1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
|
Internet Engineering Task Force (IETF) M. Boucadair
Request for Comments: 7149 C. Jacquenet
Category: Informational France Telecom
ISSN: 2070-1721 March 2014
Software-Defined Networking: A Perspective from
within a Service Provider Environment
Abstract
Software-Defined Networking (SDN) has been one of the major buzz
words of the networking industry for the past couple of years. And
yet, no clear definition of what SDN actually covers has been broadly
admitted so far. This document aims to clarify the SDN landscape by
providing a perspective on requirements, issues, and other
considerations about SDN, as seen from within a service provider
environment.
It is not meant to endlessly discuss what SDN truly means but rather
to suggest a functional taxonomy of the techniques that can be used
under an SDN umbrella and to elaborate on the various pending issues
the combined activation of such techniques inevitably raises. As
such, a definition of SDN is only mentioned for the sake of
clarification.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7149.
Boucadair & Jacquenet Informational [Page 1]
^L
RFC 7149 On SDN March 2014
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................3
2. Introducing Software-Defined Networking .........................4
2.1. A Tautology? ...............................................4
2.2. On Flexibility .............................................4
2.3. A Tentative Definition .....................................5
2.4. Functional Metadomains .....................................6
3. Reality Check ...................................................6
3.1. Remember the Past ..........................................7
3.2. Be Pragmatic ...............................................8
3.3. Measure Experience against Expectations ....................8
3.4. Design Carefully ...........................................9
3.5. On OpenFlow ................................................9
3.6. Non-goals .................................................10
4. Discussion .....................................................11
4.1. Implications of Full Automation ...........................11
4.2. Bootstrapping an SDN ......................................12
4.3. Operating an SDN ..........................................14
4.4. The Intelligence Resides in the PDP .......................15
4.5. Simplicity and Adaptability vs. Complexity ................16
4.6. Performance and Scalability ...............................16
4.7. Risk Assessment ...........................................17
5. Security Considerations ........................................17
6. Acknowledgements ...............................................18
7. Informative References .........................................18
Boucadair & Jacquenet Informational [Page 2]
^L
RFC 7149 On SDN March 2014
1. Introduction
The Internet has become the federative network that supports a wide
range of service offerings. The delivery of network services such as
IP VPNs assumes the combined activation of various capabilities that
include (but are not necessarily limited to) forwarding and routing
(e.g., customer-specific addressing scheme management, dynamic path
computation to reach a set of destination prefixes, dynamic
establishment of tunnels, etc.); Quality of Service (e.g., traffic
classification, marking, conditioning, and scheduling); security
(e.g., filters to protect customer premises from network-originated
attacks, to avoid malformed route announcements, etc.); and
management (e.g., fault detection and processing).
As these services not only grow in variety but also in complexity,
their design, delivery, and operation have become a complex alchemy
that often requires various levels of expertise. This situation is
further aggravated by the wide variety of (network) protocols and
tools, as well as recent convergence trends driven by Any Time, Any
Where, Any Device (ATAWAD); ATAWADs are meant to make sure that an
end user can access the whole range of services he/she has subscribed
to whatever the access and device technologies, wherever the end user
is connected to the network, and whether or not this end user is in
motion.
Yet, most of these services have been deployed for the past decade,
primarily based upon often static service production procedures that
are more and more exposed to the risk of erroneous configuration
commands. In addition, most of these services do not assume any
specific negotiation between the customer and the service provider or
between service providers, besides the typical financial terms.
At best, five-year master plans are referred to as the network
planning policy that will be enforced by the service provider given
the foreseen business development perspectives, manually computed
traffic forecasts, and market coverage (fixed/mobile and residential/
corporate). This so-called network planning policy may very well
affect the way resources are allocated in a network, but it clearly
fails to be adequately responsive to highly dynamic customer
requirements in an "always-on" fashion. The need for improved
service delivery procedures (including the time it takes to deliver
the service once the possible negotiation phase is completed) is even
more critical for corporate customers.
Boucadair & Jacquenet Informational [Page 3]
^L
RFC 7149 On SDN March 2014
In addition, various tools are used for different, sometimes service-
centric, management purposes, but their usage is not necessarily
coordinated for event aggregation, correlation, and processing. This
lack of coordination may come at the cost of extra complexity and
possible customer Quality-of-Experience degradation.
