pierventre | 517cd53 | 2021-10-12 22:58:00 +0200 | [diff] [blame] | 1 | .. _architecture_design: |
| 2 | |
Charles Chan | caebcf3 | 2021-09-20 22:17:52 -0700 | [diff] [blame] | 3 | Architecture and Design |
| 4 | ======================= |
Charles Chan | 10ad144 | 2021-10-05 16:57:26 -0700 | [diff] [blame] | 5 | |
| 6 | Architecture |
| 7 | ------------ |
| 8 | |
| 9 | Classic SDN |
| 10 | ^^^^^^^^^^^ |
| 11 | SD-Fabric operates as a hybrid L2/L3 fabric. As a pure (or classic) SDN solution, SD-Fabric does |
| 12 | not use any of the traditional control protocols typically found in networking, a non-exhaustive |
| 13 | list of which includes: STP, MSTP, RSTP, LACP, MLAG, PIM, IGMP, OSPF, IS-IS, Trill, RSVP, LDP |
| 14 | and BGP. Instead, SD-Fabric uses an SDN Controller (ONOS) decoupled from the data plane |
| 15 | hardware to directly program ASIC forwarding tables in a pipeline defined by a P4 program. In |
| 16 | this design, a set of applications running on ONOS program all the fabric functionality and |
| 17 | features, such as Ethernet switching, IP routing, mobile core user plane, multicast, DHCP Relay, |
| 18 | and more. |
| 19 | |
| 20 | |
| 21 | Topologies |
| 22 | ^^^^^^^^^^ |
| 23 | SD-Fabric supports a number of different topological variants. In its simplest instantiation, one |
| 24 | could use a single leaf or a leaf-pair to connect servers, external routers, and other equipment |
| 25 | like access nodes or physical appliances (PNFs). Such a deployment can also be scaled |
| 26 | horizontally into a leaf-and-spine fabric (2-level folded Clos), by adding 2 or 4 spines and up to |
| 27 | 10 leaves in single or paired configurations. Further scale can be achieved by distributing the |
| 28 | fabric itself across geographical regions, with spine switches in a primary central location, |
| 29 | connected to other spines in multiple secondary (remote) locations using WDM links. Such 4-level |
| 30 | topologies (leaf-spine-spine-leaf) can be used for backhaul in operator networks, where |
| 31 | the secondary locations are deeper in the network and closer to the end-user. In these |
| 32 | configurations, the spines in the secondary locations serve as aggregation devices that backhaul |
| 33 | traffic from the access nodes to the primary location which typically has the facilities for compute |
| 34 | and storage for NFV applications. |
| 35 | See :ref:`Topology` for details. |
| 36 | |
| 37 | |
| 38 | Redundancy |
| 39 | ^^^^^^^^^^ |
| 40 | SD-Fabric supports redundancy at every level. A leaf-spine fabric is redundant by design in the |
| 41 | spine layer, with the use of ECMP hashing and multiple spines. In addition, SD-Fabric supports |
| 42 | leaf pairs, where servers and external routers can be dual-homed to two ToRs in an active-active |
| 43 | configuration. In the control plane, some SDN solutions use single instance controllers, which are |
| 44 | single points of failure. Others use two controllers in active backup mode, which is redundant, |
| 45 | but may lack scale as all the work is still being done by one instance at any time and scale can |
| 46 | never exceed the capacity of one server. In contrast, SD-Fabric is based on ONOS, an SDN |
| 47 | controller that offers N-way redundancy and scale. An ONOS cluster with 3 or 5 instances are all |
| 48 | active nodes doing work simultaneously, and failure handling is fully automated and completely |
| 49 | handled by the ONOS platform. |
| 50 | |
| 51 | .. image:: images/arch-redundancy.png |
| 52 | :width: 350px |
| 53 | |
| 54 | MPLS Segment Routing (SR) |
| 55 | ^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 56 | While SR is not an externally supported feature, SD-Fabric architecture internally uses concepts |
| 57 | like globally significant MPLS labels that are assigned to each leaf and spine switch. The leaf |
| 58 | switches push an MPLS label designating the destination ToR (leaf) onto the IPv4 or IPv6 traffic, |
| 59 | before hashing the flows to the spines. In turn, the spines forward the traffic solely on the basis |
| 60 | of the MPLS labels. This design concept, popular in IP/MPLS WAN networks, has significant |
| 61 | advantages. Since the spines only maintain label state, it leads to significantly less programming |
