Until now, OpenFlow programmability has worked within individual network domains, with controllers managing every flow between components within an enterprise or carrier network, but not beyond. Researchers, cloud providers and others with massive amounts of data to share between organizations have sought to extend this capability across distinct networks.
The software, called West-East (WE)-Bridge, was originally proposed by researchers Jun Bi and Pingping Lin at China's Tsinghua University and was demonstrated earlier this fall at the Chinese-American Networking Symposium in Hangzhou, China. The demonstration linked OpenFlow test-bed controllers in the China Education and Research Network and the China Science and Technology Network, the Chinese research and education Internet backbone, to counterparts in the U.S., enabling the transfer of massive amounts of genome data between organizations. Global traffic traveled on Internet2's 100 Gb OpenFlow network that connects research institutes and universities worldwide.
For the demonstration, OpenFlow controllers in separate domains communicated with each other using the WE-Bridge interface to exchange domain view information.
"The International Networking Group at Indiana University [INT@IU] provided the U.S. side of this demonstration. INT@IU engineers deployed an Open vSwitch [OVS], controller and end host," wrote Stephen Wolff, Internet2 vice president and chief technology officer, on that organization's blog.
"The WE-Bridge software communicated with a Floodlight controller to write OpenFlow rules to the OVS in order to provide a path to the end host. In the process, a new inter-domain application dynamically selected the best available path and automatically set up flow table entries in a set of OpenFlow devices among the Chinese and U.S. network domains. The genomic data then moved through the Internet2 network into the IU [Indiana University] network where the demonstration test-bed is implemented."
More on OpenFlow SDN networks
ONF explores northbound interface standards
An OpenFlow cloud security plan hatched
Not all OpenFlow hardware is created equal
The WE-Bridge interface allows OpenFlow controllers to negotiate between network domains based upon their existing policy. As it stands, an OpenFlow controller can talk to any switch to which it connects, but doing so across an administrative domain requires a new kind of interface. The WE-Bridge allows controllers to exchange flow table information. Eventually, the software could run alongside controllers in every domain, communicating and negotiating the exchange of information.
"If we are two separate administrative domains, and I can say, 'Give me your topology of network so I can see if I can move a packet from a host on my network to a host on yours,'" explained Wolff. "You might say my internal topology is none of your business. Tell me who you want to get to and I will tell you how you can do that. I might say, 'Can you guarantee me two independent redundant paths so if one fails, it won't break the connection?' And you can say yes or no. This is a typical kind of negotiation," Wolff said.
Research organizations that must share large bodies of data in short periods of time have an obvious need for this technology. In the commercial world, cloud providers and carriers that need to move data across each other's networks and across great distances could be the early adopters.
"I asked one of the major carriers, 'Suppose you want to connect to an OpenFlow network in Europe. How will you do that?' They said, 'Well, we just call them up and ask them to have control of their controllers.' Well, that seems unrealistic," Wolff said.
As enterprises move toward using hybrid cloud resources, they could also use the technology to extend routing and policy across public and private resources.
Read the research paper on West-East Bridge technology.