We demonstrate multi-layer encrypted service provisioning via the ACINO orchestrator. ACINO combines a novel intent interface with an ONOS-based SDN orchestrator to facilitate encrypted services at IP, Ethernet and optical network layers.
The concept of software-defined networking (SDN) recently gained huge momentum in the industry, driven mainly by IT companies interested in data center applications. In this paper, however, we apply SDN to the carrier domain, which poses additional requirements in terms of network management functions. As a specific use-case we take a virtualized carrier network shared by multiple customers. We consider the current SDN model as defined by the Open Networking Foundation (ONF), including the OpenFlow and OF-config protocols. Through a step-by-step discussion of the rocedures required to configure and manage the virtualized network, we analyze the applicability of the current SDN model as specified by the ONF. As a result, we identify shortcomings and propose necessary extensions to the ONF SDN model. The highlighted extensions include control network bootstrapping considerations, updates to the SDN and NOS model, and most importantly extensions of the OF-config management data model.
Emerging use-cases like smart manufacturing and smart cities pose challenges in terms of latency, which cannot be satisfied by traditional centralized infrastructure. Edge networks, which bring computational capacity closer to the users/clients, are a promising solution for supporting these critical low latency services. Different from traditional centralized networks, the edge is distributed by nature and is usually equipped with limited compute capacity. This creates a complex network to handle, subject to failures of different natures, that requires novel solutions to work in practice. To reduce complexity, edge application technology enablers, advanced infrastructure and application orchestration techniques need to be in place where AI and ML are key players.
Although there is consensus that software defined networking and network functions virtualization overhaul service provisioning and deployment, the community still lacks a definite answer on how carrier-grade operations praxis needs to evolve. This article presents what lies beyond the first evolutionary steps in network management, identifies the challenges in service verification, observability, and troubleshooting, and explains how to address them using our Service Provider DevOps (SP-DevOps) framework. We compendiously cover the entire process from design goals to tool realization and employ an elastic version of an industry-standard use case to show how on-the-fly verification, software-defined monitoring, and automated troubleshooting of services reduce the cost of fault management actions. We assess SP-DevOps with respect to key attributes of software-defined telecommunication infrastructures both qualitatively and quantitatively, and demonstrate that SP-DevOps paves the way toward carrier-grade operations and management in the network virtualization era.
Technology trends such as Cloud, SDN, and NFV are transforming the telecommunications business, promising higher service flexibility and faster deployment times. They also allow for increased programmability of the infrastructure layers. We propose to split selected monitoring control functionality onto node-local control planes, thereby taking advantage of processing capabilities on programmable nodes. Our software defined monitoring approach provides telecom operators with a way to handle the trade off between high-granular monitoring information versus network and computation loads at central control and management layers. To illustrate the concept, a link rate monitoring function is implemented using node-local control plane components. Furthermore, we introduce a messaging bus for simple and flexible communication between monitoring function components as well as control and management systems. We investigate scalability gains with a numerical analysis, demonstrating that our approach would generate thousand fold less monitoring traffic while providing similar information granularity as a naive SNMP implementation or an Open Flow approach.
5G mobile communication systems will need to accommodate a variety of use-cases, resulting in a diverse set of requirements. To meet these requirements, 5G systems take advantage of modern virtualization possibilities offered by Network Function Virtualization (NFV), enabling deployment agility and dynamicity of virtualized network functions. With the transformation of telecom towards virtualized environments, advanced observability possibilities gain increasing importance as one of the essential prerequisites, especially for successful DevOps operations. However, deployment agility also puts specific requirements on monitoring solutions in order to adapt automatically and continuously to frequent changes in service deployments. In this short-paper, we establish and discuss essential properties of observability systems for virtual network functions in a 5G context. We take these properties as guiding design principles for our software-defined monitoring framework and outline how to evolve our existing components towards a flexible, scalable, and programmable observability solution for microservice-based NFV with features for increased manageability.