| 62 | burden and better scale. For example, in one use case the leaf switches may each hold 100K+ |
| 63 | IPv4/v6 routes, while the spine switches need to be programmed with only 10s of labels! As a |
| 64 | result, completely different ASICs can be used for the leaf and spine switches; the leaves can |
| 65 | have bigger routing tables and deeper buffers while sacrificing switching capacity, while the |
| 66 | spines can have smaller tables with high switching capacity. |
| 67 | |
| 68 | Beyond Traditional Fabrics |
| 69 | -------------------------- |
| 70 | |
| 71 | .. image:: images/arch-features.png |
| 72 | :width: 700px |
| 73 | |
| 74 | While SD-Fabric offers advancements that go well beyond traditional fabrics, it is first helpful to |
| 75 | understand that SD-Fabric provides all the features found in network fabrics from traditional |
| 76 | networking vendors in order to make SD-Fabric compatible with all existing infrastructure |
| 77 | (servers, applications, etc.). |
| 78 | |
| 79 | At its core, SD-Fabric is a L3 fabric where both IPv4 and IPv6 packets are routed across server |
| 80 | racks using multiple equal-cost paths via spine switches. L2 bridging and VLANs are also |
| 81 | supported within each server rack, and compute nodes can be dual-homed to two Top-of-Rack |
| 82 | (ToR) switches in an active-active configuration (M-LAG). SD-Fabric assumes that the fabric |
| 83 | connects to the public Internet and the public cloud (or other networks) via traditional router(s). |
| 84 | SD-Fabric supports a number of other router features like static routes, multicast, DHCP L3 Relay |
| 85 | and the use of ACLs based on layer 2/3/4 options to drop traffic at ingress or redirect traffic via |
| 86 | Policy Based Routing. But SDN control greatly simplifies the software running on each switch, |
| 87 | and control is moved into SDN applications running in the edge cloud. |
| 88 | |
Carmelo Cascone | 4398998 | 2021-10-12 00:01:19 -0700 | [diff] [blame] | 89 | While these traditional switching/routing features are not particularly novel, SD-Fabric's |
Charles Chan | 10ad144 | 2021-10-05 16:57:26 -0700 | [diff] [blame] | 90 | fundamental embrace of programmable silicon offers advantages that go far beyond traditional |
| 91 | fabrics. |
| 92 | |
| 93 | Programmable Data Planes & P4 |
| 94 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
Carmelo Cascone | 4398998 | 2021-10-12 00:01:19 -0700 | [diff] [blame] | 95 | SD-Fabric's data plane is fully programmable. In marked contrast to traditional fabrics, features |
Charles Chan | 10ad144 | 2021-10-05 16:57:26 -0700 | [diff] [blame] | 96 | are not prescribed by switch vendors. This is made possible by P4, a high-level programming |
| 97 | language used to define the switch packet processing pipeline, which can be compiled to run at |
| 98 | line-rate on programmable ASICs like Intel Tofino (see https://opennetworking.org/p4/). P4 |
| 99 | allows operators to continuously evolve their network infrastructure by re-programming the |
| 100 | existing switches, rolling out new features and services on a weekly basis. In contrast, traditional |
| 101 | fabrics based on fixed-function ASICs are subject to extremely long hardware development |
| 102 | cycles (4 years on average) and require expensive infrastructure upgrades to support new features. |
| 103 | |
| 104 | SD-Fabric takes advantage of P4 programmability by extending the traditional L2/L3 pipeline for |
| 105 | switching and routing with specialized functions such as 4G/5G Mobile Core User Plane Function |
| 106 | (UPF) and Inband Network Telemetry (INT). |
| 107 | |
| 108 | 4G/5G Mobile Core User Plane Function (UPF) |
| 109 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 110 | Switches in SD-Fabric can be programmed to perform UPF functions at line rate. The L2/L3 |
| 111 | packet processing pipeline running on Intel Tofino switches has been extended to include |
| 112 | capabilities such as GTP-U tunnel termination, usage reporting, idle-mode buffering, QoS, slicing, |
| 113 | and more. Similar to vRouter, a new ONOS app abstracts the whole leaf-spine fabric as one big |
