intra-AS routing(iBGP+OSPF)이 collaborate해서 결정한다.
Quiz Describe how loops in paths can be detected in BGP.
Since full AS path information is available from an AS to a destination in BGP, loop detection is simple – if eBGP receives route information whose AS-PATH includes my own ASN number, then using that route would result in a loop. → drop it! & report
받은 AS path 정보에 내 정보가 있다면 loop이 있어서 다시 나한테 온 것.
Consider the network shown below. Suppose AS3 and AS2 are running OSPF for their intra-AS routing protocol. Suppose AS1 and AS4 are running RIP for their intra-AS routing protocol. Suppose eBGP and iBGP are used for the inter-AS routing protocol. Initially suppose there is no physical link between AS2 and AS4.
a. Router 3c learns about prefix x from which routing protocol: OSPF, RIP, eBGP, or iBGP ? eBGP
b. Router 3a learns about x from which routing protocol? iBGP
c. Router 1c learns about x from which routing protocol? eBGP
d. Router 1d learns about x from which routing protocol? iBGP
Referring to the previous problem, once router 1d learns about x it will put an entry (x, I) in its forwarding table.
- Will I be equal to I1 or I2 for this entry? Explain why in one sentence.
l1. because this interface begins the least cost path from 1d towrds the gateway router 1c.
- Now suppose that there is a physical link between AS2 and AS4, shown by the dotted line. Suppose router 1d learns that x is accessible via AS2 as well as via AS3. Will I be set to I1 or I2? Explain why in one sentence.
l2. Both routes have equal AS-PATH length, but l2 begins the path that has the closest NEXT-HOP router.
- Now suppose there is another AS, called AS5, which lies on the path between AS2 and AS4 (not shown in diagram). Suppose router 1d learns that x is accessible via AS2 AS5 AS4 as well as via AS3 AS4. Will I be set to I1 or I2? Explain why in one sentence.
l1. l1 begins the path that has the shortest AS-PATH.
5.5 The SDN Control plane
SDN (Software defined networking)
NW control apps (routing + 다양한 middle box 기능들. NAT, load balancing, Firewall, accounting,...) is programmed as sophisticated SW using high-level API at servers which are distinct and remote from simple & fast NW devices(pkt switch) where the contents users' traffics go through.
no control board in router → packet switch, control board in remote controller
SDN: motivation
- monolithic router contains switching hardware, runs proprietary implementation of Internet standard protocols (IP, RIP, IS-IS, OSPF, BGP) in proprietary router OS (e.g., Cisco IOS)
- different “middleboxes” for different network layer functions: firewalls, load balancers, NAT boxes, ..
SDN: definition
SDN is a framework
- to allow network administrators to automatically and dynamically manage and control
- a large number of network devices, services, topology, traffic paths and packet handling (QoS) policies
- using high-level languages and APIs
- Management includes provisioning, operation, monitoring, optimizing, and managing FCAPS
(Faults, Configuration, Accounting, Performance, and Security) in a multi-tenant environment.
SDN: how?
The physical separation of the network control plane from the forwarding plane, and where a logically centralized control plane (server) controls several routers.
- Why a logically centralized control plane?
- Easier network management
- avoid router misconfigurations, greater flexibility of traffic
flows
- avoid router misconfigurations, greater flexibility of traffic
- Programmable router
- centralized “programming” easier: compute flow tables centrally and distribute
- open (non-proprietary) implementation of control plane
- Easier network management
SDN logical structure
SDN 컨트롤러의 상단을 north bound, 하단을 south bound라고 한다.
SDN contorl plane은 network-control applications과, SDN controller로 나뉜다.
OpenFlow protocol
SDN 컨트롤러에게 네트워크 상태에 대한 최신의 정보를 제공한다. 컨트롤러와 라우터들(SDN으로 제어받는 장치들)간의 통신은 south-bound 인터페이스를 넘나든다. 이 통신 기능을 제공하는 프로토콜이 OpenFlow이다.
features: controller queries switch features, switch replies
컨트롤러가 스위치의 설정 상태를 문의할 수 있다.
configure: controller queries/sets switch configuration parameters
컨트롤러가 스위치의 설정 파라미터들을 문의하거나 설정할 수 있다.
modify-state: add, delete, modify flow entries in the OpenFlow tables
컨트롤러가 스위치 flow table의 엔트리를 추가, 제가 또는 수정, 설정하기 위해 사용한다.
packet-out: controller can send this packet out of specific switch port
컨트롤러가 제어하는 스위치의 지정된 port에서 특정 패킷을 내보내기 위해 사용한다.
packet-in: transfer packet (and its control) to controller.
See packet-out message from controller
패킷을 컨트롤러에게 보내기 위해 사용한다.
flow-removed: flow table entry deleted at switch
스위치가 컨트롤러에게 어떤 플로우 테이블 엔트리가 시간이 만료되었거나 modify-state 를 수신했을 때 삭제 되었음을 알린다.
port status: inform controller of a change in port status.
스위치가 컨트롤러에게 port의 상태 변화를 알리기 위해 사용된다.
⇒ Fortunately, network operators(SDN controller) don’t program switches by creating/sending OpenFlow messages directly. Instead use higher-level abstraction (northbound API) at controller.
flow table은 SDN controller가 아닌 network-control applications가 programming. controller는 전달
SDN: selected challenges
- internet-scailing
- mission-specific requirements에게 유용
SDN vs NFV
- SDN: Separation of control plane & data plane
- NFV: Separation of HW and function (가상화). 여전히 dest-IP based forwarding
5.6 ICMP: Internet Control Message Protocol
ICMP는 호스트와 라우터가 서로 간에 네트워크 계층 정보를 주고 받기 위해 사용된다. 가장 전형적인 사용 형태는 오류 보고이다.
IP Datagram의 payload안에 TCP/ UDP segment, OSPF, ICMP msg가 들어갈 수 있다. IP 계층에 있음.
ICMP report의 수신자: 문제가 발생한 패킷을 처음 생성해 보낸 IP에게
TTL=1로 보내 one hop delivery time을 측정할 수도 있고, destination까지의 hop 수도 측정 가능하다.
5.7 Network management: SNMP
네트워크 관리의 핵심 요소
managing server
관리서버는 네트워크 동작을 제어. 관리자는 네트워크 장치들과 상호작용.
managed devices
관리 대상 네트워크에 존재하는 장비들.
host, router, switch, middle boxes 등.
MIB (Management Information Base)
managed device에 agent를 띄워 manabed devices에 관련된 정보들을 MIB에 저장. 이 값은 managing server에서 이용할 수 있다.
Managing server와 Agent간에 MIB data를 주고 받는데에 사용하는 프로토콜이 SNMP(UDP로 동작).
Keywords
- Which ICMP types are used to implement "traceroute" command?
destination port unreachable and TTL expired
- SDN is framework : Network control is programmed using high-level (northbound) APIs as sophisticated software at servers (network-control app. layer of control plane) that are distinct and remote from simple and fast network devices (data plane) where Internet customers' packets eventually go through.
- Anology
Traditional router = mainframe computer (control plane and data plane are built in one node by one company)
SDN = unbundled systems (NW control applications, SDN controller (NW OS), NW devices are separately developed by different companies)
- NW control functions are created and implemented by NW control applications, not by SDN controller.
- Network Management System (NMS) consits of
(1) managing server,
(2) managed objects (devices),
(3) an agent in each managed device which communicates with managing server AND
(4) Management Information Base(MIB).
And the manaing server and agents communicat using SNMP (Simple Network Management Protocol) over UDP.
