[Search] [pdf|bibtex] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01                                                         
SDNRG                                                         R. Gu, Ed.
Internet-Draft                                                     C. Li
Intended status: Informational                              Jinzhu. Wang
Expires: January 7, 2017                                    China Mobile
                                                            July 6, 2016


                       SDN Controller Requirement
              draft-gu-sdnrg-sdn-controller-requirement-01

Abstract

   The requirements of SDN controllers including fundamental technical
   requirements, requirements of the SDN controller architecture and the
   requirements of the SDN controller functionality are provided.  All
   these requirements raised are focused on the scalability,
   reliability, programmability, intercommunity, security and the
   network management of the SDN controller.Based on the requirements,
   we have realized the SDN controller based on Opendaylight foused on
   cloud datacenter.Due to realization, the interface between other
   devices besides the ovs is not included up to now, while in the
   actual design, some connections between controller and the forwarding
   devices such as SDN gateway, firewall, and NAT are added into the
   requirement of controller.

Status of This Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 7, 2017.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.





Gu, et al.               Expires January 7, 2017                [Page 1]


Internet-Draft        sdn-controller-requirement-00            July 2016


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   2
   3.  Fundamental technical requirements of SDN controllers . . . .   3
   4.  Requirements of the SDN controller architecture . . . . . . .   3
   5.  Requirements of the SDN controller functionality  . . . . . .   6
   6.  Development of controller based on opendaylight . . . . . . .   8
   7.  Conclusion  . . . . . . . . . . . . . . . . . . . . . . . . .  12
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  12
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  12
   10. Normative References  . . . . . . . . . . . . . . . . . . . .  12
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  12

1.  Introduction

   Software-defined networking (SDN) is an intelligent network,
   especially used in Data Centers, with configuration and operation
   through a centralized software controller.  SDN controller is a core
   entity of the SDN architecture indicating how the network behaves and
   where the traffic is sent.  Network intelligence is logically
   centralized in software-based SDN controllers that maintain an
   abstract view of the network, which appears to applications and
   policy engines as a single, logical switch.

   Due to the importance of SDN controllers to the SDN architecture, the
   requirements of SDN controllers should be come up with.  The
   requirements are divided into three parts: fundamental technical
   requirements, requirements of the SDN controller architecture and the
   requirements of the SDN controller functionality.

   Based on the requirement of controller, in the actual design we have
   found out that the connection between controller with the ovs is not
   enougn.  Thus more development on the controller is needed.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].




Gu, et al.               Expires January 7, 2017                [Page 2]


Internet-Draft        sdn-controller-requirement-00            July 2016


3.  Fundamental technical requirements of SDN controllers

   The fundamental technical requirements include scalability,
   reliability, programmability, intercommunity, security, and the
   network-based management.

   Scalability:

   SDN controller should meet the requirement of scalability in order to
   adapt the changes and adjustments of the network.  The computing and
   controlling ability can be extended as the performance of hardware
   increases.

   Reliability:

   SDN controller should meet the carrier-level requirement with rapid
   fail-over mechanism.

   Programmability:

   SDN controller should offer APIs in order to provide rapid deployment
   of new service through executing scripts such as Python and Java or
   loading third-party module dynamically.

   Intercommunity:

   One SDN controller should support standard protocols in interacting
   with other SDN controllers or with traditional network.

   Security:

   SDN controller should qualify the security requirements including the
   communication security between the controllers and the switches, the
   access control security of controllers and switches, TLS and IPsec
   mechanism of the communication channels, DoS attacks prevention,
   digital certificate of third-party support.

   Network-based management:

   SDN controller should provide tools for basic network management and
   trouble diagnosis, such as secure access, status report, statistics,
   forwarding operations and so on.

4.  Requirements of the SDN controller architecture

   SDN controller should support both traditional distributed forwarding
   and centralized forwarding based on openflow.  SDN controller
   interacts with switch through southbound interface.



Gu, et al.               Expires January 7, 2017                [Page 3]


Internet-Draft        sdn-controller-requirement-00            July 2016


   SDN controller is logically divided into several models, including
   subsystem of protocol, forwarding abstraction layer (FAL), topology
   management, route management, host management, flow table management,
   interface management, database management, OAM interface management
   and inter-application subsystems.


