Virtual Routers as a Service: The RouteFlow Approach Leveraging

Virtual Routers as a Service: The RouteFlow ApproachLeveraging Software-Defined Networks

Marcelo R. Nascimento,Christian E. Rothenberg,

Marcos R. SalvadorTelecomm. Research and

Development Center (CPqD)Campinas - SP - Brazil

[email protected]

Carlos N. A. Corrêa,Sidney C. de Lucena

Federal University of the Riode Janeiro State (UniRio)

Rio de Janeiro - RJ - [email protected]

Maurício F. MagalhãesUniversity of Campinas

(UNICAMP)Campinas - SP - Brazil

[email protected]

ABSTRACTThe networking equipment market is being transformed bythe need for greater openness and flexibility, not only forresearch purposes but also for in-house innovation by theequipment owners. In contrast to networking gear followingthe model of computer mainframes, where closed softwareruns on proprietary hardware, the software-defined networ-king approach effectively decouples the data from the controlplane via an open API (i.e., OpenFlow protocol) that allowsthe (remote) control of packet forwarding engines. Moti-vated by this scenario, we propose RouteFlow, a commodityrouting architecture that combines the line-rate performanceof commercial hardware with the flexibility of open-sourcerouting stacks (remotely) running on general purpose com-puters. The outcome is a novel point in the design space ofcommodity routing solutions with far-reaching implicationstowards virtual routers and IP networks as a service. Thispaper documents the progress achieved in the design andprototype implementation of our work and outlines our re-search agenda that calls for a community-driven approach.

Categories and Subject DescriptorsC.2.1 [Network Architecture and Design]: Packet-switchingnetworks

1. INTRODUCTIONBesides the formidable evolution of the Internet with res-

pect to its pervasiveness and applications, its core technol-ogy, mainly represented by the layered TCP/IP protocolsuite, has not gone through an equally radical transforma-tion. Since the Internet became commercial, network deviceshave been “black boxes” in the sense of vertically integratedimplementations based on closed-source software over pro-prietary hardware [11]. This model does not only lead tothe recognized Internet “ossification” but also implies higher

Permission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copies arenot made or distributed for profit or commercial advantage and that copiesbear this notice and the full citation on the first page. To copy otherwise, torepublish, to post on servers or to redistribute to lists, requires prior specificpermission and/or a fee.CFI ’11 June 13-15, 2011, Seoul, KoreaCopyright 2011 ACM 978-1-4503-0821-2/11/06 ...$10.00.

R&D costs and slower time to market of product features.Recent standardization developments of vendor-neutral

APIs (e.g., ForCES [13], OpenFlow [15]) allow for “lobo-tomizing” a big part of the decision logic of network devicesto external controllers implementable with commodity hard-ware (e.g. x86 technology), a plentiful and scalable resource.

RouteFlow, the work in progress depicted is this paper,is an architecture following the software-defined networking(SDN) [9] paradigm based on a programmatic approach tologically centralize the network control, unify state informa-tion, and decouple forwarding logic and configuration fromthe hardware elements [5]. It is composed by an OpenFlowcontroller application and an independent RouteFlow serverthat manages a virtual network environment to interconnectvirtualized IP routing engines (e.g. Quagga).

Routing protocol messages can be sent ‘down’ to the phys-ical devices or can be kept in the virtual network plane,that may be a reproduction of the discovered physical in-frastructure or a simplified / arbitrary mapping to hardwareresources. The routing engines generate the forwarding in-formation base (FIB) according to the configured routingprotocols (e.g., OSPF, BGP). In turn, the IP and ARP ta-bles are collected and translated into OpenFlow rules thatare finally installed in the associated datapath devices.

The main goal of RouteFlow is enabling remote IP routingservices in a centralized way, as a consequence of effectivelydecoupling the forwarding and control planes. This way, IPnetworks become more flexible and allow for the additionand customization of protocols and algorithms, paving theway for virtual router [3] and IP network as a Service (IP-NaaS) [6] in the software-defined networking era. RouteFlowis the evolution of our early work on partnering Quagga withOpenFlow [16] and works transparently to any Linux-basedrouting engine (e.g., XORP, BIRD).