Multi-service, multi-protocol, multi-technology-convergent, and
dynamically adaptive networking environments of the near future have
therefore become one of the major challenges faced by service
providers.
This document aims to clarify the SDN landscape by providing a
perspective on the functional taxonomy of the techniques that can be
used in SDN, as seen from within a service provider environment.
2. Introducing Software-Defined Networking
2.1. A Tautology?
The separation of the forwarding and control planes (beyond
implementation considerations) has almost become a gimmick to promote
flexibility as a key feature of the SDN approach. Technically, most
of the current router implementations have been assuming this
separation for decades. Routing processes (such as IGP and BGP route
computation) have often been software based, while forwarding
capabilities are usually implemented in hardware.
As such, at the time of writing, what is considered to be state of
the art tends to confirm the said separation, which rather falls
under a tautology.
But, a somewhat centralized, "controller-embedded", control plane for
the sake of optimized route computation before the Forwarding
Information Base (FIB) population is certainly another story.
2.2. On Flexibility
Promoters of SDN have argued that it provides additional flexibility
in how the network is operated. This is undoubtedly one of the key
objectives that must be achieved by service providers. This is
because the ability to dynamically adapt to a wide range of customer
requests for flexible network service delivery is an important
competitive advantage. But, flexibility is much, much more than
separating the control and forwarding planes to facilitate forwarding
decision-making processes.
Boucadair & Jacquenet Informational [Page 4]
^L
RFC 7149 On SDN March 2014
For example, the ability to accommodate short duration extra
bandwidth requirements so that end users can stream a video file to
their 4G terminal device is an example of the flexibility that
several mobile operators are currently investigating.
From this perspective, the ability to predict the network behavior as
a function of the network services to be delivered is of paramount
importance for service providers, so that they can assess the impact
of introducing new services or activating additional network features
or enforcing a given set of (new) policies from both financial and
technical standpoints. This argues in favor of investigating
advanced network emulation engines, which can be fed with information
that can be derived from [LS-DISTRIB], for example.
Given the rather broad scope that the term "flexibility" suggests:
o Current SDN-labeled solutions are claimed to be flexible, although
the notion is hardly defined. The exact characterization of what
flexibility actually means is yet to be provided. Further work
needs, therefore, to be conducted so that flexibility can be
precisely defined in light of various criteria such as network
evolution capabilities as a function of the complexity introduced
by the integration of SDN techniques and seamless capabilities
(i.e., the ability to progressively introduce SDN-enabled devices
without disrupting network and service operation, etc.).
o The exposure of programmable interfaces is not a goal per se;
rather, it is a means to facilitate configuration procedures for
improved flexibility.
2.3. A Tentative Definition
We define Software-Defined Networking as the set of techniques used
to facilitate the design, delivery, and operation of network services
in a deterministic, dynamic, and scalable manner. The said
determinism refers to the ability to completely master the various
components of the service delivery chain, so that the service that
has been delivered complies with what has been negotiated and
contractually defined with the customer.
As such, determinism implies that the ability to control how network
services are structured, designed, and delivered and where traffic
should be forwarded in the network is for optimized resource usage.
Although not explicitly restated in the following sections of the
document, determinism lies beneath any action that may be taken by a
service provider once service parameter negotiation is completed,
from configuration tasks to service delivery, fulfillment, and
assurance (see Section 2.4 below).
Boucadair & Jacquenet Informational [Page 5]
^L
RFC 7149 On SDN March 2014
Such a definition assumes the introduction of a high level of
automation in the overall service delivery and operation procedures.
Because networking is software driven by nature, the above definition
does not emphasize the claimed "software-defined" properties of SDN-
labeled solutions.
2.4. Functional Metadomains
SDN techniques can be classified into the following functional
metadomains:
o Techniques for the dynamic discovery of network topology, devices,
and capabilities, along with relevant information and data models
that are meant to precisely document such topology, devices, and
their capabilities.
o Techniques for exposing network services and their characteristics
and for dynamically negotiating the set of service parameters that
will be used to measure the level of quality associated with the
delivery of a given service or a combination thereof. An example
of this can be seen in [CPP].
o Techniques used by service-requirement-derived dynamic resource
allocation and policy enforcement schemes, so that networks can be
programmed accordingly. Decisions made to dynamically allocate
resources and enforce policies are typically the result of the
correlation of various inputs, such as the status of available
resources in the network at any given time, the number of customer
service subscription requests that need to be processed over a
given period of time, the traffic forecasts, the possible need to
trigger additional resource provisioning cycles according to a
typical multi-year master plan, etc.
o Dynamic feedback mechanisms that are meant to assess how
efficiently a given policy (or a set thereof) is enforced from a
service fulfillment and assurance perspective.
