SlideShare ist ein Scribd-Unternehmen logo
1 von 47
Downloaden Sie, um offline zu lesen
G. BONOFIGLIO, V. IOVINELLA, G. LOSPOTO, G. DI BATTISTA
A Container-Based Framework for Implementing
Network Function Virtualization and Software Defined Networks
NOMS 2018Kathará
Introduction
▪ Developed by the Computer
Networks research group of the
Engineering Department at
Roma Tre University
▪ http://kathara.org/
▪ http://www.dia.uniroma3.it/~compunet/www/view/group.php?id=compunet
NOMS 2018Kathará
Context
Introducing software at different levels:
SDN NFV Programmable
Data-plane
NOMS 2018Kathará
Network Function Virtualization (NFV)
Traditional NFs are physically bound to middleboxes:
▪ High costs for updates, repair and substitution
▪ Cannot keep up with real-time traffic and increasing
demand
Virtual NF:
▪ Decoupling NFs from the specific-purpose hardware
▪ Software VNFs on general-purpose hardware
NOMS 2018Kathará
Network Function Virtualization (NFV)
Pro:
more flexibility, lower costs
Con:
lower performance wrt the specific-purpose
hardware
NOMS 2018Kathará
Data-plane programmability
▪ It is possible to implement several NFs mostly by
altering the forwarding plane
▪ This opens the possibility to implement flexible NFs
on high performance hardware
NOMS 2018Kathará
P4 language
▪ Open-source project by P4 Consortium
▪ Leader on the market for programming protocol
independent packet processing
▪ Can be compiled and executed on specific network
equipment
▪ Barefoot Tofino (a P4 target) can process packets up to
6,5 Tb/s.
NOMS 2018Kathará
SDN
NFV
Programmable
Switches
A complex environment
Traditional
routing protocols
NOMS 2018Kathará
SDN
NFV
Programmable
Switches
A complex environment
Traditional
routing protocols
How can we experiment in a realistic way?
Can we gain benefits from virtualizing part of the
network for production?
State of the art
NOMS 2018Kathará
Netkit
▪ “The poor man's system to experiment computer
networking”
▪ Developed by Compunet Lab Roma Tre
▪ Supports SDN and traditional routing protocols
▪ Based on VM
▪ Kathará supports P4 and can be extended
▪ Based on containers
Netkit &
SDNetkit
M. Pizzonia et al,
“Netkit: easy emulation of complex networks on inexpensive hardware”, 2008.
H. Mostafaei at al,
“Sdnetkit: A testbed for experimenting sdn in multi-domain networks”, 2017.
NOMS 2018Kathará
Docker Compose
▪ Comes natively with Docker
▪ Focuses on services
▪ Limited interaction with networking capabilities
Moreover, Docker itself is not made to implement fully
fledged networks.
Developing Kathará, we faced and solved several issues
to configure the networking properly.
NOMS 2018Kathará
ClickOS
▪ Focuses only on virtual middleboxes (NFV)
▪ Based on VM
▪ Kathará offers advanced routing functionalities
▪ Based on containers
ClickOS
J. Martins et al, “Clickos and the art of
network function virtualization”, 2014.
NOMS 2018Kathará
GNF
▪ Deployment of pre-built VNFs in SDN networks
▪ Based on containers
▪ Kathará is agnostic with respect to the
underlying network architecture
▪ Offers the possibility to implement any custom
VNF through data-plane programmable nodes GNF
R. Cziva et al, “Container-based network function
virtualization for software-defined networks”, 2015.
Kathará
NOMS 2018Kathará
Two main objectives
▪ Verify the possibility of implementing NFV through
the P4 language
▪ Interact with SDN, NFV and P4 together with
standard protocols to test network solutions, with
very close approximation to real world scenarios
NOMS 2018Kathará
Kathará (Καθαρά)
▪ Framework based on Docker containers to create and
manage virtual networks
▪ It comes with ready-to-pull images to implement SDN,
data-programmable switches, standard routing
protocols, DNS, web servers and more
▪ Can be easily extended through custom images
▪ Offers a simple command-line UI, inherited from Netkit
▪ Offers a very simple GUI
NOMS 2018Kathará
Kathará
Architecture
▪ 3 main modules:
❖Scripts
❖Operations
❖Container Platform
Adapter
▪ Pre-built images to
