In networks using software defined networking (SDN), one or more network controllers may manage the control plane of network devices, such as switches, bridges and routers. The network controller may also manage the data plane of the switches by providing flow rules to the switches. The flow rules may have various attributes, such as match fields, meters, go-to instructions, and actions. The match fields of a flow rule establish a corresponding flow by setting commonalities shared by packets of the flow. During operation, if a match field is met by a packet then the network device performs the action on the packet. Accordingly, the match field establishes the action performed by device on the flow. Match fields may include various criteria, such as source or destination IP or MAC address, port numbers, transport protocol type, frame type, class of service indicators, or frame control information. Actions may include various operations that the switch can perform on packets, such as forwarding the packet to a specified port, dropping the packet, or forwarding the packet to the controller.
Certain examples are described in the following detailed description and in reference to the drawings, in which:
Network devices may perform various operations on received packets. For example, network operations may include switching, bridging, routing, filtering, access control list (ACL) processing, quality-of-service (QoS) processing, packet header field rewriting, packet inspection, or data collection. These network operations may be implemented as SDN operations using flow rules, or as non-SDN legacy operations. These legacy operations may be implemented using various agents executed on the network devices in non-standard or platform specific ways using platform specific rules. As examples, the legacy operation may be layer 2 Ethernet switching, virtual local area network (VLAN) isolation, layer 3 routing such as IPv4 or IPv6 routing, access control list (ACL) processing, filtering, or quality-of-service (QoS) processing.
Some network devices, such as switches like bridges and routers, may capable of operating in a hybrid manner supporting both SDN operation and legacy operations. A hybrid network device may perform a legacy operation in a network slice implemented without SDN. The network slice may be defined by any network parameters that isolate packets on the network slice from other packets on the network. For example, a network slice may be defined by a topology of connected network devices, a set of ports, a VLAN, a set of addresses, or by one or more match fields supported by an SDN flow rule. In some cases, the network slice may be the entire network.
In some cases, when transitioning a network slice to SDN-controlled operation is performed in a reactive manner. In a reactive transition, a default flow rule is programmed in the network devices' flow tables to send all packets of the slice to a network controller. For example, in an OPENFLOW SDN, the OPENFLOW switches are programmed with a PKT_IN command for packets having match fields corresponding to the network slice. After receiving a forwarded packet, the controller determines a policy for how the packet and other packets of the same flow should be treated. The controller then programs a more specific flow rule in all appropriate network devices to implement the policy. Large numbers of incoming flows may overwhelm the controller. Accordingly, the transition may be forced to proceed slower than desired to overwhelm the network controller. Additionally, each unknown flow will incur latency equal to the roundtrip delay to the controller plus the policy resolution delay at the network controller. This delay may negatively impact network performance and may cause packet drops caused by buffer overload at the controller.
Aspects of the disclosed technology may allow transition a network slice to SDN in a proactive manner. A network controller may obtain rules from the network devices under its control that reflect current operations, such as existing legacy network operations. These rules may be used by the controller to generate policies that implement the existing network operations. These policies may be implemented by SDN flow rules provided to the network devices. Accordingly, after proactively programming the network devices of a slice, the transition to SDN may occur with fewer unknown flows being forwarded to the network controller.
The example method may include block 101. Block 101 may include obtaining a match field. For example, the match field may be one of a set of match fields available for flow rules in an SDN protocol. For example, the match field may be an input port field, an Ethernet destination or source address field, an Ethernet frame type, a VLAN identification (ID) or priority field, or an IP source or target address. In further implementations, block 101 may include obtaining one or more match fields. In some cases, the match fields may be obtained from a network administrator. For example, the match fields may define a network slice selected by an administrator to be transitioned to an SDN.
In some implementations, block 101 may include obtaining a set of match fields with associated values or bitmasks. For example, block 101 may include obtaining a set of port numbers for connected network devices or a specific VLAN ID. In other implementations, block 101 may include obtaining a set of match fields without associated values. For example, the set of match fields may define a type of network slice and may correspond to a plurality of network slices of that type.
