Datacenter Traffic Control: Understanding Techniques and Trade-offs

Datacenters provide cost-effective and flexible access to scalable compute and storage resources necessary for today's cloud computing needs. A typical datacenter is made up of thousands of servers connected with a large network and usually managed by one operator. To provide quality access to the variety of applications and services hosted on datacenters and maximize performance, it deems necessary to use datacenter networks effectively and efficiently. Datacenter traffic is often a mix of several classes with different priorities and requirements. This includes user-generated interactive traffic, traffic with deadlines, and long-running traffic. To this end, custom transport protocols and traffic management techniques have been developed to improve datacenter network performance. In this tutorial paper, we review the general architecture of datacenter networks, various topologies proposed for them, their traffic properties, general traffic control challenges in datacenters and general traffic control objectives. The purpose of this paper is to bring out the important characteristics of traffic control in datacenters and not to survey all existing solutions (as it is virtually impossible due to massive body of existing research). We hope to provide readers with a wide range of options and factors while considering a variety of traffic control mechanisms. We discuss various characteristics of datacenter traffic control including management schemes, transmission control, traffic shaping, prioritization, load balancing, multipathing, and traffic scheduling. Next, we point to several open challenges as well as new and interesting networking paradigms. At the end of this paper, we briefly review inter-datacenter networks that connect geographically dispersed datacenters which have been receiving increasing attention recently and pose interesting and novel research problems.Comment: Accepted for Publication in IEEE Communications Surveys and Tutorial

Recursive SDN for Carrier Networks

Control planes for global carrier networks should be programmable (so that new functionality can be easily introduced) and scalable (so they can handle the numerical scale and geographic scope of these networks). Neither traditional control planes nor new SDN-based control planes meet both of these goals. In this paper, we propose a framework for recursive routing computations that combines the best of SDN (programmability) and traditional networks (scalability through hierarchy) to achieve these two desired properties. Through simulation on graphs of up to 10,000 nodes, we evaluate our design's ability to support a variety of routing and traffic engineering solutions, while incorporating a fast failure recovery mechanism

Modular Control Plane Verification via Temporal Invariants

Satisfiability Modulo Theory (SMT)-based tools for network control plane analysis make it possible to reason exhaustively about interactions with peer networks and to detect vulnerabilities such as accidental use of a network as transit or prefix hijacking. SMT-based reasoning also facilitates synthesis and repair. To scale SMT-based verification to large networks, we introduce Timepiece, a new modular control plane verification system. While past verifiers like Minesweeper were based on analysis of stable paths, we show that such models, when deployed naively in service of modular verification, are unsound. To rectify the situation, we adopt a routing model based around a logical notion of time and develop a sound, expressive, and scalable verification engine. Our system requires that a user specifies interfaces between module components. We develop methods for defining these interfaces using predicates inspired by temporal logic, and show how to use those interfaces to verify a range of network-wide properties such as reachability, "no transit," and "no hijacking." Verifying a prefix-filtering policy using a non-modular verification engine times out on a 320-node fattree network after 4 hours. However, Timepiece verifies a 4,500-node fattree in 6.5 minutes on a 96-core virtual machine. Modular verification of individual routers is embarrassingly parallel and completes in seconds, which allows verification to scale beyond non-modular engines, while still allowing the full power of SMT-based symbolic reasoning.Comment: 12 pages (+3 pages references, 1 page proofs), 7 figures, submitted to NSDI 202

Improving Cloud Middlebox Infrastructure for Online Services

Middleboxes are an indispensable part of the datacenter networks that provide high availability, scalability and performance to the online services. Using load balancer as an example, this thesis shows that the prevalent scale-out middlebox designs using commodity servers are plagued with three fundamental problems: (1) The server-based layer-4 middleboxes are costly and inflate round-trip-time as much as 2x by processing the packets in software. (2) The middlebox instances cause traffic detouring en route from sources to destinations, which inflates network bandwidth usage by as much as 3.2x and can cause transient congestion. (3) Additionally, existing cloud providers do not support layer-7 middleboxes as a service, and third-party proxy-based layer-7 middlebox design exhibits poor availability as TCP state stored locally on middlebox instances are lost upon instance failure. This thesis examines the root causes of the above problems and proposes new cloud-scale middlebox design principles that systemically address all three problems. First, to address the performance problem, we make a key observation that existing commodity switches have resources available to implement key layer-4 middlebox functionalities such as load balancer, and by processing packets in hardware, switches offer low latency and high capacity benefits, at no additional cost as the switch resources are idle. Motivated by this observation, we propose the design principle of using idle switch resources to accelerate middlebox functionailites. To demonstrate the principle, we developed the complete L4 load balancer design that uses commodity switches for low cost and high performance, and carefully fuses a few software load balancer instances to provide for high availability. Second, to address the high network overhead problem from traffic detouring through middlebox instances, we propose to exploit the principles of locality and flexibility in placing the middlebox instances and servers to handle the traffic closer to the sources and reduce the overall traffic and link utilization in the network. Third, to provide high availability in a layer 7 middleboxes, we propose a novel middlebox design principle of decoupling the TCP state from middlebox instances and storing it in persistent key-value store so that any middlebox instance can seamlessly take over any TCP connection when middlebox instances fail. We demonstrate the effectiveness of the above cloud-scale middlebox design principles using load balancers as an example. Specifically, we have prototyped the three design principles in three cloud-scale load balancers: Duet, Rubik, and Yoda, respectively. Our evaluation using a datacenter testbed and large scale simulations show that Duet lowers the costs by 12x and latency overhead by 1000x, Rubik further lowers the datacenter network traffic overhead by 3x, and Yoda L7 Load balancer-as-a-service is practical; decoupling TCP state from load balancer instances has a negligible