implement what we need
NOMS 2018Kathará
Kathará Images
Multi-platform technologies:
▪ Open vSwitch
Software implementation of Open Flow enabled switch
▪ Behavioral Model
Software implementation of P4 target switch
▪ Quagga
Standard routing protocols suite (OSPF, BGP, RIP, etc)
NOMS 2018Kathará
vtools
▪ Commands for managing single
network nodes
Example of vstart:
test@kathara:~$ vstart --eth 0:A PC1
test@kathara:~$ vstart --eth 0:A --eth 1:B --image=OVS SW1
NOMS 2018Kathará
ltools
• Commands for managing «labs»
• Based on configuration files for
topology and startup ops
Example of lab.conf:
web[0]=A
sw1[0]=A
sw1[1]=B
sw1[image]=P4
pc[0]=B
NOMS 2018Kathará
GUI
▪ Can automatize basic
and common
operations
▪ Can show a preview of
the network
▪ Can export a
configuration file to be
loaded later
▪ Works from the web or
as a stand-alone
executable
Security in Kathará
NOMS 2018Kathará
Problem:
Docker is a tool directed to system administrators, but
Kathará is not.
Why is that and how can security issues be resolved?
A different target from Docker
NOMS 2018Kathará
Vulnerability
NOMS 2018Kathará
/etc
/etc
Vulnerability
NOMS 2018Kathará
Possible solutions
▪ Let only administrators to use Kathará
▪ Configure SUDO to accept only some command patterns
▪ Create a wrapper
NOMS 2018Kathará
Wrapper features
▪ Safe software executed with admin rights
▪ Middle layer between Kathará and Docker
▪ Only allows safe commands to be executed by Docker
Use Cases
NOMS 2018Kathará
Use Case 1: Node transfer
• Made possible by the very close approximation between
software and hardware solutions
• Thanks to the container technology and the usage of
multi-platform implemetations (OpenFlow, P4, BGP,…)
• The virtual nodes created with Kathará are thus
operationally identical to physical network nodes
NOMS 2018Kathará
Use Case 1: Node transfer
NOMS 2018Kathará
Use Case 1: Node transfer
NOMS 2018Kathará
Use Case 2: NFV through P4
Goals:
▪ Pros from the NFV architecture: flexibilty, scalability,
decoupling from harware
▪ Gain in performance (wire speed)
▪ Simple programmability through a specific language
▪ Compliance to SFC (RFC-7665)
NOMS 2018Kathará
Use Case 2: NFV through P4 Architecture 1
Management
Service Classifier
and/or Load Balancer
(P4 node)
NF
NF
NF
NF
NF
NF
NF
NF
NF
NOMS 2018Kathará
Use Case 2: NFV through P4 Architecture 2
NF NF
NF
NFNF NF
NF
Management
Service Classifier
and Flow Table
(P4 node)
Evaluation
NOMS 2018Kathará
Evaluation goals
▪ To prove the effectiveness of Kathará in a production
environment with respect to VMs
▪ To prove that Kathará can manage an increasing number
of network nodes, even on low performance hardware
NOMS 2018Kathará
Evaluation testbed
A realistic web service based on Apache, PHP and MySQL
VM equipped with Ubuntu, 3 GBytes of RAM, 4 cores of 2.21 GHz each
NOMS 2018Kathará
Evaluation testbed
A realistic web service based on Apache, PHP and MySQL
VM equipped with Ubuntu, 3 GBytes of RAM, 4 cores of 2.21 GHz each
NOMS 2018Kathará
Evaluation results
NOMS 2018Kathará
Evaluation results
NOMS 2018Kathará
Evaluation results
▪ Under 40 network nodes running at the same time using
UML (Virtual Machines)
▪ Over 300 network nodes running at the same time using
Containers
(on a VM equipped with Ubuntu, 3 GBytes of RAM, 4 cores of 2.21 GHz each)
Conclusions and Future
Works
NOMS 2018Kathará
Compatibility
▪ Kathará is fully compatible with any major OS
❖ Linux
❖ Windows
❖ MacOS
NOMS 2018Kathará
Take away
▪ Kathará can implement any kind of network topology,
enabling the usage of SDN, NFV and standard protocols
together
▪ The application of standard and multi-platform
technologies allows to transfer nodes from virtual to
physical devices
▪ It offers higher performance with respect to VMs by
several orders of magnitude
NOMS 2018Kathará
Future
▪ Kathará Inception
❖ Katharà inside Katharà inside Katharà …
▪ Interaction with orchestrators for automatic cloud
deployment
▪ New included images to implement new protocols
Thanks for your
attention

