SDN Traffic Optimizations

May 26, 2015

by Matt Conran Blog

SDN Traffic Optimizations

In today's rapidly evolving digital landscape, Software-Defined Networking (SDN) has emerged as a transformative technology. With its ability to centralize network control and dynamically allocate resources, SDN offers unprecedented flexibility and scalability. However, to fully harness its potential, optimizing SDN traffic becomes crucial. In this blog post, we will explore the key strategies and techniques for optimizing SDN traffic to enhance network performance.

SDN traffic patterns differ significantly from traditional networking approaches. By decoupling the control plane from the data plane, SDN introduces new traffic dynamics. Understanding these patterns is vital for effective optimization. We will delve into various types of SDN traffic and their characteristics, including control traffic, data traffic, and management traffic.

Traffic Engineering in SDN: Traffic engineering plays a pivotal role in SDN optimization. It involves intelligently managing network resources to ensure efficient traffic flow. We will explore techniques such as path selection algorithms, traffic splitting, and load balancing to optimize SDN traffic. Additionally, we will discuss the concept of quality of service (QoS) and its relevance in optimizing traffic for different applications.

Flow Table Management and Optimization: The flow table is a central component of SDN switches, governing how traffic is processed and forwarded. Optimizing flow table entries is crucial for minimizing latency and maximizing throughput. We will discuss strategies for efficient flow table management, including flow prioritization, wildcard rules, and flow table size optimization.

Bandwidth Allocation and Resource Utilization: Effective allocation of available bandwidth is vital for optimizing SDN traffic. We will explore techniques such as bandwidth reservation, traffic shaping, and admission control to ensure optimal resource utilization. Additionally, we will delve into the importance of monitoring and analyzing network traffic to identify potential bottlenecks and optimize bandwidth allocation.

Conclusion: Optimizing SDN traffic is a critical aspect of enhancing network performance. By understanding SDN traffic patterns, implementing traffic engineering strategies, optimizing flow table management, and efficiently allocating bandwidth, organizations can unlock the full potential of SDN. As the demand for high-performance networks continues to grow, mastering these optimization techniques becomes essential for network administrators and engineers.

Matt Conran

Highlights: SDN Traffic Optimizations

Challenges to Network Management

Because legacy networks have static and inflexible architectures, they are not equipped to cope with today’s increasingly dynamic networking trends or meet modern users’ quality of experience requirements. Therefore, it is necessary to enforce complex, high-level policies to adapt to current networking environments and to automate network operations to reduce the tedious workload of low-level device configuration.

To avoid misconfigurations and ease network management, operators considered running dynamic scripts to automate network configuration settings before realizing their limitations. Recent approaches to scripting configurations and automating networks (e.g., Ansible) are becoming more relevant, however.

SDN Applications

SDN allows applications to express their goals and policies directly in a centralized, high-level manner without being tied to the details of implementation and state distribution of the underlying networking infrastructure by decoupling the application logic from the network hardware and logically centralizing the network control. Likewise, SDN applications consume the network services and functions the control plane provides via the northbound interface, according to their specific needs.

Thus, the northbound API provided by SDN controllers facilitates network programmability, simplifies control and management tasks, and facilitates innovation by allowing network abstraction. A standard does not support the northbound API, unlike the southbound API.

Challenges to Multihoming

Multihoming to different transit providers has become an essential service component at the Internet edge. Multihoming allows you to satisfy several high-level requirements, including redundancy. Redundancy is site or device/link level and protects from a single point of failure.

There are several ways to route and manage traffic in and out of multi-homed sites. Some rely on static routing, while others rely on the routing policy capabilities of the inter-domain routing protocol, Border Gateway Protocol (BGP).

Cisco’s LISP

Cisco Locator/ID Separation Protocol (LISP) was developed to deal with the rapid growth of the default-free zone (DFZ) or Internet routing table. To address routing scalability problems on the Internet, LISP was created as a routing architecture and a data plane protocol:

It is part of the Internet routing table’s size and growth that many routes are provider-independent and non-aggregable.
Internet routing table aggregation/scalability problems are exacerbated by traffic engineering, in which more specific routes are injected into the Internet.
Multihoming is impossible without a full Internet routing table (900,000+ IPv4 routes at the time of writing); for small sites requiring multihoming, a powerful router is needed to handle the entire routing table (large memory, powerful CPUs, more TCAM, more power, coolers, etc.), which can be prohibitively expensive.
Instability in Internet routes (route churn) consumes vast amounts of CPU and memory, requiring powerful routers to cope.

You may find the following helpful post for pre-information:

Inbound Traffic Optimization Key SDN Traffic Optimizations Discussion Points:	Introduction to SDN Traffic Optimizations and what is involved. Highlighting the challenges with BGP inbound traffic engineering. Critical points on how this can be solved. Technical details with a use case that uses LISP protocol. A final point on WAN SDN.

Back to basics with BGP

Border Gateway Protocol (BGP) is the routing protocol to exchange routing information across the Internet. BGP is considered the glue of the Internet and is the only protocol designed to deal with a network of the Internet’s size. As a result, BGP is sometimes called a distance-path protocol.

BGP does not look at something as simple as hop count or link costs, but it doesn’t keep track of the complete topology of the entire network either. Instead, BGP accomplishes this through neighbor-peer relationships that must be explicitly configured.

Lab guide on BGP

Here, we have a sample BGP network consisting of two nodes, BGP Peer 1 and BGP Peer 2. We are running iBGP between these BGP peers, which is done by configuring both peers with the same AS number, in our case, AS 1. The command show ip bgp summary is used to determine the status of a BGP neighbor. Remember that BGP runs over TCP port 179 and is a path vector protocol.

BGP Inbound Traffic Engineering

BGP is great for reducing network complexity and increasing scale at edges, but it has shortcomings concerning path selection. BGP is scalable and robust, but routing decisions based on BGP attributes are flawed. These are driving a requirement for a new approach, SDN traffic optimizations, and triangular routing with the LISP control plane.

For BGP inbound traffic engineering, the protocol validates path attributes. It selects the best path by checking local preference, shortest AS Path, ORIGIN attribute, lower MED attribute, eBGP routes are preferred over iBGP routes, and lower metric to the NEXT-HOP. Although these attributes allow granular policy control, they do not cover aspects relating to path performance. So, how can you add intelligence to BGP?

Traffic Engineering with SDN:

SDN enables administrators to implement advanced traffic engineering techniques to optimize network traffic. By leveraging real-time network analytics and traffic monitoring, SDN controllers can intelligently route traffic based on various parameters such as bandwidth, latency requirements, and network congestion. This dynamic traffic engineering ensures network resources are efficiently utilized, reducing bottlenecks and improving overall network performance.

Quality of Service (QoS) Optimization:

One of the key benefits of SDN is its ability to prioritize certain types of network traffic over others. With SDN, administrators can implement Quality of Service (QoS) policies to ensure critical applications and services receive the necessary bandwidth and low latency they require. By prioritizing traffic based on predefined rules, SDN can guarantee a consistent user experience for essential services while preventing network congestion caused by non-critical traffic.

Scalability and Flexibility:

Traditional networking architectures often struggle to scale efficiently, leading to performance degradation as network demand increases. SDN offers inherent scalability by decoupling network control from the underlying hardware. With SDN, administrators can quickly scale network resources and adapt to changing traffic patterns by dynamically provisioning resources and adjusting traffic flow without requiring manual configuration changes.

Network Virtualization:

SDN provides the foundation for network virtualization, allowing administrators to create virtual networks independent of the underlying physical infrastructure. This virtualization enables the efficient allocation of network resources, isolation of traffic, and simplified network management. By leveraging network virtualization, organizations can optimize their network traffic by creating logical networks that meet specific requirements, such as separating traffic for different departments or applications.

SDN Traffic Optimizations and Border 6

Border6’s goal is simple: to develop an innovative routing optimization platform. Their toolset (NSI probe and NSI server) is not a replacement for BGP but a complementary tool. BGP is still required at network edges. The NSI products integrate with the border-routing process to complement the BGP decision process.

Integrating NSI into BGP adds additional intelligence to the BGP routing process and overcomes the issues addressed with BGP inbound traffic engineering. It allows engineers to automate, control, and monitor routing policies. For example, it has a Routing Decision Engine ( RDE ) that looks at the cost of transits. It takes into account the monthly subscription cost and the cost of traffic bursts.

Inbound traffic optimization

NSI probing and analysis allow them to measure latency and packet loss. The best path is then compared to the original path selected by the BGP process. The entire process lets you compare paths in terms of performance. If BGP does not determine the best path, NSI automates traffic engineering and pushes outbound traffic via the best-performing path.

The NSI probe communicates with the BGP edge routers and sends aggregated data back to the NSI Server. The server then analyzes the data and triggers an action for the NSI probe. You can have multiple NSI probes for various data center topologies at each location.

Optimizing inbound traffic flow

Enforcing outbound routing is performed without any difficulty. Inbound routing differs as you rely on the upstream 3rd party to take action. You can, however, influence this with AS-PATH prepending, community tagging, and auto-shutdown of defective links. Locator/ID Separation Protocol (LISP) provides more granularity for inbound traffic engineering as it separates the address spaces.

