download the file - GENI Wiki

blueberrystoreSecurity

Dec 9, 2013 (3 years and 4 months ago)

122 views

Tutorial:
Bringing Experimenters
to GENI with the Transit Portal
Vytautas Valancius, Hyojoon Kim, Nick Feamster
Georgia Tech
2
What You Will Learn

What is Transit Portal?

How does Transit Portal work?

How to get set up with Transit Portal?

How can I use the Transit Portal?

For experiments

In the classroom

Summary and Breakout Ideas
3
Networks Use BGP to Interconnect
Route Advertisement
Autonomous Systems
Session
Traffic
4
Virtual Networks Need BGP Too

Strawman

Default routes

Public IP address

Problems

Experiments may need
to see all upstream routes

Experiments may need
more control over
traffic

Need “BGP”

Setting up individual
sessions is cumbersome


particularly for transient
experiments
ISP 1
ISP 2
BGP Sessions
GENI
5

Obtain connectivity to upstream ISPs

Physical connectivity

Contracts and routing sessions

Obtain the Internet numbered resources from
authorities

Expensive and time-consuming!
Route Control Without Transit Portal
6
Route Control with Transit Portal
Experiment
Facility
Experiment
Facility
Experiment 1
Experiment 2
Internet
Internet
ISP1
ISP1
ISP2
ISP2
Virtual
Router
B
Virtual
Router
B
Virtual
Router
A
Virtual
Router
A
Transit
Portal
Transit
Portal
Routes
Packets
Full Internet route
control to hosted
cloud services!
7
Connecting to the Transit Portal

Separate Internet router for each service

Virtual or physical routers

Links between service router and TP

Each link emulates connection to upstream ISP

Routing sessions to upstream ISPs

TP exposes standard BGP route control interface
8
Transit
Portal
Transit
Portal
Virtual BGP
Router
Virtual BGP
Router
Basic Internet Routing with TP

Experiment with two
upstream ISPs

Experiment can re-
route traffic over one
ISP or the other,
independently of
other experiments
ISP 1
ISP 1
ISP 2
ISP 2
Interactive Cloud Service
BGP
Sessions
Traffic
9
Current TP Deployment

Server with custom routing software

4GB RAM, 2x2.66GHz Xeon cores

Three active sites with upstream ISPs

Atlanta, Madison, and Princeton

A number of active experiments

BGP poisoning (University of Washington)

IP Anycast (Princeton University)

Advanced Networking class (Georgia Tech)
Transit Portal Node Manager
10
11
What You Will Learn

What is Transit Portal?

How does Transit Portal work?

How to get set up with Transit Portal?

How can I use the Transit Portal?

For experiments

In the classroom

Summary and Breakout Ideas
12
Conventional BGP Routing

Conventional BGP router:

Receives routing updates from peers

Propagates routing update about one
path only

Selects one path to forward packets

Scalable but not transparent or
flexible
ISP1
ISP1
ISP2
ISP2
BGP Router
BGP Router
Updates
Client BGP
Router
Client BGP
Router
Client BGP
Router
Client BGP
Router
Packets
13
Bulk Transfer
Routing Process
Routing Process
Scaling TP Memory Use

Store and propagate all
BGP routes from ISPs

Separate routing tables

Reduce memory
consumption

Single routing process -
shared data structures

Reduce memory use from
90MB/ISP to 60MB/ISP
ISP1
ISP1
ISP2
ISP2
Virtual
Router
Virtual
Router
Virtual
Router
Virtual
Router
Routing
Table 1
Routing
Table 1
Routing
Table 2
Routing
Table 2
Interactive Service
14
Bulk Transfer
Routing Process
Routing Process
Scaling TP CPU Use

Hundreds of routing
sessions to clients

High CPU load

Schedule and send
routing updates in
bundles

Reduces CPU from 18% to
6% for 500 client sessions
ISP1
ISP1
ISP2
ISP2
Virtual
Router
Virtual
Router
Virtual
Router
Virtual
Router
Routing
Table 1
Routing
Table 1
Routing
Table 2
Routing
Table 2
Interactive Service
15
Forwarding Table
Forwarding Table
Scaling Forwarding Memory

Connecting clients

Tunneling and VLANs

Curbing memory usage

Separate virtual routing tables
with default to upstream

50MB/ISP -> ~0.1MB/ISP
memory use in forwarding
table
ISP1
ISP1
ISP2
ISP2
Virtual
BGP
Router
Virtual
BGP
Router
Virtual
BGP
Router
Virtual
BGP
Router
Forwardin
g Table 1
Forwardin
g Table 1
Forwardng
Table 2
Forwardng
Table 2
Bulk Transfer
Interactive Service
16
What You Will Learn

What is Transit Portal?

How does Transit Portal work?

How to get set up with Transit Portal?

How can I use the Transit Portal?