In the OpenFlow based split architecture, data-plane forwarding is separated from control and management functions. Forwarding elements make only simple forwarding decisions based on flow table entries populated by the controller. While OpenFlow does not specify how topology monitoring is performed, the centralized controller can use Link-Layer Discovery Protocol (LLDP) messages to discover link and node failures and trigger restoration actions. This monitoring and recovery model has serious scalability limitations because the controller has to be involved in the processing of all of the LLDP monitoring messages. For fast recovery, monitoring messages must be sent with millisecond interval over each link in the network. This poses a significant load on the controller. In this paper we propose to implement a monitoring function on OpenFlow switches, which can emit monitoring messages without posing a processing load on the controller. We describe how the OpenFlow 1.1 protocol should be extended to support the monitoring function. Our experimental results show that data plane fault recovery can be achieved in a scalable way within 50 milliseconds using this function.
The realization of increased service flexibility and scalability through the combination of Virtual Network Functions (VNF) and Software Defined Networks (SDN) requires careful management of both VNF and forwarding state. Without coordination, service scalability comes at a high cost due to unacceptable levels of packet loss, reordering and increased latencies. Previously developed techniques has shown that these issues can be managed, at least in scenarios with low traffic rates and optimistic control plane latencies. In this paper we extend previous work on coordinated state management in order to remove performance bottlenecks, this is done through distributed state management and minimizing control plane interactions. Evaluation of our changes show substantial performance gains using a distributed approach while maintaining centralized control.
Transport IP/optical networks are evolving in capacity and dynamicity of configuration. This evolution gives little to no attention to the specific needs of applications, beyond increasing raw capacity. TheACINO concept is based on allowing applications to explicitly specify requirements for requested services in terms of high-level (technology- and configuration-agnostic) requirements such as maximum latency or reliability. These requirements are described using intents and certain primitives which facilitate translation to technology specific configuration within the ACINO infrastructure. To support this application centric approach, SDN has a key role in this evolution. There are representative use cases where SDN gives an added value when considering not only the network but also the application layer.
Transport IP/optical networks are evolving in capacity and dynamicity configuration. This evolution gives little to no attention to the specific needs of applications, beyond raw capacity. The ACINO concept is based on facilitating applications to explicitly specify requirements for requested services in terms of high-level (technology agnostic) requirements such as maximum latency or reliability. These requirements are described using intents and certain primitives which facilitate translation to technology specific configuration within the ACINO infrastructure. To support this application centric approach, SDN must have a key role in this evolution. There are representative use cases where SDN gives an added value when considering not only the network but also the application layer.
ANIARA (https://www.celticnext.eu/project-ai-net) attempts to enhance edge architectures for smart manufacturing and cities. AI automation, orchestrated lightweight containers, and efficient power usage are key components of this three-year project. Edge infrastructure, virtualization, and containerization in future telecom systems enable new and more demanding use cases for telecom operators and industrial verticals. Increased service flexibility adds complexity that must be addressed with novel management and orchestration systems. To address this, ANIARA will provide en-ablers and solutions for services in the domains of smart cities and manufacturing deployed and operated at the network edge(s). © 2021 Owner/Author.
Intent-based Software-Defined Networking can automate mapping of customer services to transport services. We demonstrate this using a multi-layer orchestrator that provisions a complex customer service over an IP/Optical testbed.
The demonstration presents the first implementation of a resource negotiation scheme between users and a network for the provisioning of application-aware connectivity services. This active interaction enables the users, who request connectivity services with multiple application requirements, to select an alternative solution when the network does not have enough resources to satisfy the original requests.
Life-cycle management of stateful VNF services is a complicated task, especially when automated resiliency and scaling should be handled in a secure manner, without service degradation. We present FlowSNAC, a resilient and scalable VNF service for user authentication and service deployment. FlowSNAC consists of both stateful and stateless components, some of that are SDN-based and others that are NFVs. We describe how it adapts to changing conditions by automatically updating resource allocations through a series of intermediate steps of traffic steering, resource allocation, and secure state transfer. We conclude by highlighting some of the lessons learned during implementation, and their wider consequences for the architecture of SDN/NFV management and orchestration systems.
