Open Science Exchange Whitepaper

8/6/2019 Open Science Exchange Whitepaper

http://slidepdf.com/reader/full/open-science-exchange-whitepaper 1/14

TheNetworkDevelopmentandDeploymentInitiative:

ExpandingtheBreadthandReachofInternet2Network

ServicesThroughtheDevelopmentoftheOpenScience,

Scholarship,andServicesExchange

ExecutiveSummary:Internet2,IndianaUniversity(IU)andtheCleanSlateProgramatStanfordUniversityhaveformedtheNetworkDevelopmentandDeploymentInitiative(NDDI),apartnershiptocreateanewnetworkplatformandcomplementarysoftware,whichtogetherwillsupportglobalscientificresearchinarevolutionarynewway.Throughsubstantialinvestmentsbyeachofthepartners,theNDDIwillyieldanewInternet2NetworkservicecalledtheOpenScience,ScholarshipandServicesExchange(OS3E).OS3EandtheNDDIcapabilitieswillbedevelopedandinterconnectedwithlinkstoEurope,Canada,SouthAmericaandAsia,through

coordinatinginternationalpartnerslikeRNPinBrazil,CANARIEinCanada,GÉANTinEurope,andJGNXinJapan,withadditionalservicepartnerstobeidentified. Abstract:

Internet2,inpartnershipwithIU,hasprovidedhighbandwidth,superiorquality,Layer3networkservicesfortheAmericanresearchandeducation(R&E)communitysinceitsinception.IthasalsoprovidedinternationaltransitnetworkservicesacrosstheInternet2backbonetointernationalpeers.Internet2andIUdeployedadvancednetworkservices,suchasIPv6andQoS,longbeforetheybecamecommonplaceoncommoditynetworks,andhaveprovidedwideareatest-bedsforthenetworkresearchcommunity,includingsupportforprojectssuchas

PlanetLab,HOPI,andGENI.Internet2andIUhavedriventhedevelopmentofnewtypesofservices,suchasLayer2“circuit”servicesprovisionedautomaticallythroughsoftware(IDC/ION)andmulti-layermulti-networkperformancemonitoringservices(perfSONAR).TheunifyingthemeofInternet2’snetworkofferingshasalwaysincludedprovidingnetworkconnectivitybythebestavailablenetworktransporttechnologies.AsInternet2beginsdeploymentofitsnewnetwork,threeusecaseshaveemergedthatsuggestanewsuiteofnetworkservices:1. Internet2haslongseenstrongdemandforexperimentalnetworkinginsupport

ofnetworkresearch,fornewparadigmstosupportdata-intensivescienceandforbroad-scaledeploymentofdisruptivenetworkdevelopmentopportunities.TheemergingGENIinvestmentinOpenFlowandtheGENIapplicationsinterfacearebothincreasinglyimportanttoolsfornetworkresearchers.

2. TherehasalsobeenstrongdemandforbroadaccesstoVLAN-basednetworkinfrastructurededicatedtoresearchthatsupportspersistent,flexible,unrestrictedVLANs.



NDDI:ExpandingtheBreadthandReachofInternet2NetworkServicesthrough…OS 3E

DRAFT 4/20/11 page2of14

3. Thereisagrowingneedforglobalreachtoenablescientiststousethesecapabilitieswithcollaboratorsaroundtheworld.

Internet2,IU,andtheCleanSlateprogrambelieveacommoninfrastructurethatprovidesplatformsfornetworkresearch,adistributedopenscienceexchangepoint

tosupportdomainresearchers,andglobalreachispossiblethroughvirtual“slices”oncommodityhardwareusingSoftware-DefinedNetworking(SDN)architecture.Nosuchsuiteofservicescurrentlyexistsbeyondprototypenetworks,butitiswithintheInternet2consortium’sreachtobethefirsttocompletethesoftware,implementationandoperationalleadershipofanopenscienceexchangewithglobalreachtomeettheneedsoftheR&Ecommunity.ThisdocumentproposesthatemergingneedsoftheInternet2membershipthataredescribedinthethreeaforementionedusecases—apoint-to-pointandmultipointVLANservice,anetworktosupportanddeployexperimentalnetworkresearch,andadistributedglobalscienceexchangecapability—bemetthroughthedevelopment

oftheNetworkDevelopmentandDeploymentInitiative(NDDI)substrateandtheInternet2OSE,usingSDNtechnologiessuchasOpenFlow.Asthisadvancednetworkingplatformandattendantservicesaredeployed,networkresearcherswillhavetheopportunitytoreinventthetechnicalunderpinningsoftheInternet2network,whiledomainresearcherscollaborativelypursueeducationandresearchacrosstheglobe.EmergingNeedsoftheInternet2Membership