Border 6 supports LISP version 1.1 and can respond to the path available to external servers to reach a preferred network. This is based on NSI measurements. Border 6 is collaborating with the French Research Agency ( ANR ) to develop a design to integrate NSI with LISP for inbound traffic optimization. This is an ongoing project and is dependent on the broader scope of a global LISP implementation. And as Mateusz Viste states – “LISP is not going to rule the Internet tomorrow, nor the day after that.“

Border 6 LISP process

The NSI device registers itself with a MAP server. A LISP Map server is a LISP infrastructure device that advertises host prefixes that are advertising to it. The registration process involves sending the customer’s prefix to the MAP server. When other LISP participants need to send a packet to the customer’s prefix, they query the MAP server for its location. The MAP server, in turn, relays it to the NSI device.

NSI identifies who is asking (what remote prefix), and responds with the correct RLOC device. RLOCs identify the location of the prefix. The selection of RLOC is based on where transit gateway Border 6 prefers. This requires LISP tunnels on every customer’s edge routers, making it possible for external entities to send LISP-tunneled packets. Until LISP becomes widely available, Border6 continues other working practices to optimize inbound traffic flows, shortest AS-Path, community tagging, and auto-shutdown of defective links.

Other Inbound Optimizations

Standard AS-PATH prepending is a well-known BGP path engineering method. BGP selects paths with the shortest AS path. Setting multiple AS entries to a prefix, announced to each of your transits, will affect inbound traffic flow. Community tagging – is a “work-in-progress” project due this year. Essentially, they can add custom-defined communities to the selected prefix.

Transit providers can match these communities and partially re-announce them. Effectively, this is traffic engineering for inbound flow. Auto-shutdown of defective links—when NSI detects a failure on one of your transit, it can shut down the BGP session (via SSH access on your router), preventing announcements of your prefix via particular links.

NSI route limiter

RAM and CPU are critical components of router resources and should always be protected. Routers at the edge may need to accept large portions of the BGP table, maybe the entire BGP table, consuming many router resources. The global IPv4 routing table has surpassed the 500 thousand route benchmark. We are quickly reaching the hard forwarding capacity limits of many popular routers. NSI has a nice feature known as a route limiter.

It is used for routers that can not accept large BGP tables due to memory or other constraints. NSI can feed low-end customer edge routers routes that NSI selects to match destinations where you send traffic. This frees up RAM and CPU for additional control and data plane tasks. It also lets you use cheaper Layer 3 switches, such as Cumulus or Brocade. Make your WAN edge and BGP platform a proper BGP SDN-powered solution.

Software-defined networking (SDN) has revolutionized network traffic optimization by giving administrators unprecedented control and flexibility. With its centralized control, dynamic traffic engineering capabilities, and ability to prioritize critical traffic, SDN enables organizations to improve network performance, reduce congestion, and enhance the overall user experience. As the demand for data continues to grow, SDN will play a crucial role in ensuring efficient network traffic management in the digital era.

Summary: SDN Traffic Optimizations

In today’s rapidly evolving digital landscape, efficient network traffic management is crucial for businesses to stay competitive. Software-defined networking (SDN) is a game-changing technology that revolutionizes how networks are designed, operated, and optimized. In this blog post, we explored the world of SDN traffic optimizations, uncovering its benefits and highlighting practical strategies for maximizing network performance.

Understanding SDN Traffic Optimizations

SDN traffic optimizations involve leveraging the programmability and flexibility of SDN architectures to enhance network efficiency. By separating the control plane from the data plane, SDN empowers network administrators to manage dynamically and direct traffic flows, making it possible to prioritize critical applications, balance loads, and enforce quality of service (QoS) policies. This newfound agility and control allow businesses unprecedented opportunities to optimize their network performance.

Key Strategies for SDN Traffic Optimizations

Traffic Engineering: SDN enables intelligent traffic engineering by allowing administrators to define traffic paths based on real-time conditions. Through centralized control and programmability, traffic can be dynamically routed, avoiding congestion points and taking advantage of available resources. This results in optimized network utilization and improved end-user experience.

QoS Enforcement: Prioritizing traffic based on application requirements ensures optimal performance. SDN traffic optimizations allow for granular QoS enforcement, enabling administrators to allocate bandwidth, manage latency, and control packet loss. This level of control ensures that critical applications receive the necessary resources, guaranteeing a consistent and reliable user experience.

Load Balancing: SDN makes load balancing more intelligent and efficient. By monitoring network conditions in real time, SDN controllers can distribute traffic across multiple paths, avoiding bottlenecks and optimizing resource utilization. Load balancing algorithms can be tailored to specific network requirements, ensuring that traffic is evenly distributed and maximizing overall network performance.

Case Studies: Real-World Examples of SDN Traffic Optimizations

Healthcare Sector: With the increasing reliance on digital healthcare systems, SDN traffic optimizations have proven invaluable in ensuring the seamless delivery of critical patient data. By prioritizing traffic flows, healthcare providers can guarantee timely access to medical records, reduce latency in telemedicine applications, and enhance overall network performance.

Enterprise Data Centers: Large-scale data centers face significant challenges in managing complex traffic patterns. SDN traffic optimizations offer a scalable and efficient solution by dynamically routing traffic based on real-time conditions. This reduces congestion, improves application response times, and enhances overall data center performance.

Conclusion:

SDN traffic optimizations have emerged as a transformative technology, empowering businesses to take control of their networks like never before. By leveraging the programmability and flexibility of SDN architectures, organizations can optimize network performance, improve user experience, and gain a competitive edge in today’s digital landscape. Embracing SDN traffic optimizations is a strategic investment that unlocks the true potential of network infrastructure.

WAN SDN

May 11, 2015

by Matt Conran Blog

WAN SDN

In today's fast-paced digital world, organizations constantly seek ways to optimize their network infrastructure for improved performance, scalability, and cost efficiency. One emerging technology that has gained significant traction is WAN Software-Defined Networking (SDN). By decoupling the control and data planes, WAN SDN provides organizations unprecedented flexibility, agility, and control over their wide area networks (WANs). In this blog post, we will delve into the world of WAN SDN, exploring its key benefits, implementation considerations, and real-world use cases.

WAN SDN is a network architecture that allows organizations to manage and control their wide area networks using software centrally. Traditionally, WANs have been complex and time-consuming to configure, often requiring manual network provisioning and management intervention. However, with WAN SDN, network administrators can automate these tasks through a centralized controller, simplifying network operations and reducing human errors.

1. Enhanced Agility: WAN SDN empowers network administrators with the ability to quickly adapt to changing business needs. With programmable policies and dynamic control, organizations can easily adjust network configurations, prioritize traffic, and implement changes without the need for manual reconfiguration of individual devices.

2. Improved Scalability: Traditional wide area networks often face scalability challenges due to the complex nature of managing numerous remote sites. WAN SDN addresses this issue by providing centralized control, allowing for streamlined network expansion, and efficient resource allocation.

3. Optimal Resource Utilization: WAN SDN enables organizations to maximize their network resources by intelligently routing traffic and dynamically allocating bandwidth based on real-time demands. This ensures that critical applications receive the necessary resources while minimizing wastage.

1. Multi-site Enterprises: WAN SDN is particularly beneficial for organizations with multiple branch locations. It allows for simplified network management across geographically dispersed sites, enabling efficient resource allocation, centralized security policies, and rapid deployment of new services.

2. Cloud Connectivity: WAN SDN plays a crucial role in connecting enterprise networks with cloud service providers. It offers seamless integration, secure connections, and dynamic bandwidth allocation, ensuring optimal performance and reliability for cloud-based applications.

3. Service Providers: WAN SDN can revolutionize how service providers deliver network services to their customers. It enables the creation of virtual private networks (VPNs) on-demand, facilitates network slicing for different tenants, and provides granular control and visibility for service-level agreements (SLAs).

In conclusion, WAN SDN represents a paradigm shift in wide area network management. Its ability to centralize control, enhance agility, and optimize resource utilization make it a game-changer for modern networking infrastructures. As organizations continue to embrace digital transformation and demand more from their networks, WAN SDN will undoubtedly play a pivotal role in shaping the future of networking.

Matt Conran

Highlights: WAN SDN

Application Challenges

Compared to a network-centric model, business intent-based WAN networks have great potential. By using a WAN architecture, applications can be deployed and managed more efficiently. However, application services topologies must replace network topologies. Supporting new and existing applications on the WAN is a common challenge for network operations staff. Applications such as these consume large amounts of bandwidth and are extremely sensitive to variations in bandwidth quality. Improving the WAN environment for these applications is more critical due to jitter, loss, and delay.

WAN SLA

In addition, cloud-based applications such as Enterprise Resource Planning (ERP) and Customer Relationship Management (CRM) are increasing bandwidth demands on the WAN. As cloud applications require increasing bandwidth, provisioning new applications and services is becoming increasingly complex and expensive. In today’s business environment, WAN routing and network SLAs are controlled by MPLS L3VPN service providers. As a result, they are less able to adapt to new delivery methods, such as cloud-based and SaaS-based applications.