The example method may further include block 102. Block 102 may include providing the match field to a network device. In some cases, block 102 may include providing the match field over an SDN management connection to an SDN agent executed by the network device. For example, block 102 may include providing the match field to an OPENFLOW agent executed at the control plane of an OPENFLOW switch. In other cases, block 102 may include providing the match field to legacy operations executed by the network device. For example, the match field may be provided by requesting a report for information corresponding to the match field.
In some implementations, block 102 may include providing an identification of legacy applications that the network device should query for operations related to the match fields. For example, a network administrator may be transitioning an ACL to an SDN implementation. The ACL operations on the network may involve fields overlapping with other legacy operations, such as routing operations. The identification of legacy applications may limit information received back from the network device to information pertinent to the network transition. For example, the identification of legacy applications may be included in the report request.
The example method may further include block 103. Block 103 may include receiving a rule from the network device. The rule may correspond to an operation of the network device related to the match field. The operation may be an existing operation performed in a non-SDN manner that is based on the same parameters as reflected in the match field. For example, depending on match fields providing in block 102, the operation may be a routing decision, an ACL/QoS decision, a layer 2 forwarding decision, or a filtering rule such as a multicast filtering rule. In some implementations, the rule received in block 103 may be a flow rule formatted in accordance with an SDN protocol. In these implementations, the network device may generate a flow rule that reflects the existing operation. For example, if the existing operation is a layer 2 forwarding decision to forward packets from MAC address X to MAC address Y on port Z, the rule received in block 103 may be a flow rule with source and destination MAC address match fields set to X and Y, and a forwarding action set to port Z. Receiving the rule in block 103 as a flow rule may allow rules received from different platforms to be compared in a normalized manner.
The method may further include block 104. Block 104 may include using the rule to generate an SDN policy corresponding to the operation. The SDN policy may be a set of flow rules that implement the operation in an SDN-compliant manner. For example, if the rule received in block 103 is a QoS rule setting the priority of packets matching certain source, destination, and type information, the SDN policy may be a flow rule having the corresponding source, destination, and type match fields and an action that reflects the priority. In some cases, block 104 may include providing the SDN policy to a network administrator. For example, the policy may be provided as an option for programming an SDN network to maintain existing behavior.
The example method may include block 201. Block 201 may include obtaining a set of match fields corresponding to a network slice. Block 201 may also include obtaining an identification of legacy applications or operations that correspond to the network slice. For example, the match fields and legacy application or operation identification may be provided by a network administrator as part of transitioning a legacy network slice into SDN operation.
The example method may further include block 202. Block 202 may include providing the set of match fields to a plurality of network devices. In some cases, block 202 may be an implementation of block 101 of
The example method may also include block 203. Block 203 may include receiving a plurality of rules from a subset of the plurality of network devices. For example, the subset may be all network devices having a legacy operation corresponding to the set of match fields. In some case, the subset may be the entire plurality of network devices. Each rule may correspond to an operation of a network device of the subset and may be related to the match field or fields sent in block 201. For example, block 203 may be an implementation of block 103 of
The example method may also include block 204. Block 204 may include receiving a statistic related to the operation. In some cases, the statistic may be a count of how many times the operation has been performed in an interval. For example, the statistic may be a hit count of how many times the operation is performed in a day or an indication of when the operation was last performed. In some cases, block 204 may include receiving statistics for the corresponding rules from each of network device of the subset of network devices.
The example method may also include block 205. Block 205 may include using the rules obtained in block 203 to generate an SDN policy. For example, block 205 may be an implementation of block 104 of
In some implementations, SDN policies may be determined based on the received rules in a prioritized manner. In some cases, the statistics may be used to identify which flows to proactively preprogram. For example, the SDN policy may be generated if the statistic or statistics for the operation exceeds a threshold. In a further example, an administrator may define which rules have higher priorities for determining SDN policies. For example, SDN policies may be for rules having higher hit counts than other rule, for rules that correspond to more recent operations, or for rules that are identified as high priority by the administrator.