ThenetworkingneedsoftheInternet2membershiphavelongincludedanationalLayer3network.ConcurrentwiththedevelopmentofthenewInternet2network,enabledbytheARRABTOPinvestmentinInternet2,Internet2hasidentifiedthree

emergingusecasesfromtheInternet2membership.PersistentVLANServicewithGlobalReach

CommunityleadershavearticulatedaneedforaLayer2servicethatallowsflexibleandpersistentVLAN’sbetweenpointsofaccessontheInternet2network.Internet2’sIONserviceenablesdynamicallyprovisionedVLANSbetweenpointsofaccessontheInternet2networkandthroughpeernetworks,butitisnotcurrentlyconfiguredtoenablepersistentVLANs.ThisusecasehasbeenadvocatedbytheArchitectureandOperationsAdvisoryCouncil(AOAC)andinvestigatedbytheLayer2workinggroupcharteredbytheNetworkTechnicalAdvisoryCommittee(NTAC).Adraftwhitepaperentitled“NTACEvaluationofInternet2Layer-2Service”has

beenendorsedbytheNTACandtheAOAC.TheAOACchargeenumeratedthefollowingdesires:Accesstotheserviceshouldbeprovidedthroughveryinexpensive10GbEports.Theserviceshouldbebuiltonverydenseandinexpensive“throwaway”switchesateachPointofPresence(PoP)withpotentialtosupportSDN(e.g.OpenFlow).VLANconfigurationneedstobeuser-controllable.Theserviceneedstohaveapriorityqueuingmechanism,even





thoughalmostallofthetrafficisexpectedtobebest-effort.Theservicealsoneedsaless-than-best-effortscavengeroption.Twocandidateuses,whichcouldlegitimatelybecategorizedaslyingatoppositeendsofacontinuum,forthisnewserviceare:1)theestablishmentoflonger-term

point-to-pointpaths(orpossiblybroadcastdomains)whichmaybeusedforproductionservicesand2)theconfigurationoftraffic-engineeredpathsforhigh-bandwidthflowsbetweentwoormoreendhosts.Theformercouldbecharacterizedas“network-based”usage,whereasthelattercouldbecharacterizedas“host-based”usage.Independentofexistingserviceofferings,apersistentVLANservicewithglobalreachmeetingtheusecaseoutlinedabovecouldbeprovidedinseveralways:• TheVLANserviceofferingcouldbeanMPLSoverlayontheexistingInternet2IP

infrastructure.Thatwouldrequirebackhaulfortheadditional10Gportsused

fortheVLANservice;acloselyrelatedalternativewouldbetodropsmallerIProuters(suchasJuniperMX80s)neareachconnectortoprovidebetterresiliency.However,eithersolutionwouldn’tprovidemuchadditionalredundancyagainstprimaryresearchconnectivityfailure,sincethesameportsandequipmentareused;presumablyiftheprimarypathfails,therewouldbealargeprobabilitythatthisVLANservicewouldfailtoo.

• TheservicecouldbeprovidedbyaseparatesetofEthernetswitchesconnectedbyseparatelong-haulcircuits,asNLR’sFrameNetdoestoday.TheformerinstantiationoftheInternet2IONservice(builtatopCienaCoreDirectors)representedadifferentinstantiationofthisidea,wheretheVLANscouldbeprotectedinatime-divisionfashiononthelonghaulcircuitstoprovideabsolute

bandwidthandlatencyguarantees.Underthisapproach,switcheswouldprovidecheaper10GEportsthanaroutedsolutionandcouldbedistributedmorewidelythanthecurrentIPinfrastructure,placedclosertoconnectors.Thiswouldcomeatthecostofthelong-haulinterconnectioncircuits,andadditionalspace,powerandmaintenance.Ontheotherhand,therearepotentiallyfewerlong-haulcircuitsneededforbackhaul,andthecostsforthecomponentsandpowerrequirementsarelower.