Software Defined Networking (SDN) and Network Functions Virtualization facilitate, with their advanced pro- grammability features, the design of automated dynamic service creation platforms. Applying DevOps principles to service design can further reduce service creation times and support continuous operation. Monitoring, troubleshooting, and other DevOps tools can have different roles within virtualised networks, depending on virtualization level, type of instantiation, and user intent. We have implemented and integrated four key DevOps tools that are useful in their own right, but showcase also an integrated scenario, where they form the basis for a more complete and realistic DevOps toolkit. The current set of tools include a message bus, a rudimentary configuration tool, a probabilistic congestion detector, and a watchpoint mechanism. The demo also presents potential roles and use-cases for the tools.
Modern IP/Optical transport networks are seldom jointly operated and optimized, and do not cater to the usually implicit requirements of applications, which ultimately drive network traffic. In this concept paper we propose a Software Defined Networking (SDN) based Network Orchestrator to manage multi-layer transport networks while taking explicit application requirements into account. We discuss its architecture and requirements, an interface to allow applications to explicitly specify their requirements in a network-agnostic manner, and possible strategies to optimize the network taking these requirements into account.
Network Function Virtualization (NFV) enables to implement network functions in software, high-speed packet processing functions which traditionally are dominated by hardware implementations. Virtualized Network Functions (NFs) may be deployed on generic-purpose servers, e.g., in datacenters. The latter enables flexibility and scalability which previously were only possible for web services deployed on cloud platforms. The merit of NFV is challenged by control challenges related to the selection of NF implementations, discovery and reservation of sufficient network and server resources, and interconnecting both in a way which ful fills SLAs related to reliability and scalability. This paper details the role of a scalable orchestrator in charge of finding and reserving adequate resources. The latter will steer network and cloud control and management platforms to actually reserve and deploy requested services. We highlight the role of involved interfaces, propose elements of algorithmic components, and will identify major blocks in orchestration time in a proof of concept prototype which accounts for most functional parts in the considered architecture. Based on these evaluations, we propose several architectural enhancements in order to implement a highly scalable network orchestrator for carrier and cloud networks.
In this paper we present the Application-centric IP/Optical network concept pursued by the H2020 project ACINO, and how it could be applied as a future 5G transport network. While 5G concepts are still maturing we investigate the envisioned capabilities of a 5G network, the use-cases and the requirements different applications would have on a wired transport network for 5G. Our conclusion is that ACINO could fulfil the bandwidth, low-latency, security, and reliability requirements, in a way that differentiates between different 5G services.
The rise of cloud services poses considerable challenges on the control of both cloud and carrier network infrastructures. While traditional telecom network services rely on rather static processes (often involving manual steps), the wide adoption of mobile devices including tablets, smartphones and wearables introduce previously unseen dynamics in the creation, scaling and withdrawal of new services. These phenomena require optimal flexibility in the characterization of services, as well as on the control and orchestration of both carrier and cloud infrastructure. This paper proposes a unified programmability framework addressing: the unification of network and cloud resources, the integrated control and management of cloud and network, the description for programming networked/cloud services, and the provisioning processes of these services. In addition proofs-of-concept are provided based on existing open source control software components. © 2014 IEEE.
Software Defined Networking (SDN) concepts are seen as suitable enablers for network virtualization, especially in the Data Center Network domain. However, also carrier network operators can benefit from network virtualization, since it allows new business models, promising economical benefits through sharing the cost of network infrastructure in e.g. multi-tenancy or service-isolation scenarios. Such use-cases pose additional requirements on virtualization schemes, including strict performance and information isolation, transparency of the virtualization system, high availability, as well as low CAPEX and OPEX demands. In order to fulfill these requirements, we previously proposed a flexible virtualization scheme for OpenFlow. In this paper we discuss the implementation of the proposed scheme and point out relevant lessons learned during the process, leading to architectural and technological updates. We then evaluate the system in terms of data path performance: the impact on forwarding latency is negligible, while the impact on network throughput is depending on the type of traffic and the choice of encapsulation technology. In summary, the overhead can be kept small and would not significantly affect a production network. Thus, we conclude that the minor performance degradations are outweighed by the benefits of the virtualization system.