The balance of this paper is as follows. Section 2 presentsthe RouteFlow design along its different modes of operationand its main architectural components. Section 3 describesthe prototype implementation. Section 4 discusses the re-search agenda and Section 5 concludes the paper.

2. THE ROUTEFLOW DESIGNRouteFlow runs OpenFlow switches’ control logic through

a virtual network composed by virtual machines (VMs),each of them executing a routing engine (see Fig. 1(a)).Those VMs (or virtual environments) are dynamically in-terconnected to form a logic topology that mirrors a physi-

VM

VM

VM

VM

OSPF / RIP / BGPVirtual Topology

Programmable Switch

Programmable Switch

Programmable Switch

Physical Infrastructure

Programmable Switch

Legacy Network

BGP

RouteFlow Server Controller

OSPFOSPF

Quagga

Quagga

Quagga

Quagga

Lecacy L2/L3 Switch

(a) Overview of a RouteFlow-controlled network.

hardware

software

hardware

software

hardware

software

kernel space

user space

kernel space

user space

kernel space

user space

hardware

software

kernel space

user spaceVirtual

Environment

Controller

Programmable Switches

RouteTable

RouteFlowSlave

Route Engine

ARPTable

NIC 1NIC 2NIC n

RouteFlowController

Network Controller

AP.1

HW TablePORT 1PORT 2PORT n

DriverAPI

RouteFlow Protocol

OpenFlow

AP.n...

RouteFlow Server

RouteFlow Protocol

OpenFlow

OVS

DB*

(b) RouteFlow components.

Figure 1: RouteFlow architecture conceptual design.

cal infrastructure – or a modified version of it. The virtualenvironment is held in (a set of) external servers and com-municate with the forwarding plane through an OpenFlowcontroller application that receives from the RF server thedecisions made by the routing protocols. As a result, flowrules are maintained in the data plane to specify how traf-fic must be handled (i.e., port forwarding, MAC re-writing).While the control is centralized, it stays logically distributed.This way, it does not require modification of existing routingprotocols. Moreover, legacy infrastructure can be transpa-rently integrated, given that routing protocol messages (e.g.BGP, OSPF) can be sent from/to the virtual control plane.

This leads to a flexible, high-performance and cost-effectiveapproach to provide IP routing based on: (a) programmablelow-cost switches with small-footprint of control software(i.e. OpenFlow); (b) open-source routing protocols stacks(e.g. Quagga); and (c) commodity x86 technology.

2.1 Modes of operationSeparating the control plane from the forwarding sub-

strate allows for a flexible mapping and operation betweenthe virtual elements and their physical counterparts. Fi-gure 2(a) shows the three main modes of operation thatRouteFlow aims at supporting.

Logical split: This 1 : 1 mapping between hardwareswitches and the virtualized routing engines basically mir-rors the physical substrate (number of switch ports, connec-tivity) into the virtual control plane.

Multiplexing: This 1 : n mapping of physical to virtualsubstrate represents the common approach to router virtu-alization where multiple control planes run simultaneouslyand install their independent FIBs on the same hardware.Multi-tenant virtual networks can be defined by letting con-trol protocol messages flow through the virtual plane andstitching the data plane connectivity accordingly.

Aggregation: This m : 1 mapping of hardware resourcesto virtual instances allows to simplify the network proto-col engineering by bundling a group of switches, such that

neighbouring devices or domains can treat the aggregatedas if it were a single element.1 This way intra-domain rou-ting can be independently defined while legacy inter-domainor inter-zone routing (e.g. BGP) can be consolidated intosingle control unit for signaling scalability and simplified,centralized management purposes (cf. [12]).

For every use case, two sub-modes of operation can bedefined depending on whether the routing protocol messagesare sent out through the physical ports or are kept in thevirtual plane. The latter allows to separate and optimize theproblem of physical topology discovery and maintainanceand the problem of routing state distribution.

2.2 Architectural detailsAs shown in Fig. 1(b), the RouteFlow-Controller (RF-

C) runs as an application on top of an OpenFlow networkcontroller (NC). The NC is responsible for interfacing theOpenFlow-enabled switches, servicing the RF-C with theAPIs, and discovering the network topology.

