In 2013, the CERN openlab Networking Competence Centre (NCC) activities focused on Software-Defined Networking (SDN) through the ViSION (Virtual Services In OpenFlow Networks) project, a joint research and development collaboration with HP. This project started in 2012 and leverages HP’s SDN platform and expertise for scaling out network resource utilisation by building a flexible traffic orchestrator. The research phase was completed in the project’s first year and both parties approved the conceptual design. In 2013, the development phase reached an important milestone through the implementation of the core functionality required for traffic orchestration.
A game-changing technology
SDN is a new technology that promises to change the way networks work. It decouples the forwarding decision logic (the control plane) from the underlying infrastructure performing data transmission (the data plane).
Traditional networking relies on each network device taking its own forwarding decisions. Thus, devices must interact with their peers through complex distributed protocols in order to have enough information about the state of the network. In contrast with the traditional approach, SDN controller exports the decision logic from the networking equipment to an external software controller, which has a global view of the network and can make educated traffic-engineering decisions.
OpenFlow is the protocol that boosted SDN by providing an open standardised API (Application Programming Interface) between the data and control planes. It enables the fast specialised hardware forwarding engines from network devices to be ‘programmed’ by an external software controller, thus allowing full flexibility for designing and implementing the control plane of the network. SDN started gaining momentum after the first release of the OpenFlow protocol in 2009. The trend has continued and 2013 has been the year in which several SDN development platforms have become available, both from industry (e.g. HP, Juniper) and from the open-source community.
ViSION traffic orchestrator
The ViSION traffic orchestrator is an SDN application that aims at enabling resource scale-out by distributing network traffic to multiple resources of the same type. Client networks access sets of similar resources through a set of OpenFlow fabrics, which are ‘programmed’ by the ViSION controller. The single centralised controller enables correlated traffic orchestration in multiple OpenFlow fabrics, a feature that cannot be achieved with traditional network equipment.
To optimally distribute the load, the ViSION traffic orchestrator needs a feedback loop with information about the load and traffic patterns experienced by each individual resource. A configurable health-monitor module has been developed for this purpose. Using the health-monitor feedback, the controller can optimally distribute the load over the available resources. Furthermore, it can dynamically redistribute the load in case some resources become overloaded or unavailable.
The SDN centralised controller enables synchronised traffic-orchestration decisions to be made in multiple OpenFlow fabrics. This in turn enables scaling out of stateful resources. For example, a scalable firewall system can be built by deploying a properly sized tier of firewalls in-between two OpenFlow fabrics controlled by the same ViSION application. The SDN centralised controller ensures that both directions of each flow are handled by the same firewall, a requirement that cannot be easily fulfilled with traditional load-balancing network appliances.
ViSION application overview
The ViSION traffic orchestrator features a stacked SDN architecture, comprising three layers: infrastructure, control and application. The infrastructure layer consists of a fabric of OpenFlow enabled switches. In the control layer, HP’s Virtual Application Networks (VAN) SDN framework is leveraged to accelerate the software development process and to ensure robustness. The ViSION orchestrator is implemented at the application layer, and uses HP’s VAN northbound API for interacting with the controller.
One of the challenges of developing SDN applications is the lack of established validation and troubleshooting methodologies. To address this issue, the NCC team developed a prototype traffic injector. It supports the generation of a deterministic configurable sequence of flows, which enables the regressive testing of the ViSION traffic orchestrator.
Status and outlook
2013 saw the completion of the last two phases of the ViSION project: the core framework design phase and its development phase. At the end of each of these phases, the CERN openlab ViSION team visited the HP Networking team in Roseville, California, USA. On this occasion, technical and planning aspects were covered through meetings and brainstorming sessions. The fruitful interactions with HP engineers and technologists helped to better align the project’s roadmap with HP’s vision.
The ViSION core framework offers a platform for implementing traffic orchestration. The ViSION project has now been completed, enabling CERN and HP to independently assess the appropriateness of applying this technology to fit their own use-cases. From CERN’s perspective, possible applications are scaling out its firewall system and data centre flow optimisation, while HP can leverage the solution and know-how to expand their SDN platform.
Previous activities for the Networking Competence Centre covering 2012 are available here. Further content can be found archived on the previous phases' website here.