These applications could take months to implement in service providers’ environments. These changes can also be expensive for some service providers, and some may not be made at all. There is no way to instantiate VPNs independent of underlying transport since service providers control the WAN core. Implementing differentiated service levels for different applications becomes challenging, if not impossible.

Transport Independance: Hybrid WAN

The hybrid WAN concept was born out of this need. An alternative path that applications can take across a WAN environment is provided by hybrid WAN, which involves businesses acquiring non-MPLS networks and adding them to their LANs. Business enterprises can control these circuits, including routing and application performance. VPN tunnels are typically created over the top of these circuits to provide secure transport over any link. 4G/LTE, L2VPN, commodity broadband Internet, and L2VPN are all examples of these types of links.

As a result, transport independence is achieved. In this way, any transport type can be used under the VPN, and deterministic routing and application performance can be achieved. These commodity links can be used to transmit some applications rather than the traditionally controlled L3VPN MPLS links provided by service providers.

DMVPN configuration — Diagram: DMVPN Configuration

SDN and APIs

WAN SDN is a modern approach to network management that uses a centralized control model to manage, configure, and monitor large and complex networks. It allows network administrators to use software to configure, monitor, and manage network elements from a single, centralized system. This enables the network to be managed more efficiently and cost-effectively than traditional networks.

SDN uses an application programming interface (API) to abstract the underlying physical network infrastructure, allowing for more agile network control and easier management. It also enables network administrators to configure and deploy services from a centralized location rapidly. This enables network administrators to respond quickly to changes in traffic patterns or network conditions, allowing for more efficient use of resources.

Scalability and Automation

SDN also allows for improved scalability and automation. Network administrators can quickly scale up or down the network by leveraging automated scripts depending on its current needs. Automation also enables the network to be maintained more rapidly and efficiently, saving time and resources.

Before you proceed, you may find the following posts helpful:

SDN Internet Key WAN SDN Discussion Points:	Introduction to WAN SDN and what is involved. Highlighting the challenges of a traditional WAN design. Critical points on the rise of WAN SDN. Technical details Internet measurements. The LISP protocol.

Back to Basics with WAN SDN

A Deterministic Solution

Technology typically starts as a highly engineered, expensive, deterministic solution. As the marketplace evolves and competition rises, the need for a non-deterministic, inexpensive solution comes into play. We see this throughout history. First, mainframes were/are expensive, and with the arrival of a microprocessor personal computer, the client/server model was born. The Static RAM ( SRAM ) technology was replaced with cheaper Dynamic RAM ( DRAM ). These patterns consistently apply to all areas of technology.

Finally, deterministic and costly technology is replaced with intelligent technology using redundancy and optimization techniques. This process is now appearing in Wide Area Networks (WAN). Now, we are witnessing changes to routing space with the incorporation of Software Defined Networking (SDN) and BGP (Border Gateway Protocol). By combining these two technologies, companies can now perform intelligent routing, aka SD-WAN path selection, with an SD WAN Overlay

A key point: SD-WAN Path Selection

SD-WAN path selection is essential to a Software-Defined Wide Area Network (SD-WAN) architecture. SD-WAN path selection selects the most optimal network path for a given application or user. This process is automated and based on user-defined criteria, such as latency, jitter, cost, availability, and security. As a result, SD-WAN can ensure that applications and users experience the best possible performance by making intelligent decisions on which network path to use.

When selecting the best path for a given application or user, SD-WAN looks at the quality of the connection and the available bandwidth. It then looks at the cost associated with each path. Cost can be a significant factor when selecting a path, especially for large enterprises or organizations with multiple sites.

SD-WAN can also prioritize certain types of traffic over others. This is done by assigning different weights or priorities for various kinds of traffic. For example, an organization may prioritize voice traffic over other types of traffic. This ensures that voice traffic has the best possible chance of completing its journey without interruption.

Diagram: SD WAN traffic steering. Source Cisco.

Back to basics with DMVPN

Wide Area Network (WAN) DMVPN (Dynamic Multipoint Virtual Private Network) is a type of Virtual Private Network (VPN) that uses an underlying public network, such as the Internet, to transport data between remote sites. It provides a secure, encrypted connection between two or more private networks, allowing them to communicate over the public network without establishing a dedicated physical connection.

Critical Benefits of WAN SDN:

Enhanced Network Flexibility:

WAN SDN enables organizations to dynamically adapt their network infrastructure to meet changing business requirements. Network administrators can quickly respond to network demands through programmable policies and automated provisioning, ensuring optimal performance and resource allocation.

Improved Network Agility:

By separating the control and data planes, WAN SDN allows for faster decision-making and network reconfiguration. This agility enables organizations to rapidly deploy new services, adjust network traffic flows, and optimize bandwidth utilization, ultimately enhancing overall network performance.

Cost Efficiency:

WAN SDN eliminates manual configuration and reduces the complexity associated with traditional network management approaches. This streamlined network management saves costs through reduced operational expenses, improved resource utilization, and increased network efficiency.

Critical Considerations for Implementation:

Network Security:

When adopting WAN SDN, organizations must consider the potential security risks associated with software-defined networks. Robust security measures, including authentication, encryption, and access controls, should be implemented to protect against unauthorized access and potential vulnerabilities.

Staff Training and Expertise:

Implementing WAN SDN requires skilled network administrators proficient in configuring and managing the software-defined network infrastructure. Organizations must train and upskill their IT teams to ensure successful implementation and ongoing management.

Real-World Use Cases:

Multi-Site Connectivity:

WAN SDN enables organizations with multiple geographically dispersed locations to connect their sites seamlessly. Administrators can prioritize traffic, optimize bandwidth utilization, and ensure consistent network performance across all locations by centrally controlling the network.

Cloud Connectivity:

With the increasing adoption of cloud services, WAN SDN allows organizations to connect their data centers to public and private clouds securely and efficiently. This facilitates smooth data transfers, supports workload mobility, and enhances cloud performance.

Disaster Recovery:

WAN SDN simplifies disaster recovery planning by allowing organizations to reroute network traffic dynamically during a network failure. This ensures business continuity and minimizes downtime, as the network can automatically adapt to changing conditions and reroute traffic through alternative paths.

The Rise of WAN SDN

The foundation for business and cloud services are crucial elements of business operations. The transport network used for these services is best efforts, weak, and offers no guarantee of an acceptable delay. More services are being brought to the Internet, yet the Internet is managed inefficiently and cheaply.

Every Autonomous System (AS) acts independently, and there is a price war between transit providers, leading to poor quality of transit services. Operating over this flawed network, customers must find ways to guarantee applications receive the expected level of quality.

Border Gateway Protocol (BGP), the Internet’s glue, has several path selection flaws. The main drawback of BGP is the routing paradigm relating to the path-selection process. BGP default path selection is based on Autonomous System (AS) Path length; prefer the path with the shortest AS_PATH. It misses the shape of the network with its current path selection process. It does not care if propagation delay, packet loss, or link congestion exists. It resulted in long path selection and utilizing paths potentially experiencing packet loss.

Example: WAN SDN with Border6

Border6 is a French company that started in 2012. It offers non-stop internet and an integrated WAN SDN solution, influencing BGP to perform optimum routing. It’s not a replacement for BGP but a complementary tool to enhance routing decisions. For example, it automates changes in routing in cases of link congestion/blackouts.

“The agile way of improving BGP paths by the Border 6 tool improves network stability” Brandon Wade, iCastCenter Owner.

As the Internet became more popular, customers wanted to add additional intelligence to routing. Additionally, businesses require SDN traffic optimizations, as many run their entire service offerings on top of it.

What is non-stop internet?

Border6 offers an integrated WAN SDN solution with BGP that adds intelligence to outbound routing. A common approach when designing SDN in real-world networks is to prefer that SDN solutions incorporate existing field testing mechanisms (BGP) and not reinvent all the wheels ever invented. Therefore, the border6 approach to influence BGP with SDN is a welcomed and less risky approach to implementing a greenfield startup. In addition, Microsoft and Viptela use the SDN solution to control BGP behavior.

Border6 uses BGP to guide what might be reachable. Based on various performance metrics, they measure how well paths perform. They use BGP to learn the structure of the Internet and then run their algorithms to determine what is essential for individual customers. Every customer has different needs to reach different subnets. Some prefer costs; others prefer performance.

They elect several interesting “best” performing prefixes, and the most critical prefixes are selected. Next, they find probing locations and measure the source with automatic probes to determine the best path. All these tools combined enhance the behavior of BGP. Their mechanism can detect if an ISP has hardware/software problems, drops packets, or rerouting packets worldwide.

Thousands of tests per minute

The Solution offers the best path by executing thousands of tests per minute and enabling results to include the best paths for packet delivery. Outputs from the live probing of path delays and packet loss inform BGP on which path to route traffic. The “best path” is different for each customer. It depends on the routing policy the customer wants to take. Some customers prefer paths without packet loss; others wish to cheap costs or paths under 100ms. It comes down to customer requirements and the applications they serve.

BGP – Unrelated to Performance

Traditionally, BGP gets its information to make decisions based on data unrelated to performance. Broder 6 tries to correlate your packet’s path to the Internet by choosing the fastest or cheapest link, depending on your requirements.

