Partner with us
Supporting the community
Apply for funding

TECHNICAL REPORT

Grantee
Universiti Malaya, Malaysia (University of Malaya, Malaysia)
Project Title Design, Development and Operation of a SDN-based Internet eXchange Playground for networkers
Amount Awarded USD 30,000
Dates covered by this report: 2022-01-28 to 2023-01-28
Economies where project was implemented Indonesia, Lao PDR, Malaysia, Myanmar, Singapore, Taiwan, Thailand, Bhutan
Project leader name
Teck Chaw Ling
Partner organization Malaysian Research & Education Network (MYREN) and TaiWan Advanced Research and Education Network (TWAREN)

Project Summary

In order to allow more networkers to understand the advancement of the Internet, many training programs have focused on the introduction to the fundamental knowledge. Many organizations, organized hands-on training based on preset topologies and some are vendor specific.  Many tutorials can only be run through simulation (on a single PC with few VMs), and simple configuration in experiment. Hence, to strengthen the depth and scope of both knowledge and practice in network innovations, this project focuses on building an Internet exchange playground with Kubernetes cluster to introduce SDN-based BGP/RPKI/RDAP knowledge. The Kubernetes worker-nodes are scattering at different countries. This allows players to have real experience in setting up cross boarder topologist through VXLAN and running SDN controller in WAN environment. Members of the project team come from well-known academic institutes of Asia-Pacific regions. To enhance easy access, there will be four on-line training, tutorials and seminars aimed to transfer the technology view points, outcomes, and experience to collaborators, especially for female students to spark their interest in future careers.

Table of Contents

Background and Justification

Since the global network continues to grow at a fast pace, the concept of “networks on demand" is getting more and more popular in network management and operation. Meanwhile, due to IPv4 address exhaustion, many network applications and services are starting to enable dual stack support. This not only speeds up the popularization of IPv6 but also leads to software and hardware upgrades for both Internet service providers and end users. However, building an environment for processing large-scale BGP routing tutorials is not an easy thing.

With limited resources (especially in schools of South-east Asia), students are often using simulation software to conduct experiments on a standalone PC, which is not as real as an Internet scenario. To overcome such difficulty and encourage more students of IT field to get practical knowledge of the internet innovations, this project focuses on introducing Software-Defined Networking (SDN), IPv6, BGP, and Route Origin Validation (ROV) innovations, building a virtual internet exchange playground, emulating SDN-based IX operation, and re-allocating Internet IPv6 resources to players for satisfying education and research purposes.

With the collaboration among Trans-Eurasia Information Network (TEIN) and domestic Research and Education Networks (RENs), the project aims to popularize the study of SDN/BGP knowledge or techniques like how to optimize as well as evaluate them by using network analytics tools. There are also on-line training tutorials and seminars that plan to invite senior network operators to transfer the technology, outcomes, and experience gained to the community.

This project is also encouraging female participation in Internet research, especially for students of schools in North- and South-east Asia regions (e.g., Lao PDR, Malaysia, Myanmar, Singapore, Taiwan, Thailand, Bhutan, and Indonesia). 

Project Motivation 

In the past few years, the project team has been working together under the OF@TEIN++ project which is fully funded by Asi@Connect. Through the project, we noticed that there is a need to have a “playground” to try out and learn new technologies across the Wide Area Network especially in the developing and least-developing countries. Most importantly is that the playground should be able to match with the scale and requirement from the network operators, providing a free, useful, and convenient environment for collaborators to verify and evaluate their ideas and practices in a scale-up, real environment with internet connectivity.

Project Implementation Narrative

To achieve our proposed objectives, we planned and divided the project execution into two phases:   

Phase 1: Design, develop and deploy SD-IX playground

To conduct a playground of SDN-based Internet Exchange Point with IXP Fabric to focus on Software Defined Networking and BGP Route Security innovations, we did the following:

  • Designed and built an SDN-based overlay playground with Kubernetes cluster and VPN for operating internet exchange point and using fabric designs to enhance IXP performance and route security.  
Figure 1 - Architecture of the Kubernetes Cluster
  • Established an IXP Fabric-based Internet Exchange Point playground to test the scalability versus the size of available public Internet routes. 
  • Constructed an SDN-based overlay playground for Internet exchange point operation and utilizing fabric designs to improve IXP performance and route security. 
  • Demonstrated how certain attacks in BGP can be counteracted with use of RPKI and route validation techniques. 
  • Improved the deployment with IPv6, BGP, and Route Origin Validation (ROV), building a virtual Internet exchange playground, emulating SDN-based IX operation. 
  • Enabled the playground architecture to be flexible so that any participant can establish connection to it with the use of VPN from their topology.  
Figure 2 - The overall architecture of the SDN-based  BGP overlay playground
Figure 3 - The Kubernetes Cluster
Figure 3 - The Kubernetes Cluster

Phase 2: Conduct SDN based training courses  

We provided online training courses, lab tutorials and brainstorming seminars to participants and project collaborators in the Asia-Pacific to encourage and attract more beginners and future networkers.

Four training sessions for the participants were conducted from the listed countries to learn and play regarding SDN, FRR(BGP), RPKI/ROV and Advanced SDN using the deployed SD-IX playground. Throughout the course the participants had the opportunity to practice and apply what they have learned through hands-on experience, virtual labs, or simulations in the playground with their own private ASN and IP address allocated. This allowed them to demonstrate their learning and to receive feedback on their progress to improve their skills and knowledge. The participants gained new fundamental and advanced SDN based knowledge and skills that will be useful to them in their future endeavours. The developed playground was utilized properly with the knowledge obtained during the course.  

With the positive feedback and responses received from the participants, we were able to continuously evaluate and refine the course to ensure that it was meeting the learning objectives and is effective for the participants. It helped gather more collaborators and participants in every subsequent course conducted. We will continue to improve the currently built SDN-IX based playground to practice, develop and deploy different types of new SDN based innovations for future projects.

Project Review and Assessment

Achieved Objectives

  • Built an SDN-based overlay playground for operating internet exchange point and using fabric designs to enhance IXP performance and route security. The prototyping development is expected to share with NREN/NOC as a reference for case study. 
  • Playground is deployed on top of Kubernetes cluster with containerized platforms for maximum uptime and simplified pod to pod communication. 
  • Continuous monitoring of BGP pods by the Kubernetes enables the service to be available all the time.  Playground setup and configuration were simplified with automated scripts for faster deployments of new implementation by the players. 
  • Conducted a playground of SDN-based Internet Exchange Point with IXP Fabric to validate the scale against the size of public internet routes.
  • Players are able to connect to the playground IXP for practicing and exploring BGP/RPKI with allocated IPv6 resources. 
  • The playground is able to receive and the public internet routes and exchange those information with other BGP routers deployed in containerized manner as well as with players who established eBGP neighbourship. 
  • Players and participants able to limit the number of public routes to be received in line with their devices processing capability with policy configuration to prevent connection disruption. 
  • Use of peer-to-peer mesh VPN which allows for direct connections between devices reduces the need of central VPN gateway for termination before it can reach the correct endpoint. 
  • Each player is able to connect to their nearest BGP router in the playground rather than to be redirected to the central VPN gateway for lower latency. 
  • Provided different online training courses and advanced lab tutorials utilizing the playground to participants and project collaborators in Asia-Pacific area for encouraging/attracting more beginners and future networkers.  

Benefits  

The playground of an SDN-based Internet Exchange Point with IXP Fabric under development can be used to demonstrate how certain attacks in BGP can be counteracted with the use of RPKI. The outcomes will have  a positive impact in terms of protecting Internet exchange points against specific attacks.  Automated deployment allows new configuration to be tested in a more convenient way as well as with other players. 

The Playground is always available as it is deployed together with Kubernetes which can monitor the cpu, memory and storage by the BGP router and reschedule any failed pod immediately without having any impact on the services in the playground. 

Integrated monitoring tools in the the customized BGP router provide better insight of the playground and service status in real time. 

Further development planned after the ISIF Asia grant has been completed:   

We are currently planning to develop playground of SDN-based Internet Exchange Point with IXP Fabric to validate the scale against the size of public Internet routes. Players are able to connect  to the playground IXP for practicing and exploring BGP/RPKI with allocated IPv6 resources. We also envisage to enhance the security architecture and the playground to incorporate additional policies and mechanisms to counteract further attacks in the future.