In some implementations, the SDN policy corresponding to the operation may replicate the network behavior created by the operation. For example, block 205 may include identifying an existing network path within the network slice from a subset of the received rules. Block 205 may include generating an SDN policy as a set of flow rules to implement the existing network path. As another example, block 205 may include identifying a network device that performs ACL or QoS operations. The SDN policy may be a rule for the same network device so that it continues to perform the ACL or QoS operations after being programmed with the rule.
In other implementations, the SDN policy corresponding to the operation may change the behavior of the network. For example, block 205 may include generating an SDN policy as a set of flow rules to implement a new network path derived from the existing network path. In some cases, the new network path may take into consideration overriding requirements provided by a network administrator or the new network path may be generated using the existing path as a cost parameter in a routing application. As another example, block 205 may include identifying a new network device to perform ACL or QoS operations. In some cases, the controller may determine that multiple network devices are performing ACL or QoS operations redundantly, and the policy may eliminate such redundancy. In other cases, an administrator may identify a different network device that is responsible for ACL or QoS, and the controller may determine a network policy as a rule for the different network device that replicates the ACL or QoS behavior of the previous network device.
The method may also include block 206. Block 206 may include transmitting flow rules to network devices to implement the SDN policy. As described above, implementing the SDN policy may involve the same network devices performing the existing operations, or may involve different network devices. Accordingly, block 206 may include transmitting the flow rules to the same network devices providing the rules in block 203. Block 206 may also include transmitting the flow rules to different network devices than the ones providing the rules in block 203.
In some implementations, the flow rules are transmitted to the network devices prior to SDN operations. Accordingly, after a transition to SDN-controlled operations, only flows that do not match the proactively instantiated flows will arrive at the controller. This may prevent the controller from being overloaded, reduce network congestion, and reduce the load on the network devices to send packets to the controller.
In other implementations, the flow rules are transmitted during SDN operations after the controller receives a packet matching the flow rule from a network device. For example, during transition to SDN, blocks 201-205 may be performed to proactively determine flow rules to implement the existing network behavior. However, those flow rules may only be provided to network devices when needed. This may reduce latency and reduce the computational load on the network controller.
In still further implementations, some flow rules are transmitted prior to SDN operation and some flow rules are provided on an as-needed basis. In some cases, statistics used received in block 204 are used to determine whether to transmit a flow rule to implement the SDN policy. For example, flow rules may be sent to the devise if the hit count for the corresponding operation exceeds a certain threshold. For example, flow table size limitations may prevent flow rules from being sent to implement SDN policies for all existing operations. The threshold may be set according to the flow table size limitations. For example, the threshold may be a percentage of the number of table entries, with some entries reserved for new operations.
The example network device 300 may include a processor 301. The processor 301 may execute various control plane applications. For example, the control plane applications may include SDN applications including an SDN agent, such as an OPENFLOW agent, and a legacy flow reporting agent. The control plane applications may also include legacy applications, such as route managers, L2 address managers, ACL managers, QoS managers, or other non-SDN function-related applications. These applications may be stored as software instructions on a non-transitory computer readable medium, such as random access memory (RAM), read only memory (ROM), flash memory, or storage. The network device 300 may also include a network interface 303. The network interface 303 may be used by the processor 301 to communicate with a network controller over an SDN management channel, such as an OPENFLOW channel.
The medium 302 may store instructions 304 executable by the processor 301 to receive a match field from a network coordinator. In some implementations, the instructions 304 may be executable to receive a set of match fields from the network coordinator. For example, the match fields may define a network slice to be transitioned from legacy operation to SDN operation. In some implementations, the instructions 304 may be executable to receive an identification of which legacy application to query for legacy operations. For example, the match field and legacy application identification may be received in an information request packet sent by the network controller.