• Ratherthanusingsingle-manufacturerEthernetswitchestoprovideaLayer2fabric,asetofswitcheswithSDNcapabilities(e.g.OpenFlow)couldbeused.TheadvantageofusingSDNisthattheswitchesbecomecommoditycomponentsthatcanbemoreeasilyreplacedastechnologyadvanceswithoutrequiringchangestothecontrolsoftwaredevelopedtomanagethenetwork.





ThemethodbywhichVLANsareinstantiatedfromauser(customer)perspectiveisindependentoftheparticularimplementation.Alternativeimplementationsinclude:• ManuallyinstantiatedbyaNOC• AutomaticallyinstantiatedusingOSCARS(thesoftwarewhichimplementsthe

IONservice)orsomethingresemblingtheSherpasoftwareusedforNLR’sDynamicVLANService(originallydesignedfortheseparateEthernetinfrastructure)

SupportforAt-ScaleNetworkResearch

AsnotedinthemissionstatementforGlobalEnvironmentforNetworkInnovations(GENI)[GENI],networkresearchershavelongsoughttosupportat-scaleexperimentationonshared,heterogeneous,highlyinstrumentedinfrastructure,toenabledeepprogrammabilitythroughoutthenetworkandtoprovidecollaborativeandexploratoryenvironments.Inordertotransformhownetworksarebuiltandoperate,networkresearchersneedasubstrateonwhichtoexperimentwith

breakable,largescaleinfrastructure,akintotheenvironmentthatexistedbeforeNSFnetwascommercialized,givingthemtheopportunitytoexploreradicallynewideaswithoutbeingburdenedwithincumbent,productiontrafficbutwiththeoptiontointroducethatproductiontrafficwhereneeded.Thecorerequirementsforsuchanetworksubstrateinclude:• Theabilitytoslicethenetworkintomultiplevirtualnetworks,makingat-scale

infrastructureaffordabletoindividualresearchers• Theabilitytoprovisionpoint-to-pointcircuitswithknownproperties(suchas

latencyandbandwidthguarantees)• Theabilitytodefinehownetworksfunctionthroughuser-controlledandwritten

software• Well-definedAPIsthroughwhichtointerfacewithinexpensive,commodity

switchesAnetworkresearchservicemeetingtheusecaseoutlinedabovecouldbeprovidedinafewways,includingallthewaysstatedabovefortheVLANservice.Inaddition:1. Thepoint-to-pointdedicatedcircuitscouldbeprovidedbyapoint-to-point

VLANservicewithbandwidthguarantees,orbywavesontheLayer1network.2. AnationwideOpenFlownetwork,connectedtointerestedregionalsand

campusesandinternationalOpenFlownetworkswouldallownetworkresearcherstonotonlycreatepoint-to-pointcircuits,buttobeabletocontrolthepathoverthewide-areinfrastructureinasafemanner.

ThislastapproachdirectlysupportsthetwoOpenFlowusecases,and(givensufficientinternodecapacityandstabilityintheOpenFlowandOpenFlowvirtualization(FlowVisor[FV])implementations)couldsupporttheothernetwork





researchusecasesaswell.ThoseprojectscouldalsochangeovertimetointerfacedirectlywithOpenFlowandhavemorecontrolovertheirwide-areapath.

OpenScienceExchangePoint

TheHighEnergyNuclearPhysics(HENP)communityhasfocusedmuchofitsefforts

onsupportingtheseveralexperimentsoftheLargeHadronCollider(LHC)project.TheoriginalLHCnetworkdesignfocusedonathree-leveltier-basedhierarchyofsitesfordatadistributionandcomputation,knownastheMONARC[MONARC]model.ThereisgrowingconsensusintheLHCPhysicscommunitythattheoriginalhierarchicaltieredmodelfordatadistributionisnotbeingusedinpractice,replacedbymoreofameshofflowsfromTier3sitestoanyTier2orfromTier2’stoanyTier1oranyotherTier2.Thus,havingpointtopointcircuitsfromaTier2to“their”Tier1doesnotcoverall(orperhapseventhemajority)oftrafficfromthatTier2tootherdatastoragesites.Thecurrentconceptistoreplacethepoint-to-pointfromaTier2toaTier1withaconnectiontoa“LHCOpenNetworkExchange”(LHCONE)[LHCONE],andtheTier2couldpeerwithmanyorallTier1’s.Thispeeringcouldbe