The core control logic resides in the RF-Server that is no-tified about relevant events and keeps the required network-wide state. For each OpenFlow switch found, the RF-Serverinstantiates one (or selects a pre-provisioned) VM.2 EachVM runs a stack of open-source routing protocols and is con-figured with as many virtual network interfaces (NICs) asthere are active ports in its corresponding device. The NICsare bound to software switches, through which their connec-tivity is dynamically controlled. Once the virtual topologyis set up, the routing protocols in the VMs start running andadjust the FIBs accordingly. For each FIB update, the slave

1There is no conceptual barrier to support arbitrary m : nmappings as pursued by IETF ForCES [13] that defines Con-trol Elements (CE) and Forwarding Elements (CE), whichcompound form a Network Element (NE).2This case corresponds to the logical split and multiplexingmodes of operation. In case of aggregation, a single VMcovers multiple physical switches which can be programmedto act as a single router (e.g. [3]).

Router Multiplexation(1:n)

Router Aggregation(m:1 or m:n)

Logical Split Router(1:1)

Infrastructure Provider (Physical Substrate)

Virtual Network Provider (Network Slices)

(a) Modes of operation and usage scenarios of router virtualization.

...

Network OS (OF Controller)

RF-Controller

Virtual Topology

Softw

are

Switc

h (O

VS)

RF-Server

RF-Protocol

NIC nNIC 2NIC 1

VM 1RF-

Slave

Quagga

NIC 0

NIC nNIC 2NIC 1

VM 2RF-

Slave

Quagga

NIC 0

NIC nNIC 2NIC 1

VM nRF-

Slave

Quagga

NIC 0

OpenFlow

Softw

are

Switc

h

(b) Virtual control plane.

Figure 2: Modes of operation of the virtualized networking environment

daemon (RF-S) sends an update message to the RF-Serverthat requests the installation of a flow entry matching thedestination network mask with the corresponding actionsfor port-forwarding, MAC-rewriting, TTL-decrement, andIP header checksum update.

A simple RouteFlow protocol is defined for the interac-tions of the RF-Server with the RF-Controller and the RF-Slave instances. RF-protocol messages can be of the typecommand or event and can be seen as a simplified subset ofOpenFlow protocol messages plus a number of new messagesfor VM/RF-Slave configuration and management purposes(e.g., accept/reject VM, RF-Slave config., send update).

To allow for legacy network integration, RouteFlow usesflow entries to match known routing protocol messages re-ceived from legacy devices in the physical infrastructure andpass them to the corresponding virtual entities. Conversely,pertinent routing messages originated in the virtual topo-logy are sent through the physical infrastructure.

3. PROTOTYPE IMPLEMENTATIONThe RouteFlow prototype is a combination of open-source

software and newly-developed components:3

RF-Server and RF-Controller: The RF-Controllercomponent is implemented as a C++ application (route-flowc) running on top of NOX [10]. The RF-Server is astandalone application responsible for the core logic of thesystem (e.g., event processing, mapping VMs to switches,resource management). Interactions between the RF-Serverand RF-Controller are defined via RF-Protocol messages.

RF-Slave and FIB gathering: Each Linux VM in thevirtual topology executes a RF-S daemon (rfslaved) alonga routing engine (e.g. Quagga). rfslaved is a C++ stan-dalone application that basically gathers FIB updates viathe Netlink Linux API4 and sends the event data via theRF-Protocol. In addition, the rfslaved executes a resourcediscovery technique for VM and switch-port identification.

3Available in the RouteFlow project page:https://sites.google.com/site/routeflow/4Netlink renders rfslaved agnostic of the specific routingsuite as long as it updates the Linux networking stack.

Table 1: ICMP Response Times.Equipment Slow Path [ms] Fast Path [ms]

Tavg. T90% Tavg. T90%

CISCO 3560-e Catalyst 5.46 7.75 0.100 0.130Extreme x450-e 11.30 14.00 0.106 0.141

CPqD Enterprise 14.20 17.30 0.101 0.147

RouteFlow 116.00 138.00 0.082 0.119

Virtual networking environment: OpenVSwitch (OVS)is the software switch used to connect all VM NICs in a vir-tual topology according to the reachability goals determinedby the chosen mode of operation. We use the OpenFlow pro-tocol support of OVS to dynamically manage the inter-VMconnectivity and to select which packets should be sent tothe forwarding plane. Moreover, OVS allows distributingthe virtual network environment by having multiple OVSinstances interconnected through tunnel ports.