| 114 | UPF, providing integration with the mobile core control plane using a 3GPP-compliant |
| 115 | implementation of the Packet Forwarding Control Protocol (PFCP). |
| 116 | |
| 117 | With integrated UPF processing, SD-Fabric can implement a 4G/5G local breakout for edge |
| 118 | applications that is multi-terabit and low-latency, without taking away CPU processing power for |
| 119 | containers or VMs. In contrast to UPF solutions based on full or partial smartNIC offload, |
Carmelo Cascone | 4398998 | 2021-10-12 00:01:19 -0700 | [diff] [blame] | 120 | SD-Fabric's embedded UPF does not require additional hardware other than the same leaf and spine |
Charles Chan | 10ad144 | 2021-10-05 16:57:26 -0700 | [diff] [blame] | 121 | switches used to interconnect servers and base stations. At the same time, SD-Fabric can be |
| 122 | integrated with both CPU-based or smartNIC-based UPFs to improve scale while supporting |
| 123 | differentiated services on a hardware-based fast-path at line rate for mission critical 4G/5G |
| 124 | applications (see https://opennetworking.org/sd-core/ for more details). |
| 125 | |
| 126 | Visibility with Inband Network Telemetry (INT) |
| 127 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 128 | SD-Fabric comes with scalable support for INT, providing unprecedented visibility into how |
| 129 | individual packets are processed by the fabric. To this end, the P4-defined switch pipeline has |
| 130 | been extended with the ability to generate INT reports for a number of packet events and |
| 131 | anomalies, for example: |
| 132 | |
| 133 | - For each flow (5-tuple), it produces periodic reports to monitor the path in terms of which |
| 134 | switches, ports, queues, and end-to-end latency is introduced by each network hop |
| 135 | (switch). |
| 136 | - If a packet gets dropped, it generates a report carrying the switch ID and the drop reason |
| 137 | (e.g., routing table miss, TTL zero, queue congestion, and more). |
| 138 | - During congestion, it produces reports to reconstruct a snapshot of the queue at a given |
| 139 | time, making it possible to identify exactly which flow is causing delay or drops to other flows. |
| 140 | - For GTP-U tunnels, it produces reports about the inner flow, thus monitoring the |
| 141 | forwarding behavior and perceived QoS for individual UE flows. |
| 142 | |
Carmelo Cascone | 4398998 | 2021-10-12 00:01:19 -0700 | [diff] [blame] | 143 | SD-Fabric's INT implementation is compliant with the open source INT specification, and it has |
| 144 | been validated to work with Intel's DeepInsight performance monitoring solution, which acts as |
Charles Chan | 10ad144 | 2021-10-05 16:57:26 -0700 | [diff] [blame] | 145 | the collector of INT reports generated by switches. Moreover, to avoid overloading the INT |
Carmelo Cascone | 4398998 | 2021-10-12 00:01:19 -0700 | [diff] [blame] | 146 | collector and to minimize the overhead of INT reports in the fabric, SD-Fabric's data plane uses |
Charles Chan | 10ad144 | 2021-10-05 16:57:26 -0700 | [diff] [blame] | 147 | P4 to implement smart filters and triggers that drastically reduce the number of reports |
| 148 | generated, for example, by filtering out duplicates and by triggering report generation only in |
| 149 | case of meaningful anomalies (e.g., spikes in hop latency, path changes, drops, queue congestion, |
| 150 | etc.). In contrast to other sampling-based approaches which often allow some anomalies to go |
| 151 | undetected, SD-Fabric provides precise INT-based visibility that can scale to millions of flows. |
| 152 | |
| 153 | Flexible ASIC Resource Allocation |
| 154 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
Carmelo Cascone | 4398998 | 2021-10-12 00:01:19 -0700 | [diff] [blame] | 155 | The P4 program at the base of SD-Fabric's software stack defines match-action tables for |
Charles Chan | 10ad144 | 2021-10-05 16:57:26 -0700 | [diff] [blame] | 156 | common L2/L3 features such as bridging, IPv4/IPv6 routing, MPLS termination, and ACL, as well |
| 157 | as specialized features like UPF, with tables that store GTP-U tunnel information and more. In |
| 158 | contrast to fixed-function ASICs used in traditional fabrics, table sizes are not fixed. The use of |