permanent,itcouldbedynamic,andeitherofthosecouldbedoneusingbest-effortcapacity,orwithbandwidthguarantees.Theconceptofan“openscienceexchangepoint”isnotexclusivetoLHC;itcouldbeusedbyothersimilar“dataintensivescience”disciplinesthathavelargedatacentersthatneedtocommunicate.Forexample,climateandastronomyapplicationshavethischaracteristic.Thereareanumberofdifferentwaystoimplementanopenscienceexchangepointservice,buttheVLANserviceprovidesadirecttemplate,withtheadditionthatthescienceexchangepointsdesiremultipointVLANsinadditiontopoint-to-point.Thus

VPLSmightneedtobeusedinthecaseofanoverlaynetwork.Theotherpotentiallydifferentiatingcharacteristicisthatthisserviceisinherentlyinternational;dataintensivesciencedoesnotstopatthebordersofanyparticularcountry,andrequirestransfersfromcentersindifferentcountries.ThusanyUSservicewouldbeintegratedwithservicesprovidedinEurope,Asia,andelsewhere.However,therestfollowsdirectly:ThisservicecouldbeprovidedinastraightforwardmannerbyasetofEthernetswitches,andsimilarlybytheuseofanOpenFlowswitchbase,solongastheabilitytoallocatebandwidthalongtheinterveningpathasneededisunderthecontroloftheLHCcommunityasawhole.

NDDISubstrateInternet2,IndianaUniversity,andtheCleanSlateprogramwillbuildabroadlypurposedandnationalscaleNationalDesignandDevelopmentInitiative(NDDI)substrate,atopitsnewARRABTOP-fundednetworkinfrastructure.Utilizingthesoftware-definednetworkingapproachtoallowbroaddeploymentofLayer2servicesandtestingofnewnetworkideas,theNDDIsubstratewillmeetthenetworkneedsarticulatedintheaforementionedusecases:enableasliceable





networkresearchplatformatscale,enabledataintensivescience,andsupportLayer2connectivity.TheNDDIsubstratewillextendtoglobalpartners,includingEurope,AsiaandSouthAmerica.ThisadvancednetworkingplatformwillmeettheneedsofallthreeoftheaforementionedusecasesandpositionInternet2tosupporttheneedsofthe21stcenturyR&Ecommunity.

Thissinglenewserviceisenvisionedtohavethefollowingproperties:1. Usesacommonnetworkinfrastructureinacostefficientmanner.2. ReliesoninfrastructuresotherthantraditionalLayer3routedinfrastructures.3. EnablestheprovisioningofLayer2circuitswithandwithoutbandwidth

guaranteesthroughsoftwareand/orwebinterfaceforshortandlongperiodsoftime.

4. Enablestheabilityto“slice”thenetworkintomultiplevirtualnetworks:• someofwhicharetunedforproductionhighbandwidthflows;• someofwhicharedesignedtosupportinnovativenetworkresearch;• allofwhichareprotectedfromanddonotinterferewithoneanother.

5. Movestowardsrelianceonlessexpensive(bothintermsofcapitalcostsandoperationalcosts)Layer2switchesratherthan“bigiron”hardware.

6. Isoperatedinanopenandtransparentfashion.





Figure1:ArchitecturalOverview

NDDISubstrateNodeDesign

EachNDDIsubstratenodeisexpectedtoconsistofasingle,fixedform-factorswitch.Anumberofswitchesarebecomingavailablethatsupport4810Gbpsportsand,insomecases,440Gbpsports,ina1-2rackunitformfactorandweanticipatethatanumberoftheseswitcheswillsupportOpenFlow.Thatismorethanenoughportstosupportabackbonewithexpansioncapabilities,andmultipleconnectionstoconnectors,externalnetworks,virtualcommunities,andnetworkresearchprojects.Thecostper10GbEportfortheseswitchesislikelytobeinthe$250-$500range..





