SDNRG R. Gu, Ed.
Internet-Draft C. Li
Intended status: Informational Jinzhu. Wang
Expires: January 7, 2017 China Mobile
July 6, 2016
SDN Controller Requirement
draft-gu-sdnrg-sdn-controller-requirement-01
Abstract
The requirements of SDN controllers including fundamental technical
requirements, requirements of the SDN controller architecture and the
requirements of the SDN controller functionality are provided. All
these requirements raised are focused on the scalability,
reliability, programmability, intercommunity, security and the
network management of the SDN controller.Based on the requirements,
we have realized the SDN controller based on Opendaylight foused on
cloud datacenter.Due to realization, the interface between other
devices besides the ovs is not included up to now, while in the
actual design, some connections between controller and the forwarding
devices such as SDN gateway, firewall, and NAT are added into the
requirement of controller.
Status of This Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 7, 2017.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
Gu, et al. Expires January 7, 2017 [Page 1]
Internet-Draft sdn-controller-requirement-00 July 2016
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Fundamental technical requirements of SDN controllers . . . . 3
4. Requirements of the SDN controller architecture . . . . . . . 3
5. Requirements of the SDN controller functionality . . . . . . 6
6. Development of controller based on opendaylight . . . . . . . 8
7. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 12
8. Security Considerations . . . . . . . . . . . . . . . . . . . 12
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
10. Normative References . . . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction
Software-defined networking (SDN) is an intelligent network,
especially used in Data Centers, with configuration and operation
through a centralized software controller. SDN controller is a core
entity of the SDN architecture indicating how the network behaves and
where the traffic is sent. Network intelligence is logically
centralized in software-based SDN controllers that maintain an
abstract view of the network, which appears to applications and
policy engines as a single, logical switch.
Due to the importance of SDN controllers to the SDN architecture, the
requirements of SDN controllers should be come up with. The
requirements are divided into three parts: fundamental technical
requirements, requirements of the SDN controller architecture and the
requirements of the SDN controller functionality.
Based on the requirement of controller, in the actual design we have
found out that the connection between controller with the ovs is not
enougn. Thus more development on the controller is needed.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Gu, et al. Expires January 7, 2017 [Page 2]
Internet-Draft sdn-controller-requirement-00 July 2016
3. Fundamental technical requirements of SDN controllers
The fundamental technical requirements include scalability,
reliability, programmability, intercommunity, security, and the
network-based management.
Scalability:
SDN controller should meet the requirement of scalability in order to
adapt the changes and adjustments of the network. The computing and
controlling ability can be extended as the performance of hardware
increases.
Reliability:
SDN controller should meet the carrier-level requirement with rapid
fail-over mechanism.
Programmability:
SDN controller should offer APIs in order to provide rapid deployment
of new service through executing scripts such as Python and Java or
loading third-party module dynamically.
Intercommunity:
One SDN controller should support standard protocols in interacting
with other SDN controllers or with traditional network.
Security:
SDN controller should qualify the security requirements including the
communication security between the controllers and the switches, the
access control security of controllers and switches, TLS and IPsec
mechanism of the communication channels, DoS attacks prevention,
digital certificate of third-party support.
Network-based management:
SDN controller should provide tools for basic network management and
trouble diagnosis, such as secure access, status report, statistics,
forwarding operations and so on.
4. Requirements of the SDN controller architecture
SDN controller should support both traditional distributed forwarding
and centralized forwarding based on openflow. SDN controller
interacts with switch through southbound interface.
Gu, et al. Expires January 7, 2017 [Page 3]
Internet-Draft sdn-controller-requirement-00 July 2016
SDN controller is logically divided into several models, including
subsystem of protocol, forwarding abstraction layer (FAL), topology
management, route management, host management, flow table management,
interface management, database management, OAM interface management
and inter-application subsystems.