Weitere ähnliche Inhalte

Was ist angesagt?

Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5   finalVxlan deep dive session rev0.5   final
Vxlan deep dive session rev0.5 finalKwonSun Bae
 
Next Generation Nexus 9000 Architecture
Next Generation Nexus 9000 ArchitectureNext Generation Nexus 9000 Architecture
Next Generation Nexus 9000 ArchitectureCisco Canada
 
Module 3: NETCONF and YANG Concepts
Module 3: NETCONF and YANG ConceptsModule 3: NETCONF and YANG Concepts
Module 3: NETCONF and YANG ConceptsTail-f Systems
 
PSA Certified – building trust in IoT
PSA Certified – building trust in IoTPSA Certified – building trust in IoT
PSA Certified – building trust in IoTDuncan Purves
 
ASP.NET MVC Presentation
ASP.NET MVC PresentationASP.NET MVC Presentation
ASP.NET MVC Presentationivpol
 
Citrix netscaler administration guide
Citrix netscaler administration guideCitrix netscaler administration guide
Citrix netscaler administration guideKendhe Deligny
 
A 30-minute Introduction to NETCONF and YANG
A 30-minute Introduction to NETCONF and YANGA 30-minute Introduction to NETCONF and YANG
A 30-minute Introduction to NETCONF and YANGTail-f Systems
 
Introduction to OpenFlow
Introduction to OpenFlowIntroduction to OpenFlow
Introduction to OpenFlowJoel W. King
 
Software-Defined Networking Layers presentation
Software-Defined Networking Layers presentationSoftware-Defined Networking Layers presentation
Software-Defined Networking Layers presentationAbdullah Salama
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center supportKrunal Shah
 
Segment Routing for Dummies
Segment Routing for DummiesSegment Routing for Dummies
Segment Routing for DummiesGary Jan
 
Bluetooth Low Energy Packet Format
Bluetooth Low Energy Packet FormatBluetooth Low Energy Packet Format
Bluetooth Low Energy Packet Formatwinfred lu
 

Was ist angesagt? (20)

Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5   finalVxlan deep dive session rev0.5   final
Vxlan deep dive session rev0.5 final
 
Cloud Computing Jobs In India
Cloud Computing Jobs In IndiaCloud Computing Jobs In India
Cloud Computing Jobs In India
 
Next Generation Nexus 9000 Architecture
Next Generation Nexus 9000 ArchitectureNext Generation Nexus 9000 Architecture
Next Generation Nexus 9000 Architecture
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network Stack
 
Module 3: NETCONF and YANG Concepts
Module 3: NETCONF and YANG ConceptsModule 3: NETCONF and YANG Concepts
Module 3: NETCONF and YANG Concepts
 
PSA Certified – building trust in IoT
PSA Certified – building trust in IoTPSA Certified – building trust in IoT
PSA Certified – building trust in IoT
 
ASP.NET MVC Presentation
ASP.NET MVC PresentationASP.NET MVC Presentation
ASP.NET MVC Presentation
 
MPLS-TE
MPLS-TEMPLS-TE
MPLS-TE
 
Dpdk applications
Dpdk applicationsDpdk applications
Dpdk applications
 
Citrix netscaler administration guide
Citrix netscaler administration guideCitrix netscaler administration guide
Citrix netscaler administration guide
 
A 30-minute Introduction to NETCONF and YANG
A 30-minute Introduction to NETCONF and YANGA 30-minute Introduction to NETCONF and YANG
A 30-minute Introduction to NETCONF and YANG
 
Introduction to OpenFlow
Introduction to OpenFlowIntroduction to OpenFlow
Introduction to OpenFlow
 
Software-Defined Networking Layers presentation
Software-Defined Networking Layers presentationSoftware-Defined Networking Layers presentation
Software-Defined Networking Layers presentation
 
hpsr-2020-srv6-tutorial
hpsr-2020-srv6-tutorialhpsr-2020-srv6-tutorial
hpsr-2020-srv6-tutorial
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
 
Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
 
Segment Routing for Dummies
Segment Routing for DummiesSegment Routing for Dummies
Segment Routing for Dummies
 
Cisco Commands
Cisco CommandsCisco Commands
Cisco Commands
 
SDN Presentation
SDN PresentationSDN Presentation
SDN Presentation
 
Bluetooth Low Energy Packet Format
Bluetooth Low Energy Packet FormatBluetooth Low Energy Packet Format
Bluetooth Low Energy Packet Format
 

Ähnlich wie Kathará - NOMS 2018

Run PostgreSQL in Warp Speed Using NVMe/TCP in the Cloud
Run PostgreSQL in Warp Speed Using NVMe/TCP in the CloudRun PostgreSQL in Warp Speed Using NVMe/TCP in the Cloud
Run PostgreSQL in Warp Speed Using NVMe/TCP in the CloudDoKC
 
OpenStack Neutron: What's New In Kilo and a Look Toward Liberty
OpenStack Neutron: What's New In Kilo and a Look Toward LibertyOpenStack Neutron: What's New In Kilo and a Look Toward Liberty
OpenStack Neutron: What's New In Kilo and a Look Toward Libertymestery
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxM.Qasim Arham
 
Benchmarking sahara based big data as a service solutions
Benchmarking sahara based big data as a service solutionsBenchmarking sahara based big data as a service solutions
Benchmarking sahara based big data as a service solutionsZhidong Yu
 
SoC Solutions Enabling Server-Based Networking
SoC Solutions Enabling Server-Based NetworkingSoC Solutions Enabling Server-Based Networking
SoC Solutions Enabling Server-Based NetworkingNetronome
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleCumulus Networks
 
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...VirtualTech Japan Inc.
 
Rapyuta a cloud robotics platform
Rapyuta a cloud robotics platformRapyuta a cloud robotics platform
Rapyuta a cloud robotics platformieeepondy
 
Capital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream ProcessingCapital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream Processingconfluent
 
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMSven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMShapeBlue
 
Boyan Krosnov - Building a software-defined cloud - our experience
Boyan Krosnov - Building a software-defined cloud - our experienceBoyan Krosnov - Building a software-defined cloud - our experience
Boyan Krosnov - Building a software-defined cloud - our experienceShapeBlue
 
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...NETWAYS
 
14th Athens Big Data Meetup - Landoop Workshop - Apache Kafka Entering The St...
14th Athens Big Data Meetup - Landoop Workshop - Apache Kafka Entering The St...14th Athens Big Data Meetup - Landoop Workshop - Apache Kafka Entering The St...
14th Athens Big Data Meetup - Landoop Workshop - Apache Kafka Entering The St...Athens Big Data
 
OpenStack Paris Meetup on Nfv 2014/10/07
OpenStack Paris Meetup on Nfv 2014/10/07OpenStack Paris Meetup on Nfv 2014/10/07
OpenStack Paris Meetup on Nfv 2014/10/07Nicolas (Nick) Barcet
 
Mastering the move
Mastering the moveMastering the move
Mastering the moveTrivadis
 
DWX 2023 - .NET-Microservices mit Dapr: Zu viel Abstraktion oder der richtige...
DWX 2023 - .NET-Microservices mit Dapr: Zu viel Abstraktion oder der richtige...DWX 2023 - .NET-Microservices mit Dapr: Zu viel Abstraktion oder der richtige...
DWX 2023 - .NET-Microservices mit Dapr: Zu viel Abstraktion oder der richtige...Marc Müller
 

Ähnlich wie Kathará - NOMS 2018 (20)

XS Boston 2008 Network Topology
XS Boston 2008 Network TopologyXS Boston 2008 Network Topology
XS Boston 2008 Network Topology
 
Run PostgreSQL in Warp Speed Using NVMe/TCP in the Cloud
Run PostgreSQL in Warp Speed Using NVMe/TCP in the CloudRun PostgreSQL in Warp Speed Using NVMe/TCP in the Cloud
Run PostgreSQL in Warp Speed Using NVMe/TCP in the Cloud
 
OpenStack Neutron: What's New In Kilo and a Look Toward Liberty
OpenStack Neutron: What's New In Kilo and a Look Toward LibertyOpenStack Neutron: What's New In Kilo and a Look Toward Liberty
OpenStack Neutron: What's New In Kilo and a Look Toward Liberty
 