Exploiting the power of multiplicity: a holistic survey of network-layer multipath

The Internet is inherently a multipath network: For an underlying network with only a single path, connecting various nodes would have been debilitatingly fragile. Unfortunately, traditional Internet technologies have been designed around the restrictive assumption of a single working path between a source and a destination. The lack of native multipath support constrains network performance even as the underlying network is richly connected and has redundant multiple paths. Computer networks can exploit the power of multiplicity, through which a diverse collection of paths is resource pooled as a single resource, to unlock the inherent redundancy of the Internet. This opens up a new vista of opportunities, promising increased throughput (through concurrent usage of multiple paths) and increased reliability and fault tolerance (through the use of multiple paths in backup/redundant arrangements). There are many emerging trends in networking that signify that the Internet's future will be multipath, including the use of multipath technology in data center computing; the ready availability of multiple heterogeneous radio interfaces in wireless (such as Wi-Fi and cellular) in wireless devices; ubiquity of mobile devices that are multihomed with heterogeneous access networks; and the development and standardization of multipath transport protocols such as multipath TCP. The aim of this paper is to provide a comprehensive survey of the literature on network-layer multipath solutions. We will present a detailed investigation of two important design issues, namely, the control plane problem of how to compute and select the routes and the data plane problem of how to split the flow on the computed paths. The main contribution of this paper is a systematic articulation of the main design issues in network-layer multipath routing along with a broad-ranging survey of the vast literature on network-layer multipathing. We also highlight open issues and identify directions for future work

The design and analysis of a corporate data network supporting a real-time clinical data application

In this study a design is proposed for a corporate, data network supporting real-time data applications. The proposed network incorporates both Local Area Network and Wide Area Network technologies to form a system capable of supporting a variety of applications. Multimedia software, like desktop video conferencing, IP telephony, and video streaming are becoming more pervasive. Since multimedia applications depend on active human involvement and perception, they are commonly referred to as real-time. The content of real-time applications relies on the timely and consistent delivery of information. If real-time applications experience any variation in information delivery, usually referred to as jitter, the result is unacceptable application performance. However, real-time applications are not solely limited to traditional multimedia. Interactive client-server based data applications also fall into this category. This project will specifically focus on the performance of a real-time clinical application, which has become predominant in the healthcare industry. To support the implementation of the proposed network, empirical data was gathered from system testing. Testing involved comparing the performance of a real-time application on the proposed design, against the current architecture. The result found that the proposed data network design reduced transport latency, allowing the real-time application to perform more efficiently

Bartolomeu: An SDN rebalancing system across multiple interdomain paths

Bartolomeu is a solution to enable stub networks to perform adaptive egress traffic load balancing across multiple interdomain routes by spreading the traffic across available paths according to a passive measurement of their performance. It defines a BGP-SDN architecture that increases the number of BGP routes that can be used by stub networks. Bartolomeu measures the available capacity of each path to any destination prefix, and allocates to each path a number of large flows that is proportional to its capacity. This strategy reduces the mean sojourn time, i.e., mean time to flow completion, compared to state-of-the-art traffic balancing techniques as ECMP. We develop a mathematical model to compute this time and compare with ECMP and single path (fast path) selection. An analysis of the traffic traces of two content providers was performed to ensure that our solution is deployable. An experiment with traffic exchange over the Internet is used to show that Bartolomeu can provide gains with real interfering traffic. A discrete-event simulator fed with the traces captured is used to asses Bartolomeu's gains with prefixes with different number of flows, and flows with different sizes and arrival time. We observe in this experiment that Bartolomeu can reduce the sojourn time, compared to ECMP, by half when path rates differ in a factor of 3, or to a sixth when path rates differ in a factor of 10. We compute the maximum number of per-flow entries and the maximum entry change request rate to show that the resources required fit in with the specifications of the current generation of SDN switches.The work of Pedro Rodrigues Torres-Jr. was partially supported by the Fundación Carolina, program Mobilidad SEGIB 2019. The work of Alberto García-Martínez was supported by the 5G-TRANSFORMER project, H2020-761536. The work of and Marcelo Bagnulo was supported in part by the 5G-TRANSFORMER project, and by the Spanish Ministry of Economy and Competitiveness under 5GCity project, TEC2016-76795-C6-3-R

ProbNV: probabilistic verification of network control planes

ProbNV is a new framework for probabilistic network control plane verification that strikes a balance between generality and scalability. ProbNV is general enough to encode a wide range of features from the most common protocols (eBGP and OSPF) and yet scalable enough to handle challenging properties, such as probabilistic all-failures analysis of medium-sized networks with 100-200 devices. When there are a small, bounded number of failures, networks with up to 500 devices may be verified in seconds. ProbNV operates by translating raw CISCO configurations into a probabilistic and functional programming language designed for network verification. This language comes equipped with a novel type system that characterizes the sort of representation to be used for each data structure: concrete for the usual representation of values; symbolic for a BDD-based representation of sets of values; and multi-value for an MTBDD-based representation of values that depend upon symbolics. Careful use of these varying representations speeds execution of symbolic simulation of network models. The MTBDD-based representations are also used to calculate probabilistic properties of network models once symbolic simulation is complete. We implement the language and evaluate its performance on benchmarks constructed from real network topologies and synthesized routing policies