SomesubsetofNDDIsubstratenodeswillalsohave1or2servers.SomeserverswillserveasOpenFlowcontrollers.Otherserverswillserveasmeasurementnodes.Itisunclearatthispointhowmanynodeswillrequirecontrollersorwhetherasingleservercanservebothasacontrollerandameasurementnode.Itmightbeprudent,forexample,toorganizeNDDIsubstratenodesintoareasbasedon

geography,anddeployredundantcontrollersineachofthoseareas.Therequirementsforsuchserversarenotlikelytobeexcessive,meaningthatserversintherangeof$1,000to$2,000arelikelytosuffice.NDDISubstrateNetworkFootprint

TheNDDIsubstratewillbeginwithasmallnumberofnodesscatteredaroundtheUnitedStates,includingnodesinChicagoandNewYorkCity.TheNDDIsubstratefootprintisexpectedtogrowtoincludeallInternet2routernodes,allInternet23-wayjunctionnodes,allnodesatwhichanInternet2ConnectorconnectstotheInternet2backbonenetwork,andallthemajorUSexchangepoints.ItispossibletheNDDIsubstratewillalsoincludeanodeinVancouver,tointerconnectCanadianLHC

sitestoLHCONE-NA.Likewise,itispossibletheNDDIsubstratewillincludeanodeinMiami,tosupportinterconnectionwithnetworkdeploymentsinSouthAmerica.Eachnodeisexpectedtobeinitiallyconnectedtoasubsetofothernodesonthenewnetworkfootprintby210Gbpswaves.Thebandwidthbetweennodesisexpectedtogrowto410Gbpswavesovertime.AsamplemapoflikelyNDDIsubstratenodestobebuiltovertimeisshownbelow.Thismapisanearlydraftandmaychangesignificantlybeforefullimplementation.Itisexpectedthatthetotalnumberofnodeswillrangebetween30and40sites.





Figure2:AspirationNDDISubstrateNetworkFootprint

NDDISubstrateCosts

ThecosttodesignanddeveloptheNDDIsubstratehasnotyetbeendetermined,butwillincludecapitalexpenditures,softwaredevelopmentcosts,andoperatingexpenses.Capitalexpenditureswillincludeswitches(upto40switchesatupto$30,000each),servers(upto80serversatupto$2,000each),andlong-hauloptics(costsTBD).Operationalexpenditureswillincludepower(mostlyDC)andspace(upto4Upernode)(costsTBD).SoftwaredevelopmentcostsincludemakingOpenFlowcapableofsupportingproductionnetworktraffic(likelybornbyIndianaUniversity),developingFlowvisor(likelybornbytheCleanSlateProgram),andintegratingOSCARSwithOpenFlow(likelybornbyInternet2)(costsTBD).NDDISubstrateCostRecoveryModel

ThecostrecoverymodelfortheNDDIsubstrateisunderdevelopment.Itisexpectedthatthefeemodelwillbespecifictoeachserviceimplementedonthesubstrate,andevolveovertimeasaricherunderstandingofthemarketemerges.Initially,thefeestructureislikelytoresembleaportfeemodel,suchasiscommonlyemployedatexchangepointstoday,includingaportiontocoverlonghaulopticalcosts.





ImplementationPlanAnimplementationroadmapfortheNDDIsubstrateisstilltobedetermined.Atahighlevel,itisenvisionedthattheNDDIsubstratewillevolveovertimealongmultipleaxes,includinghardware,software,bandwidth,reach,businessmodel,and

featureset.Moreover,itisenvisionedthatrelatedInternet2services(e.g.ION,prototypeLHCONE-NA)andNSF-fundedresearchprojects(e.g.DYNES)willevolveovertimeandbecomeintegratedwiththeNDDIsubstrate.InitialthoughtsontheroadmapforNDDIsubstratehardwareandsoftwareareprovidedbelow.NDDISubstrateHardware

Nodes:TheinitialsetofswitchesselectedtosupporttheNDDIsubstratearelikelytobereplacedwithin12-18months.Theinitialsetofnodesislikelytoincludeonemeasurementserverpernodeandtwocontrollerserversintotal.