Evaluation: Experiments with the prototype implemen-tation in our NetFPGA-based testbed has proved interope-rability with traditional networking gear and revealed thatthe routing protocol convergence time is dominated by theprotocol time-out configuration (e.g., 4 x HELLO in caseof OSPF) and does not suffer from the longer path to thecontrol plane. As shown in Table 1, RouteFlow introduceslarger latency only for those packets that need to be han-dled in the slow-path as a result of lacking a FIB entry orprocessing by the OS networking / routing stack (e.g., ARPrequests, PING, Quagga routing protocol messages).

4. THE ROUTEFLOW R&D AGENDAWe look forward to turning RouteFlow into an open-sourced

community-driven framework to deliver novel virtualized IProuting services in OpenFlow networks. We believe that thecombination of the line-rate performance of commercial net-working hardware with the flexibility of open-source routingstacks arranged through modern cloud programming prac-tices may cross the research arena and unveil new businessmodels. To fully realize this vision, we have identified seve-ral areas requiring further research and development work:

Applying PaaS to networking: Similar to the ratio-nale behind cloud computing, RouteFlow shares the visionthat the PaaS model meeting the networking world could bea game-changer (cf. [12]). Towards this goal, one feature inour roadmap is advanced VM management. ImplementingLibvirt [2] allows for VM control via an unified API for amyriad of virtualization tools (e.g., QEMU, LXC, VMware,OpenVZ) along enhanced functionality like live migrationor load balancing of the virtual control plane. Further de-velopments include a comprehensive GUI and managementfacilities similarly to service platforms that implement anIP-oriented IaaS paradigm [6].

Moving beyond state-of-the art router virtualization (i.e.,1:1 mapping between control and physical elements) towardsmore flexible resource mapping (e.g., 1:N, M:N) is a goalfull of challenges. As argued by Keller and Rexford [12],enabling a Single Router Platform would allow customersto focus on their application/service while addressing themanagement burden of infrastructure owners.

Protocol Optimization: The RouteFlow architectureallows for a separation of concerns between topology main-tainance and routing state distribution (cf. [20]). This en-ables optimizing the routing protocols through fast connec-tivity maintainance techniques in the data plane (e.g. BFD-like) while route state distribution such as OSPF LSAs isflooded only inside the virtual domain. The challenge now isreproducing in the virtual domain the physical failures [17].Once detected by any means, link failures can be program-matically induced via the OVS or by directly hooking intothe specific routing stack (e.g. Zebra DB).

Resiliency and Scalability: Advances in VM technolo-gies are also fundamental to circumvent different failure sce-narios and to scale up by physically distributing the com-ponents. We need some strategy like master-backup [17] ordistributed master controllers [20] to offer resilience in caseof failures of the RF components. One component of theenvisioned solution is a distributed database that holds theessential Network Information Base (NIB) (cf. Onix [20]).Yet another relevant research topic includes SDN-enabledstrategies to deal with datapath failures such as decouplingfailure recovery from path computation [4].

Embrace related work and build a community: Lastbut not least, we recognize the importance of (1) learn-ing from previous work pursuing similar goals of separatingcontrol software from routers (e.g., SoftRouter [14], 4D [8],RCP [7]), (2) applying technologies from operational dis-tributed systems such as cloud data center applications (e.g.,event-based systems and NoSQL data stores [20]), and (3)building a community to joins efforts towards similar goals.5

To cite a few planned actions, we intend to investigate theinterplay options with FlowVisor, the Mantychore APIs [6],the FIB-saving techniques of Fibium [18], the advances insplit router architectures [19], and the implications of blen-ding optical and electrical networks by integrating Open-Flow with GMPLS [1]. By revisiting the technical approachand promised benefits of the SoftRouter architecture (i.e.,reliability, scalability, security, flexibility) [14] we hope tocontribute to answering one question around the OpenFlowmodel: Can a RouteFlow-like architecture transform the datanetworking industry in the same way the SoftSwitch trans-formed the voice telecom industry?