They are taking BGP data service providers and sending them as a baseline. Based on that broad connectivity picture, they have their measurements – lowest latency, packets lost, etc.- and adjust the data from BGP to consider these other measures. They were, eventually, performing optimum packet traffic forwarding. They first look at Netflow or Sflow data to determine what is essential and use their tool to collect and aggregate the data. From this data, they know what destinations are critical to that customer.

BGP for outbound | Locator/ID Separation Protocol (LISP) for inbound

Border6 products relate to outbound traffic optimizations. It can be hard to influence inbound traffic optimization with BGP. Most AS behave selfishly and optimize the traffic in their interest. They are trying to provide tools that help AS optimize inbound flows by integrating their product set with the Locator/ID Separation Protocol (LISP). The diagram below displays generic LISP components. It’s not necessarily related to Border6 LISP design.

LISP decouples the address space so you can optimize inbound traffic flows. Many LISP uses cases are seen with active-active data centers and VM mobility. It decouples the “who” and the “where,” which allows end-host addressing not to correlate with the actual host location. The drawback is that LISP requires endpoints that can build LISP tunnels.

Currently, they are trying to provide a solution using LISP as a signaling protocol between Border6 devices. They are also working on performing statistical analysis for data received to mitigate potential denial-of-service (DDoS) events. More DDoS algorithms are coming in future releases.

Conclusion:

WAN SDN is revolutionizing how organizations manage and control their wide area networks. WAN SDN enables organizations to optimize their network infrastructure to meet evolving business needs by providing enhanced flexibility, agility, and cost efficiency.

However, successful implementation requires careful consideration of network security, staff training, and expertise. With real-world use cases ranging from multi-site connectivity to disaster recovery, WAN SDN holds immense potential for organizations seeking to transform their network connectivity and unlock new opportunities in the digital era.

Summary: WAN SDN

In today’s digital age, where connectivity and speed are paramount, traditional Wide Area Networks (WANs) often fall short of meeting the demands of modern businesses. However, a revolutionary solution that promises to transform how we think about and utilize WANs has emerged. Enter Software-Defined Networking (SDN), a paradigm-shifting approach that brings unprecedented flexibility, efficiency, and control to WAN infrastructure.

Understanding SDN

At its core, SDN is a network architecture that separates the control plane from the data plane. By decoupling network control and forwarding functions, SDN enables centralized management and programmability of the entire network, regardless of its geographical spread. Traditional WANs relied on complex and static configurations, but SDN introduced a level of agility and simplicity that was previously unimaginable.

Benefits of SDN for WANs

Enhanced Flexibility

SDN empowers network administrators to dynamically configure and customize WANs based on specific requirements. With a software-based control plane, they can quickly implement changes, allocate bandwidth, and optimize traffic routing, all in real time. This flexibility allows businesses to adapt swiftly to evolving needs and drive innovation.

Improved Efficiency

By leveraging SDN, WANs can achieve higher levels of efficiency through centralized management and automation. Network policies can be defined and enforced holistically, reducing manual configuration efforts and minimizing human errors. Additionally, SDN enables the intelligent allocation of network resources, optimizing bandwidth utilization and enhancing overall network performance.

Enhanced Security

Security threats are a constant concern in any network infrastructure. SDN brings a new layer of security to WANs by providing granular control over traffic flows and implementing sophisticated security policies. With SDN, network administrators can easily monitor, detect, and mitigate potential threats, ensuring data integrity and protecting against unauthorized access.

Use Cases and Implementation Examples

Dynamic Multi-site Connectivity

SDN enables seamless connectivity between multiple sites, allowing businesses to establish secure and scalable networks. With SDN, organizations can dynamically create and manage virtual private networks (VPNs) across geographically dispersed locations, simplifying network expansion and enabling agile resource allocation.

Cloud Integration and Hybrid WANs

Integrating SDN with cloud services unlocks a whole new level of scalability and flexibility for WANs. By combining SDN with cloud-based infrastructure, organizations can easily extend their networks to the cloud, access resources on demand, and leverage the benefits of hybrid WAN architectures.

Conclusion:

With its ability to enhance flexibility, improve efficiency, and bolster security, SDN is ushering in a new era for Wide-Area Networks (WANs). By embracing the power of software-defined networking, businesses can overcome the limitations of traditional WANs and build robust, agile, and future-proof network infrastructures. It’s time to embrace the SDN revolution and unlock the full potential of your WAN.

Low Latency Network Design

March 22, 2015

by Matt Conran Blog

Low Latency Network Design

In today's fast-paced digital world, where milliseconds can make a significant difference, achieving low latency in network design has become paramount. Whether it's for financial transactions, online gaming, or real-time communication, minimizing latency can enhance user experience and improve overall network performance. In this blog post, we will explore the key principles and strategies behind low latency network design.

Latency, often referred to as network delay, is the time it takes for a data packet to travel from its source to its destination. It encompasses various factors such as propagation delay, transmission delay, and processing delay. By comprehending the different components of latency, we can better grasp the importance of low latency network design.

One of the foundational elements of achieving low latency is by optimizing the hardware and infrastructure components of the network. This involves using high-performance routers and switches, reducing the number of network hops, and employing efficient cabling and interconnectivity solutions. By eliminating bottlenecks and implementing cutting-edge technology, organizations can significantly reduce latency.

Efficiently managing network traffic is crucial for minimizing latency. Implementing Quality of Service (QoS) mechanisms enables prioritization of critical data packets, ensuring they receive preferential treatment and are delivered promptly. Additionally, traffic shaping and load balancing techniques can help distribute network load evenly, preventing congestion and reducing latency.

Content Delivery Networks play a vital role in low latency network design, particularly for websites and applications that require global reach. By strategically distributing content across various geographically dispersed servers, CDNs minimize the distance between users and data sources, resulting in faster response times and reduced latency.

Edge Computing: The emergence of edge computing has revolutionized low latency network design. By moving computational resources closer to end-users or data sources, edge computing reduces the round-trip time for data transmission, resulting in ultra-low latency. With the proliferation of Internet of Things (IoT) devices and real-time applications, edge computing is becoming increasingly essential for delivering seamless user experiences.

In conclusion, low latency network design is a critical aspect of modern networking. By understanding the different components of latency and implementing strategies such as optimizing hardware and infrastructure, network traffic management, leveraging CDNs, and adopting edge computing, organizations can unlock the power of low latency. Embracing these principles not only enhances user experience but also provides a competitive advantage in an increasingly interconnected world.

Matt Conran

Highlights: Low Latency Network Design

A New Operational Model

We are now all moving in the direction of the cloud. The requirement is for large data centers that are elastic and scalable. The result of these changes, which are influenced by innovations and methodology in the server/application world, is that the network industry is experiencing a new operational model. Provisioning must be quick, and designers look to automate network configuration more systematically and in a less error-prone programmatic way. It is challenging to meet these new requirements with traditional data center designs.

Changing Traffic Flow

Traffic flow has changed, and we have a lot of east-to-west traffic. Existing data center designs focus on north-to-south flows. East-to-west traffic requires changing the architecture from an aggregating-based model to a massive multipathing model. Referred to as Clos networks, leaf and spine designs allow building huge networks with reasonably sized equipment, enabling low-latency network design.

Example: High-Performance Switch: Cisco Nexus 3000 Series

Featuring switch-on-a-chip (SoC) architecture, the Cisco Nexus 3000 Series switches offer 1 gigabit, 10 gigabit, 40 gigabit, 100 gigabit and 400 gigabit Ethernet capabilities. This series of switches provides line-rate Layer 2 and 3 performance and is suitable for ToR architectures. Combining high performance and low latency with innovations in performance visibility, automation, and time synchronization, this series of switches has established itself as a leader in high-frequency trading (HFT), high-performance computing (HPC), and big data environments. Providing high performance, flexible connectivity, and extensive features, the Cisco Nexus 3000 Series offers 24 to 256 ports.

Latency In Networking. Key Low Latency Network Design Discussion Points:	Introduction to low latency network design and what is involved. Highlighting the details of the different data center latency requirements. Critical points on latency in networking. Technical details on oversubscription. Technical details on deep packet buffers.

Related: Before you proceed, you may find the following post helpful:

Forwarding Features	Control Features
Network and Storage integration	Bridging without STP
Multi pathing for Layer 2 and Layer 3	Integration with server virtualization
Low latency	Good MAC, ARP and L3 table size
Optimal Layer 3 forwarding	Deep packet buffers
Path isolation

Back to Basics: Network testing.

Network Testing

A stable network results from careful design and testing. Although many vendors often perform exhaustive systems testing and provide this via third-party testing reports, they cannot reproduce every customer’s environment. So, to determine your primary data center design, you must conduct your tests.

Effective testing is the best indicator of production readiness. On the other hand, ineffective testing may lead to a false sense of confidence, causing downtime. Therefore, you should adopt a structured approach to testing as the best way to discover and fix the defects in the least amount of time at the lowest possible cost.

1st Lab Guide: RSVP.

In this example, we will examine RSVP. Resource reservation signals the network and requests a specific bandwidth and delay required for a flow. When the reservation is successful, each network component (primarily routers) reserves the necessary bandwidth and delay.