| 159 | programmable ASICs like Intel Tofino in SD-Fabric enables the P4 program to be adapted to |
| 160 | specific deployment requirements. For example, for routing-heavy deployments, one could |
| 161 | decide to increase the IPv4 routing table to take up to 90% of the total ASIC memory, with an |
| 162 | arbitrary ratio of longest-prefix match (LPM) entries and exact match /32 entries, while reducing |
| 163 | the size of other tables. Similarly, when using SD-Fabric for UPF, one could decide to recompile |
| 164 | the P4 program with larger GTP-U tunnel tables, while reducing the IPv4 routing table size to |
| 165 | 10-100 entries (since most traffic is tunneled) or by entirely removing the IPv6 tables. |
| 166 | |
| 167 | Closed Loop Control |
| 168 | ^^^^^^^^^^^^^^^^^^^ |
| 169 | With complete transparency, visibility, and verifiability, SD-Fabric becomes capable of being |
| 170 | optimized and secured through programmatic real-time closed loop control. By defining specific |
| 171 | acceptable tolerances for specific settings, measuring for compliance, and automatically adapting |
| 172 | to deviations, a closed loop network can be created that dynamically and automatically responds |
| 173 | to environmental changes. We can apply closed loop control for a variety of use cases including |
| 174 | resource optimization (traffic engineering), verification (forwarding behavior), security (DDoS |
| 175 | mitigation), and others. In particular, in collaboration with the Pronto™ project, a microburst |
| 176 | mitigation mechanism has been implemented in order to stop attackers from filling up switch |
| 177 | queues in an attack attempting to disrupt mission critical traffic. |
| 178 | |
| 179 | SDN, White Boxes, and Open Source |
| 180 | SD-Fabric is based on a purist implementation of SDN in both control and data planes. When |
| 181 | coupled with open source, this approach enables faster development of features and greater |
| 182 | flexibility for operators to deploy only what they need and customize/optimize the features the |
| 183 | way they want. Furthermore, SDN facilitates the centralized configuration of all network |
| 184 | functionality, and allows network monitoring and troubleshooting to be centralized as well. Both |
| 185 | are significant benefits over traditional box-by-box networking and enable faster deployments, |
| 186 | simplified operations, and streamlined troubleshooting. |
| 187 | |
| 188 | The use of white box (bare metal) switching hardware from ODMs significantly reduces CapEx |
| 189 | costs when compared to products from OEM vendors. By some accounts, the cost savings can |
| 190 | be as high as 60%. This is typically due to the OEM vendors amortizing the cost of developing |
| 191 | embedded switch/router software into the price of their hardware. |
| 192 | |
| 193 | Finally, open source software allows network operators to develop their own applications and |
| 194 | choose how they integrate with their backend systems. And open source is considered more |
| 195 | secure, with ‘many eyes’ making it much harder for backdoors to be intentionally or |
| 196 | unintentionally introduced into the network. |
| 197 | |
| 198 | Such unfettered ability to control timelines, features and costs compared to traditional network |
| 199 | fabrics makes SD-Fabric very attractive for operators, enterprises, and government applications. |
| 200 | |
| 201 | Extensible APIs |
| 202 | ^^^^^^^^^^^^^^^ |
| 203 | People usually think of a network fabric as an opaque pipe where applications send packets into |
| 204 | the network and hope they come out the other side. Little visibility is provided to determine |
| 205 | where things have gone wrong when a packet doesn't make it to its destination. Network |
| 206 | applications have no knowledge of how the packets are handled by the fabric. |
| 207 | |
| 208 | With the SD-Fabric API, network applications have full visibility and control over how their |
| 209 | packets are processed. For example, a delay-sensitive application has the option to be informed |
| 210 | of the network latency and instruct the fabric to redirect its packet when there is congestion on |