Neutron Updates - Kilo Edition
Neutron Updates - Kilo EditionNeutron Updates - Kilo Edition
Neutron Updates - Kilo Edition
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptx
 
Benchmarking sahara based big data as a service solutions
Benchmarking sahara based big data as a service solutionsBenchmarking sahara based big data as a service solutions
Benchmarking sahara based big data as a service solutions
 
SoC Solutions Enabling Server-Based Networking
SoC Solutions Enabling Server-Based NetworkingSoC Solutions Enabling Server-Based Networking
SoC Solutions Enabling Server-Based Networking
 
NFV features in kubernetes
NFV features in kubernetesNFV features in kubernetes
NFV features in kubernetes
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scale
 
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
 
Rapyuta a cloud robotics platform
Rapyuta a cloud robotics platformRapyuta a cloud robotics platform
Rapyuta a cloud robotics platform
 
Capital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream ProcessingCapital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream Processing
 
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMSven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
 
Boyan Krosnov - Building a software-defined cloud - our experience
Boyan Krosnov - Building a software-defined cloud - our experienceBoyan Krosnov - Building a software-defined cloud - our experience
Boyan Krosnov - Building a software-defined cloud - our experience
 
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
 
14th Athens Big Data Meetup - Landoop Workshop - Apache Kafka Entering The St...
14th Athens Big Data Meetup - Landoop Workshop - Apache Kafka Entering The St...14th Athens Big Data Meetup - Landoop Workshop - Apache Kafka Entering The St...
14th Athens Big Data Meetup - Landoop Workshop - Apache Kafka Entering The St...
 
OpenStack Paris Meetup on Nfv 2014/10/07
OpenStack Paris Meetup on Nfv 2014/10/07OpenStack Paris Meetup on Nfv 2014/10/07
OpenStack Paris Meetup on Nfv 2014/10/07
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
 
DWX 2023 - .NET-Microservices mit Dapr: Zu viel Abstraktion oder der richtige...
DWX 2023 - .NET-Microservices mit Dapr: Zu viel Abstraktion oder der richtige...DWX 2023 - .NET-Microservices mit Dapr: Zu viel Abstraktion oder der richtige...
DWX 2023 - .NET-Microservices mit Dapr: Zu viel Abstraktion oder der richtige...
 

Kürzlich hochgeladen

Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Incrobinwilliams8624
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfTobias Schneck
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdfMeon Technology
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageDista
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIIvo Andreev
 
How to Improve the Employee Experience? - HRMS Software
How to Improve the Employee Experience? - HRMS SoftwareHow to Improve the Employee Experience? - HRMS Software
How to Improve the Employee Experience? - HRMS SoftwareNYGGS Automation Suite
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesShyamsundar Das
 
Understanding Native Mobile App Development
Understanding Native Mobile App DevelopmentUnderstanding Native Mobile App Development
Understanding Native Mobile App DevelopmentMobulous Technologies
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...OnePlan Solutions
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsJaydeep Chhasatia
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampVICTOR MAESTRE RAMIREZ
 
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)Jonathan Katz
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadIvo Andreev
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxAutus Cyber Tech
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLAlluxio, Inc.
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native BuildpacksVish Abrams
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeNeo4j
 
React 19: Revolutionizing Web Development
React 19: Revolutionizing Web DevelopmentReact 19: Revolutionizing Web Development
React 19: Revolutionizing Web DevelopmentBOSC Tech Labs
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024Mind IT Systems
 

Kürzlich hochgeladen (20)

Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Inc
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdf
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
 
Salesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptxSalesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptx
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AI
 
How to Improve the Employee Experience? - HRMS Software
How to Improve the Employee Experience? - HRMS SoftwareHow to Improve the Employee Experience? - HRMS Software
How to Improve the Employee Experience? - HRMS Software
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security Challenges
 
Understanding Native Mobile App Development
Understanding Native Mobile App DevelopmentUnderstanding Native Mobile App Development
Understanding Native Mobile App Development
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - Datacamp
 
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptx
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native Buildpacks
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG time
 
React 19: Revolutionizing Web Development
React 19: Revolutionizing Web DevelopmentReact 19: Revolutionizing Web Development
React 19: Revolutionizing Web Development
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024
 

