1 / 26

FI Research in China

FI Research in China. Jun Bi Tsinghua Univ./CERNET Beijing China. Outline. FI Research Overview in China Domestic FI related Projects International Collaborations Some FI Research in Tsinghua Univ. OpenFlow Extension (Openflow+) for Intra-AS Source Address Validation NDN

andren
Télécharger la présentation

FI Research in China

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FI Research in China Jun Bi Tsinghua Univ./CERNET Beijing China

  2. Outline • FI Research Overview in China • Domestic FI related Projects • International Collaborations • Some FI Research in Tsinghua Univ. • OpenFlow Extension (Openflow+) for Intra-AS Source Address Validation • NDN • Audio Conference Tool (Collabrating with PARC/UCLA), to see SIGCOMM11 ICN WS paper • Caching, test-bed, Router, Gateway…..

  3. Internet Development in China • The largest Internet population in the world • 2011 July: 485 million Internet users in China • Still growing fast (only 36.2 % of population) • The largest Service Providers in the world • China Telecom (largest ISP) • China Mobile (616 million users) • China Unicom • Giant Internet Venders • Huawei, ZTE,… • Would like to try new tech • IPv6, 3G (TD, W, 2000)

  4. Domestic FI-related Projects • In the 11th 5-years Plan Period (2006-2010) • MOST Trustworthy Internet • IPv6 Source Address Vadldation Architecure (SAVA) • Trustworthy ID based on SAVA • Trustworthy Application • Deployed in 100 univ campus network as testbed • MOST NGB • Deployed in Shanghai region • CNGI • IPv4/IPv6 Transiditon, ….. • Largest test-bed • Smaller NSFC Projects • Mobile/Wireless • 3G, 4G

  5. Domestic FI-related Projects • In the 12th 5-year Plan Period (2011-2015) • MOST Triple-Play Network • MOST Future Internet (Planning) • New Network Architecture • New Network Equipment • Testbed • CENI infrastructure (Planning) • GENI-like • CNGI new phase (Planning) • Mainly IPv6, and some FI • NSFC/973 New Network Architecture (CFP)

  6. International Collaboration • with the USA • GENI/Openflow • CERNET signed MOU with GENI and Stanford for IPv6 Openflow, Source Address Validation • CANS to collaborate on Openflow Research/Testbed • NDN collaboration • Tsinghua Univ., CAS ICT, Huawei…. • with the Europe • Onelab, other FP7 projects involvements • with CJK • CJK projects on Network Security/FI • AsiaFI

  7. Some FI Research in Tsinghua University

  8. OpenFlow Extension (Openflow+) for Intra-AS Source Address Validation Tsinghua University, China

  9. Source Address Validation (SAV) Why SAV The current Internet Architecture: packet forwarding is only based on destination address SAV will be good for: anti-spoofing/network security network management/traceback network measurement network accounting/billing Why SAV is tough beyond the first hop Asymmetric Routing, Equal Cost Multiple Path. uRPF only make decision based on local FIB What we proposed for Intra-AS SAV CPF (Calculation based forwarding)

  10. Intra-AS Source Address Validation A central control model that a Calculated Path Forwarding (CPF) controller collects the forwarding information of every router in an AS, and calculates all possible forwarding paths for every source address, and then issues filter rules (the result of the calculation) to the routers to verify the source address of packets.

  11. CPF in Current Network Architecture SNMP Polling forwarding information, interface information and subnet information from MIB for generating a global forwarding path. xFlow Sample packets through xFlow (NetFlow/sFlow) for validating source address of sampling packets. Telnet To log on the router and configure the ACL calculated by CPF.

  12. Limitations of CPF in the current Internet Architecure • The network device is not open and the interface is not standardized: • The ACL structure is not standardized, so we have to design for different vendors • The routing table/forwarding table are not open for modification from outside the router. • The communication between CPF controller and device is in-efficient • May cause false-negative when topology changes (because the routing table changes can not be reported to CPF in real-time) • Telnet scripts can not be smart enough

  13. What OpenFlow bring to us • OpenFlow enables network innovation, by: • FlowTable and OpenFlow protocol between controller and device implment the standardization and open access of network device. • - User-defined new technologycan be easily added to the controller as new components. • - The centralized mode in OpenFlow makes some functions based on global information possible.

  14. What OpenFlow bring to us Open and standard new protocol deployment Open and standard control interface Flow Table Open and standard forwarding hardware Hardware to OpenFlow Device OpenFlow Protocol Control Protocol Hardware

  15. CPF and Openflow • Central control architecture of OpenFlow matches CPF, which requires global information of an AS • Using OpenFlow protocol to unify three protocols (SNMP, xFlow and Telnet) for communication between CPF controller and network device • Efficient control from outside the network device

  16. Challenges of Current OpenFlow • To adapt all future protocols and different vendors, needs to make flow table more open • If a new innovation is mature enough, needs to implemented the controller inside the device, to improve the efficiency • It is hard to pre-define all the communication requirements between the controller and device, needs to make the openflow protocol more open • Needs to run openflow in today’s router, it will make deployment low-cost and deployable

  17. Openflow+ • Openflow+ is an extension to the fundamental architecture of OpenFlow to make it more open, efficient, and low-cost: • - 1: Flow Table Extension • - 2: Distribution Mode Extension • - 3: Openflow Protocol Extension • - 4: Low-cost Openflow for today’s router • (OpenRouter)

  18. Extension 1: Flow Table Extension Flow Table Mandatory Optional Vendor-defined Hardware to OpenFlow Device OpenFlow Protocol Control Protocol Hardware

  19. Extension 2: Distribution Mode Extension Flow Table Flow Table Hardware to OpenFlow Protocol to OpenFlow Protocol to Protocol Device OpenFlow Protocol Control Protocol Hardware

  20. Extension 3: Openflow Protocol Extension TLV Type (Fixed length) TLV Length (Fixed length) TLV Value (“TLV Length” length) In TLV format, each piece of data is organized by the triple of (Type, Length, Value) TLV can be used or arranged recursively

  21. Extension 4: Low-cost Openflow for today’s router (OpenRouter) • OpenFlow+ in a commercial router • DCRS 5980/5950, DigitalChina Company, RoutingSwitch

  22. Extension 4: Low-cost Openflow for today’s router

  23. Architecture of CPF based on OpenFlow+ CPF APP NOX OpenFlow+ OpenRouter

  24. CPF Controller Filtering Rule Generator Validation Module Rule Adaptor OR OpenRouter CPF APP OpenFlow Network State Processor Sampling Packet Processor NOX Sharing Memory Socket OR A OR B OR C OR D OR E OR F OR G

  25. The Testbed of CPF based on OpenFlow+

  26. Thanks!

More Related