Difference between revisions of "Project Proposals/GPE VPN"
| Line 27: | Line 27: | ||
=== Overview === | === Overview === | ||
| − | |||
| − | + | Overlay Network Engine (ONE) is a project proposal for VPP to enable programmable dynamic Software Defined overlays. ONE uses an extended LISP-based map-assisted control plane to dynamically lookup overlay-to-underlay address mappings including forwarding policies on demand and as packets arrive. This includes policies such as connectivity, encryption, traffic engineering and virtual topologies, access control, and service chaining. The looked up mapping and forwarding policies are cached locally for a TTL period until they time out. The mapping and forwarding policy information is then used to encapsulate overlay packets towards their associated destinations or next hops, and forwarded onto the underlay. | |
| − | - | + | |
| − | + | ONE can use and operate a variety of encapsulation formats for the overlay including VXLAN-GPE (Generic Protocol Extension) [1], which is effectively merging VXLAN and LISP [2] encapsulations in a single format that supports multi-protocol payloads, GRE, etc. The control plane can be used to fetch the encapsulation capabilities of a destination as part of its mapping and forwarding policies. | |
| − | + | An external open SDN controller will be used as the mapping system to store and provide the mapping and forwarding policies. This mapping system is queried using the control protocol. | |
| − | + | ONE can use IPsec based encryption to secure the overlay if needed. Cryptographic parameters, can be provisioned on demand. | |
| − | + | ||
| − | + | ||
=== Data Plane Operations === | === Data Plane Operations === | ||
| − | + | ONE core data plane operations include: | |
| − | * Determining the location of the destination overlay endpoints, encapsulating data packets to the right destination location, and forwarding these packets onto the underlay network. | + | * Determining the location of the destination overlay endpoints (by using control plane lookups), encapsulating data packets to the right destination location, and forwarding these packets onto the underlay network. |
* De-capsulating encapsulated packets and forwarding the packets towards their associated destinations in the overlay. | * De-capsulating encapsulated packets and forwarding the packets towards their associated destinations in the overlay. | ||
| − | To enable dynamic encapsulation a map cache is used that maps flows in the overlay to the location(s) (IP address in the underlay network) of the next hop, or the destination endpoint, depending on the mapping/forwarding policy defined in the mapping system. | + | To enable dynamic encapsulation a local map cache is used that maps flows in the overlay to the location(s) (IP address in the underlay network) of the next hop, or the destination endpoint, depending on the mapping/forwarding policy defined in the mapping system. |
The map cache would support generic mappings such that the programmable overlay services can be used by a variety of packets and protocols (e.g. L2, L3, NSH [3]) [4]. Multi-homing and load balancing as well as segmentation based on a VNI/IID will be supported. | The map cache would support generic mappings such that the programmable overlay services can be used by a variety of packets and protocols (e.g. L2, L3, NSH [3]) [4]. Multi-homing and load balancing as well as segmentation based on a VNI/IID will be supported. | ||
| Line 55: | Line 51: | ||
=== Control Plane Operations === | === Control Plane Operations === | ||
| − | + | ONE will use an extended LISP-based protocol to dynamically lookup the mapping and forwarding policy resulting in the location of the next hop associated with this flow. This mapping information is then cached in the map cache for future use. Changes/updates to the cached mappings are pushed to VPP by the mapping system. | |
== Scope == | == Scope == | ||
Revision as of 23:12, 4 March 2016
Contents
Name
Overlay Network Engine (ONE)
Project Contact Name and Email
Florin Coras <fcoras@cisco.com>
Vina Ermagan <vermagan@cisco.com>
Repository Name
one
Description
Overview
Overlay Network Engine (ONE) is a project proposal for VPP to enable programmable dynamic Software Defined overlays. ONE uses an extended LISP-based map-assisted control plane to dynamically lookup overlay-to-underlay address mappings including forwarding policies on demand and as packets arrive. This includes policies such as connectivity, encryption, traffic engineering and virtual topologies, access control, and service chaining. The looked up mapping and forwarding policies are cached locally for a TTL period until they time out. The mapping and forwarding policy information is then used to encapsulate overlay packets towards their associated destinations or next hops, and forwarded onto the underlay.
ONE can use and operate a variety of encapsulation formats for the overlay including VXLAN-GPE (Generic Protocol Extension) [1], which is effectively merging VXLAN and LISP [2] encapsulations in a single format that supports multi-protocol payloads, GRE, etc. The control plane can be used to fetch the encapsulation capabilities of a destination as part of its mapping and forwarding policies.
An external open SDN controller will be used as the mapping system to store and provide the mapping and forwarding policies. This mapping system is queried using the control protocol.
ONE can use IPsec based encryption to secure the overlay if needed. Cryptographic parameters, can be provisioned on demand.
Data Plane Operations
ONE core data plane operations include:
- Determining the location of the destination overlay endpoints (by using control plane lookups), encapsulating data packets to the right destination location, and forwarding these packets onto the underlay network.
- De-capsulating encapsulated packets and forwarding the packets towards their associated destinations in the overlay.
To enable dynamic encapsulation a local map cache is used that maps flows in the overlay to the location(s) (IP address in the underlay network) of the next hop, or the destination endpoint, depending on the mapping/forwarding policy defined in the mapping system. The map cache would support generic mappings such that the programmable overlay services can be used by a variety of packets and protocols (e.g. L2, L3, NSH [3]) [4]. Multi-homing and load balancing as well as segmentation based on a VNI/IID will be supported.
The map cache is populated on demand using the LISP[4] map-request/map-reply protocol.
Control Plane Operations
ONE will use an extended LISP-based protocol to dynamically lookup the mapping and forwarding policy resulting in the location of the next hop associated with this flow. This mapping information is then cached in the map cache for future use. Changes/updates to the cached mappings are pushed to VPP by the mapping system.
Scope
Project scope includes data plane and control plane functions specified in the project description. This includes implementation of modules/nodes that enable dynamic encapsulation and de-capsulation of data packets starting with the GPE encapsulation format, the map cache, and the LISP control plane protocol for retrieval and update of the mapping and forwarding policies. The scope also includes integration with other components within VPP such as IPSec for encryption and NSH.
a) Implementation of plugins/graph nodes to allow dynamic mapping of network traffic to encaps (whatever encaps the mapping server tells us to use) b) Implementation of plugins/graph nodes to carry out those mappings c) Supporting tools, testing
Initial Committers
Florin Coras <fcoras@cisco.com> Lorand Jakab <lojakab@cisco.com> Ed Warnicke <eaw@cisco.com> Vina Ermagan <vermagan@cisco.com> Alberto Rodriguez Natal <arnatal@ac.upc.edu>
Vendor Neutral
This projects is vendor neutral and implements/uses open technologies and protocols such as GPE [1], LISP [2], IPSec, NSH [3].
Meets Board Policy (including IPR, being within Board defined Scope etc)
Meets board policy as expressed in Technical Community Charter and IP Policy