| 211 | the current forwarding path. Similarly, the API offers a way to associate network traffic with a |
| 212 | network slice, providing QoS guarantees and traffic isolation from other slices. The API also plays |
| 213 | a critical role in closed loop control by offering a programmatic way to dynamically change the |
| 214 | packet forwarding behavior. |
| 215 | |
Carmelo Cascone | 4398998 | 2021-10-12 00:01:19 -0700 | [diff] [blame] | 216 | At a high level, SD-Fabric's APIs fall into four major categories: configuration, information, |
Charles Chan | 10ad144 | 2021-10-05 16:57:26 -0700 | [diff] [blame] | 217 | control, and OAM. |
| 218 | |
| 219 | - Configuration: APIs let users set up SD-Fabric features such as VLAN information for |
| 220 | bridging and subnet information for routing. |
| 221 | - Information: APIs allow users to obtain operation status, metrics, and network events |
| 222 | of SD-Fabric, such as link congestion, counters, and port status. |
| 223 | - Control: APIs enable users to dynamically change the forwarding behavior of the |
| 224 | fabric, such as drop or redirect the traffic, setting QoS classification, and applying |
| 225 | network slicing policies. |
| 226 | - OAM: APIs expose operational and management features, such as software upgrade |
| 227 | and troubleshooting, allowing SD-Fabric to be integrated with existing orchestration |
| 228 | systems and workflows. |
| 229 | |
| 230 | Edge-Cloud Ready |
| 231 | ---------------- |
| 232 | SD-Fabric adopts cloud native technologies and methodologies that are well developed and |
| 233 | widely used in the computing world. Cloud native technologies make the deployment and |
| 234 | operation of SD-Fabric similar to other software deployed in a cloud environment. |
| 235 | |
| 236 | Kubernetes Integration |
| 237 | ^^^^^^^^^^^^^^^^^^^^^^ |
| 238 | Both control plane software (ONOS™ and apps) and, importantly, data plane software (Stratum™), |
| 239 | are containerized and deployed as Kubernetes services in SD-Fabric. In other words, not only the |
| 240 | servers but also the switching hardware identify as Kubernetes ‘nodes’ and the same processes |
| 241 | can be used to manage the lifecycle of both control and data plane containers. For example, Helm |
| 242 | charts can be used for installing and configuring images for both, while Kubernetes monitors the |
| 243 | health of all containers and restarts failed instances on servers and switches alike. |
| 244 | |
| 245 | .. image:: images/arch-k8s.png |
| 246 | :width: 500px |
| 247 | |
| 248 | Configuration, Logging, and Troubleshooting |
| 249 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 250 | SD-Fabric reads all configurations from a single repository and automatically applies appropriate |
| 251 | config to the relevant components. In contrast to traditional embedded networking, there is no |
| 252 | need for network operators to go through the error-prone process of configuring individual leaf |
| 253 | and spine switches. Similarly, logs of each component in SD-Fabric are streamed to an EFK stack |
| 254 | (ElasticSearch, Fluentbit, Kibana) for log preservation, filtering and analysis. SD-Fabric offers a |
| 255 | single-pane-of-glass for logging and troubleshooting network state, which can further be |
Carmelo Cascone | 4398998 | 2021-10-12 00:01:19 -0700 | [diff] [blame] | 256 | integrated with operator's backend systems |
Charles Chan | 10ad144 | 2021-10-05 16:57:26 -0700 | [diff] [blame] | 257 | |
| 258 | .. image:: images/arch-logging.png |
| 259 | :width: 1000px |
| 260 | |
| 261 | |
| 262 | Monitoring and Alerts |
| 263 | ^^^^^^^^^^^^^^^^^^^^^ |
| 264 | SD-Fabric continuously monitors system metrics such as bandwidth utilization and connectivity |
| 265 | health. These metrics are streamed to Prometheus and Grafana for data aggregation and |
| 266 | visualization. Additionally, alerts are triggered when metrics meet predefined conditions. This |
| 267 | allows the operators to react to certain network events such as bandwidth saturation even before |
| 268 | the issue starts to disrupt user traffic. |
| 269 | |
| 270 | .. image:: images/arch-monitoring.png |
| 271 | :width: 1000px |
| 272 | |
| 273 | Deployment Automation |