3. Reality Check
The networking ecosystem has become awfully complex and highly
demanding in terms of robustness, performance, scalability,
flexibility, agility, etc. This means, in particular, that service
providers and network operators must deal with such complexity and
operate networking infrastructures that can evolve easily, remain
scalable, guarantee robustness and availability, and are resilient to
denial-of-service attacks.
Boucadair & Jacquenet Informational [Page 6]
^L
RFC 7149 On SDN March 2014
The introduction of new SDN-based networking features should
obviously take into account this context, especially from a cost
impact assessment perspective.
3.1. Remember the Past
SDN techniques are not the next big thing per se but rather a kind of
rebranding of proposals that have been investigated for several
years, like active or programmable networks [AN] [PN]. As a matter
of fact, some of the claimed "new" SDN features have been already
implemented (e.g., Network Management System (NMS) and Path
Computation Element (PCE) [RFC4655]) and supported by vendors for
quite some time.
Some of these features have also been standardized (e.g., DNS-based
routing [RFC1383]) that can be seen as an illustration of separated
control and forwarding planes or Forwarding and Control Element
Separation (ForCES) [RFC5810] [RFC5812].
Also, the policy-based management framework [RFC2753] introduced in
the early 2000's was designed to orchestrate available resources by
means of a typical Policy Decision Point (PDP), which masters
advanced offline traffic engineering capabilities. As such, this
framework has the ability to interact with in-band software modules
embedded in controlled devices (or not).
PDP is where policy decisions are made. PDPs use a directory service
for policy repository purposes. The policy repository stores the
policy information that can be retrieved and updated by the PDP. The
PDP delivers policy rules to the Policy Enforcement Point (PEP) in
the form of policy-provisioning information that includes
configuration information.
PEP is where policy decisions are applied. PEPs are embedded in
(network) devices, which are dynamically configured based upon the
policy-formatted information that has been processed by the PEP.
PEPs request configuration from the PDP, store the configuration
information in the Policy Information Base (PIB), and delegate any
policy decision to the PDP.
SDN techniques as a whole are an instantiation of the policy-based
management framework. Within this context, SDN techniques can be
used to activate capabilities on demand, to dynamically invoke
network and storage resources, and to operate dynamically adaptive
networks according to events (e.g., alteration of the network
topology), triggers (e.g., dynamic notification of a link failure),
etc.
Boucadair & Jacquenet Informational [Page 7]
^L
RFC 7149 On SDN March 2014
3.2. Be Pragmatic
SDN approaches should be holistic, i.e., global and network wide. It
is not a matter of configuring devices one by one to enforce a
specific forwarding policy. Instead, SDN techniques are about
configuring and operating a whole range of devices at the scale of
the network for automated service delivery [AUTOMATION], from service
negotiation (e.g., [CPNP]) and creation (e.g., [SLA-EXCHANGE]) to
assurance and fulfillment.
Because the complexity of activating SDN capabilities is largely
hidden from the end user and is software handled, a clear
understanding of the overall ecosystem is needed to figure out how to
manage this complexity and to what extent this hidden complexity does
not have side effects on network operation.
As an example, SDN designs that assume a central decision-making
entity must avoid single points of failure. They must not affect
packet forwarding performances either (e.g., transit delays must not
be impacted).
SDN techniques are not necessary to develop new network services per
se. The basic service remains as (IP) connectivity that solicits
resources located in the network. SDN techniques can thus be seen as
another means to interact with network service modules and invoke
both connectivity and storage resources accordingly in order to meet
service-specific requirements.
By definition, SDN technique activation and operation remain limited
to what is supported by embedded software and hardware. One cannot
expect SDN techniques to support unlimited customizable features.
3.3. Measure Experience against Expectations
Because several software modules may be controlled by external
entities (typically, a PDP), there is a need for a means to make sure
that what has been delivered complies with what has been negotiated.