  ----------------------------------------------------------------------
  |    |------------------|             |------------------|           |
  |    |   Orchestrator   |             |        EPC       |           |
  |    |------------------|             |------------------|           |
  |   External application layer                                       |
  -----+---------------------------+------------------------------------
       |                           |
       |                           |
       |  -------------------------+-------------------------
       |  |         |------------------|  |--------------|  |
       |  |         | L2/L3 forwarding |  |  ARP reply   |  |
       |  |         |------------------|  |--------------|  |
       |  |                                                 |
       |  |         |-----|   |-----|  |-----| |-----|      |
       |  |         | BGP |   | IGP |  |  TE | | ... |      |
       |  |         |-----|   |-----|  |-----| |-----|      |
       |  | Internal application layer                      |
       |  ---------------------------------------------------
       |
-------+------------------------------------------------------------------
| -------- ---------------------------------------------------- -------- |
| |      | |                                                  | |      | |
| |      | |                      Route management            | |      | |
| |      | |                                                  | |      | |
| |      | ---------------------------------------------------| |      | |
| |      |                                                      |      | |
| |      | |-----------||-----------||-----------||-----------| |      | |
| |      | | Topology  ||    Host   || Flow table|| Interface | |      | |
| |      | | Management|| Management|| Management|| Management| |      | |
| |      | |-----------||-----------||-----------||-----------| |      | |
| |      |                                                      |      | |
| |  DB  | ---------------------------------------------------- | OAM  | |
| |subsys| |          Forwarding abstraction layer            | |manage| |
| |      | ---------------------------------------------------- | ment | |
| |      | ---------------------------------------------------- |      | |
| |      | |     Protocol subsystem                           | |      | |
| |      | |                                                  | |      | |
| |      | | ------------ ------------  ----------  --------- | |      | |
| |      | | | Openflow | | OF-Config|  | BGP-LS |  |  XMPP | | |      | |
| |      | | ------------ ------------  ----------  --------- | |      | |
| |      | | ------------ ------------  ----------            | |      | |



Gu, et al.               Expires January 7, 2017                [Page 4]


Internet-Draft        sdn-controller-requirement-00            July 2016


| |      | | |   OVSDB  | | Netconf  |  |   ...  |            | |      | |
| |      | | ------------ ------------  ----------            | |      | |
| |      | ---------------------------------------------------- |      | |
| --------                                                      -------- |
--------------------------------------------------------------------------


                 Figure 1: Sample Calibration Permutation

   Protocol subsystem:

   The protocol subsystem of the SDN controller focuses on southbound
   interface with protocols such as openflow, OF-Config, BGP-LS, OVSDB,
   Netconf, XMPP and so on.

   Forwarding abstraction layer (FAL):

   FAL translates the different forwarding plane into the unified
   interface upside in order to realize the abstraction of SDN
   controller node.

   Topology management:

   Topology is calculated through the status of port reported by the
   switch with the protocol such as LLDP, BGP-LS and so on.  Logical
   networks are supported by SDN controller.  Physical network can be
   divided into several logical networks with physical port and host
   corresponding to the virtual networks.

   Route management:

   Centralized computing of every virtual network is supported by
   controller.  Forwarding path is calculated according to the ability
   of switch and the constraint conditions such as link cost, and
   bandwidth and network information.

   Host management:

   Host management takes the function of MAC and ARP learning.  Host
   position and ARP information is recorded and aging at a certain time.

   Flow table management:

   Basic functions such as forwarding table storage, routing coalescence
   and re-forwarding are realized by the flow table management.  It's
   suggested that both distributed and centralized forwarding models are
   supported.




Gu, et al.               Expires January 7, 2017                [Page 5]


Internet-Draft        sdn-controller-requirement-00            July 2016


   Interface management:

   Interface configurations are maintained in the interface management,
   including dynamic and static interface configuration information.
   Virtual ARP table is also generated in the interface management
   model.

   Database management:

   Forwarding table and openflow table are managed in the database
   management with data synchronization.

   OAM interface management:

   Configuration command of command-line terminal and visualized network
   management server is written into database.  Management interface is
   provided.

   Inter-application subsystem:

   Inter-application subsystem supports the interface to openstack and
   cloud platform by restful.  Layer 2 and Layer 3 forwarding, traffic
   engineering, and ARP reply features are equipped.  IGP/BGP protocols
   are supported.

5.  Requirements of the SDN controller functionality

   Due to the fundamental techinical requirements of SDN controllers,
   the follow functionality aspects need to be considered.

   1.  Requirement of multi-tenants and self-service

   Multi-tenants with their self-service are typical scenarios of SDN.
   Multi tenants are existed in data centers with several virtual
   networks per tenant.  IP address pool is allocated in every virtual
   network.  Virtual network is logically isolated with each other.
   Same IP addresses can be assigned to different tenants.  Virtual
   routers are used in different virtual network communications.

   2.  Requirement of network function

   Basic network functions SDN controller needs to support list as
   follows.

   (a) The number of tenants should be over 4000 by tunneling technique.

