Software-Defined Networking Concept Adoption at Akamai - Security Boulevard

Software-Defined Networking Concept Adoption at Akamai

Akamai engineering has adopted new technology concepts to enhance and expand routing capabilities at the edge. Previously, Akamai’s traffic-steering capabilities were mainly focused on DNS-based routing. In this article, we would like to give you an in-depth look at how Akamai has embraced new routing technology concepts and merged them into the Akamai edge to enhance routing capabilities, provide faster and better traffic steering, and offer even better performance.

With the largest edge network footprint around the globe, Akamai has a unique edge distribution approach driven by the adoption of new network routing technology. The introduction of new capabilities has enabled Akamai to add additional performance improvements to our edge locations.

Opportunity at hand

With the emergence of the software-defined networking (SDN) and programmable networking era several years ago, Akamai started to evaluate how SDN-specific technology concepts can be leveraged for edge platform advantages.

The concept of SDN is a bit vague; any software that has an application programming interface (API) or remote call procedure (RPC) can arguably fall under the category of “separation of the control plane from the data plane.” However, in the current SDN concept mantra, this is reflected through the networking plane and introduces some interesting concepts. One example leverages network stack routing decisions to support business needs. In other words, inject your own company business needs into your routing decisions. For the Akamai edge platform, that means enhanced performance routing as the main aspect of the network infrastructure stack.

As the leading content delivery network (CDN) provider, Akamai already has performance-based traffic steering as one of its most fundamental requirements, as well as other major features like safety controls, overload controls, security, and more.

At Akamai, the technology used to achieve performance-based traffic steering is DNS-based. Akamai redirects traffic by resolving the domain name to the IP address for a user based on the request origin and will choose the closest location with optimal performance to serve that specific request. Therefore, Akamai already has network-awareness decisions in its core mapping application. The opportunity at hand is the expansion into network routing decisions at the edge.

So far, all of that sounds great, but how is it achievable with SDN? To answer that, let’s examine the edge routing decisions taken by the Border Gateway Protocol (BGP) best-path algorithm for outgoing traffic.

  1. Prefer route with the highest local preference attribute.

  2. Prefer route with the shortest AS path.

  3. Prefer IGP origin over EGP one.

  4. Prefer the lowest multi-exit discriminator (MED) value attribute.

  5. Prefer eBGP routes over iBGP ones.

  6. Prefer the route with the lowest value of router ID of the advertising router.

All of the above take distance into consideration, as BGP is a distance vector-oriented protocol that makes sure that the shortest routing decision will be taken at its core.

Benefits

The first area in which SDN concepts can assist Akamai is bandwidth, and the second is incorporating performance metrics into best-path decision-making. To achieve success, Akamai must migrate decision-making (the control plane) into its own software where those features are implemented.

Akamai’s SDN software enhances the ability to influence routing decisions and steer traffic according to its needs. For example, when a link is full, Akamai sheds traffic to other local links in a site by indirect egress steering. Utilizing DNS to influence traffic steering is slow and has a long “cycle” time because change propagation is bounded by minimum time-to-live limits and can result in end-user caching. This enhancement greatly reduces response time as updates are implemented at Akamai’s edge routers in real time. Therefore, Akamai can maximize utilization of its bandwidth links, adding additional enhancements to Akamai’s global system, which maps traffic to edge sites based on site link utilization and availability.

The Akamai SDN software system is composed of the following three main modules:

  1. BGP Managing Subsystem – Implements BGP speaker infrastructure and a set of APIs for sending and receiving BGP updates. 

  2. Feed Collection System – Provides monitoring, telemetry, and configuration for the SDN system. As the name implies, it’s responsible for collecting the various data feeds needed for path computation. From basic configuration information like how the controlled routers are interconnected and what external provider connectivity is available to dynamically probing network equipment via SNMP/telemetry to the collection of network flow metrics.

  3. Path Computation Engine – Composed of multiple modules that implement Akamai business logic functionalities responsible for computing the actual “paths” that are going to be deployed in the routers.

Akamai’s global system is dependent on communication with the local edge. In order to know what occurs at the edge, information needs to be retrieved from the edge. If the edge is struggling, data collection from that entity will be problematic. Even with alternative paths like Akamai’s own backbone, data collection from the source itself (the edge) will be more accurate than data retrieval to an external source that will need to determine if the faulty state is due to a problem at the edge or lousy connectivity. Additionally, the system has local decision-making components present at the edge that know how to react to local events and collect/gather information regarding traffic steering in real time.

This approach provides Akamai with the ability to easily manage multiple routers, as the traffic-steering mechanism is routing manipulation. This has led Akamai to enlarge its data center router footprint. By doing that, Akamai has also redesigned its data center internal topology architecture into a spine-leaf fabric infrastructure, which has greatly enhanced our data center footprint, scale, and utilization.

In a leaf-spine architecture, a series of leaf routers form the access layer, and these routers are connected to a series of spine routers. That way, the network ensures that leaf-layer routers are no more than one or two hops away from one another. By doing so, it achieves minimal latency, and reduces the likelihood of bottlenecks between leaf-layer routers. Internal route handling is managed by peer-to-peer BGP multipath connections that simplify Akamai’s network stack management.

Another benefit is performance metrics based on local routing manipulation. To measure the performance of all the links connected at a given site, Akamai must have the ability to selectively send probe packets out from each link. This is challenging with traditional routing because a destination address is routed via one specific link. With current demand, the ability to measure all links is required. SDN meets this need by generating probe packets to different destinations, each mapped to a different link with the assistance of multiprotocol label switching (MPLS).

In MPLS routing, routing is decided by label lookup, not destination address. Each egress port has a different label associated with it. This means that, by encapsulating the probe packet to a given destination by a different label, we get the ability to selectively control what egress link the packet traverses. Various Akamai customer and end-user IPs are measured throughout the various links. With this, the local SDN system can incorporate these metrics into the routing best-path selection algorithm and provide optimal routing performance based on its customers.

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Eran Gal. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/8mEgGYioOrY/software-defined-networking-concept-adoption-at-akamai.html