Such means belong to the set of SDN techniques.
These typical policy-based techniques should interact with both
Service Structuring engines (that are meant to expose the service
characteristics and possibly negotiate those characteristics) and the
network to continuously assess whether the experienced network
behavior is compliant with the objectives set by the Service
Structuring engine and those that may have been dynamically
negotiated with the customer (e.g., as captured in a CPP [CPP]
[CPNP]). This requirement applies to several regions of a network,
including:
Boucadair & Jacquenet Informational [Page 8]
^L
RFC 7149 On SDN March 2014
1. At the interface between two adjacent IP network providers.
2. At the access interface between a service provider and an IP
network provider.
3. At the interface between a customer and the IP network provider.
Ideally, a fully automated service delivery procedure, from
negotiation, ordering, and order processing to delivery, assurance,
and fulfillment, should be supported at the cost of implications that
are discussed in Section 4.1. This approach also assumes widely
adopted standard data and information models in addition to
interfaces.
3.4. Design Carefully
Exposing open and programmable interfaces has a cost from both
scalability and performance standpoints.
Maintaining hard-coded performance optimization techniques is
encouraged. So is the use of interfaces that allow the direct
control of some engines (e.g., routing and forwarding) without
requiring any in-between adaptation layers (generic objects to
vendor-specific command line interfaces (CLIs), for instance).
Nevertheless, the use of vendor-specific access means to some engines
that it could be beneficial from a performance standpoint, at the
cost of increasing the complexity of configuration tasks.
SDN techniques will have to accommodate vendor-specific components
anyway. Indeed, these vendor-specific features will not cease to
exist mainly because of the harsh competition.
The introduction of new functions or devices that may jeopardize
network flexibility should be avoided or at least carefully
considered in light of possible performance and scalability impacts.
SDN-enabled devices will have to coexist with legacy systems.
One single SDN network-wide deployment is, therefore, very unlikely.
Instead, multiple instantiations of SDN techniques will be
progressively deployed and adapted to various network and service
segments.
3.5. On OpenFlow
Empowering networking with in-band controllable modules may rely upon
the OpenFlow protocol but also use other protocols to exchange
information between a control plane and a data plane.
Boucadair & Jacquenet Informational [Page 9]
^L
RFC 7149 On SDN March 2014
Indeed, there are many other candidate protocols that can be used for
the same or even a broader purpose (e.g., resource reservation
purposes). The forwarding of the configuration information can, for
example, rely upon protocols like the Path Computation Element (PCE)
Communication Protocol (PCEP) [RFC5440], the Network Configuration
Protocol (NETCONF) [RFC6241], COPS Usage for Policy Provisioning
(COPS-PR) [RFC3084], Routing Policy Specification Language (RPSL)
[RFC2622], etc.
There is, therefore, no 1:1 relationship between OpenFlow and SDN.
Rather, OpenFlow is one of the candidate protocols to convey specific
configuration information towards devices. As such, OpenFlow is one
possible component of the global SDN toolkit.
3.6. Non-goals
There are inevitable trade-offs to be found between operating the
current networking ecosystem and introducing some SDN techniques,
possibly at the cost of introducing new technologies. Operators do
not have to choose between the two as both environments will have to
coexist.
In particular, the following considerations cannot justify the
deployment of SDN techniques:
o Fully flexible software implementations because the claimed
flexibility remains limited by the software and hardware
limitations, anyway.
o Fully modular implementations are difficult to achieve (because of
the implicit complexity) and may introduce extra effort for
testing, validation, and troubleshooting.
o Fully centralized control systems that are likely to raise some
scalability issues. Distributed protocols and their ability to
react to some events (e.g., link failure) in a timely manner
remains a cornerstone of scalable networks. This means that SDN
designs can rely upon a logical representation of centralized
features (an abstraction layer that would support inter-PDP
communications, for example).
Boucadair & Jacquenet Informational [Page 10]
^L
RFC 7149 On SDN March 2014
4. Discussion
4.1. Implications of Full Automation
The path towards full automation is paved with numerous challenges
and requirements, including:
o Making sure automation is well implemented so as to facilitate
testing (including validation checks) and troubleshooting.