Footprint:TheNDDIsubstratewillbegininitiallywithasmall(~6)numberofnodes,includingNYCandChicago.Overtimeitwillgrowintoafulldeploymentof30-40nodes.Bandwidth:TheNDDIsubstratewillbegininitiallywitharingof2x10Gbpswaves.Overtimeitwillgrowintoapartialmeshof4x10Gbpswaves.NDDISubstrateSoftware

ThefirstphaseofNDDIsubstratesoftwarewillprovidetheOpenScience,ScholarshipandServicesExchange(OS3E),anintra-domaindynamicallyconfiguredlayer2virtualcircuitservice,allowinguserstoprovisionVLANsonanOpenFlowbasedinfrastructureacrosstheInternet2OpenFlowdomain.QOSsupportinthe

initialphaseoftheprojectisexpectedtobelimitedduetolimitationsintheOpenFlow1.0specification.TheserviceisexpectedtoincludebothaGUIthatuserscanaccesstocreateandalterVLANconfigurations,aswellasanAPIthatcanbeusedforprogrammaticprovisioningofvirtualcircuits.Itisalsoanticipatedincludingsomedegreeofpathresiliencysupportinthisphase,allowingvirtualcircuitstobeautomaticallyre-routedintheeventofabackbonelinkfailure,wherecapacityisavailable.Thesoftwarerequiredtodeliverthisserviceisexpectedtobedevelopedanddeployedintoproductionina6-monthtimeframe.ThesecondphaseofNDDIsubstratesoftware(whichwillbedevelopedinparallelwiththefirstphasebutimplementedoncethefirstphasestabilizes)willsupportOS3Einter-domaincircuitprovisioningbyleveragingtheexistingOSCARSimplementationoftheIDCprotocol(expectedtoevolveovertimetoconformwiththeOGFNSIWGprotocolasitemerges)andahardenedFlowVisortoallowfornetworkresearchslices.Thismaysupportafutureservicetosupportthecreationofat-scalenetworkresearchtestbeds.Additionally,furtherdevelopmentwilladdricherQOSsupportastheOpenFlowstandardmaturesandevolves.ThetimeframefordeliveryoftheQOScapabilitiesisdependentonOpenFlowspecificationand





possiblyhardwareconstraints,althoughthisfunctionalityisexpectedtobeavailableinthenextmajorrevisionoftheOpenFlowspecification.

Appendix1:Software-DefinedNetworkingOverview

AccordingtotheOpenNetworkingFoundation(ONF),Software-DefinedNetworking(SDN)isanewapproachtonetworkingthatgivesnetworkoperatorsbettercontrolovertheirnetworksallowingthemtooptimizenetworkbehaviortobestservetheirandtheircustomersneeds.TheSDNapproachwasdevelopedthrougharesearchcollaborationamongStanfordUniversity,theUniversityofCaliforniaBerkeley,theUniversityofWashington,PrincetonUniversity,WashingtonUniversityinSaintLouis,andMIT.OnMarch21st ,2011,theOpenNetworkingFoundationwasannouncedtocontinuethestandardizationoftheOpenFlowprotocol,withamissiontopromotetheSDNapproachtonetworking.AkeyinstantiationoftheSDNapproachisatechnologycalledOpenFlow[OF].

Modernswitchesandroutersaremadeupoftwodistinctparts,acontrol-planeandadata-plane.Thecontrol-planeistheoperatingsystemresponsibleforrunningservicessuchasroutingandswitchingprotocolsandittypicallyrunsonageneralpurposeCPU.Thedata-planeisresponsibleforactuallyforwardingpacketandistypicallysupportedbyaspecialpurposechiporASIC.Inmostnetworkdevices,theinterfacebetweenthecontrol-planeanddata-planeisproprietaryandstrictlyinternaltothedevice.Thislimitstheabilityofnetworkoperatorstocustomizethepacketforwardingbehaviortoalargedegree.OpenFlowremediesthisconstraintinaverysimpleandelegantmanner.OpenFlowdefinesaprotocolbywhichanexternaldevice,commonlycalledacontroller,canadd,removeandmodifyforwardingtableentriesinthedata-planeofaswitch.Acontroller,whichistypicallyexternaltotheswitchandusuallyasimplePC,canmakeentriesintheforwardingtablesofoneormoreswitches,directingwheretrafficistoflow.ThecommunicationbetweentheswitchandthecontrolleristhroughasecurechannelusingtheOpenFlowprotocol.TheOpenFlowtableconsistsofasetofrulesforforwardingpackets.Eachruleconsistsofamatchformultipleheaderfieldsinapacket,anactiontotakeifapacketmatchestherule,andasetofstatisticsassociatedwitheachrule.Theactionsareextensible,buttypicallyconsistofoperationslike:1)droptheframe,2)forwardtheframetoanoutputport,or3)sendtheframetothecontroller,forexampletoredirecttheoutputofsuchframesthatfollowlater.Additionalactionsmightbetorewritepartsoftheframe,ortoaddtheframetosomepriorityclass.ThefundamentalimpactoftheexternalcontrolleristohavecontrolthatcanbechangedandexperimentedrelativelyeasilythroughsoftwareprogramminginastandardPCdevelopmentenvironment.AnOpenFlowswitchthereforeconsistsbasicallyofthreecomponents:oneormoreflowtableswithassociatedactionsandcounters,asecurechannelforcommunicatingwiththecontroller,andsupportfortheOpenFlowprotocol.Note