----------------------------------------------------------------------
| |------------------| |------------------| |
| | Orchestrator | | EPC | |
| |------------------| |------------------| |
| External application layer |
-----+---------------------------+------------------------------------
| |
| |
| -------------------------+-------------------------
| | |------------------| |--------------| |
| | | L2/L3 forwarding | | ARP reply | |
| | |------------------| |--------------| |
| | |
| | |-----| |-----| |-----| |-----| |
| | | BGP | | IGP | | TE | | ... | |
| | |-----| |-----| |-----| |-----| |
| | Internal application layer |
| ---------------------------------------------------
|
-------+------------------------------------------------------------------
| -------- ---------------------------------------------------- -------- |
| | | | | | | |
| | | | Route management | | | |
| | | | | | | |
| | | ---------------------------------------------------| | | |
| | | | | |
| | | |-----------||-----------||-----------||-----------| | | |
| | | | Topology || Host || Flow table|| Interface | | | |
| | | | Management|| Management|| Management|| Management| | | |
| | | |-----------||-----------||-----------||-----------| | | |
| | | | | |
| | DB | ---------------------------------------------------- | OAM | |
| |subsys| | Forwarding abstraction layer | |manage| |
| | | ---------------------------------------------------- | ment | |
| | | ---------------------------------------------------- | | |
| | | | Protocol subsystem | | | |
| | | | | | | |
| | | | ------------ ------------ ---------- --------- | | | |
| | | | | Openflow | | OF-Config| | BGP-LS | | XMPP | | | | |
| | | | ------------ ------------ ---------- --------- | | | |
| | | | ------------ ------------ ---------- | | | |
Gu, et al. Expires January 7, 2017 [Page 4]
Internet-Draft sdn-controller-requirement-00 July 2016
| | | | | OVSDB | | Netconf | | ... | | | | |
| | | | ------------ ------------ ---------- | | | |
| | | ---------------------------------------------------- | | |
| -------- -------- |
--------------------------------------------------------------------------
Figure 1: Sample Calibration Permutation
Protocol subsystem:
The protocol subsystem of the SDN controller focuses on southbound
interface with protocols such as openflow, OF-Config, BGP-LS, OVSDB,
Netconf, XMPP and so on.
Forwarding abstraction layer (FAL):
FAL translates the different forwarding plane into the unified
interface upside in order to realize the abstraction of SDN
controller node.
Topology management:
Topology is calculated through the status of port reported by the
switch with the protocol such as LLDP, BGP-LS and so on. Logical
networks are supported by SDN controller. Physical network can be
divided into several logical networks with physical port and host
corresponding to the virtual networks.
Route management:
Centralized computing of every virtual network is supported by
controller. Forwarding path is calculated according to the ability
of switch and the constraint conditions such as link cost, and
bandwidth and network information.
Host management:
Host management takes the function of MAC and ARP learning. Host
position and ARP information is recorded and aging at a certain time.
Flow table management:
Basic functions such as forwarding table storage, routing coalescence
and re-forwarding are realized by the flow table management. It's
suggested that both distributed and centralized forwarding models are
supported.
Gu, et al. Expires January 7, 2017 [Page 5]
Internet-Draft sdn-controller-requirement-00 July 2016
Interface management:
Interface configurations are maintained in the interface management,
including dynamic and static interface configuration information.
Virtual ARP table is also generated in the interface management
model.
Database management:
Forwarding table and openflow table are managed in the database
management with data synchronization.
OAM interface management:
Configuration command of command-line terminal and visualized network
management server is written into database. Management interface is
provided.
Inter-application subsystem:
Inter-application subsystem supports the interface to openstack and
cloud platform by restful. Layer 2 and Layer 3 forwarding, traffic
engineering, and ARP reply features are equipped. IGP/BGP protocols
are supported.
5. Requirements of the SDN controller functionality
Due to the fundamental techinical requirements of SDN controllers,
the follow functionality aspects need to be considered.
1. Requirement of multi-tenants and self-service
Multi-tenants with their self-service are typical scenarios of SDN.
Multi tenants are existed in data centers with several virtual
networks per tenant. IP address pool is allocated in every virtual
network. Virtual network is logically isolated with each other.
Same IP addresses can be assigned to different tenants. Virtual
routers are used in different virtual network communications.
2. Requirement of network function
Basic network functions SDN controller needs to support list as
follows.
(a) The number of tenants should be over 4000 by tunneling technique.
(b)Virtual machines in one subnet can communicate with each other by
unicast of layer 2.