Kathará - NOMS 2018

  • 1. G. BONOFIGLIO, V. IOVINELLA, G. LOSPOTO, G. DI BATTISTA A Container-Based Framework for Implementing Network Function Virtualization and Software Defined Networks
  • 2. NOMS 2018Kathará Introduction ▪ Developed by the Computer Networks research group of the Engineering Department at Roma Tre University ▪ http://kathara.org/ ▪ http://www.dia.uniroma3.it/~compunet/www/view/group.php?id=compunet
  • 3. NOMS 2018Kathará Context Introducing software at different levels: SDN NFV Programmable Data-plane
  • 4. NOMS 2018Kathará Network Function Virtualization (NFV) Traditional NFs are physically bound to middleboxes: ▪ High costs for updates, repair and substitution ▪ Cannot keep up with real-time traffic and increasing demand Virtual NF: ▪ Decoupling NFs from the specific-purpose hardware ▪ Software VNFs on general-purpose hardware
  • 5. NOMS 2018Kathará Network Function Virtualization (NFV) Pro: more flexibility, lower costs Con: lower performance wrt the specific-purpose hardware
  • 6. NOMS 2018Kathará Data-plane programmability ▪ It is possible to implement several NFs mostly by altering the forwarding plane ▪ This opens the possibility to implement flexible NFs on high performance hardware
  • 7. NOMS 2018Kathará P4 language ▪ Open-source project by P4 Consortium ▪ Leader on the market for programming protocol independent packet processing ▪ Can be compiled and executed on specific network equipment ▪ Barefoot Tofino (a P4 target) can process packets up to 6,5 Tb/s.
  • 8. NOMS 2018Kathará SDN NFV Programmable Switches A complex environment Traditional routing protocols
  • 9. NOMS 2018Kathará SDN NFV Programmable Switches A complex environment Traditional routing protocols How can we experiment in a realistic way? Can we gain benefits from virtualizing part of the network for production?
  • 11. NOMS 2018Kathará Netkit ▪ “The poor man's system to experiment computer networking” ▪ Developed by Compunet Lab Roma Tre ▪ Supports SDN and traditional routing protocols ▪ Based on VM ▪ Kathará supports P4 and can be extended ▪ Based on containers Netkit & SDNetkit M. Pizzonia et al, “Netkit: easy emulation of complex networks on inexpensive hardware”, 2008. H. Mostafaei at al, “Sdnetkit: A testbed for experimenting sdn in multi-domain networks”, 2017.
  • 12. NOMS 2018Kathará Docker Compose ▪ Comes natively with Docker ▪ Focuses on services ▪ Limited interaction with networking capabilities Moreover, Docker itself is not made to implement fully fledged networks. Developing Kathará, we faced and solved several issues to configure the networking properly.
  • 13. NOMS 2018Kathará ClickOS ▪ Focuses only on virtual middleboxes (NFV) ▪ Based on VM ▪ Kathará offers advanced routing functionalities ▪ Based on containers ClickOS J. Martins et al, “Clickos and the art of network function virtualization”, 2014.
  • 14. NOMS 2018Kathará GNF ▪ Deployment of pre-built VNFs in SDN networks ▪ Based on containers ▪ Kathará is agnostic with respect to the underlying network architecture ▪ Offers the possibility to implement any custom VNF through data-plane programmable nodes GNF R. Cziva et al, “Container-based network function virtualization for software-defined networks”, 2015.
  • 16. NOMS 2018Kathará Two main objectives ▪ Verify the possibility of implementing NFV through the P4 language ▪ Interact with SDN, NFV and P4 together with standard protocols to test network solutions, with very close approximation to real world scenarios
  • 17. NOMS 2018Kathará Kathará (Καθαρά) ▪ Framework based on Docker containers to create and manage virtual networks ▪ It comes with ready-to-pull images to implement SDN, data-programmable switches, standard routing protocols, DNS, web servers and more ▪ Can be easily extended through custom images ▪ Offers a simple command-line UI, inherited from Netkit ▪ Offers a very simple GUI
  • 18. NOMS 2018Kathará Kathará Architecture ▪ 3 main modules: ❖Scripts ❖Operations ❖Container Platform Adapter ▪ Pre-built images to implement what we need