thatmostofthisdiscussionpertainstoanEthernetswitch,almostalwaysthoughtofasaLayer2device,butanOpenFlowswitchisessentiallylayerlessinconcept.ItsflowtableshaveinformationfromtheportleveltotheTCPlayer.NotethatOpenFlowalsoexistsforcircuitdevicesthatuseSONET(see[COF],forexample).Theflowtablesforsuchdevicesincludeinformationaboutlamdas,VCGs,time-slots,

andsignaltype.Thisdocument,however,willfocusonEthernetswitches.ItisclearthataclassicEthernetswitchwouldneedtobemodifiedtosupportOpenFlow,addingtheflowtables,andboththesecurecommunicationschannelsandtheOpenFlowprotocol.WhenOpenFlowwasfirstbeingdeveloped,therewerenovendorssupportingtherequirementsofOpenFlow.TodayOpenFlowissupportedbyseveralmajorswitch/routervendors.HowdoesonebuildanetworkwithOpenFlow?ThebasicconceptistodeployOpenFlowEthernetswitchesandatleastonecontroller.TypicalimplementationsofOpenFlowonanEthernetswitchisolatethecommonoperationsoftheswitchfrom

theOpenFlowcomponent.ThismeansthattheusualoperationsoftheswitcharenotdisruptedbytheOpenFlowoperations,andthereforecanbedeployedinnetworksthatareusedinproduction.Severalcampuseshavedeployedsuchswitchesinlocal,buildinglevelnetworks.Thecontrollerscanalsobedeployedinaflexiblemanner.Onecoulduseasinglecontroller,forexample,oronecoulddeployacontrollerforeachswitch.Thebasicconceptremainsthesame,(atleastone)controllersittingaboveanetworkandcontrollingtheEthernetswitches.Thecontrolleristypicallyoperatedbysomeadministrativegrouporvirtualcommunity,forexampleanetworkresearchgroupexaminingnewnetworkprotocols,orascientificgroupprovidinghighbandwidthpaths.Whatifan

additionaladministrativedomainwantstocontrolsuchanetwork?ThedevelopersofOpenFlowhavecreatedavirtualizationlayerinbetweenthenetworkdevicesandtheOpenFlowcontrollers.ThevirtualizationlayerisprovidedbydevicescalledFlowVisors(see[FV]),allowingmultipleOpenFlowcontrollerstocontroltheswitches.AFlowVisorallocatesandisolatesslicesofthenetworktoeachcontroller,whereonecontrollercannotinterferewithanothercontroller’sslice.Slicescanbeasetofportsoneachswitch,orasetofswitches,etc.ThebasicideabehindanOpenFlownetworkispicturedinthefollowingdiagram,withmultiplecontrollersassociatedwithdifferentcommunitiessittingabovevirtualizationlayerthatprovidesslicesofthenetworktoeachofthecontrollers:





NotethatmuchofthesoftwareassociatedwiththecontrollersandtheFlowVisorisopensourcesoftwareandcanbeimplementedoninexpensivePCs.Moreover,thereisadditionalworkevolvingtoinsureredundancy.Forexample,havingonecontrollertakeoverfromanexistingcontroller,eitherbyadministrativecommand,orinthecaseoffailure.ConsideranationalscalenetworkofOpenFlow-enabledswitchessittingunderan

