Hierarchical SDN-SFC Controller Design

A Hierarchical Control Plane Framework for Integrated SDN-SFC management in Multi-Tenant Data Center

          Efficient network management is one of the key requirements for successful operation of data centers. This is particularly true for cloud data centers because of the changing dynamics from the perspective of hosted applications. The variance of usage, the corresponding change in resource requirements, and the changing policies of these applications which belong to multiple tenants are a few factors that trigger the dynamism in the cloud environments. With the network fabric consisting of a large number of various elements like switches, routers, and service functions, automated management is necessary to enable dynamic modifications in network features, usage and forwarding paths. Cloud data center networks bring in further complexity through multi-tenancy. The diverse applications belonging to different tenants have different QoS, isolation and performance requirements. SFs and SFCs, catering to the application QoS requirements, form a large portion of the network data plane in cloud data centers. With the application workloads exhibiting temporal changes, the chaining of services has to be reactive to the changing requirements. This environment demands a responsive network that can quickly customize to the application dynamics. This can be achieved only through automated network control that can react to the current network state.

          In traditional implementations of SFCs with middleboxes, there was no space for reactive reconfiguration. With the emergence of NFV, the idea of service functions implemented as software brought the flexibility and scalability required to adapt to the changing network state at the data plane. The flexibility in managing these data plane elements through a control plane came from the paradigm of SDN. The programmability introduced by SDN enabled adaptive forwarding path generation in dynamic networks. These two paradigms enabled flexible and scalable implementation of software service functions which could be chained reactively to changes in network state.

          However, current SDN implementations have certain shortcomings with respect to SFC management. Most SDN control plane implementations handle the forwarding rule generation based on the L2/L3 layer’s information. Also, SDN extensions for SFCs have exploited the central entity of control only to generate forwarding rules to stitch the SFs to form SFCs. A useful proposition of enabling autonomous programmable method of SFC integration into the network control plane can fetch benefits of easing the difficulty of SFC configuration and placement into networks. However, the functions of SFs are not similar to forwarding devices. Their functionality can span beyond the L2/L3 layers of the networking stack. Certain SFs like firewalls can function up to the application layer. While the SDN controller successfully steers traffic through the required sequence of SFs, it does not ensure optimized network usage or resource utilization in the context of SFs and SFCs. The lack of view beyond L3 prevents the SDN controller from gaining a holistic view of the network which includes SF components. To enable SF, SFC resource reuse the SDN control plane must be able to understand the semantics of the layers beyond L3.

          This necessitates the introduction of the SFC control plane functionality into the SDN controller. The interaction of the SFC control plane with the SFC data plane components provides valuable feedback for the SDN controller to make informed decisions in the choice of forwarding paths, network resource reuse and optimization, etc. In addition, with the capability of tenant identification, the controller can ensure the isolation and security of tenants in multi-tenant environments like cloud data centers. This extended view brings in autonomicity for the integrated control plane to take independent decisions for optimized service function chaining in response to the current state of the SFs and SFCs and also to make better usage of SF and SFC resources across tenants in multi-tenant environments.

          The initial phase of this work explores the impact of SFC management integration into the SDN control plane. A prototype of the integrated controller is implemented and tested over a simulated data center network. The integrated controller includes SFC related functionality implemented as components over the SDN controller. These components take care of the SFP selection, generation of the corresponding forwarding rules, handling of statistics from the SFC data plane components, etc. The difference in workload at the controller is measured in comparison with a standard SDN controller which manages only the forwarding devices. The experiments provided the following insights.

  • The inclusion of SFC management into the SDN controller makes the workload at the controller heavier due to the additional SF and SFC related state information that is reported to the controller
  • The events that hit the integrated controller are more diverse. The controller must not only deal with the openflow messages from the forwarding devices in the network, but also messages containing the state information of the SFs.

          The integration of SFC management into the controller is observed to hit the scalability of the control plane. Unlike pure L2/L3 management, a controller with integrated SFC control plane has to deal with regular state updates of the various network functions which affect the scalability of the controller drastically. With the growth of the network, increase in number of tenants or applications, the incoming traffic increases rapidly choking the controller. Motivated by this, the second phase of the work addresses the scalability of the control plane and tenant-specific SF and SFC handling.

          To understand the correlation between the number of SFs, SFCs, tenants and the corresponding impact on the controller, a workload characterization is derived experimentally. The characterization shows an exponential increase in the load at the controller reinforcing the existence of scalability issues in the integrated SDN-SFC controller.

To this end, we propose a hierarchical integrated SDN-SFC controller architecture designed with the following goals:

           i) Integrate SF and SFC management into the SDN controller.

           ii) Improve scalability of the controller through division of functionality

           iii) Support multi-tenancy through tenant identification and ensuring the required isolation.

          The proposed architecture has a single master controller and multiple sub-ordinate controllers. The controller achieves scalability through division and distribution of functionality across the two-tiers and also across the multiple sub-ordinate controllers. The architecture supports multi-tenancy by dedicating one sub-ordinate controller to each tenant. The master controller manages the global view of the network while the sub-ordinate controllers maintain tenant-specific view of the network.

          The feasibility of the proposed framework is analyzed through a comparative evaluation with the centralized and distributed controller architectures. Metrics like controller workload, percentage packet loss at the controller and flow setup latency are measured to compare the different architectures. These metrics are chosen because they act as good indicators for the congestion and bottleneck at the controller.

          Since current implementations of centralized and distributed controllers do not include SFC management, the prototypes of these architectures are also implemented in addition to the proposed hierarchical architecture. The implemented controllers are tested on a simulated data center network to draw the comparison. The following observations are drawn from the simulation.

  • The workload experienced by each controller instance of the hierarchical controller is much less compared to the centralized and distributed controllers.
  • The packet loss in the hierarchical controller is 19.81% lesser than the centralized controller and 9.31% lesser than the distributed controller.
  • The flow setup latency depends on the scale of the network. For small scale networks with less number of tenants, the centralized controller is most suitable. However, as the scale increases with more number of tenants, the proposed architecture performs better than the centralized controller.

          In addition to these results, the workload characterization of the different architectures done with respect to the number of tenants, number of SFCs per tenant and number of SFs per SFC, indicates a large difference in the incident load at the controller. The load at each controller instance in the hierarchical architecture is significantly lower than the centralized controller. This implies that the hierarchical controller is more capable of absorbing and processing the increase in workload than the centralized controller. This is indicative of the better scalability of the hierarchical controller.

          The results hence show that the proposed hierarchical framework for integrated SDN-SFC controller performs best in multi-tenant cloud data center setups when compared to the other prevalent SDN architectures. While a centralized controller can work well for small-scale data centers with a few tenants, the hierarchical controller is a better choice for large-scale cloud networks which host a large number of tenants.