First, we need to enable RSVP on all interfaces: ip rsvp bandwidth 128 64
Then, configure R1 to act like an RSVP host so it will send an RSVP send path message:
Finally. Configure R4 to respond to this reservation:

What is low latency?

Low latency is the ability of a computing system or network to respond with minimal delay. Actual low latency metrics vary according to the use case. So, what is a low-latency network? A low-latency network has been designed and optimized to reduce latency as much as possible. However, a low-latency network can only improve latency caused by factors outside the network.

We first have to consider latency jitters when they deviate unpredictably from an average; in other words, they are low at one moment and high at the next. For some applications, this unpredictability is more problematic than high latency. We also have ultra-low latency measured in nanoseconds, while low latency is measured in milliseconds. Therefore, ultra-low latency delivers a response much faster, with fewer delays than low latency.

Importance of Low Latency Network Design:

1. Improved User Experience: Low latency networks ensure seamless and uninterrupted communication, enabling users to access and transmit data more efficiently. This is particularly crucial in latency-sensitive applications where any delay can be detrimental.

2. Competitive Advantage: In today’s competitive business landscape, organizations that deliver faster and more responsive services gain a significant edge. Low latency networks enable companies to provide real-time services, enhancing customer satisfaction and loyalty.

3. Support for Emerging Technologies: Low latency networks form the backbone for emerging technologies such as the Internet of Things (IoT), autonomous vehicles, augmented reality (AR), and virtual reality (VR). These technologies require rapid data exchange and response times, which can only be achieved through low-latency network design.

Data Center Latency Requirements

Latency requirements

Intra-data center traffic flows concern us more with latency than outbound traffic flow. High latency between servers degrades performance and results in the ability to send less traffic between two endpoints. Low latency allows you to use as much bandwidth as possible.

A low-lay network design known as Ultra-low latency ( ULL ) data center design is the race to zero. The goal is to design as fast as possible with the lowest end-to-end latency. Latency on an IP/Ethernet switched network can be as low as 50 ns.

High-frequency trading ( HFT ) environments push for this trend, where providing information from stock markets with minimal delay is imperative. HFT environments are different than most DC designs and don’t support virtualization. The Port count is low, and servers are designed in small domains.

It is conceptually similar to how Layer 2 domains should be designed as small Layer 2 network pockets. Applications are grouped to match optimum traffic patterns where many-to-one conversations are reduced. This will reduce the need for buffering, increasing network performance. CX-1 cables are preferred over the more popular optical fiber.

Oversubscription

The optimum low-latency network design should consider and predict the possibility of congestion at critical network points. An unacceptable oversubscription example is a ToR switch with 20 Gbps traffic from servers but only 10 Gbps uplink. This will result in packet drops and poor application performance.

data center network design — Diagram: Data center network design and oversubscription

Previous data center designs were 3-tier aggregation model-based ( developed by Cisco ). Now, we are going for 2-tier models. The main design point for this model is the number of ports on the core; more ports on the core result in more extensive networks. Similar design questions would be a) how much routing and b) how much bridging will I implement c) where do I insert my network services modules?

We are now designing networks with lots of tiers—Clos Network. The concept comes from voice networks from around 1953, previously built voice switches with crossbar design. Clos designs give optimum any-to-any connectivity. They require low latency and non-blocking components. Every element should be non-blocking. Multipath technologies deliver a linear increase in oversubscription with each device failure and are better than architectures that degrade during failures.

Lossless transport

Data Center Bridging ( DCB ) offers standards for flow control and queuing. Even if your data center does not use (the Internet Small Computer System Interface) ISCSI, TCP elephant flows benefit from lossless transport, improving data center performance. However, research has shown that many TCP flows are below 100Mbps.

The remaining small percentage are elephant flows, which consume 80% of all traffic inside the data center. Due to their size and how TCP operates, when an elephant flows and experiences packet drops, it slows down, affecting network performance.

Distributed resource scheduling

VMmobiliy is a VMware tool used for distributed resource scheduling. Load from hypervisors is automatically spread to other underutilized VMs. Other use cases in cloud environments where DC requires dynamic workload placement, and you don’t know where the VM will be in advance.

If you want to retain sessions, keep them in the same subnet. Layer 3 VMotion is too slow as routing protocol convergence will always take a few seconds. In theory, you could optimize timers for routing protocol fast convergence, but in practice, Interior Gateway Protocols ( IGP ) give you eventual consistency.

VMmobiliy

Data Centers require bridging at layer 2 to retain the IP addresses for VMobility. The TCP stack currently has no separation between “who” and “where” you are; the IP address represents both functions. Future implementation with Locator/ID Separation Protocol ( LISP ) divides these two roles, but bridging for VMobility is required until fully implemented.

Spanning Tree Protocol ( STP )

Spanning Tree reduces bandwidth by 50%, and massive multipathing technologies allow you to scale without losing 50% of the link bandwidth. Data centers want to move VMs without distributing traffic flow. VMware has VMotion. Microsoft Hyper-V has Live migration.

Network convergence

The layer 3 network requires many events to be completed before it reaches a fully converged state. In layer 2, when the first broadcast is sent, every switch knows precisely where that switch has moved. There are no mechanisms with Layer 3 to do something similar. Layer 2 networks result in a large broadcast domain.

You may also experience large sub-optimal flows as the Layer 3 next hop will stay the same when you move the VM. Optimum Layer 3 forwarding – what Juniper is doing with Q fabric. Every Layer 3 switch has the same IP address; they can all serve as the next hop—resulting in optimum traffic flow.

The well-known steps in routing convergence.

Deep packet buffers

We have more DC traffic and elephant flows from distributed databases. Traffic is now becoming very bursty. We also have a lot of microburst traffic. The bursts are so short that they don’t register as high link utilization but are big enough to overflow packet buffers and cause drops. This type of behavior with TCP causes TCP slow start. A slow start with elephant flows is problematic for networks.

Key Considerations for Low Latency Network Design:

1. Network Infrastructure: To achieve low latency, network designers must optimize the infrastructure by reducing bottlenecks, eliminating single points of failure, and ensuring sufficient bandwidth capacity.

2. Proximity: Locating servers and data centers closer to end-users can significantly reduce latency. Data can travel faster by minimizing the physical distance, resulting in lower latency.

3. Traffic Prioritization: Prioritizing latency-sensitive traffic within the network can help ensure that critical data packets are given higher priority, reducing the overall latency.

4. Quality of Service (QoS): Implementing QoS mechanisms allows network administrators to allocate resources based on application requirements. By prioritizing latency-sensitive applications, low latency can be maintained.

5. Optimization Techniques: Various optimization techniques, such as caching, compression, and load balancing, can further reduce latency by minimizing the volume of data transmitted and distributing the workload efficiently.

Summary: Low Latency Network Design

In today’s fast-paced digital world, where every millisecond counts, the importance of low-latency network design cannot be overstated. Whether it’s online gaming, high-frequency trading, or real-time video streaming, minimizing latency has become crucial in delivering seamless user experiences. This blog post explored the fundamentals of low-latency network design and its impact on various industries.

Section 1: Understanding Latency

In the context of networking, latency refers to the time it takes for data to travel from its source to its destination. It is often measured in milliseconds (ms) and can be influenced by various factors such as distance, network congestion, and processing delays. By reducing latency, businesses can improve the responsiveness of their applications, enhance user satisfaction, and gain a competitive edge.

Section 2: The Benefits of Low Latency

Low latency networks offer numerous advantages across different sectors. In the financial industry, where split-second decisions can make or break fortunes, low latency enables high-frequency trading firms to execute trades with minimal delays, maximizing their profitability. Similarly, in online gaming, low latency ensures smooth gameplay and minimizes the dreaded lag that can frustrate gamers. Additionally, industries like telecommunication and live video streaming heavily rely on low-latency networks to deliver real-time communication and immersive experiences.

Section 3: Strategies for Low Latency Network Design

Designing a low-latency network requires careful planning and implementation. Here are some key strategies that can help achieve optimal latency:

Subsection: Network Optimization

By optimizing network infrastructure, including routers, switches, and cables, organizations can minimize data transmission delays. This involves utilizing high-speed, low-latency equipment and implementing efficient routing protocols to ensure data takes the most direct and fastest path.

Subsection: Data Compression and Caching

Reducing the size of data packets through compression techniques can significantly reduce latency. Additionally, implementing caching mechanisms allows frequently accessed data to be stored closer to the end-users, reducing the round-trip time and improving overall latency.

Subsection: Content Delivery Networks (CDNs)

Leveraging CDNs can greatly enhance latency, especially for global businesses. By distributing content across geographically dispersed servers, CDNs bring data closer to end-users, reducing the distance and time it takes to retrieve information.

Conclusion:

Low-latency network design has become a vital aspect of modern technology in a world driven by real-time interactions and instant gratification. By understanding the impact of latency, harnessing the benefits of low latency, and implementing effective strategies, businesses can unlock opportunities and deliver exceptional user experiences. Embracing low latency is not just a trend but a necessity for staying ahead in the digital age.