Innovation

The project had given knowledge and experience to the targeted collaborators about how to use open and emerging solutions/technologies for their network operation. Especially with the cross boarders SDN-based IXP playground, they can learn how to optimize their traffic exchange inside/outside the countries and on how to easily enforce common policy for all members. The playground can be built and torn down easily. The topology can also be built accordingly through different VXLAN and VPN connections between containerized BGP router in the cluster. This playground is suitable to be used for all genders. 

Internet Development Contribution 

The project will share the next generation IXP deployment model for flexible Internet policy enforcement and service integration. Project team members are happy to continuously contribute to the APNIC communities with SDN-based playground after this project ends. It would be great if we could be recognized and put into APNIC’s official training resource as well. 

Community Development Contribution 

As this project is fully align with the ISIF Asia emphasis on “Technical research and capacity building efforts on network operations and security with a focus on practical solutions around Software-Defined Networking (SDN), IPv6, BGP, Resource Public Key Infrastructure (RPKI), and Registration Data Access Protocol (RDAP)”, this project will share the knowledge, design and the developed prototype including step-by-step testing and deployment.

There will be four training sessions for the participants from the listed countries to learn and play regarding SDN, FRR(BGP), RPKI/ROV, Advanced SDN where two of the courses have been successfully completed with more than 30 participants. The courses are Introduction to Software Defined Networking (SDN) and Advanced Software Defined Networking (SDN). Huge response and feedback had been received from the participants regarding the training materials prepared and topic selected for the courses conducted.

Gender Equity and Inclusion

The key participants in this project activities conducted came from diverse cultural and ethnic backgrounds, ranging from Taiwan, Sri Lanka, Cambodia, Myanmar, Indonesia, Thailand, Bhutan, Laos and Malaysia.  

  • In the Introduction to SDN course, there were 12 female participants out of a total of 36 participants (33.33%). Participants are coming from Taiwan, Sri Lanka, Cambodia, Myanmar, Indonesia, Thailand, Bhutan, Laos and Malaysia. 
  • In the Advanced  SDN course, there were 12 female participants out of a total of 26 participants (46.15%). Participants are coming from Sri Lanka, Myanmar, Indonesia, Thailand, Bhutan, Laos and Malaysia. 
  • For the Basic Routing with OSPF and BGP course, there were 11 female participants out of total of 22 participants (50.00%). Participants are from Malaysia, Myanmar, Thailand, Bhutan and Indonesia. 
  • For the Advanced Routing with Secure BGP(RPKI/ROA) course, there are 14 female participants out of total 24 students (58.33%). Participants are from Malaysia, Myanmar, Thailand, Bhutan, Laos and Indonesia.

Project Management

The project team will follow KPIs for determining their approaches, and every month there is a monthly meeting to review the progress of each activity.  Anything requiring negotiation will also be coordinated during this monthly meeting. In the meantime, slides, source code, and tutorial documents are uploaded to github for sharing to public users and attracting/inviting them to participate at any time. The task details in the execution schedule have been discussed during the monthly meeting. During this period, technical members started to construct the playground and prepare tutorial materials for the courses.

Project Sustainability

As this project is utilizing hardware from a previous project, and can easily be built and torn down, there is no difficulty in keeping the project running after this project has ended. All codes, materials and documentations used during the project are recorded properly in GitHub for future reuse. Those materials can also be used as guidance for any upcoming projects by other players to ease the process of some setups and configurations if it is needed. A specific Facebook page created for this project has also attracted more audience to share their ideas and thoughts and also participants to our course conducted. It could also generate opportunities for future development, such as new funding from partnerships, sponsorships, investment, or other funding mechanisms.

Project Communication

Based on our passed experience in promoting the project, we had:

1. A Facebook page was created for this project. - Having a lot of active users, making it a vital platform for small business sales and social media marketing. A Facebook page can connect you with other members and participants and offer key information about our services, and upcoming events. 

The Facebook page that was created for the project.
The Facebook page that was created for the project.