* This suggests the need for simulation tools that accurately
assess the impact of introducing a high level of automation in
the overall service delivery procedure to avoid a typical "mad
robot" syndrome, whose consequences can be serious from control
and QoS standpoints, among others.
* This also suggests careful management of human expertise, so
that network operators can use robust, flexible means to
automate repetitive or error-prone tasks and then build on
automation or stringing together multiple actions to create
increasingly complex tasks that require less human interaction
(guidance and input) to complete.
o Simplifying and fostering service delivery, assurance, and
fulfillment, as well as network failure detection, diagnosis, and
root cause analysis for cost optimization.
* Such cost optimization relates to improved service delivery
times as well as optimized human expertise (see above) and
global, technology-agnostic service structuring and delivery
procedures. In particular, the ability to inject new functions
in existing devices should not assume a replacement of the said
devices but rather allow smart investment capitalization.
* This can be achieved thanks to automation, possibly based upon
a logically centralized view of the network infrastructure (or
a portion thereof), yielding the need for highly automated
topology, device and capabilities discovery means, and
operational procedures.
* The main intelligence resides in the PDP, which suggests that
an important part of the SDN-related development effort should
focus on a detailed specification of the PDP function,
including algorithms and behavioral state machineries that are
based upon a complete set of standardized data and information
models.
Boucadair & Jacquenet Informational [Page 11]
^L
RFC 7149 On SDN March 2014
* These information models and data need to be carefully
structured for efficiency and flexibility. This probably
suggests that a set of simplified pseudo-blocks can be
assembled as per the nature of the service to be delivered.
o The need for abstraction layers -- clear interfaces between
business actors and between layers, let alone cross-layer
considerations, etc. Such abstraction layers are invoked within
the context of service structuring and packaging and are meant to
facilitate the emergence of the following:
* IP connectivity service exposure to customers, peers,
applications, content/service providers, etc. (an example of
this can be seen in [CPP]).
* Solutions that accommodate IP connectivity service requirements
with network engineering objectives.
* Dynamically adaptive decision-making processes, which can
properly operate according to a set of input data and metrics,
such as current resource usage and demand, traffic forecasts
and matrices, etc., all for the sake of highly responsive
dynamic resource allocation and policy enforcement schemes.
o Better accommodation of technologically heterogeneous networking
environments through the following:
* Vendor-independent configuration procedures based upon the
enforcement of vendor-agnostic generic policies instead of
vendor-specific languages.
* Tools to aid manageability and orchestrate resources.
* Avoiding proxies and privileging direct interaction with
engines (e.g., routing and forwarding).
4.2. Bootstrapping an SDN
Means to dynamically discover the functional capabilities of the
devices that will be steered by a PDP intelligence for automated
network service delivery need to be provided. This is because the
acquisition of the information related to what the network is
actually capable of will help structure the PDP intelligence so that
policy provisioning information can be derived accordingly.
A typical example would consist in documenting a traffic engineering
policy based upon the dynamic discovery of the various functions
supported by the network devices, as a function of the services to be
Boucadair & Jacquenet Informational [Page 12]
^L
RFC 7149 On SDN March 2014
delivered, thus yielding the establishment of different routes
towards the same destination depending on the nature of the traffic,
the location of the functions that need to be invoked to forward such
traffic, etc.
Such dynamic discovery capability can rely upon the exchange of
specific information by means of an IGP or BGP between network
devices or between network devices and the PDP in legacy networking
environments. The PDP can also send unsolicited commands towards
network devices to acquire the description of their functional
capabilities in return and derive network and service topologies
accordingly.
Of course, SDN techniques (as introduced in Section 2.4) could be
deployed in an IGP-/BGP-free networking environment, but the SDN
bootstrapping procedure in such an environment still assumes the
support of the following capabilities:
o Dynamically discover SDN participating nodes (including the PDP)
and their respective capabilities in a resilient manner, assuming
the mutual authentication of the PDP and the participating devices
Section 5. The integrity of the information exchanged between the
PDP and the participating devices during the discovery phase must
also be preserved;
o Dynamically connect the PDP to the participating nodes and avoid
any forwarding loops;
o Dynamically enable network services as a function of the device
capabilities and (possibly) what has been dynamically negotiated
between the customer and the service provider;
o Dynamically check connectivity between the PDP and the
participating nodes and between participating nodes for the
delivery of a given network service (or a set thereof);
o Dynamically assess the reachability scope as a function of the
service to be delivered;
o Dynamically detect and diagnose failures, and proceed with
corrective actions accordingly.