For experiments

In the classroom

Summary and Breakout Ideas
17
Demonstration of Transit Portal
18
Demonstration Setup
Transit
Portal
Transit
Portal
GT
(AS 2637)
GT
(AS 2637)
VPN
Tunneling
Virtual
Router
Virtual
Router
: BGP connectivity
Client network:
168.62.21.0/24
Private
AS
65000
Private
AS
65000
Public
AS
47065
Public
AS
47065
Looking-
glass
Server
Looking-
glass
Server
Traceroute
route-server.ip.att.net
19
1.
Pick a device which will be the virtual router (Linux)
2.
Request for needed resources & provide information

CA certificate, client certificate & key (for Transit Portal)

Get prefixes that the client will announce

Tunneling:
Set up OpenVPN tunnel with Transit Portal

Control Plane:
Set up BGP daemon in virtual router
(
e.g.
, Quagga)

Data Plane:
Make changes to routing table if necessary
How To Connect to Transit Portal
20
Steps for Connecting to Transit Portal

Setting up virtual machines

Tunneling to the TP:
Installing OpenVPN

Getting routes:
Setting up BGP

Forwarding traffic:
Setting up the data plane

Testing connectivity:
Traceroute
21
Tunneling to the Transit Portal

Install OpenVPN Client

Set up OpenVPN Connectivity (currently manual)

Get key pair from Transit Portal operator
(Valas Valancius)

Determine IP address of tunnel endpoint

Notify operator of tunnel endpoint IP address

Test connectivity (e.g., ping TP tunnel endpoint)
22
Sample OpenVPN Configuration
# OpenVPN config file
client
dev tun
proto tcp
remote 143.215.254.26 6000
nobind
persist-key
persist-tun
# certification part
ca ca.crt
cert nick.crt
key nick.key
23
Discovering Internet Routes

Install
Quagga software router

Download
configuration template
from GENI wiki

Modify template with tunnel endpoint IP addresses

Run bgpd and zebrad

Check Linux kernel routing tables for routes

Advertising routes:
Need IP prefix
(we have some)
24
Example Quagga Configuration
!
hostname kendall
password XXXXX
!
router bgp 65003

bgp router-id 168.62.21.15

network 168.62.20.0/24

neighbor 168.62.21.1 remote-as
2637
!
access-list vty permit
127.0.0.1/32
!
line vty

access-class vty
!
hostname kendall
password crazymux
access-list vty permit
127.0.0.1/32
!
bgpd configuration
zebra configuration
25
Setting Up Traffic Forwarding

Give some machine in your testbed an address
within the IP prefix

Configure “gateway” to route traffic for that IP
address to the appropriate location
26
What You Will Learn

What is Transit Portal?

How does Transit Portal work?

How to get set up with Transit Portal?

How can I use the Transit Portal?

For experiments

In the classroom

Summary and Breakout Ideas
27
Experiment 1: IP Anycast

Internet services require fast name resolution

IP anycast for name resolution

DNS servers with the same IP address

IP address announced to ISPs in multiple locations

Internet routing converges to the closest server

Available only to large organizations
28
ISP
1
ISP
1
ISP
2
ISP
2
ISP
3
ISP
3
ISP
4
ISP
4
Transit
Portal
Transit
Portal
Transit
Portal
Transit
Portal
Asia
North America
Anycast
Routes
Name Service
Name Service
IP Anycast

Host service at multiple locations (e.g., on ProtoGENI)

Direct traffic to one instance of the service or another using anycast
29

Internet services in geographically diverse data
centers

Operators migrate Internet user’s connections

Two conventional methods:

DNS name re-mapping

Slow

Virtual machine migration with local re-routing

Requires globally routed network
Experiment 2: Service Migration
30
ISP
1
ISP
1
ISP
2
ISP
2
ISP
3
ISP
3
ISP
4
ISP
4
Transit
Portal
Transit
Portal
Transit
Portal
Transit
Portal
Asia
North America
Tunneled Sessions
Tunneled Sessions
Active Game
Service
Internet
Internet
Service Migration
31
Experiment 3: Flexible Peering
Hosted service can quickly provision services
in the cloud when demand fluctuates.
32
Using TP in Courses
33

Used in “Next-Generation
Internet” Course at Georgia Tech
in Spring 2010

Students set up virtual networks and connect
directly to TP via OpenVPN (similar to
demonstration)

Live feed of BGP routes

Routable IP addresses for in class topology inference
and performance measurements
Using TP in Your Courses
34
Example Problem Set

Set up virtual network with

Intradomain routing

Hosted services

Rate limiting

Connect to Internet with Transit Portal
35
Conclusion

Limited routing control for hosted services

Transit Portal gives wide-area route control

Advanced applications with many TPs

Open-source implementation

Scales to hundreds of client sessions

The deployment is real

Can be used today for research and education

More information
http://valas.gtnoise.net/tp
36
37
Ongoing Developments

More deployment sites

Your help is desperately needed

Integrating TP with network research testbeds
(e.g., GENI, CoreLab)

Faster forwarding (NetFPGA, OpenFlow)

Lightweight interface to route control
38
Transit Portal in the News
39
Breakout Session Agenda

Q & A

Demonstration Redux

Brainstorming Experiments

MeasuRouting: Routing-Assisted Traffic Monitoring

Pathlet Routing and Adaptive Multipath Algorithms


Aster*x: Load-Balancing Web Traffic over Wide-Area
Networks


Migrating Enterprises to Cloud-based Architectures

40
Extra Slides
41
Scaling the Transit Portal

Scale to dozens of sessions to ISPs and
hundreds of sessions to hosted services

At the same time:

Present each client with sessions that have an
appearance of direct connectivity to an ISP

Prevented clients from abusing Internet routing
protocols