Marco Canini, an assistant professor at the Université Catholique de Louvain in Belgium, began researching methods...
for improved network dependability as a post-doctorate researcher, and he found answers in OpenFlow SDN and its decoupled, centralized control plane. But he also stumbled upon new challenges. If SDN required a complete network re-architecture, would anybody invest?
So, Canini began researching ways that engineers could partially deploy SDN within their traditional networks and still utilize this unique centralized control. The concept would be called transitional networks, and Canini's new architecture would be dubbed Panopticon.
Canini's journey began as a post-doctorate researcher at the École Polytechnique Fédérale de Lausanne in Switzerland and as a senior research scientist at the Telekom Innovation Laboratories at Technical University of Berlin, where, in both instances, he was frustrated with a lack of network reliability. Specifically, he wanted to ensure that networks would keep working as expected even if there were a failure somewhere in the environment. That's when he came across OpenFlow, which would allow engineers to decouple the control plane of the physical network and have direct access into every switch and port from a centralized point.
We recognize it's difficult for organizations that aren't called Google to take a significant undertaking and resources and years to implement their own SDN -- this is unlikely to happen for most enterprises. So how can [the typical company] leverage the benefits of SDN?
assistant professor, Department of Computer Science and Engineering, the Université Catholique de Louvain
"It was immediately clear from my perspective that that access to the hardware … would allow a more direct control and make it easier for us to be able to reason network behavior," Canini said.
But OpenFlow had its own challenges, including issues with controller logic and managing across multiple OpenFlow agents. So Canini founded a project called Systematic Software Testing Meets Networking, and his team built two tools; the first, called No Bugs In Controller Execution (NICE), focused on testing application-level controller logic. NICE also employed model checking and symbolic execution "to realize systematic exploration of the state space of controller programs developed for software-defined networks based on the OpenFlow protocol," Canini said.
The second tool, called Systematic OpenFlow Testing, or SOFT, compares the implementation of OpenFlow agents by doing a cross-check of behaviors on multiple implementations of software agents, pointing out their inconsistencies. After creating both NICE and SOFT, Canini partnered with Nate Foster, assistant professor in the Department of Computer Science at Cornell University, and Jennifer Rexford to extend their programming language project, Frenetic. The extension will ideally "unify several different approaches that have been proposed over the years to allow for more functionality to be embedded in specific network programming languages," Canini said.
The power of partial SDN deployments
Even as Canini worked to make OpenFlow and SDN more stable, he was bothered by the fact that it would be difficult for engineers to even test SDN if implementation required a complete network overhaul.
"Today, there isn't any debate in the industry or academia as to whether or not SDN has the potential to revolutionize the field. … However, there is a problem in SDN, which, as a disruptive technology, is an unproven technology that's not tested or trusted," Canini said. "We recognize it's difficult for organizations that aren't called Google to take a significant undertaking and resources and years to implement their own SDN -- this is unlikely to happen for most enterprises. So how can [the typical company] leverage the benefits of SDN?"
Canini and his colleagues began to develop Panopticon, an architecture that lets engineers combine legacy and SDN switches. The idea behind is that if even one SDN switch could be placed on every source-destination path in the network, engineers could still apply centralized OpenFlow control and orchestration to that path. They could apply network access control policy to that traffic, for example.
When traffic crosses two or more SDN switches, it can be controlled at an even finer level, allowing for further customized forwarding decisions for load balancing, for example. The concept wouldn't be that different from traditional networks, where traffic is regularly diverted to specific virtual LANs. The bottom line was that the key benefits of an SDN deployment could be found without full SDN deployment.
Real-world uses of Panopticon
Canini is currently working on discovering what aspects of the Panopticon architecture can be applied in the real world. He and his team were recently awarded a research technology transfer grant within the EXIST program of the German government. EXIST is a support program the Federal Ministry of Economics and Technology, which has a goal of improving the entrepreneurial environment at universities and research institutions. The grant also helps with increasing the number of technology- and knowledge-based business startups.
"That's something that doesn't happen often," he said. "While I cannot say much in the specifics, this grant will fund a team of people to turn the ideas behind Panopticon into an innovative product to dramatically simplify managing, operating and securing networks."
Looking ahead, Canini has both optimism and concerns regarding SDN in both the professional and academic arenas. "I'm slightly concerned we're taking this [faster] than academia is able to go," he said. "[We need to] develop a formal theory of SDN. I'm slightly worried the industry jumped on the bandwagon and may take the direction of SDN a little too far … like using SDN as a buzzword to do some washing of previous technology and existing products," he said.
However, for academia, Canini sees SDN as a good opportunity to step back and look at a "more clean" way of networking. An optimized network may not require researchers to delegate all functionality to a centralized controller. "Academically, it's more appealing to have a distributed network, where we don't realize any centralized component," he said. This is so for many reasons, he added, including resiliency, security and isolation. "Traditional networks adopt a decentralized control plane, where the computation of the forwarding decisions is distributed across all devices and realized through a protocol that each device must support," he said.
"Also, intellectually speaking, it is a much harder -- and a more rewarding -- problem to develop distributed solutions to specific control-plane requirements."
For the industry, Canini said, he hopes SDN will prove itself useful. "I think there are fundamental reasons to be positive about this," he said. "I think OpenFlow and similar protocols that enable access to the switch are here to stay. … I think in the next five, 10 years we will see open APIs [application programming interfaces] and new applications we can't even imagine today."