LISP Protocol and VM Mobility

November 15, 2014

by Matt Conran Blog

LISP Protocol and VM Mobility

The networking world is constantly evolving, with new technologies emerging to meet the demands of an increasingly connected world. One such technology that has gained significant attention is the LISP protocol. In this blog post, we will delve into the intricacies of the LISP protocol, exploring its purpose, benefits, and how it bridges the gap in modern networking and its use case with VM mobility.

LISP, which stands for Locator/ID Separation Protocol, is a network protocol that separates the identity of a device from its location. Unlike traditional IP addressing schemes, which rely on a tightly coupled relationship between the IP address and the device's physical location, LISP separates these two aspects, allowing for more flexibility and scalability in network design.

LISP, in simple terms, is a network protocol that separates the location of an IP address (Locator) from its identity (Identifier). By doing so, it provides enhanced flexibility, scalability, and security in managing network traffic. LISP accomplishes this by introducing two key components: the Mapping System (MS) and the Tunnel Router (TR). The MS maintains a database of mappings between Locators and Identifiers, while the TR encapsulates packets using these mappings for efficient routing.

VM mobility refers to the seamless movement of virtual machines across physical hosts or data centers. LISP Protocol plays a crucial role in enabling this mobility by decoupling the VM's IP address from its location. When a VM moves to a new host or data center, LISP dynamically updates the mappings in the MS, ensuring uninterrupted connectivity. By leveraging LISP, organizations can achieve live migration of VMs, load balancing, and disaster recovery with minimal disruption.

The combination of LISP Protocol and VM mobility brings forth a plethora of advantages. Firstly, it enhances network scalability by reducing the impact of IP address renumbering. Secondly, it enables efficient load balancing by distributing VMs across different hosts. Thirdly, it simplifies disaster recovery strategies by facilitating VM migration to remote data centers. Lastly, LISP empowers organizations with the flexibility to seamlessly scale their networks to meet growing demands.

While LISP Protocol and VM mobility offer significant benefits, there are a few challenges to consider. These include the need for proper configuration, compatibility with existing network infrastructure, and potential security concerns. However, the networking industry is consistently working towards addressing these challenges and further improving the LISP Protocol for broader adoption and seamless integration.

In conclusion, the combination of LISP Protocol and VM mobility opens up new horizons in network virtualization and mobility. By decoupling the IP address from its physical location, LISP enables organizations to achieve greater flexibility, scalability, and efficiency in managing network traffic. As the networking landscape continues to evolve, embracing LISP Protocol and VM mobility will undoubtedly pave the way for a more dynamic and agile networking infrastructure.

Matt Conran

Highlights: LISP Protocol and VM Mobility

How Does LISP Work

Locator Identity Separation Protocol ( LISP ) provides a set of functions that allow Endpoint identifiers ( EID ) to be mapped to an RLOC address space. The mapping between these two endpoints offers the separation of IP addresses into two numbering schemes ( similar to the “who” and the “where” analogy ), offering many traffic engineering and IP mobility benefits for the geographic dispersion of data centers beneficial for VM mobility.

LISP Components

The LISP protocol operates by creating a mapping system that separates the device’s Endpoint Identifier (EID), from its location, the Routing Locator (RLOC). This separation is achieved using a distributed database called the LISP Mapping System (LMS), which maintains the mapping between EIDs and RLOCs. When a packet is sent to a destination EID, it is encapsulated and routed based on the RLOC, allowing for efficient and scalable communication.

Before you proceed, you may find the following posts helpful:

VM Mobility Key LISP Protocol Discussion Points:	Introduction to the LISP Protocol and what is involved. Highlighting the details of the LISP traffic flow. Technical details on LAN extension considerations. LISP Extended Subnet and Across Subnet.

Back to basics with the Virtual Machine (VM).

Virtualization

Virtualization can be applied to subsystems such as disks and a whole machine. A virtual machine (VM) is implemented by adding a software layer to an actual device to sustain the desired virtual machine’s architecture. In general, a virtual machine can circumvent real compatibility and hardware resource limitations to enable a more elevated degree of software portability and flexibility.

In the dynamic world of modern computing, the ability to seamlessly move virtual machines (VMs) between different physical hosts has become a critical aspect of managing resources and ensuring optimal performance. This blog post explores VM mobility and its significance in today’s rapidly evolving computing landscape.

VM mobility refers to transferring a virtual machine from one physical host to another without disrupting operation. Virtualization technologies such as hypervisors make this capability possible, enabling the abstraction of hardware resources and allowing multiple VMs to coexist on a single physical machine.

LISP and VM Mobility

The Locator/Identifier Separation Protocol (LISP) is an innovative networking architecture that decouples the identity (Identifier) of a device or VM from its location (Locator). By separating the two, LISP provides a scalable and flexible solution for VM mobility.

How LISP Enhances VM Mobility:

1. Improved Scalability:

LISP introduces a level of indirection by assigning Endpoint Identifiers (EIDs) to VMs. These EIDs act as unique identifiers, allowing VMs to retain their identity even when moved to different locations. This enables enterprises to scale their VM deployments without worrying about the limitations imposed by the underlying network infrastructure.

2. Seamless VM Mobility:

LISP simplifies moving VMs by abstracting the location information using Routing Locators (RLOCs). When a VM is migrated, LISP updates the mapping between the EID and RLOC, allowing the VM to maintain uninterrupted connectivity. This eliminates the need for complex network reconfigurations, reducing downtime and improving overall agility.

3. Load Balancing and Disaster Recovery:

LISP enables efficient load balancing and disaster recovery strategies by providing the ability to distribute VMs across multiple physical hosts or data centers. With LISP, VMs can be dynamically moved to optimize resource utilization or to ensure business continuity in the event of a failure. This improves application performance and enhances the overall resilience of the IT infrastructure.

4. Interoperability and Flexibility:

LISP is designed to be interoperable with existing network infrastructure, allowing organizations to gradually adopt the protocol without disrupting their current operations. It integrates seamlessly with IPv4 and IPv6 networks, making it a future-proof solution for VM mobility.

Basic LISP Traffic flow

A device ( S1 ) initiates a connection and wants to communicate with another external device ( D1 ). D1 is located in a remote network. S1 will create a packet with the EID of S1 as the source IP address and the EID of D1 as the destination IP address. As the packets flow to the network’s edge on their way to D1, they are met by an Ingress Tunnel Router ( ITR ).

The ITR maps the destination EID to a destination RLOC and then encapsulates the original packet with an additional header with the source IP address of the ITR RLOC and the destination IP address of the RLOC of an Egress Tunnel Router ( ETR ). The ETR is located on the remote site next to the destination device D1.

The magic is how these mappings are defined, especially regarding VM mobility. There is no routing convergence, and any changes to the mapping systems are unknown to the source and destination hosts. We are offering complete transparency.

LISP Terminology

LISP namespaces:

LSP Name Component	LISP Protocol Description
End-point Identifiers ( EID ) Addresses	The EID is allocated to an end host from an EID-prefix block. The EID associates where a host is located and identifies endpoints. The remote host obtains a destination the same way it obtains a normal destination address today, for example through DNS or SIP. The procedure a host uses to send IP packets does not change. EIDs are not routable.
Route Locator ( RLOC ) Addresses	The RLOC is an address or group of prefixes that map to an Egress Tunnel Router ( ETR ). Reachability within the RLOC space is achieved by traditional routing methods. The RLOC address must be routable.

LISP site devices:

LISP Component	LISP Protocol Description
Ingress Tunnel Router ( ITR )	An ITR is a LISP Site device that sits in a LISP site and receives packets from internal hosts. It in turn encapsulates them to remote LISP sites. To determine where to send the packet the ITR performs an EID-to-RLOC mapping lookup. The ITR should be the first-hop or default router within a site for the source hosts.
Egress Tunnel Router ( ETR )	An ETR is a LISP Site device that receives LISP-encapsulated IP packets from the Internet, decapsulates them, and forwards them to local EIDs at the site. An ETR only accepts an IP packet where the destination address is the “outer” IP header and is one of its own configured RLOCs. The ETR should be the last hop router directly connected to the destination.

LISP infrastructure devices:

LISP Component Name	LISP Protocol Description
Map-Server ( MS )	The map server contains the EID-to-RLOC mappings and the ETRs register their EIDs to the map server. The map-server advertises these, usually as an aggregate into the LISP mapping system.
Map-Resolver ( MR )	When resolving EID-to-RLOC mappings the ITRs send LISP Map-Requests to Map-Resolvers. The Map-Resolver is typically an Anycast address. This improves the mapping lookup performance by choosing the map-resolver that is topologically closest to the requesting ITR.
Proxy ITR ( PITR )	Provides connectivity to non-LISP sites. It acts like an ITR but does so on behalf of non-LISP sites.
Proxy ETR ( PETR )	Acts like an ETR but does so on behalf of LISP sites that want to communicate to destinations at non-LISP sites.

VM Mobility

LISP Host Mobility

LISP VM Mobility ( LISP Host Mobility ) functionality allows any IP address ( End host ) to move from its subnet to either a) a completely different subnet, known as “across subnet,” or b) an extension of its subnet in a different location, known as “extended subnet,” while keeping its original IP address.