Gu, et al. Expires January 7, 2017 [Page 6]
Internet-Draft sdn-controller-requirement-00 July 2016
(c) Virtual machines in different subnets can't communicate with each
other.
(d)Virtual machines in different subnets can communicate with other
by configuring a virtual router.
(e)Virtual machine can access to the network by assigning a public IP
address.
(f)Tenants can translate private IP address into public IP address by
NAT.
(g)Different tenants can use the same IP address and VLAN ID.
(h)Network can be recovered rapidly when fails.
(i)ARP Broadcast storm should be suppressed.
(j) Equal-Cost Load Sharing is supported in both underlay and overlay
networks.
(k)Traditional protocols such as IGP , BGP and others are supported.
3. Requirement of administrator features
Administrators are responsible for tenants creation and deletion,
network creation and deletion, unbinding the relation between tenants
and network, query for tenants' information, query for physical and
virtual information, virtual machine immigration and so on.
4. Requirement of network management
The information of switches, hosts and network topologies can be
queried by management. Monitoring on network traffic is supported by
network management. Network management is also responsible for
network policies release and flow table configuration.
5. Requirement of reliability and scalability
Reliability of SDN controller relies on active-standby mode by
controller node, secure connection between controller and switch
nodes, multi-controllers based on openflow and so on. Scalability of
SDN controller relies on node upgrading without service interruption
and unique node upgrade in the distribute systems without any
influence on the whole system.
6. Requirement of performance
Gu, et al. Expires January 7, 2017 [Page 7]
Internet-Draft sdn-controller-requirement-00 July 2016
Performance of SDN controller is reflected in the number of
forwarding nodes supported per controller node, the capacity of flow
table per controller node, speed of forwarding table processing per
node and standby time of controller node.
7. Requirement of northbound and southbound interface
The northbound interface of the SDN controller is to achieve the
requirement of the administrators and network management. While the
southbound interface of the SDN controller is including the interface
of status/configuration information such as OVSDB, OF-Config, XMPP
and the interface of routing/forwarding information such as Openflow,
XMPP, IGP, BGP and so on.
8. Requirement of processing flow
The process of packet-forwarding network networks added or modified,
physical network topology discovered and network failure advertised
should be required.
6. Development of controller based on opendaylight
Based on opendaylight, we had a trial of development of controller
focused on cloud datacenter. In China Mobile cloud datacenter,
virtual private cloud and basic service function chain is provided.
The architecture includes application, openstack K version,
controller,virtual machines with ovs, bare-metal server with SDN ToR,
virtual network functions with VNF manager,physical NAT,physical
firewall, physical load balancer and physical VPN.
Gu, et al. Expires January 7, 2017 [Page 8]
Internet-Draft sdn-controller-requirement-00 July 2016
------------------------------------------------------------
| application |
-----------------------------+------------------------------
|
-----------------------------+------------------------------
| openstack |
-----------------------------+------------------------------
|
----------------+------------------
| SDN controller |
-+--------------+-----------+------
| | |
| | |
|----------- | -------------
| | |
| +-----+----+ |
| | SDN ToR | |
------------ +-----+----+ ------+-----
| ------- | | | Physical |
| | OVS | | ------------ | devices |
| +-----+ | | | | |
| | | | |bare-metal| | NAT/ |
|--+- --+-| | Server | | FW/ |
||VM| |VM|| | | | LB/ |
|---- ----| | | | VPN |
------------ ------------ ------------
Figure 2: Architecture of SDN datacenter deployment
1.Connection between controller and ovs
Controller configures ovs with flow table of Layer2, Layer3,
ACL,security group, meter and so on.The connection between controller
and ovs has been defined in openflow.
2.Connection between controller and top of rack switch
Controller configures physical switch with the function of Lay2,
ACL,security group, meter and so on. Because of the limitation of
the physical switch, Lay3 function has been taken by SDN gateway.
3.Connection between controller and SDN gateway
SDN gateway is deployed as the outside of datacenter with the
function of vxlan encapsulation and de-encapsulation and acting as
v-router of north-south traffic and east-west traffic.