The medium 302 may store instructions 305 executable by the processor 301 to query a legacy application to obtain a legacy network operation related to the received match field. For example, the instructions 305 may be executed as part of execution of a legacy rule reporting agent and the legacy application may be executed on the processor 301 as well. The processor 301 may query the legacy application using inter-application communications. In some implementations, the legacy application queried may be an application identified in the transmission received in
The instructions 305 may be executable by the processor 301 to obtain identification of legacy network operations related to the match field from the legacy applications. For example, the legacy network operations may be obtained as legacy rules, such as routing rules, bridging rules, ACL rules, or QoS rules. The instructions 305 may be further executable to obtain statistics related to the legacy network operations, such as hit counts or timestamps of last execution of the operations.
The medium 302 may store further instructions 306 executable by the processor 301 to transmit a rule for the legacy network operation to the network controller. In some cases, the transmitted rule is a flow rule, and the instructions 306 are executable to convert a legacy rule for the network operation into a flow rule. Instructions 306 may be further executable to transmit any statistics collected from the legacy applications to the network controller.
The example network device 401 may be capable of hybrid network operations, including legacy, non-SDN, network operations and SDN operations. Accordingly, the device 401 may include an SDN control plane 402 and a legacy control plane 403. In some implementations, the control planes 402, 403 may be executed as hardware functions, software applications stored on a non-transitory computer readable medium and executed by a processor, or combinations thereof. The device 401 may further include hardware resources 411 and ports 416-418. For example, the hardware resources 411 may include control application specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), ternary content addressable memory (TCAM), or other hardware. Applications executed on the control planes 402, 403 may control how packets received from hosts 419-421 on the ports 416-418 are treated by the device. The hosts 419-421 may be end devices or other network devices.
The SDN control plane 402 may include an SDN agent 405. The SDN agent 405 may connect to a network controller 415 over a management channel. For example, the SDN agent 405 may receive flow rules from the controller 415 and program those flow rules into a flow table 414. In some cases, a flow table 414 may be implemented using hardware resources 411. In some cases, a flow table 414 may be implemented in software as instructions executed by a processor and stored on a computer readable medium. In still further cases, the a network device 401 may include a flow pipeline including flow tables implemented in software and flow tables implemented in hardware.
The SDN control plane 402 may further include a legacy rule reporting agent 404. Execution of the legacy rule reporting agent 404 may involve execution of the instructions 304-306 of
The controller 500 may include a rule collector 501. The rule collector 501 may be configured to collect a rule for a legacy network operation corresponding to a match field from a first network device. In some cases, the legacy network operation may be an access control operation, a quality of service operation, a forwarding operation, a filtering operation, or a multicast operation. For example, the rule collector 501 may be able to query legacy rule reporting agents executed by network devices using a network interface 504. For example, the rule collector 501 may be able to perform block 101-103 of
In some cases, the rule collector 501 may collect a plurality of legacy rules corresponding to the match field from a corresponding plurality of network devices. The rule collector 501 may transmit a set of match fields corresponding to a network slice to a plurality of network devices and collect a set of rules from the plurality of network devices. For example, the rule collector 501 may perform blocks 201-203 of
Additionally, the rule collector 501 may collect statistics related to legacy rules from network devices. For example, the rule collector 501 may collect a hit count for the legacy rule from a network device. The rule collector 501 may collect such statistics as described with respect to block 204 of
The controller 500 may also include a policy analyzer 502. In some implementations, the policy analyzer 502 may perform block 104 of
The policy analyzer 502 may determine the policy from a subset of the rules meeting a rule priority requirement. In some cases, the policy analyzer 502 may receive a rule priority requirement from a network administrator. For the rule priority requirement may instruct the analyzer 502 to determine SDN rules based on which collected rules have a higher hit count, the most recently hit rules, or any other configured priority.
The controller 500 may also include a flow programmer 503. In some implementations, the flow programmer 503 may be configured to perform block 206 of
In the foregoing description, numerous details are set forth to provide an understanding of the subject disclosed herein. However, implementations may be practiced without some or all of these details. Other implementations may include modifications and variations from the details discussed above. It is intended that the appended claims cover such modifications and variations.
Number | Date | Country | Kind |
---|---|---|---|
1499/CHE/2014 | Mar 2014 | IN | national |
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/US2014/040331 | 5/30/2014 | WO | 00 |