OpenFlowvirtualizationlayer.Abovethatlayercouldsitmultiplecontrollerseachhavingasliceofthenetwork.OnemightprovideaclassicusercontrolledEthernetVLANnetwork,oronemightprovideservicesoftheInternet2IONnetwork.Yetanothermightprovideanexperimentalnetworkfornetworkresearchers,andyetanothermightprovidebandwidthfor,andbetotallycontrolledby,avirtualcommunitysuchastheLHC.OnemightevenprovidetraditionalIPpeering.Eachofthesecontrollerswouldbeindependentandbeisolatedfromeachother.Moreover,eachofthesecommunitiescancreatetheirownsoftwareplatformsthatsitaboveOpenFlowratherthanwritingthesoftwaretoparticularhardwareplatforms.IfOpenFlowswitchesareupgradedtoswitchesfromadifferentvendor,nochangesshouldberequiredtothecontrolsoftwarebecauseOpenFlowisamulti-vendor

standard..OnethingthatismissingfromOpenFlowisthetraditionalinter-domainfunctionality.Atthistimethereisnoobviouswaytointer-connecttwodifferentOpenFlownetworksunderdifferentadministrativedomainsandhavethetraditionalisolationandprotectionmethodsinplacemechanismsinplace.Forexample,therearenosignalingcapabilitiesassociatedwithOpenFlowforcrossingdifferentadministrativedomains.Thisdoesnotaffecttheinternalworkingsofthe





network,however,andthereareseveralapproachestodealingwiththisissue.Oneistosimplyinter-connectfromaninternalOpenFlowpointofview,withanyparticularcontrollerdomainparticipatingornot,andtousethecapabilitiesoftheFlowVisortolimitaccess.Theotheristodevelopaminimalapproachtointer-domaincapabilitiesusingsomeoftheconceptsalreadydevelopedthroughother

Internet2projects(forexample,theOSCARSsoftwarethatsupportsION).Etherapproachcouldprovideacohesivenetworkwithglobal-reach.AnothersignificantpossibilityforOpenFlowisthecommoditizationofnetworkcomponents.Therearealreadycommodityswitches,witharelativelyminimalandpotentiallyopen-sourcefirmwarethatonlysupportsOpenFlowthatcouldbewithopen-sourcecontrollersoftwareandopen-sourcesoftwaretosupportclassicEthernetswitching,creatingessentiallyonopensoftwareswitchthatcanbecustomizedtomeettherequirementsoftheInternet2community.Otherexistingprotocols,includingrouting,orevenadditionalnewnetworkprotocols,couldbelayeredontopofthatsystem.Suchasystemcouldbelessexpensivethanexisting

switchesbecausetheywouldonlyincludethebasicfunctionalityrequiredbytheInternet2community.ThisisexactlythepathtakenbythePCworldandmanyoftoday’sPCs,especiallyintheserverworld,runopensourcesoftwareinveryimportantandfundamentalways.References[FV]FlowVisor:ANetworkVirtualizationLlayer ,http://www.OpenFlow.org/downloads/technicalreports/OpenFlow-tr-2009-1-flowvisor.pdf ,RobSherwood,GlenGibb,Kok-KiongYap,GuidoApenzeller,MartinCasado,NickMcKeown,GuruParulkar,October14,2009

[OF]OpenFlow:EnablingInnovationinCampusNetworks,http://www.OpenFlow.org/documents/OpenFlow-wp-latest.pdf ,NickMcKeown,TomAnderson,HariBalakrishnan,GuruParulkar,LarryPeterson,JenniferRexford,ScottShenker,JonathanTurner,March14,2008[COF]PacketandCircuitNetworkConvergencewithOpenFlow,http://www.OpenFlow.org/wk/images/4/46/OpenFlow-OFC10_invited.pdf ,SauravDas,GuruParulkar,NickMcKeown,PreetiSingh,DanielGetachew,LyndonOng,[GENI]http://www.geni.net/[MONARC]http://monarc.web.cern.ch/MONARC/[LHCONE]http://lhcone.net/

Date post:	07-Apr-2018
Category:	Documents
Upload:	mehmetgunn
View:	223 times
Download:	0 times

Open Science Exchange Whitepaper

Documents