When the end host carries its own Layer 3 address to the remote site, and the prefix is the same as the remote site, it is known as an “extended subnet.” Extended subnet mode requires a Layer 2 LAN extension. On the other hand, when the end hosts carry a different network prefix to the remote site, it is known as “across subnets.” When this is the case, a Layer 2 extension is not needed between sites.

LAN extension considerations

LISP does not remove the need for a LAN extension if a VM wants to perform a “hot” migration between two dispersed sites. The LAN extension is deployed to stretch a VLAN/IP subnet between separate locations. LISP complements LAN extensions with efficient move detection methods and ingress traffic engineering.

LISP works with all LAN extensions – whether back-to-back vPC and VSS over dark fiber, VPLS, Overlay Transport Virtualization ( OTV ), or Ethernet over MPLS/IP. LAN extension best practices should still be applied to the data center edges. These include but are not limited to – End-to-end Loop Prevention and STP isolation.

A LISP site with a LAN extension extends a single site across two physical data center sites. This is because the extended subnet functionality of LISP makes two DC sites a single LISP site. On the other hand, when LISP is deployed without a LAN extension, a single LISP site is not extended between two data centers, and we end up having separate LISP sites.

LISP extended subnet

VM mobility: LISP protocol and extended subnets

To avoid asymmetric traffic handling, the LAN extension technology must filter Hot Standby Router Protocol ( HSRP ) HELLO messages across the two data centers. This creates an active-active HSRP setup. HSRP localization optimizes egress traffic flows. LISP optimizes ingress traffic flows.

The default gateway and virtual MAC address must remain consistent in both data centers. This is because the moved VM will continue to send to the same gateway MAC address. This is accomplished by configuring the same HSRP gateway IP address and group in both data centers. When an active-active HSRP domain is used, re-ARP is not needed during mobility events.

The LAN extension technology must have multicast enabled to support the proper operation of LISP. Once a dynamic EID is detected, the multicast group IP addresses send a map-notify message by the xTR to all other xTRs. The multicast messages are delivered leveraging the LAN extension.

LISP across subnet

LISP across subnets requires the mobile VM to access the same gateway IP address, even if they move across subnets. This will prevent egress traffic triangulation back to the original data center. This can be achieved by manually setting the vMAC address associated with the HSRP group to be consistent across sites.

Proxy ARP must be configured under local and remote SVIs to correctly handle new ARP requests generated by the migrated workload. With this deployment, there is no need to deploy a LAN extension to stretch VLAN/IP between sites. This is why it is considered to address “cold” migration scenarios, such as Disaster Recovery ( DR ) or cloud bursting and workload mobility according to demands.

Benefits of LISP:

1. Scalability: By separating the identifier from the location, LISP provides a scalable solution for network design. It allows for hierarchical addressing, reducing the size of the global routing table and enabling efficient routing across large networks.

2. Mobility: LISP’s separation of identity and location mainly benefits mobile devices. As devices move between networks, their EIDs remain constant while the RLOCs are updated dynamically. This enables seamless mobility without disrupting ongoing connections.

3. Multihoming: LISP allows a device to have multiple RLOCs, enabling multihoming capabilities without complex network configurations. This ensures redundancy, load balancing, and improved network reliability.

4. Security: LISP provides enhanced security features, such as cryptographic authentication and integrity checks, to ensure the integrity and authenticity of the mapping information. This helps mitigate potential attacks, such as IP spoofing.

Applications of LISP:

1. Data Center Interconnection: LISP can interconnect geographically dispersed data centers, providing efficient and scalable communication between locations.

2. Internet of Things (IoT): With the exponential growth of IoT devices, LISP offers an efficient solution for managing these devices’ addressing and communication needs, ensuring seamless connectivity in large-scale deployments.

3. Content Delivery Networks (CDNs): LISP can optimize content delivery by allowing CDNs to cache content closer to end-users, reducing latency and improving overall performance.

The LISP protocol is a revolutionary technology that addresses the challenges of scalability, mobility, multi-homing, and security in modern networking. Its separation of identity and location opens up new possibilities for efficient and flexible network design. With its numerous benefits and versatile applications, LISP is poised to play a pivotal role in shaping the future of networking.

Summary: LISP Protocol and VM Mobility

LISP (Locator/ID Separation Protocol) and VM (Virtual Machine) Mobility are two powerful technologies that have revolutionized the world of networking and virtualization. In this blog post, we delved into the intricacies of LISP and VM Mobility, exploring their benefits, use cases, and seamless integration.

Understanding LISP

LISP, a groundbreaking protocol, separates the role of a device’s identity (ID) from its location (Locator). By decoupling these two aspects, LISP enables efficient routing and scalable network architectures. It provides a solution to overcome the limitations of traditional IP-based routing, enabling enhanced mobility and flexibility in network design.

Unraveling VM Mobility

VM Mobility, on the other hand, refers to the ability to seamlessly move virtual machines across different physical hosts or data centers without disrupting their operations. This technology empowers businesses with the flexibility to optimize resource allocation, enhance resilience, and improve disaster recovery capabilities.

The Synergy between LISP and VM Mobility

When LISP and VM Mobility join forces, they create a powerful combination that amplifies the benefits of both technologies. By leveraging LISP’s efficient routing and location independence, VM Mobility becomes even more agile and robust. With LISP, virtual machines can be effortlessly moved between hosts or data centers, maintaining seamless connectivity and preserving the user experience.

Real-World Applications

Integrating LISP and VM Mobility opens up various possibilities across various industries. In the healthcare sector, for instance, virtual machines hosting critical patient data can be migrated between locations without compromising accessibility or security. Similarly, in cloud computing, LISP and VM Mobility enable dynamic resource allocation, load balancing, and efficient disaster recovery strategies.

Conclusion:

In conclusion, combining LISP and VM Mobility ushers a new era of network agility and virtual machine management. Decoupling identity and location through LISP empowers organizations to seamlessly move virtual machines across different hosts or data centers, enhancing flexibility, scalability, and resilience. As technology continues to evolve, LISP and VM Mobility will undoubtedly play a crucial role in shaping the future of networking and virtualization.

IT engineers team workers character and data center concept. Vector flat graphic design isolated illustration

Internet Locator

October 27, 2014

by Matt Conran Blog

Internet Locator

In today's digitally connected world, the ability to locate and navigate through various online platforms has become an essential skill. With the advent of Internet Locator, individuals and businesses can now effortlessly explore the vast online landscape. In this blog post, we will delve into the concept of Internet Locator, its significance, and how it has revolutionized how we navigate the digital realm.

Routing table growth: There has been exponential growth in Internet usage, and the scalability of today's Internet routing system is now a concern. With more people surfing the web than ever, the underlying technology must be able to cope with demand.

Whereas in the past, getting an internet connection via some internet locator service could sometimes be expensive, nowadays, thanks to bundles that include telephone connections and streaming services, connecting to the web has never been more affordable. It is also important to note that routing table growth has a significant drive driving a need to reexamine internet connectivity.

Limitation in technologies: This has been met with the limitations and constraints of router technology and current Internet addressing architectures. If we look at the core Internet protocols that comprise the Internet, we have not experienced any significant change in over a decade.

The physical-layer mechanisms that underlie the Internet have radical changed, but only a small number of tweaks have been made to BGP and its transport protocol, TCP. Mechanisms such as MPLS were introduced to provide a workaround to IP limitations within the ISP. Still, Layer 3 or 4 has had no substantial change for over a decade.

Matt Conran

Highlights: Internet Locator

Path Selection

In the Forwarding Information Base (FIB), prefix length determines the path a packet should take. Routing information bases (RIBs), or routing tables, program the FIB. Routing protocol processes present routes to the RIB. Three components are involved in path selection:

In the subnet mask, the prefix length represents the number of leading binary bits in the on position.
An administrative distance rating (AD) indicates how trustworthy a routing information source is. It compares the AD if a router learns about a route to a destination from multiple routing protocols.
Routing protocols use metrics to calculate the best paths. Metrics vary from routing protocol to routing protocol.

Prefix Length

Here’s an example of how a router selects a route when the packet destination falls within the range of multiple routes. Consider a router with the following routes, each with a different prefix length:

10.0.3.0/28
10.0.3.0/26
10.0.3.0/24

There are a variety of prefix lengths (subnet masks) for these routes, also known as prefix routes. RIBs, also known as routing tables, contain all of the routes which are considered different destinations. Unless the prefix is connected to a network, the routing table includes the outgoing interface and the next-hop IP address.

Related: Before you proceed, you may find the following posts helpful:

Internet Locator Key Internet Locator Discussion Points:	Introduction to Internet Locator and what is involved. Highlighting the details of the default-free zone. Technical details on the LISP protocol and how this may help. Scenario: BGP in the DFZ. A final note on security.

Back to basics with the Internet

The Internet is often represented as a cloud. However, this needs to be clarified as there are few direct connections over the Internet. The Internet is also a partially distributed network. The Internet is decentralized, with many centers or nodes and direct or indirect links. There are also different types of networks out there on the Internet. For example, we have a centralized, decentralized, and distributed network.