Likewise, the means to dynamically acquire the descriptive
information (including the base configuration) of any network device
that may participate in the delivery of a given service should be
provided so as to help the PDP structure the services that can be
delivered as a function of the available resources, their location,
etc.
Boucadair & Jacquenet Informational [Page 13]
^L
RFC 7149 On SDN March 2014
In IGP-/BGP-free networking environments, a specific bootstrap
protocol may thus be required to support the aforementioned
capabilities for proper PDP- and SDN-capable device operation, in
addition to the possible need for a specific additional network that
would provide discovery and connectivity features.
In particular, SDN design and operation in IGP-/BGP-free environments
should provide performances similar to those of legacy environments
that run an IGP and BGP. For example, the underlying network should
remain operational even if connection with the PDP has been lost.
Furthermore, operators should assess the cost of introducing a new,
specific bootstrap protocol compared to the cost of integrating the
aforementioned capabilities in existing IGP/BGP protocol machineries.
Since SDN-related features can be grafted into an existing network
infrastructure, they may not be all enabled at once from a
bootstrapping perspective; a gradual approach can be adopted instead.
A typical deployment example would be to use an SDN decision-making
process as an emulation platform that would help service providers
and operators make appropriate technical choices before their actual
deployment in the network.
Finally, the completion of the discovery procedure does not
necessarily mean that the network is now fully operational. The
operationality of the network usually assumes a robust design based
upon resilience and high availability features.
4.3. Operating an SDN
From an Operations and Management (OAM) standpoint [RFC6291], running
an SDN-capable network raises several issues such as those listed
below:
o How do SDN service and network management blocks interact? For
example, how the results of the dynamic negotiation of service
parameters with a customer or a set thereof over a given period of
time will affect the PDP decision-making process (resource
allocation, path computation, etc.).
o What should be the appropriate OAM tools for SDN network operation
(e.g., to check PDP or PEP reachability)?
o How can performance (expressed in terms of service delivery time,
for example) be optimized when the activation of software modules
is controlled by an external entity (typically a PDP)?
Boucadair & Jacquenet Informational [Page 14]
^L
RFC 7149 On SDN March 2014
o To what extent does an SDN implementation ease network
manageability, including service and network diagnosis?
o Should the "control and data plane separation" principle be
applied to the whole network or a portion thereof, as a function
of the nature of the services to be delivered or by taking into
account the technology that is currently deployed?
o What is the impact on the service provider's testing procedures
and methodologies (that are used during validation and pre-
deployment phases)? Particularly, (1) how test cases will be
defined and executed when the activation of customized modules is
supported, (2) what the methodology is to assess the behavior of
SDN-controlled devices, (3) how test regression will be conducted,
(4) etc.
o How do SDN techniques impact service fulfillment and assurance?
How the resulting behavior of SDN devices (completion of
configuration tasks, for example) should be assessed against what
has been dynamically negotiated with a customer. How to measure
the efficiency of dynamically enforced policies as a function of
the service that has been delivered. How to measure that what has
been delivered is compliant with what has been negotiated. What
the impact is of SDN techniques on troubleshooting practice.
o Is there any risk to operate frozen architectures because of
potential interoperability issues between a controlled device and
an SDN controller?
o How does the introduction of SDN techniques affect the lifetime of
legacy systems? Is there any risk of (rapidly) obsoleting
existing technologies because of their hardware or software
limitations?
The answers to the above questions are very likely to be service
provider specific, depending on their technological and business
environments.
4.4. The Intelligence Resides in the PDP
The proposed SDN definition in Section 2.3 assumes an intelligence
that may reside in the control or the management planes (or both).
This intelligence is typically represented by a Policy Decision Point
(PDP) [RFC2753], which is one of the key functional components of the
policy-based management framework.
Boucadair & Jacquenet Informational [Page 15]
^L
RFC 7149 On SDN March 2014
SDN networking, therefore, relies upon PDP functions that are capable
of processing various input data (traffic forecasts, outcomes of
negotiation between customers and service providers, resource status
as depicted in appropriate information models instantiated in the
PIB, etc.) to make appropriate decisions.