   (b)Virtual machines in one subnet can communicate with each other by
   unicast of layer 2.



Gu, et al.               Expires January 7, 2017                [Page 6]


Internet-Draft        sdn-controller-requirement-00            July 2016


   (c) Virtual machines in different subnets can't communicate with each
   other.

   (d)Virtual machines in different subnets can communicate with other
   by configuring a virtual router.

   (e)Virtual machine can access to the network by assigning a public IP
   address.

   (f)Tenants can translate private IP address into public IP address by
   NAT.

   (g)Different tenants can use the same IP address and VLAN ID.

   (h)Network can be recovered rapidly when fails.

   (i)ARP Broadcast storm should be suppressed.

   (j) Equal-Cost Load Sharing is supported in both underlay and overlay
   networks.

   (k)Traditional protocols such as IGP , BGP and others are supported.

   3.  Requirement of administrator features

   Administrators are responsible for tenants creation and deletion,
   network creation and deletion, unbinding the relation between tenants
   and network, query for tenants' information, query for physical and
   virtual information, virtual machine immigration and so on.

   4.  Requirement of network management

   The information of switches, hosts and network topologies can be
   queried by management.  Monitoring on network traffic is supported by
   network management.  Network management is also responsible for
   network policies release and flow table configuration.

   5.  Requirement of reliability and scalability

   Reliability of SDN controller relies on active-standby mode by
   controller node, secure connection between controller and switch
   nodes, multi-controllers based on openflow and so on.  Scalability of
   SDN controller relies on node upgrading without service interruption
   and unique node upgrade in the distribute systems without any
   influence on the whole system.

   6.  Requirement of performance




Gu, et al.               Expires January 7, 2017                [Page 7]


Internet-Draft        sdn-controller-requirement-00            July 2016


   Performance of SDN controller is reflected in the number of
   forwarding nodes supported per controller node, the capacity of flow
   table per controller node, speed of forwarding table processing per
   node and standby time of controller node.

   7.  Requirement of northbound and southbound interface

   The northbound interface of the SDN controller is to achieve the
   requirement of the administrators and network management.  While the
   southbound interface of the SDN controller is including the interface
   of status/configuration information such as OVSDB, OF-Config, XMPP
   and the interface of routing/forwarding information such as Openflow,
   XMPP, IGP, BGP and so on.

   8.  Requirement of processing flow

   The process of packet-forwarding network networks added or modified,
   physical network topology discovered and network failure advertised
   should be required.

6.  Development of controller based on opendaylight

   Based on opendaylight, we had a trial of development of controller
   focused on cloud datacenter.  In China Mobile cloud datacenter,
   virtual private cloud and basic service function chain is provided.
   The architecture includes application, openstack K version,
   controller,virtual machines with ovs, bare-metal server with SDN ToR,
   virtual network functions with VNF manager,physical NAT,physical
   firewall, physical load balancer and physical VPN.






















Gu, et al.               Expires January 7, 2017                [Page 8]


Internet-Draft        sdn-controller-requirement-00            July 2016


   ------------------------------------------------------------
   |                         application                      |
   -----------------------------+------------------------------
                                      |
   -----------------------------+------------------------------
   |                          openstack                       |
   -----------------------------+------------------------------
                                      |
                ----------------+------------------
                |         SDN controller          |
                -+--------------+-----------+------
                 |              |           |
                 |              |           |
      |-----------              |           -------------
      |                         |                       |
      |                   +-----+----+                  |
      |                   | SDN ToR  |                  |
    ------------          +-----+----+            ------+-----
    |  ------- |                |                 | Physical |
    |  | OVS | |          ------------            | devices  |
    |  +-----+ |          |          |            |          |
    |  |     | |          |bare-metal|            |   NAT/   |
    |--+-  --+-|          |  Server  |            |   FW/    |
    ||VM|  |VM||          |          |            |   LB/    |
    |----  ----|          |          |            |   VPN    |
    ------------          ------------            ------------

            Figure 2: Architecture of SDN datacenter deployment

   1.Connection between controller and ovs

   Controller configures ovs with flow table of Layer2, Layer3,
   ACL,security group, meter and so on.The connection between controller
   and ovs has been defined in openflow.

   2.Connection between controller and top of rack switch

   Controller configures physical switch with the function of Lay2,
   ACL,security group, meter and so on.  Because of the limitation of
   the physical switch, Lay3 function has been taken by SDN gateway.

   3.Connection between controller and SDN gateway

   SDN gateway is deployed as the outside of datacenter with the
   function of vxlan encapsulation and de-encapsulation and acting as
   v-router of north-south traffic and east-west traffic.





