Slicing Network Control (text)

by Sasha Shkrebets — last modified Mar 06, 2023 01:18 PM

In this lesson, we'll talk about Slicing Network Control. I'll give an overview of Network Slicing. I'll talk about what Network Slicing is and I'll talk about why you might want to Slice Network Control.

Welcome back.

In this lesson, we'll talk about Slicing Network Control.

I'll give an overview of Network Slicing.

I'll talk about what Network Slicing is and I'll

talk about why you might want to Slice Network Control.

Then I'll talk about specific concepts of flowspace,

and various ways that slicing policies can be defined.

I'll then talk about FlowVisor, which is

a particular SDN controller, that virtualizes SDN Control,

allowing multiple SDN controllers, to control a single

set of switches, without interfering with one another.

I'll then talk about several applications of Network Slicing.

As we know from previous lessons existing SDN controlled

network devices, are typically controlled from a single control plane,

that computes forwarding rules and pushes the rules down

to the data plane using an agreed upon control protocol.

The data plan then, enforces those rules, and exceptions can

be pushed back to the control plane, as they arise.

The basic idea behind slicing the network, or slicing the control

plane is to add a layer between the control and data plane.

So that each control slice believes that it owns the data path.

The slicing layer then has the

responsibility of enforcing isolation between these slices.

Policies defined at the slicing layer control which slices should have

access to, or control over, different parts of the data plane.

In short, network slicing defines the production network into logical slices.

So that each slice controls its own packet forwarding.

Users or applications might be able to

pick which slices control their network traffic.

Additionally, existing production services can run in their own slice or slices

that are separate from slices that might be used for testing or experimentation.

Slicing enforces strong isolation between each of the control slices.

So that actions in one slice, don't affect other slices.

Each slice can also mirror a production network.

These additional slices might be used for testing, or for research.

For example, for trying out new, experimental types of control protocols.

There are various reasons you might want to slice the network.

One, is that the network might have multiple

administrative groups, such as different departments on a campus.

Another is that the network might have multiple customers.

A common example of this might be multiple tenants in a

shared data center or researchers operating

on a shared test bed infrastructure.

Another reason why you might want to slice the

network is to separate experiments from the operational network.

So that research or experiments can be

supported without breaking the real operational services.

Virtualization can also be used to expand a network's footprint.

It can also allow multiple services or

applications to operate in the same domain.

With Slicing, the data plane operates

essentially unmodified, so there's no performance penalty.

It merely implements forwarding according to what the control plane tells it.

The Slicing policy which sits above the data plot, determines

which control slice, can control different parts of the data point.

A Slicing policy, specifies resource limits for each slice.

Such as the link bandwidth, the maximum

number of forwarding rules, the topology or

the fraction of switch or router CPU that that control slice should have access to.

One way of slicing control is through a concept called flow space.

We can think of traffic as being divided according to a multidimensional space.

According to fields in the packet, this diagram shows a simple example of

flow space being divided according to MAC address, IP address and TCP port.

Slices can be defined based on groups of packets

that share one or more of these fields in common.

One simple way to enforce isolation is to ensure that

no two controllers control the same portion of flow space.

One example of a SDN controller that slices the network is called FlowVisor.

FlowVisor is an OpenFlow controller that acts as a transparent proxy between

OpenFlow switches and multiple OpenFlow controllers

that might be controlling the network.

Each slice is defined on any combination

of fields from layer one, through layer four.

FlowVisor act's as the slicing layer, that enforces isolation between each slice.

FlowVisor sits between multiple OpenFlow controllers that might be operating in

the control plane, and open flow enabled switches, in the data path.

It performs different types of policy checks.

For example, when a controller attempts to install a rule, it attempts to

determine whether that controller is allowed

to install that rule in the switch.

It also determines which controller controls a particular packet.

So that if a packet needs to be sent

to the controller, it's sent to the right one.

There are various ways to Slice the Network.

For example, you could Slice the Network by switch

port, which provides basically the same functionality as VLANs.

Another way to Slice the Network, might be by application, or TCP port.

Doing this in today's network is technically possible,

but it would require some more complicated access

control lists and Dynamism might be a bit

more difficult without the benefits of SDN control.

One application of Network Slicing is testing.

Using slicing, an operator could connect a fully

operational network that essentially mirrors the existing production topology.

This type of slicing could allow for more realistic evaluation and testing

is the same control software that's being used in the mirrored network.

And actually, simply we migrated to the production network, and

the operator can have some assurance with the same control

logic, and software that was tested in the shadow network,

will operate in the same way in the production network.

Another potential application for Network Slicing is

in home networks, or the internet of things.

Here's an example where a Home Network is sliced so that multiple service

providers can have access toward the access network and the users home network.

In this example an access network owner by gives a slice of the last mile

to the user, and it might rent another

one to utility company for smart grid applications.

In turn, the user inside the home might slice his or her own home network

for applications such as guest WiFi, network management, and video streaming.

An application of this type of slicing, might be to slice a particular portion of

the home network for a group of users

or for application for quality of service purposes.

summary, Slicing the SDN control plane allows

the possibility for multiple administrative entities to

control a single set of SDN switches which might be used for pre-production testing.

And also, sharing the network between multiple entities, or tenants.

Slicing can be performed in a variety of ways, including by

switch board, or on any part of what's called flow space.

FlowVisor is one example of slicing SDN control, but of

course, there are other ways to do this as well.

The notion of slicing isn't particularly new.

As we know, virtual LANs is one rudimentary way of slicing a network.

But slicing SDN control allows for many more possibilities,

for slicing the network, and sharing it, among multiple entities.