| 274 | ^^^^^^^^^^^^^^^^^^^^^ |
| 275 | SD-Fabric utilizes a CI/CD model to manage the lifecycle of the software, allowing developers to |
| 276 | make rapid iterations when introducing a new feature. New container images are generated |
| 277 | automatically when new versions are released. Once the hardware is in place, a complete |
| 278 | deployment of the entire SD-Fabric stack can be pushed from the public cloud with a single click |
| 279 | fabric-wide in less than two minutes. |
| 280 | |
| 281 | .. image:: images/arch-deployment.png |
| 282 | :width: 900px |
| 283 | |
| 284 | Aether™-Ready |
| 285 | ^^^^^^^^^^^^^ |
| 286 | SD-Fabric fits into a variety of edge use cases. Aether is ONF's private 5G/LTE enterprise edge |
| 287 | cloud platform, currently running in a dozen sites across multiple geographies as of early 2021. |
| 288 | |
| 289 | Aether consists of several edge clouds deployed at enterprise sites controlled and managed by a |
| 290 | central cloud. Each Aether Edge hosts third-party or in-house edge apps that benefit from low |
| 291 | latency and high bandwidth connectivity to the local devices and systems at the enterprise edge. |
| 292 | Each edge also hosts O-RAN compliant private-RAN control, IoT, and AI/ML platforms, and |
| 293 | terminates mobile user plane traffic by providing local breakout (UPF) at the edge sites. In |
| 294 | contrast, the Aether management platform centrally runs the shared mobile-core control plane |
| 295 | that supports all edges from the public cloud. Additionally, from a public cloud a management |
| 296 | portal for the operator and for each enterprise is provided, and Runtime Operation Control (ROC) |
| 297 | controls and configures the entire Aether solution in a centralized manner. |
| 298 | |
| 299 | SD-Fabric has been fully integrated into the Aether Edge as its underlying network infrastructure, |
| 300 | interconnecting all hardware equipment in each edge site such as servers and disaggregated RAN |
| 301 | components with bridging, routing, and advanced processing like local breakout. It is worth |
| 302 | noting that SD-Fabric can be configured and orchestrated via its configuration APIs by cloud |
| 303 | solutions, and therefore can be easily integrated with Aether or third party cloud offerings from |
| 304 | hyperscalers. In Aether, SD-Fabric configurations are centralized, modeled, and generated by |
| 305 | ROC to ensure the fabric configurations are consistent with other Aether components. |
| 306 | |
| 307 | In addition to connectivity, SD-Fabric supports a number of advanced services such as |
| 308 | hierarchical QoS, network slicing, and UPF idle-mode buffering. And given its native support for |
| 309 | programmability, we expect many more innovative services to take advantage of SD-Fabric over |
| 310 | time. |
| 311 | |
| 312 | .. image:: images/arch-aether-ready.png |
| 313 | :width: 800px |
| 314 | |
| 315 | System Components |
| 316 | ----------------- |
| 317 | |
| 318 | .. image:: images/arch-software-stack.png |
| 319 | :width: 400px |
| 320 | |
| 321 | Open Network Operating System (ONOS) |
| 322 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
Carmelo Cascone | 4398998 | 2021-10-12 00:01:19 -0700 | [diff] [blame] | 323 | SD-Fabric uses ONF's Open Network Operating System (ONOS) as the SDN controller. ONOS is |
Charles Chan | 10ad144 | 2021-10-05 16:57:26 -0700 | [diff] [blame] | 324 | designed as a distributed system, composed of multiple instances operating in a cluster, with all |
| 325 | instances actively operating on the network while being functionally identical. This unique |
| 326 | capability of ONOS simultaneously affords high availability and horizontal scaling of the control |
| 327 | plane. ONOS interacts with the network devices by means of pluggable southbound interfaces. |
| 328 | In particular, SD-Fabric leverages P4Runtime™ for programming and gNMI for configuring |
| 329 | certain features (such as port speed) in the fabric switches. Like other SDN controllers, ONOS |
| 330 | provides several core services like topology discovery and end point discovery (hosts, routers, |
| 331 | etc. attached to the fabric). Unlike any other open source SDN controller, ONOS delivers these |