The design and the operation of such PDP-based intelligence in a
scalable manner remains a part of the major areas that need to be
investigated.
To avoid centralized design schemes, inter-PDP communication is
likely to be required, and corresponding issues and solutions should
be considered. Several PDP instances may thus be activated in a
given domain. Because each of these PDP instances may be responsible
for making decisions about the enforcement of a specific policy
(e.g., one PDP for QoS policy enforcement purposes, another one for
security policy enforcement purposes, etc.), an inter-PDP
communication scheme is required for global PDP coordination and
correlation.
Inter-domain PDP exchanges may also be needed for specific usages.
Examples of such exchanges are as follows: (1) during the network
attachment phase of a node to a visited network, the PDP operated by
the visited network can contact the home PDP to retrieve the policies
to be enforced for that node, and (2) various PDPs can collaborate in
order to compute inter-domain paths that satisfy a set of traffic
performance guarantees.
4.5. Simplicity and Adaptability vs. Complexity
The functional metadomains introduced in Section 2.4 assume the
introduction of a high level of automation, from service negotiation
to delivery and operation. Automation is the key to simplicity, but
it must not be seen as a magic button that would be hit by a network
administrator whenever a customer request has to be processed or
additional resources need to be allocated.
The need for simplicity and adaptability, thanks to automated
procedures, generally assumes some complexity that lies beneath
automation.
4.6. Performance and Scalability
The combination of flexibility with software inevitably raises
performance and scalability issues as a function of the number and
the nature of the services to be delivered and their associated
dynamics.
Boucadair & Jacquenet Informational [Page 16]
^L
RFC 7149 On SDN March 2014
For example, networks deployed in Data Centers (DCs) and that rely
upon OpenFlow switches are unlikely to raise important FIB
scalability issues. Conversely, DC interconnect designs that aim to
dynamically manage Virtual Machine (VM) mobility, possibly based upon
the dynamic enforcement of specific QoS policies, may raise
scalability issues.
The claimed flexibility of SDN networking in the latter context will
have to be carefully investigated by operators.
4.7. Risk Assessment
Various risks are to be assessed such as:
o Evaluating the risk of depending on a controller technology rather
than a device technology.
o Evaluating the risk of operating frozen architectures because of
potential interoperability issues between a controller and a
controlled device.
o Assessing whether SDN-labeled solutions are likely to obsolete
existing technologies because of hardware limitations. From a
technical standpoint, the ability to dynamically provision
resources as a function of the services to be delivered may be
incompatible with legacy routing systems because of their hardware
limitations, for example. Likewise, from an economical
standpoint, the use of SDN solutions for the sake of flexibility
and automation may dramatically impact Capital Expenditure (CAPEX)
and Operational Expenditure (OPEX) budgets.
5. Security Considerations
Security is an important aspect of any SDN design because it
conditions the robustness and reliability of the interactions between
network and applications people for efficient access control
procedures and optimized protection of SDN resources against any kind
of attack. In particular, SDN security policies [SDNSEC] should make
sure that SDN resources are properly safeguarded against actions that
may jeopardize network or application operations.
In particular, service providers should define procedures to assess
the reliability of software modules embedded in SDN nodes. Such
procedures should include the means to also assess the behavior of
software components (under stress conditions), detect any exploitable
vulnerability, reliably proceed with software upgrades, etc. These
Boucadair & Jacquenet Informational [Page 17]
^L
RFC 7149 On SDN March 2014
security guards should be activated during initial SDN node
deployment and activation but also during SDN operation that implies
software upgrade procedures.
Although these procedures may not be SDN-specific (e.g., operators
are familiar with firmware updates with or without service
disruption), it is worth challenging existing practice in light of
SDN deployment and operation.
Likewise, PEP-PDP interactions suggest the need to make sure that (1)
a PDP is entitled to solicit PEPs, so that they can apply the
decisions made by the said PDP, (2) a PEP is entitled to solicit a
PDP for whatever reason (request for additional configuration
information, notification about the results of a set of configuration
tasks, etc.), (3) a PEP can accept decisions made by a PDP, and (4)
communication between PDPs within a domain or between domains is
properly secured (e.g., make sure a pair of PDPs are entitled to
communicate with each other, make sure the confidentiality of the
information exchanged between two PDPs can be preserved, etc.).