2. Sharing and promoting the project in Conferences (i.e., APAN, etc).

3. Using available channels such as the players and participants from previous project to publicize.  

4. All materials such as notes, labs, guides and requirements are categorized and recorded in GitHub. 
    - https://github.com/ISIF-UM-2022/Course-1-Introduction-to-Software-Defined-Networking-SDN/ 
    - https://github.com/ISIF-UM-2022/Course-2-Advanced-Software-Defined-Networking-SDN 
    - https://github.com/ISIF-UM-2022/Course-3-Basic-Routing-with-OSPF-and-BGP 
    - https://github.com/ISIF-UM-2022/Course-4-Advanced-Routing-with-Secure-BGP

Project Recommendations and Use of Findings

Following are the recommendations to researchers conducting similar projects:

1. Use the same setup as we used, in this way, we will be able to provide support or training programs. Setup includes ONOS controller, Open vSwitch, Quagga BGP and route server configurations, SDN applications like application-specific peering and inbound traffic engineering etc.  

2. If you don’t use the same setup, it’s not difficult to implement SDN based IXP if manuals and documentations of setup components (components here means controller, switch etc) are available. There are many types of controllers and switches available with documentations. We found ONO controller and Open vSwitch feasible as we have worked with both of these components in previous projects.   

3. There is a web-based portal which provides automation of switches and Quagga routers in the Kubernetes cluster. If one wants to automate every component through the web portal and, if one has the option to use above mentioned switches then Ansible has automation support available.  

4. We found the applications like application-specific peering and inbound traffic engineering easy and feasible to implement according to our setup as compared to applications like server load balancing and traffic redirection through middleboxes etc. But we will implement these latter mentioned applications after implementing former mentioned applications. Our recommendations to research groups are to go with the same order as we went and seek help in implementing above mentioned applications from us, if they face problems or from SDX community. Also, we advise them to find new compelling applications in SDX, which is also our goal.

5. One of the topics which need to be worked on is the scalability analysis of SDN based IXP on real IXP, which is also our goal after implementing SDX on our current setup. We recommend research groups to work on this topic of scalability of SDX.

Bibliography

1. “Quagga for BGP Testing”, http://gregsowell.com/?p=543 
2. “How to Build a Network of Linux Routers Using Quagga.” Open-Source Routing and Network Simulation,    25 Oct. 2016, www.brianlinkletter.com/how-to-build-a-network-of-linux-routers-using-quagga/. 
3. “Installation of IXP Manager”, https://github.com/inex/IXP-Manager/tree/master/tools/installer 
4. Cox, Jacob & Chung M., Joaquin F. & Donovan, Sean & Ivey, Jared & Clark, Russell & Riley, George &        Owen, Henry. (2017). Advancing Software-Defined Networks: A Survey. IEEE Access. PP.      1- 1.10.1109/ACCESS.2017.2762291. 
5. Mishra, Shailendra & Alshehri, Mohammed. (2017). Software Defined Networking: Research Issues,    Challenges and Opportunities. Indian Journal of Science and Technology. 10. 1-9. 10.17485/ijst/2017/v10i29/112447.  
6. B. Pfaff, J. Pettit, T. Koponen, E. J. Jackson, A. Zhou, J. Rajahalme, J. Gross, A. Wang, J. Stringer, P. Shelar, K. Amidon, M. Casado, “The Design and Implementation of Open vSwitch.” USENIX NSDI 2015. 
7. "Architecture of Open vSwitch", https://www.openvswitch.org/ 
8. "Open Network Operating System(ONOS)- A SDN controller", https://wiki.onosproject.org/display/ONOS/ONOS  
9. Pang-Wei Tsai & Aris Cahyadi Risdianto & Meng Hui Choi & Satis Kumar Permal & Teck Chaw Ling, 2021. "SD-BROV: An Enhanced BGP Hijacking Protection with Route Validation in Software-Defined eXchange," Future Internet, MDPI, vol. 13(7), pages 1-16, June. 
10. Avery Pennarun, "How Tailscale works". Tailscale, March 20, 2020.https://tailscale.com/blog/how-tailscale-works/ 
11. J. A. Donenfeld, "WireGuard: Next generation kernel network tunnel", Network and Distributed System Security Symposium NDSS, Nov. 2nd, 2017, [online] Available: https://www.wireguard.com/papers/wireguard.pdf.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

© APNIC Foundation