Application-centric networking is a novel approach to construct transport networks that allows application-specific requirements to be taken into account through the entire service provisioning process: the service offered to each application is differentiated at each layer of the transport network, from IP to optical. This approach replaces the grooming of traffic with different requirements into a shared path in the transport layer, and allows for a finer control and utilization of network resources by network operators. To make this concept viable, an interface for requesting a connectivity service by applications requires an abstraction with respect to the various underlying network technologies. Interfaces based on the concept of Intents provide such an abstraction: applications can describe what they need from the network (their requirements) rather than how to achieve them. This paper describes the design and implementation of the solution we propose: DISMI, the Intent-based North-Bound Interface of a network controller.
In this paper, we present our efforts for integrating network control and network planning, connecting the popular open-source ONOS control platform with Net2Plan, an open source network planner. The integration allows ONOS to use Net2Plan, combined with our resource allocation framework, as an on-line network optimization tool, calculating and re-routing paths as new requests arrive. It also lets Net2Plan obtain an up-to-date topology from ONOS. Net2Plan can then use the topology and our algorithms to perform planning operations such as investigating hypothetical questions about consequences of network failures or additional network equipment. The interface also lets the paths computed by the algorithms running on Net2Plan to be transferred to ONOS and implemented in the running network. While we currently only support IP/Optical networks, additional layers could easily be incorporated. As an interesting side-effect, code used for network simulation can be instrumented and applied to the real network.
We describe the design and implementation of a system for performing Virtual Aggregation, a method for dividing and spreading a forwarding table over multiple forwarding elements, in an SDN/OpenFlow network. The primary use-case for this method is to alleviate the scalability problems caused by a rapidly growing routing table in the Default-Free Zone (i.e. the BGP routers on the Internet), secondly it could be extended to support OpenFlow network abstractions. The design provides a scalable system for quickly dividing and distributing a forwarding table in an SDN environment running NOX and OpenFlow 1.1. After evaluating the system we conclude that our design is fast, scalable, and extensible.
In this paper we investigate a number of network virtualization models for OpenFlow networks. Specifically, we investigate three sub-modules of the system - the control channel and the software and hardware parts of an OpenFlow switch. We propose a number of extensions to the OpenFlow specification for this purpose and present a model of a full solution that compared to existing systems provides stricter isolation between different virtual networks while at the same time providing more flexibility.
Through network function virtualization (NFV), telecom providers aim to flexibly re-use generic-purpose hardware to provide services on-demand and in an agile way. Service function chaining is becoming the preferred model to describe the characteristics of the packet-processing network functions which, together, form these services. NFV allows for network function embedding freedom, creating new dynamics between providers and the users requesting services. Users want this freedom to optimise the performance of their requested services, while providers aim to optimise their resource cost with it. This trade-off is heavily influenced by how the available infrastructure is exposed to the users. In this paper, we present an infrastructure abstraction model for network, compute and storage resources that exposes the infrastructure in an abstracted manner. We use this abstraction to propose a solution for the placement freedom trade-off problem by studying its relation with metrics that capture both the user's and the provider's aspects. We conclude with a heuristic that determines the right abstraction for particular scenarios.
In dynamic networks with diverse application requirements, Software Defined Networking (SDN) principles enable application-aware in-operation planning. Project ACINO built a network orchestrator as the connecting component between network applications and the underlying network infrastructure.
This experience paper describes the process of leveraging the NFV orchestration platform built in the EU FP7 project UNIFY to deploy a dynamic network service exemplified by an elastic router. Elasticity is realized by scaling dataplane resources as a function of traffic load. To achieve this, the service includes a custom scaling logic and monitoring capabilities. An automated monitoring framework not only triggers elastic scaling, but also a troubleshooting process which detects and analyzes anomalies, pro-actively aiding both dev and ops personnel. Such a DevOps-inspired approach enables a shorter update cycle to the running service. We highlight multiple learnings yielded throughout the prototype realization, focussing on the functional areas of service decomposition and scaling; programmable monitoring; and automated troubleshooting. Such practical insights will contribute to solving challenges such as agile deployment and efficient resource usage in future NFV platforms.