| 332 | core services in a distributed way over the entire cluster, such that applications running in any |
| 333 | instance of the controller have the same view and information. |
| 334 | |
| 335 | ONOS Applications |
| 336 | ^^^^^^^^^^^^^^^^^ |
| 337 | SD-Fabric uses a collection of applications that run on ONOS to provide the fabric features and |
| 338 | services. The main application responsible for fabric operation handles connectivity features |
| 339 | according to SD-Fabric architecture, while other apps like DHCP relay, AAA, UPF control, and |
| 340 | multicast handle more specialized features. Importantly, SD-Fabric uses the ONOS Flow Objective |
| 341 | API, which allows applications to program switching devices in a pipeline-agnostic |
| 342 | way. By using Flow-Objectives, applications can be written without worrying about low-level |
| 343 | pipeline details of various switching chips. The API is implemented by specific device drivers |
Carmelo Cascone | 4398998 | 2021-10-12 00:01:19 -0700 | [diff] [blame] | 344 | that are aware of the pipelines they serve and can thus convert the application's API calls to |
Charles Chan | 10ad144 | 2021-10-05 16:57:26 -0700 | [diff] [blame] | 345 | device-specific rules. In this way, the application can be written once, and adapted to pipelines |
| 346 | from different ASIC vendors. |
| 347 | |
| 348 | Stratum |
| 349 | ^^^^^^^ |
| 350 | SD-Fabric integrates switch software from the ONF Stratum project. Stratum is an open source |
| 351 | silicon-independent switch operating system. Stratum implements the latest SDN-centric |
| 352 | northbound interfaces, including P4, P4Runtime, gNMI/OpenConfig, and gNOI, thereby enabling |
| 353 | interchangeability of forwarding devices and programmability of forwarding behaviors. On the |
| 354 | southbound interface, Stratum implements silicon-dependent adapters supporting network |
| 355 | ASICs such as Intel Tofino, Broadcom™ XGS® line, and others. |
| 356 | |
| 357 | Leaf and Spine Switch Hardware |
| 358 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 359 | In a typical configuration, the leaf and spine hardware used in SD-Fabric are typically Open |
| 360 | Compute Project (OCP)™ certified switches from a selection of different ODM vendors. The port |
| 361 | configurations and ASICs used in these switches are dependent on operator needs. For example, |
| 362 | if the need is only for traditional fabric features, a number of options are possible – e.g., Broadcom |
| 363 | StrataXGS ASICs in 48x1G/10G, 32x40G/100G configurations. For advanced needs that take |
| 364 | advantage of P4 and programmable ASICs, Intel Tofino or Broadcom Trident 4 are more |
| 365 | appropriate choices. |
| 366 | |
| 367 | ONL and ONIE |
| 368 | ^^^^^^^^^^^^ |
| 369 | The SD-Fabric switch software stack includes Open Network Linux (ONL) and Open Network |
| 370 | Install Environment (ONIE) from OCP. The switches are shipped with ONIE, a boot loader that |
| 371 | enables the installation of the target OS as part of the provisioning process. ONL, a Linux |
| 372 | distribution for bare metal switches, is used as the base operating system. It ships with a number |
| 373 | of additional drivers for bare metal switch hardware elements (e.g., LEDs, SFPs) that are typically |
| 374 | unavailable in normal Linux distributions for bare metal servers (e.g., Ubuntu). |
| 375 | |
| 376 | Docker/Kubernetes, Elasticsearch/Fluentbit/Kibana, Prometheus/Grafana |
| 377 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 378 | While ONOS/Stratum instances can be deployed natively on bare metal servers/switches, there |
| 379 | are advantages in deploying ONOS/Stratum instances as containers and using a container |
| 380 | management system like Kubernetes (K8s). In particular, K8s can monitor and automatically |
| 381 | reboot lost controller instances (container pods), which then rejoin the operating cluster |
| 382 | seamlessly. SD-Fabric also utilizes widely adopted cloud native technologies such as |
| 383 | Elastic/Fluentbit/Kibana for log preservation, filtering and analysis, and Prometheus/Grafana for |
| 384 | metric monitoring and alert. |