Gu, et al. Expires January 7, 2017 [Page 9]
Internet-Draft sdn-controller-requirement-00 July 2016
In connection with the SDN gateway, the interface of Controller lists
as:
(a)Ctreate vrouter with the information of vrouter-list, vrouter
UUID, vrouter's management ip and the tenant's id.
(b)Delete vrouter with the information of vrouter-list, vrouter UUID
and the tenant's id.
(c)Check vrouter with the information of vrouter UUID.
(d)Create interface of the vrouter which corresponds to sub-network
with information of router interfaces, vrouter UUID, interface UUID,
interface ip, interface netmask, interface macaddress, interface
attached tunnel, and tenand's id.
(e)Detele interface of the vrouter with the information of router
interfaces, interface UUID, and tenant's id.
(f)Check interface of the vrouter with the information of interface
UUID.
(g)Create vxlan tunnel with the informaion of tunnels, tunnel id,
tunnel source ip, tunnel destination ip, tunnel type, and tenant's
ip.
(h)Check the vxlan tunnel by tunnel id.
(i)Associate interface of the vrouter with tunnel including the
information of router interface, tunnel id, interface UUID, vxlan id,
and tenant's id.
(j)Add virtual machines or physical servers with the information of
host id, host ip address, host mac address, vxlan id, tunnel id and
tenant's id.
(k)Delete virtual machines or physical servers with the information
of host id and tenant's id.
(l)Check virtual machines or physical servers with the information of
host id.
4.Connection between controller and NAT
Nat device is taken the function as network address translation
including 1:1 NAT and N:1 NAT.
Gu, et al. Expires January 7, 2017 [Page 10]
Internet-Draft sdn-controller-requirement-00 July 2016
In connection with the NAT device, the interface of Controller lists
as:
(a) Create the routing configuration with the information of routing
id, routing prefix, the ip of next hop and the tenant's id.
(b)Delete the routing with the information of routing id and tenant's
id.
(c)Check the routing with the information of routing id.
(d)Create vlan with the information of vlan id, vlan port,vlan ip,
vlan netmask and tenant's id.
(e)Delete vlan with the information of vlan id and tenant's id.
(f)Check the vlan with the information of vlan id.
(g)Create N:1 NAT with the information of N:1 NAT id,vrouter UUID,NAT
ip address, NAT netmask, NAT gateway ip address, and tenant's id.
(h)Delete N:1 NAT with the information of N:1 NAT id and tenant's id.
(i)Check N:1 NAT with the information of N:1 NAT id.
(j)Create 1:1 NAT with the information of 1:1 NAT id,vrouter UUID,
1:1 NAT out ip address, 1:1 NAT in ip address and tenant's id.
(k)Delete 1:1 NAT with the information of 1:1 NAT id and tenant's id.
(l)Check 1:1 NAT with the information of 1:1 NAT id.
5.Connection between controller and firewall
Firewall is depolyed in the SDN network acting as the barrier
preventing some specific communications.
TBD
6.Connection between controller and Loadbalance
Loadbalancer is deployed in the SDN network distributing workloads
across mutiple computing resources.
TBD
Gu, et al. Expires January 7, 2017 [Page 11]
Internet-Draft sdn-controller-requirement-00 July 2016
7. Conclusion
All the requirements provided above are recommended to be taken into
consideration for the SDN controllers.And the development on
controller based on opendaylight can confirm these requirements.In
the actual design, connections between controller and ovs, SDN
gateway, firewall, LB and NAT should be taken into consideration.
8. Security Considerations
None.
9. IANA Considerations
None.
10. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, DOI 10.17487/RFC2234,
November 1997, <http://www.rfc-editor.org/info/rfc2234>.
Authors' Addresses
Rong Gu (editor)
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing 100053
China
Email: gurong_cmcc@outlook.com
Chen Li
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing 100053
China
Email: lichenyj@chinamobile.com
Gu, et al. Expires January 7, 2017 [Page 12]
Internet-Draft sdn-controller-requirement-00 July 2016
Jinzhu Wang
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing 100053
China
Email: wangjinzhu@chinamobile.com
Gu, et al. Expires January 7, 2017 [Page 13]