SD-access: practical experiences in designing and deploying software defined enterprise networks

Enterprise networks, over the years, have become more and more complex trying to keep up with new requirements that challenge traditional solutions. Just to mention one out of many possible examples, technologies such as Virtual LANs (VLANs) struggle to address the scalability and operational requirements introduced by Internet of Things (IoT) use cases. To keep up with these challenges we have identified four main requirements that are common across modern enterprise networks: (i) scalable mobility, (ii) endpoint segmentation, (iii) simplified administration, and (iv) resource optimization. To address these challenges we designed SDA (Software Defined Access), a solution for modern enterprise networks that leverages Software-Defined Networking (SDN) and other state of the art techniques. In this paper we present the design, implementation and evaluation of SDA. Specifically, SDA: (i) leverages a combination of an overlay approach with an event-driven protocol (LISP) to dynamically adapt to traffic and mobility patterns while preserving resources, and (ii) enforces policies to groups of endpoints for scalable segmentation with low operational burden. We present our experience with deploying SDA in two real-life scenarios: an enterprise campus, and a large warehouse with mobile robots. Our evaluation shows that SDA, when compared with traditional enterprise networks, can (i) reduce overall data plane forwarding state up to 70% thanks to a reactive protocol using a centralized routing server, and (ii) reduce by an order of magnitude the handover delays in scenarios of massive mobility with respect to other approaches. Finally, we discuss lessons learned while deploying and operating SDA, and possible optimizations regarding the use of an event-driven protocol and group-based segmentation.

[1]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[2]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[3]  Martín Casado,et al.  Fabric: a retrospective on evolving SDN , 2012, HotSDN '12.

[4]  Tal Garfinkel,et al.  SANE: A Protection Architecture for Enterprise Networks , 2006, USENIX Security Symposium.

[5]  Martín Casado,et al.  A Database Approach to SDN Control Plane Design , 2017, CCRV.

[6]  Lawrence Kreeger,et al.  Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks , 2014, RFC.

[7]  Geoffrey G. Xie,et al.  Network policy languages: a survey and a new approach , 2001, IEEE Netw..

[8]  Robbert van Renesse,et al.  Experience with 3 SDN Controllers in an Enterprise Setting , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W).

[9]  Luigi Iannone,et al.  On the cost of caching locator/ID mappings , 2007, CoNEXT '07.

[10]  Sakir Sezer,et al.  Queen ' s University Belfast-Research Portal Are We Ready for SDN ? Implementation Challenges for Software-Defined Networks , 2016 .

[11]  Betsy Beyer,et al.  BeyondCorp: A New Approach to Enterprise Security , 2014, login Usenix Mag..

[12]  Ben Y. Zhao,et al.  Safely and automatically updating in-network ACL configurations with intent language , 2019, SIGCOMM.

[13]  Consolee Mbarushimana,et al.  Comparative Study of Reactive and Proactive Routing Protocols Performance in Mobile Ad Hoc Networks , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[14]  Martín Casado,et al.  Onix: A Distributed Control Platform for Large-scale Production Networks , 2010, OSDI.

[15]  Azzedine Boukerche,et al.  HPEQ A Hierarchical Periodic, Event-driven and Query-based Wireless Sensor Network Protocol , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[16]  Min Zhu,et al.  B4: experience with a globally-deployed software defined wan , 2013, SIGCOMM.

[17]  Charles E. Perkins,et al.  IP Mobility Support for IPv4 , 2002, RFC.

[18]  Pavlin Radoslavov,et al.  ONOS: towards an open, distributed SDN OS , 2014, HotSDN.

[19]  Ayoub Bahnasse,et al.  Smart hybrid SDN approach for MPLS VPN management on digital environment , 2019, Telecommunication Systems.

[20]  Dino Farinacci,et al.  Locator/ID Separation Protocol (LISP) Control-Plane , 2020 .

[21]  Martín Casado,et al.  Network Virtualization in Multi-tenant Datacenters , 2014, NSDI.

[22]  Donald R. Morrison,et al.  PATRICIA—Practical Algorithm To Retrieve Information Coded in Alphanumeric , 1968, J. ACM.

[23]  Dino Farinacci,et al.  Publish/Subscribe Functionality for LISP , 1999 .

[24]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[25]  Lawrence Kreeger,et al.  VXLAN Group Policy Option , 2018 .

[26]  Yakov Rekhter,et al.  BGP/MPLS IP Virtual Private Networks (VPNs) , 2006, RFC.

[27]  Dino Farinacci,et al.  LISP: a southbound SDN protocol? , 2015, IEEE Communications Magazine.

[28]  Nan Hua,et al.  Andromeda: Performance, Isolation, and Velocity at Scale in Cloud Network Virtualization , 2018, NSDI.

[29]  Takeshi Shimizu,et al.  A management method of IP multicast in overlay networks using openflow , 2012, HotSDN '12.

[30]  Jason Lee,et al.  A first look at modern enterprise traffic , 2005, IMC '05.

[31]  Martín Casado,et al.  Ethane: taking control of the enterprise , 2007, SIGCOMM '07.

[32]  David Thaler,et al.  Multipath Issues in Unicast and Multicast Next-Hop Selection , 2000, RFC.

[33]  Anja Feldmann,et al.  Panopticon: Reaping the Benefits of Incremental SDN Deployment in Enterprise Networks , 2014, USENIX Annual Technical Conference.

[34]  Olivier Bonaventure,et al.  Software Resolved Networks: Rethinking Enterprise Networks with IPv6 Segment Routing , 2018, SOSR.

[35]  Thomas Karagiannis,et al.  Address and traffic dynamics in a large enterprise network , 2008, 2008 16th IEEE Workshop on Local and Metropolitan Area Networks.

[36]  Michael Smith,et al.  Scalable-Group Tag eXchange Protocol (SXP) , 2019 .

[37]  Khaldoun Al Agha,et al.  An efficient mobility management in wireless overlay networks , 2003, 14th IEEE Proceedings on Personal, Indoor and Mobile Radio Communications, 2003. PIMRC 2003..

[38]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[39]  David A. Maltz,et al.  Towards Systematic Design of Enterprise Networks , 2008, IEEE/ACM Transactions on Networking.