  • 19. NOMS 2018Kathará Kathará Images Multi-platform technologies: ▪ Open vSwitch Software implementation of Open Flow enabled switch ▪ Behavioral Model Software implementation of P4 target switch ▪ Quagga Standard routing protocols suite (OSPF, BGP, RIP, etc)
  • 20. NOMS 2018Kathará vtools ▪ Commands for managing single network nodes Example of vstart: test@kathara:~$ vstart --eth 0:A PC1 test@kathara:~$ vstart --eth 0:A --eth 1:B --image=OVS SW1
  • 21. NOMS 2018Kathará ltools • Commands for managing «labs» • Based on configuration files for topology and startup ops Example of lab.conf: web[0]=A sw1[0]=A sw1[1]=B sw1[image]=P4 pc[0]=B
  • 22. NOMS 2018Kathará GUI ▪ Can automatize basic and common operations ▪ Can show a preview of the network ▪ Can export a configuration file to be loaded later ▪ Works from the web or as a stand-alone executable
  • 24. NOMS 2018Kathará Problem: Docker is a tool directed to system administrators, but Kathará is not. Why is that and how can security issues be resolved? A different target from Docker
  • 27. NOMS 2018Kathará Possible solutions ▪ Let only administrators to use Kathará ▪ Configure SUDO to accept only some command patterns ▪ Create a wrapper
  • 28. NOMS 2018Kathará Wrapper features ▪ Safe software executed with admin rights ▪ Middle layer between Kathará and Docker ▪ Only allows safe commands to be executed by Docker
  • 30. NOMS 2018Kathará Use Case 1: Node transfer • Made possible by the very close approximation between software and hardware solutions • Thanks to the container technology and the usage of multi-platform implemetations (OpenFlow, P4, BGP,…) • The virtual nodes created with Kathará are thus operationally identical to physical network nodes
  • 31. NOMS 2018Kathará Use Case 1: Node transfer
  • 32. NOMS 2018Kathará Use Case 1: Node transfer
  • 33. NOMS 2018Kathará Use Case 2: NFV through P4 Goals: ▪ Pros from the NFV architecture: flexibilty, scalability, decoupling from harware ▪ Gain in performance (wire speed) ▪ Simple programmability through a specific language ▪ Compliance to SFC (RFC-7665)
  • 34. NOMS 2018Kathará Use Case 2: NFV through P4 Architecture 1 Management Service Classifier and/or Load Balancer (P4 node) NF NF NF NF NF NF NF NF NF
  • 35. NOMS 2018Kathará Use Case 2: NFV through P4 Architecture 2 NF NF NF NFNF NF NF Management Service Classifier and Flow Table (P4 node)
  • 37. NOMS 2018Kathará Evaluation goals ▪ To prove the effectiveness of Kathará in a production environment with respect to VMs ▪ To prove that Kathará can manage an increasing number of network nodes, even on low performance hardware
  • 38. NOMS 2018Kathará Evaluation testbed A realistic web service based on Apache, PHP and MySQL VM equipped with Ubuntu, 3 GBytes of RAM, 4 cores of 2.21 GHz each
  • 39. NOMS 2018Kathará Evaluation testbed A realistic web service based on Apache, PHP and MySQL VM equipped with Ubuntu, 3 GBytes of RAM, 4 cores of 2.21 GHz each
  • 42. NOMS 2018Kathará Evaluation results ▪ Under 40 network nodes running at the same time using UML (Virtual Machines) ▪ Over 300 network nodes running at the same time using Containers (on a VM equipped with Ubuntu, 3 GBytes of RAM, 4 cores of 2.21 GHz each)
  • 44. NOMS 2018Kathará Compatibility ▪ Kathará is fully compatible with any major OS ❖ Linux ❖ Windows ❖ MacOS
  • 45. NOMS 2018Kathará Take away ▪ Kathará can implement any kind of network topology, enabling the usage of SDN, NFV and standard protocols together ▪ The application of standard and multi-platform technologies allows to transfer nodes from virtual to physical devices ▪ It offers higher performance with respect to VMs by several orders of magnitude
  • 46. NOMS 2018Kathará Future ▪ Kathará Inception ❖ Katharà inside Katharà inside Katharà … ▪ Interaction with orchestrators for automatic cloud deployment ▪ New included images to implement new protocols