5OpenFlowHub is one effort in broadcasting open-sourcedSDN technologies: http://www.openflowhub.org

5. CONCLUSIONSRouteFlow is an example of the power of innovation result-

ing from the blend of open interfaces to commercial hard-ware and open-source software development. The Route-Flow architecture allows for a flexible resource associationbetween IP routing protocols and a programmable physicalsubstrate, opening the door for multiple use cases aroundvirtualized IP routing services. We expect RouteFlow con-tributing to the migration path from traditional IP deploy-ments to software-defined networks enabled by means ofa community-driven open-source framework. This path ishowever not free of research and development challenges.

6. REFERENCES[1] S. Azodolmolky and et al. Integrated OpenFlow - GMPLS

Control Plane: An Overlay Model for Software DefinedPacket over Optical Networks. ECOC’11, Sep 2011.

[2] M. Bolte, M. Sievers, G. Birkenheuer, O. Niehorster, andA. Brinkmann. Non-intrusive virtualization managementusing libvirt. In DATE ’10, 2010.

[3] Z. Bozakov. Architecture and Algorithms for VirtualRouters as a Service. IWQoS, June 2011.

[4] M. Caesar, M. Casado, T. Koponen, J. Rexford, andS. Shenker. Dynamic route recomputation consideredharmful. SIGCOMM CCR., 40:66–71, April 2010.

[5] M. Casado, T. Koponen, R. Ramanathan, and S. Shenker.Virtualizing the network forwarding plane. In PRESTO’10, 2010.

[6] E. Grasa and et al. MANTICORE II: IP Network as aService pilots at HEAnet, NORDUnet and RedIRIS.TERENA Networking Conference 2010, 2010.

[7] N. Feamster, H. Balakrishnan, J. Rexford, A. Shaikh, andJ. van der Merwe. The case for separating routing fromrouters. In FDNA ’04, 2004.

[8] A. Greenberg and et al. A clean slate 4D approach tonetwork control and management. SIGCOMM CCR,35(5):41–54, 2005.

[9] K. Greene. TR10: Software-Defined Networking. MITTechnology Review, 2009.

[10] N. Gude and et al. NOX: towards an operating system fornetworks. SIGCOMM CCR., 38, July 2008.

[11] J. Hamilton. Networking: The last bastion of mainframecomputing. http://perspectives.mvdirona.com/2009/12/19/NetworkingTheLastBastionOfMainframeComputing.aspx.

[12] E. Keller and J. Rexford. The ’Platform as a Service’ modelfor networking. In INM/WREN 10, Apr. 2010.

[13] H. Khosravi and T. Anderson. Requirements for separationof ip control and forwarding. RFC 3654, Nov. 2003.

[14] T. V. Lakshman and et al. The SoftRouter architecture. InHotNets-III, 2004.

[15] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar,L. Peterson, J. Rexford, S. Shenker, and J. Turner.Openflow: enabling innovation in campus networks.SIGCOMM CCR, 38:69–74, March 2008.

[16] M. R. Nascimento, C. E. Rothenberg, M. R. Salvador, andM. F. Magalhaes. QuagFlow: partnering Quagga withOpenFlow. SIGCOMM CCR, 40:441–442, August 2010.

[17] R. Ramjee and et al. Separating control software fromrouters. In COMSWARE’06, 2006.

[18] N. Sarrar, A. Feldmann, S. Uhlig, R. Sherwood, andX. Huang. FIBIUM - Towards Hardware AcceleratedSoftware Routers. In EuroView 2010 (poster session),August 2010.

[19] SPARC. Split architecture carrier grade networks.http://www.fp7-sparc.eu/.

[20] T. Koponen and et al. Onix: A distributed control platformfor large-scale production networks. In OSDI ’10, Oct 2010.

Virtual Routers as a Service: The RouteFlow Approach Leveraging

Documents

Transcript of Virtual Routers as a Service: The RouteFlow Approach Leveraging