6. Acknowledgements
Many thanks to R. Barnes, S. Bryant, S. Dawkins, A. Farrel, S.
Farrell, W. George, J. Halpern, D. King, J. Hadi Salim, and T. Tsou
for their comments. Special thanks to P. Georgatos for the fruitful
discussions on SDN Interconnection (SDNI) in particular.
7. Informative References
[AN] Tennenhouse, D. and D. Wetherall, "Towards an Active
Network Architecture", Multimedia Computing and Networking
(MMCN), January 1996.
[AUTOMATION]
Boucadair, M. and C. Jacquenet, "Requirements for
Automated (Configuration) Management", Work in Progress,
January 2014.
[CPNP] Boucadair, M. and C. Jacquenet, "Connectivity Provisioning
Negotiation Protocol (CPNP)", Work in Progress, October
2013.
[CPP] Boucadair, M., Jacquenet, C., and N. Wang, "IP/MPLS
Connectivity Provisioning Profile", Work in Progress,
September 2012.
Boucadair & Jacquenet Informational [Page 18]
^L
RFC 7149 On SDN March 2014
[LS-DISTRIB]
Gredler, H., Medved, J., Previdi, S., Farrel, A., and S.
Ray, "North-Bound Distribution of Link-State and TE
Information using BGP", Work in Progress, November 2013.
[PN] Campbell, A., De Meer, H., Kounavis, M., Kazuho, M.,
Vincente, J., and D. Villela, "A Survey of Programmable
Networks", ACM SIGCOMM Computer Communication Review,
April 1999.
[RFC1383] Huitema, C., "An Experiment in DNS Based IP Routing", RFC
1383, December 1992.
[RFC2622] Alaettinoglu, C., Villamizar, C., Gerich, E., Kessens, D.,
Meyer, D., Bates, T., Karrenberg, D., and M. Terpstra,
"Routing Policy Specification Language (RPSL)", RFC 2622,
June 1999.
[RFC2753] Yavatkar, R., Pendarakis, D., and R. Guerin, "A Framework
for Policy-based Admission Control", RFC 2753, January
2000.
[RFC3084] Chan, K., Seligson, J., Durham, D., Gai, S., McCloghrie,
K., Herzog, S., Reichmeyer, F., Yavatkar, R., and A.
Smith, "COPS Usage for Policy Provisioning (COPS-PR)", RFC
3084, March 2001.
[RFC4655] Farrel, A., Vasseur, J., and J. Ash, "A Path Computation
Element (PCE)-Based Architecture", RFC 4655, August 2006.
[RFC5440] Vasseur, JP. and JL. Le Roux, "Path Computation Element
(PCE) Communication Protocol (PCEP)", RFC 5440, March
2009.
[RFC5810] Doria, A., Hadi Salim, J., Haas, R., Khosravi, H., Wang,
W., Dong, L., Gopal, R., and J. Halpern, "Forwarding and
Control Element Separation (ForCES) Protocol
Specification", RFC 5810, March 2010.
[RFC5812] Halpern, J. and J. Hadi Salim, "Forwarding and Control
Element Separation (ForCES) Forwarding Element Model", RFC
5812, March 2010.
[RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A.
Bierman, "Network Configuration Protocol (NETCONF)", RFC
6241, June 2011.
Boucadair & Jacquenet Informational [Page 19]
^L
RFC 7149 On SDN March 2014
[RFC6291] Andersson, L., van Helvoort, H., Bonica, R., Romascanu,
D., and S. Mansfield, "Guidelines for the Use of the "OAM"
Acronym in the IETF", BCP 161, RFC 6291, June 2011.
[SDNSEC] Hartman, S. and D. Zhang, "Security Requirements in the
Software Defined Networking Model", Work in Progress,
April 2013.
[SLA-EXCHANGE]
Shah, S., Patel, K., Bajaj, S., Tomotaki, L., and M.
Boucadair, "Inter-domain SLA Exchange", Work in Progress,
November 2013.
Authors' Addresses
Mohamed Boucadair
France Telecom
Rennes 35000
France
EMail: mohamed.boucadair@orange.com
Christian Jacquenet
France Telecom
Rennes
France
EMail: christian.jacquenet@orange.com
Boucadair & Jacquenet Informational [Page 20]
^L
|