The Internet is a conglomeration of independent systems representing organizations’ administrative authority and routing policies. Autonomous systems are made up of Layer 3 routers that run Interior Gateway Protocols (IGPs) such as Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS) within their borders and interconnect via an Exterior Gateway Protocol (EGP). The current Internet de facto standard EGP is the Border Gateway Protocol Version 4 (BGP-4), defined in RFC 1771.

1st Lab guide on BGP

In the following, we see a simple BGP design. BGP operated over TCP, more specifically, TCP port 179. BGP peers are created and can be iBGP or EBGP. In the screenshots below, we have an iBGP design. Remember that BGP is a Path Vector Protocol and utilizes a path vector protocol, which considers various factors while making routing decisions. These factors include the number of network hops, network policies, and path attributes such as AS path, next-hop, and origin.

1. Path Vector Protocol: BGP utilizes a path vector protocol, which considers various factors while making routing decisions. These factors include the number of network hops, network policies, and path attributes such as AS path, next-hop, and origin.

Internet Locator: Default Free Zone ( DFZ )

The first large-scale packet-switching network was ARPAnet- the modern Internet’s predecessor. It used a simplex protocol called Network Control Program ( NCP ). NCP combined addressing and transport into a single protocol. Many applications were built on top of NCP, which was very successful. However, it lacked flexibility. As a result, reliability was separated from addressing and packet transfer in the design of the Internet Protocol Suite, with IP being separated from TCP.

On the 1st of January 1983, ARPAnet officially rendered NCP and moved to a more flexible and powerful protocol suite – TCP/IP. The transition from NCP to TCP/IP was known as “flag day,” It was quickly done with only 400 nodes to recompute.

Today, a similar flag day is impossible due to the sheer size and scale of the Internet backbone. The requirement to change anything on the Internet is driven by necessity, and it’s usually slow to change such a vast network. For example, inserting an additional header into the protocol would impact IP fragmentation processing and congestion mechanism. Changing the semantics of IP addressing is problematic as the IP address has been used as an identifier to higher-level protocols and encoded in the application.

The driving forces of the DFZ

Many factors are driving the growth of the Default Free Zone ( DFZ ). These mainly include multi-homing, traffic engineering, and policy routing. The Internet Architecture Board ( IAB ) met on October 18-19th, 2006, and their key finding was that they needed to devise a scalable routing and addressing system. Such an addressing system must meet the current challenges of multi-homing and traffic engineering requirements.

Internet Locator: Locator/ID Separation Protocol ( LISP )

There has been some progress with the Locator/ID separation protocol ( LISP ) development. LISP is a routing architecture that redesigns the current addressing architecture. Traditional addressing architecture uses a single name, the IP address, to express two functions of a device.

The first function is its identity, i.e., who, and the second function is its location, i.e., where. LISP separates IP addresses into two namespaces: Endpoint Identifiers ( EIDs ), non-routable addresses assigned to hosts, and Routing Locators ( RLOCs), routable addresses assigned to routers that make up the global routing system.

internet locator — Internet locator with LISP

Separating these functions offers numerous benefits within a single protocol, one of which attempts to address the scalability of the Default Free Zone. In addition, LISP is a network-based implementation with most of the deployment at the network edges. As a result, LISP integrates well into the current network infrastructure and requires no changes to the end host stack.

2nd Lab guide on LISP.

In the following guide, we will look at a LISP network. These LISP protocol components include the following:

Map Registration and Map Notify.
Map Request and Map-Reply.
LISP Protocol Data Path.
Proxy ETR.
Proxy ITR.

LISP implements the use of two namespaces instead of a single IP address:

Endpoint identifiers (EIDs)—assigned to end hosts.
Routing locators (RLOCs) are assigned to devices (primarily routers) that comprise the global routing system.

Splitting EID and RLOC functions yields several advantages, including improved routing system scalability, multihoming efficiency, and ingress traffic engineering. With the command: show lisp site summary, site 1 consists of R1 and site 2 consists of R2. Each of these sites advertises its own EID-prefix. On R1, the tunnel router, we see the routing locator address 10.0.1.2. The RLOCs ( routing locators ) are interfaces on the tunnel routers.

Border Gateway Protocol (BGP) role in the DFZ

Border Gateway Protocol, or BGP, is an exterior gateway protocol that allows different autonomous systems (AS) to exchange routing information. It is designed to enable efficient communication between different networks and facilitate data exchange and traffic across the Internet.

Exchanging NLRI

BGP is the protocol used to exchange NLRI between devices on the Internet and is the most critical piece of Internet architecture. It is used to interconnect Autonomous systems on the Internet, and it holds the entire network together. Routes are exchanged between BGP speakers with UPDATE messages. The BGP routing table ( RIB ) now stands at over 520,000 routes.

Although some of this growth is organic, a large proportion is driven by prefix de-aggregation. Prefix de-aggregation leads to increased BGP UPDATE messages injected into the DFZ. UPDATE messages require protocol activity between routing nodes, which requires additional processing to maintain the state for the longer prefixes.

Excess churn exposes the network’s core to the edges’ dynamic nature. This detrimental impacts routing convergence since UPDATES need to be recomputed and downloaded from the RIB to the FIB. As a result, it is commonly viewed that the Internet is never fully converged.

Security in the DFZ

Security is probably the most significant Internet problem; no magic bullet exists. Instead, an arms race is underway as techniques used by attackers and defenders co-evolve. This is because the Internet was designed to move packets from A to B as fast as possible, irrespective of whether B wants any of those packets.

In 1997, a misconfigured AS7007 router flooded the entire Internet with /24 BGP routes. As a result, routing was globally disrupted for more than 1 hour as the more specific prefixes took precedence over the aggregated routes. In addition, more specific routes advertised from AS7007 to AS1239 attracted traffic from all over the Internet into AS1239, saturating its links and causing router crashes.

There are automatic measures to combat prefix hijacking, but they are not widely used or compulsory. The essence of BGP design allows you to advertise whatever NLRI you want, and it’s up to the connecting service provider to have the appropriate filtering in place.

Drawbacks to BGP

BGP’s main drawback concerning security is that it does not hide policy information, and by default, it doesn’t validate the source. However, as BGPv4 runs over TCP, it is not as insecure as many think. A remote intrusion into BGP would require guessing the correct TCP numbers to insert data, and most TCP/IP stacks have hard-to-predict TCP sequence numbers. To compromise BGP routing, a standard method is to insert a rogue router that must be explicitly configured in the target’s BGP configuration as a neighbor statement.

Significance of BGP:

1. Inter-Domain Routing: BGP is primarily used for inter-domain routing, enabling different networks to communicate and exchange traffic across the internet. It ensures that data packets reach their intended destinations efficiently, regardless of the AS they belong to.

2. Internet Service Provider (ISP) Connectivity: BGP is crucial for ISPs as it allows them to connect their networks with other ISPs. This connectivity enables end-users to access various online services, websites, and content hosted on different networks, regardless of geographical location.

3. Redundancy and Load Balancing: BGP’s dynamic routing capabilities enable network administrators to create redundant paths and distribute traffic across multiple links. This redundancy enhances network resilience and ensures uninterrupted connectivity even during link failures.

4. Internet Traffic Engineering: BGP plays a vital role in Internet traffic engineering, allowing organizations to optimize network traffic flow. By manipulating BGP attributes and policies, network administrators can influence the path selection process and direct traffic through preferred routes.

SDN Traffic Optimizations

Highlights: SDN Traffic Optimizations

Back to basics with BGP

Lab guide on BGP

BGP Inbound Traffic Engineering

SDN Traffic Optimizations and Border 6

Summary: SDN Traffic Optimizations

WAN SDN

Highlights: WAN SDN

Back to Basics with WAN SDN

Critical Benefits of WAN SDN:

Critical Considerations for Implementation:

Real-World Use Cases:

The Rise of WAN SDN

Example: WAN SDN with Border6

What is non-stop internet?

Thousands of tests per minute

Summary: WAN SDN

Low Latency Network Design

Highlights: Low Latency Network Design

Back to Basics: Network testing.

1st Lab Guide: RSVP.

What is low latency?

Importance of Low Latency Network Design:

Data Center Latency Requirements

Oversubscription

Lossless transport

Distributed resource scheduling

VMmobiliy

Spanning Tree Protocol ( STP )

Network convergence

Deep packet buffers

Key Considerations for Low Latency Network Design:

Summary: Low Latency Network Design

LISP Protocol and VM Mobility

Highlights: LISP Protocol and VM Mobility

Back to basics with the Virtual Machine (VM).

Basic LISP Traffic flow

LISP Terminology

LISP namespaces:

LISP site devices:

LISP infrastructure devices:

VM Mobility

LISP extended subnet

LISP across subnet

Summary: LISP Protocol and VM Mobility

Internet Locator

Highlights: Internet Locator

Back to basics with the Internet

1st Lab guide on BGP

Internet Locator: Default Free Zone ( DFZ )

Internet Locator: Locator/ID Separation Protocol ( LISP )

2nd Lab guide on LISP.

Border Gateway Protocol (BGP) role in the DFZ

Security in the DFZ

Quick Links

Contact

Subscribe Now