Slicing Network Control (text)

by Sasha Shkrebets last modified Mar 06, 2023 01:18 PM
In this lesson, we'll talk about Slicing Network Control. I'll give an overview of Network Slicing. I'll talk about what Network Slicing is and I'll talk about why you might want to Slice Network Control.
Welcome back.
In this lesson, we'll talk about Slicing Network Control.
I'll give an overview of Network Slicing.
I'll talk about what Network Slicing is and I'll
talk about why you might want to Slice Network Control.
Then I'll talk about specific concepts of flowspace,
and various ways that slicing policies can be defined.
I'll then talk about FlowVisor, which is
a particular SDN controller, that virtualizes SDN Control,
allowing multiple SDN controllers, to control a single
set of switches, without interfering with one another.
I'll then talk about several applications of Network Slicing.
As we know from previous lessons existing SDN controlled
network devices, are typically controlled from a single control plane,
that computes forwarding rules and pushes the rules down
to the data plane using an agreed upon control protocol.
The data plan then, enforces those rules, and exceptions can
be pushed back to the control plane, as they arise.
The basic idea behind slicing the network, or slicing the control
plane is to add a layer between the control and data plane.
So that each control slice believes that it owns the data path.
The slicing layer then has the
responsibility of enforcing isolation between these slices.
Policies defined at the slicing layer control which slices should have
access to, or control over, different parts of the data plane.
In short, network slicing defines the production network into logical slices.
So that each slice controls its own packet forwarding.
Users or applications might be able to
pick which slices control their network traffic.
Additionally, existing production services can run in their own slice or slices
that are separate from slices that might be used for testing or experimentation.
Slicing enforces strong isolation between each of the control slices.
So that actions in one slice, don't affect other slices.
Each slice can also mirror a production network.
These additional slices might be used for testing, or for research.
For example, for trying out new, experimental types of control protocols.
There are various reasons you might want to slice the network.
One, is that the network might have multiple
administrative groups, such as different departments on a campus.
Another is that the network might have multiple customers.
A common example of this might be multiple tenants in a
shared data center or researchers operating
on a shared test bed infrastructure.
Another reason why you might want to slice the
network is to separate experiments from the operational network.
So that research or experiments can be
supported without breaking the real operational services.
Virtualization can also be used to expand a network's footprint.
It can also allow multiple services or
applications to operate in the same domain.
With Slicing, the data plane operates
essentially unmodified, so there's no performance penalty.
It merely implements forwarding according to what the control plane tells it.
The Slicing policy which sits above the data plot, determines
which control slice, can control different parts of the data point.
A Slicing policy, specifies resource limits for each slice.
Such as the link bandwidth, the maximum
number of forwarding rules, the topology or
the fraction of switch or router CPU that that control slice should have access to.
One way of slicing control is through a concept called flow space.
We can think of traffic as being divided according to a multidimensional space.
According to fields in the packet, this diagram shows a simple example of
flow space being divided according to MAC address, IP address and TCP port.
Slices can be defined based on groups of packets
that share one or more of these fields in common.
One simple way to enforce isolation is to ensure that
no two controllers control the same portion of flow space.
One example of a SDN controller that slices the network is called FlowVisor.
FlowVisor is an OpenFlow controller that acts as a transparent proxy between
OpenFlow switches and multiple OpenFlow controllers
that might be controlling the network.
Each slice is defined on any combination
of fields from layer one, through layer four.
FlowVisor act's as the slicing layer, that enforces isolation between each slice.
FlowVisor sits between multiple OpenFlow controllers that might be operating in
the control plane, and open flow enabled switches, in the data path.
It performs different types of policy checks.
For example, when a controller attempts to install a rule, it attempts to
determine whether that controller is allowed
to install that rule in the switch.
It also determines which controller controls a particular packet.
So that if a packet needs to be sent
to the controller, it's sent to the right one.
There are various ways to Slice the Network.
For example, you could Slice the Network by switch
port, which provides basically the same functionality as VLANs.
Another way to Slice the Network, might be by application, or TCP port.
Doing this in today's network is technically possible,
but it would require some more complicated access
control lists and Dynamism might be a bit
more difficult without the benefits of SDN control.
One application of Network Slicing is testing.
Using slicing, an operator could connect a fully
operational network that essentially mirrors the existing production topology.
This type of slicing could allow for more realistic evaluation and testing
is the same control software that's being used in the mirrored network.
And actually, simply we migrated to the production network, and
the operator can have some assurance with the same control
logic, and software that was tested in the shadow network,
will operate in the same way in the production network.
Another potential application for Network Slicing is
in home networks, or the internet of things.
Here's an example where a Home Network is sliced so that multiple service
providers can have access toward the access network and the users home network.
In this example an access network owner by gives a slice of the last mile
to the user, and it might rent another
one to utility company for smart grid applications.
In turn, the user inside the home might slice his or her own home network
for applications such as guest WiFi, network management, and video streaming.
An application of this type of slicing, might be to slice a particular portion of
the home network for a group of users
or for application for quality of service purposes.
In
summary, Slicing the SDN control plane allows
the possibility for multiple administrative entities to
control a single set of SDN switches which might be used for pre-production testing.
And also, sharing the network between multiple entities, or tenants.
Slicing can be performed in a variety of ways, including by
switch board, or on any part of what's called flow space.
FlowVisor is one example of slicing SDN control, but of
course, there are other ways to do this as well.
The notion of slicing isn't particularly new.
As we know, virtual LANs is one rudimentary way of slicing a network.
But slicing SDN control allows for many more possibilities,
for slicing the network, and sharing it, among multiple entities.
Navigation