Gu, et al.               Expires January 7, 2017                [Page 9]


Internet-Draft        sdn-controller-requirement-00            July 2016


   In connection with the SDN gateway, the interface of Controller lists
   as:

   (a)Ctreate vrouter with the information of vrouter-list, vrouter
   UUID, vrouter's management ip and the tenant's id.

   (b)Delete vrouter with the information of vrouter-list, vrouter UUID
   and the tenant's id.

   (c)Check vrouter with the information of vrouter UUID.

   (d)Create interface of the vrouter which corresponds to sub-network
   with information of router interfaces, vrouter UUID, interface UUID,
   interface ip, interface netmask, interface macaddress, interface
   attached tunnel, and tenand's id.

   (e)Detele interface of the vrouter with the information of router
   interfaces, interface UUID, and tenant's id.

   (f)Check interface of the vrouter with the information of interface
   UUID.

   (g)Create vxlan tunnel with the informaion of tunnels, tunnel id,
   tunnel source ip, tunnel destination ip, tunnel type, and tenant's
   ip.

   (h)Check the vxlan tunnel by tunnel id.

   (i)Associate interface of the vrouter with tunnel including the
   information of router interface, tunnel id, interface UUID, vxlan id,
   and tenant's id.

   (j)Add virtual machines or physical servers with the information of
   host id, host ip address, host mac address, vxlan id, tunnel id and
   tenant's id.

   (k)Delete virtual machines or physical servers with the information
   of host id and tenant's id.

   (l)Check virtual machines or physical servers with the information of
   host id.

   4.Connection between controller and NAT

   Nat device is taken the function as network address translation
   including 1:1 NAT and N:1 NAT.





Gu, et al.               Expires January 7, 2017               [Page 10]


Internet-Draft        sdn-controller-requirement-00            July 2016


   In connection with the NAT device, the interface of Controller lists
   as:

   (a) Create the routing configuration with the information of routing
   id, routing prefix, the ip of next hop and the tenant's id.

   (b)Delete the routing with the information of routing id and tenant's
   id.

   (c)Check the routing with the information of routing id.

   (d)Create vlan with the information of vlan id, vlan port,vlan ip,
   vlan netmask and tenant's id.

   (e)Delete vlan with the information of vlan id and tenant's id.

   (f)Check the vlan with the information of vlan id.

   (g)Create N:1 NAT with the information of N:1 NAT id,vrouter UUID,NAT
   ip address, NAT netmask, NAT gateway ip address, and tenant's id.

   (h)Delete N:1 NAT with the information of N:1 NAT id and tenant's id.

   (i)Check N:1 NAT with the information of N:1 NAT id.

   (j)Create 1:1 NAT with the information of 1:1 NAT id,vrouter UUID,
   1:1 NAT out ip address, 1:1 NAT in ip address and tenant's id.

   (k)Delete 1:1 NAT with the information of 1:1 NAT id and tenant's id.

   (l)Check 1:1 NAT with the information of 1:1 NAT id.

   5.Connection between controller and firewall

   Firewall is depolyed in the SDN network acting as the barrier
   preventing some specific communications.

   TBD

   6.Connection between controller and Loadbalance

   Loadbalancer is deployed in the SDN network distributing workloads
   across mutiple computing resources.

   TBD






Gu, et al.               Expires January 7, 2017               [Page 11]


Internet-Draft        sdn-controller-requirement-00            July 2016


7.  Conclusion

   All the requirements provided above are recommended to be taken into
   consideration for the SDN controllers.And the development on
   controller based on opendaylight can confirm these requirements.In
   the actual design, connections between controller and ovs, SDN
   gateway, firewall, LB and NAT should be taken into consideration.

8.  Security Considerations

   None.

9.  IANA Considerations

   None.

10.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC2234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
              Specifications: ABNF", RFC 2234, DOI 10.17487/RFC2234,
              November 1997, <http://www.rfc-editor.org/info/rfc2234>.

Authors' Addresses

   Rong Gu (editor)
   China Mobile
   32 Xuanwumen West Ave, Xicheng District
   Beijing  100053
   China

   Email: gurong_cmcc@outlook.com


   Chen Li
   China Mobile
   32 Xuanwumen West Ave, Xicheng District
   Beijing  100053
   China

   Email: lichenyj@chinamobile.com






Gu, et al.               Expires January 7, 2017               [Page 12]


Internet-Draft        sdn-controller-requirement-00            July 2016


   Jinzhu Wang
   China Mobile
   32 Xuanwumen West Ave, Xicheng District
   Beijing  100053
   China

   Email: wangjinzhu@chinamobile.com












































Gu, et al.               Expires January 7, 2017               [Page 13]