2Copyrights 2013 NTT Innovation Institute, Inc. All rights reserved.Software Defined Networking (SDN)PacketForwardingPacketForwardingPacketForwardingPacketForwardingNetwork OSOpenFlow API Network OS vs. Controller (or is it just OF Driver?) Can controller ensure correct programming behavior? Are there any missing pieces?Controller
3Copyrights 2013 NTT Innovation Institute, Inc. All rights reserved.OpenFlow Protocol – Quick OverviewPacketForwardingPacketForwardingPacketForwardingPacketForwardingNetwork OSOpenFlow APIConnection: Logically Centralized? # of Switches/Controllers Setup (TCP/TLS) / Interruption Inband/Out-of-bandMessage Types: Controller-to-switch Asynchronous SymmetricMessage Handling: Delivery Processing OrderingController
4Copyrights 2013 NTT Innovation Institute, Inc. All rights reserved.Programming Challenges Consistency Correctness Optimization Performance HeterogeneousPacketForwardingPacketForwardingPacketForwardingPacketForwardingNetwork OSOpenFlow APIControllerMatch Fields Attributes Instructions* priority = 0 Drop10.0.0.1 priority = 100 Output:2
5Copyrights 2013 NTT Innovation Institute, Inc. All rights reserved.Consistency Fail secure mode:– Packets to controller -DROPPED Fail standalone mode:– Switch acts as a legacyEthernet switch or router PacketForwardingPacketForwardingPacketForwardingPacketForwardingNetwork OSOpenFlow APIController✕ Retain existing flows– Does not break forwarding– Might be Inconsistent– Query entire flow state Delete all flows– Breaks forwarding– Can restore to consistent state– Re-compute logic or maintain localcopy?ReconnectionInterruption
6Copyrights 2013 NTT Innovation Institute, Inc. All rights reserved.Correctness Violations (e.g., conflictingactions) (FortNOX) Misconfigurations(e.g., incorrect flow attributes)ControllerPacketForwardingPacketForwardingPacketForwardingPacketForwardingOpenFlow APISecurity App 2 App 3Match Fields Attributes Instructions* priority DROPconflicting flow updates• If controller acts just like an OF-Driver, will applications talk OpenFlow? What is the rightabstraction?• How to verify correct programming updates?
7Copyrights 2013 NTT Innovation Institute, Inc. All rights reserved.Optimization Size– Flow duration (idle/hard timeouts): Reducing timeouts reduce flowtable size (DevoFlow)– Single Flow Table: Cartesian Explosion Issue (Can be solved by Multi-table) Aggregation– One flow entry covers large groups of flows, can be one entry percategory of flows– Wildcard flow entries– Key: How to optimize flow updates from controller as well as retaincorrect logic?
8Copyrights 2013 NTT Innovation Institute, Inc. All rights reserved.Performance Proactive programming when possible– Controller pre-populates flow table in switch– Zero additional flow setup time Leverage hardware features– Number of Connections (OF auxiliary channels)ControllerPacketForwarding(1) Flow Lookup Miss(2)(3) ProcessingTime Flow Setup Time: Flow Lookup Miss +OF Channel RTT +Controller Processing Time +Flow Table Update time(5) Flow TableUpdate Time(4)
9Copyrights 2013 NTT Innovation Institute, Inc. All rights reserved.Heterogeneous Switch capabilities– Software switches More features, lowerperformance– Hardware switches Less features, betterperformance Does controller and Appswrite customized code foreach switch? Another Issue:– Different OF VersionsOVSVendor XVendor XSoftswitchNetwork OSOpenFlow 1.0Controller• Need for portable API that can abstract low-level heterogeneityOpenFlow 1.3
10Copyrights 2013 NTT Innovation Institute, Inc. All rights reserved.Possible Missing PiecesPacketForwardingPacketForwardingPacketForwardingPacketForwardingOpenFlow APIControllerPortable API Run-time systemAbstraction LayerCorrectnessHeterogeneous ConsistencyOptimization