idnits 2.17.1 draft-sin-sdnrg-sdn-approach-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 20, 2013) is 4055 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-05) exists of draft-boucadair-connectivity-provisioning-profile-02 == Outdated reference: A later version (-05) exists of draft-boucadair-network-automation-requirements-00 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SDNRG Working Group M. Boucadair 3 Internet-Draft C. Jacquenet 4 Intended status: Informational France Telecom 5 Expires: September 21, 2013 March 20, 2013 7 Software-Defined Networking: A Service Provider's Perspective 8 draft-sin-sdnrg-sdn-approach-00 10 Abstract 12 Software-Defined Networking (SDN) has been one of the major buzz 13 words of the networking industry for the past couple of years. And 14 yet, no clear definition of what SDN actually covers has been broadly 15 admitted so far. This document aims at contributing to the 16 clarification of the SDN landscape. 18 It is not meant to endlessly discuss what SDN truly means, but rather 19 to suggest a functional taxonomy of the techniques that can be used 20 under a SDN umbrella and to elaborate on the various pending issues 21 the combined activation of such techniques inevitably raises. As 22 such, a definition of SDN is only mentioned for the sake of 23 clarification. 25 Status of This Memo 27 This Internet-Draft is submitted in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF). Note that other groups may also distribute 32 working documents as Internet-Drafts. The list of current Internet- 33 Drafts is at http://datatracker.ietf.org/drafts/current/. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 This Internet-Draft will expire on September 21, 2013. 42 Copyright Notice 44 Copyright (c) 2013 IETF Trust and the persons identified as the 45 document authors. All rights reserved. 47 This document is subject to BCP 78 and the IETF Trust's Legal 48 Provisions Relating to IETF Documents 49 (http://trustee.ietf.org/license-info) in effect on the date of 50 publication of this document. Please review these documents 51 carefully, as they describe your rights and restrictions with respect 52 to this document. Code Components extracted from this document must 53 include Simplified BSD License text as described in Section 4.e of 54 the Trust Legal Provisions and are provided without warranty as 55 described in the Simplified BSD License. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 60 1.1. Context . . . . . . . . . . . . . . . . . . . . . . . . . 2 61 1.2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 3 62 2. What is In and What is Out? . . . . . . . . . . . . . . . . . 4 63 2.1. Remember the Past . . . . . . . . . . . . . . . . . . . . 4 64 2.2. Be Pragmatic . . . . . . . . . . . . . . . . . . . . . . 4 65 2.3. Measure Experience Against Expectations . . . . . . . . . 5 66 2.4. Design Carefully . . . . . . . . . . . . . . . . . . . . 6 67 2.5. There is Life Beyond OpenFlow . . . . . . . . . . . . . . 6 68 2.6. Non Goals . . . . . . . . . . . . . . . . . . . . . . . . 7 69 3. A Definition of Software-Defined Networking . . . . . . . . . 7 70 3.1. A Tautology . . . . . . . . . . . . . . . . . . . . . . . 7 71 3.2. On Flexibility . . . . . . . . . . . . . . . . . . . . . 8 72 3.3. A Tentative Definition . . . . . . . . . . . . . . . . . 8 73 3.4. Functional Meta-Domains . . . . . . . . . . . . . . . . . 8 74 4. Disscussion . . . . . . . . . . . . . . . . . . . . . . . . . 9 75 4.1. Full Automation: a Viable Objective? . . . . . . . . . . 9 76 4.2. The Intelligence resides in the PDP . . . . . . . . . . . 10 77 4.3. Simplicity and Adaptability vs. Complexity . . . . . . . 10 78 4.4. Performance & Scalability . . . . . . . . . . . . . . . . 11 79 4.5. Risk Assessement . . . . . . . . . . . . . . . . . . . . 11 80 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 81 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 82 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 83 8. Informative References . . . . . . . . . . . . . . . . . . . 11 84 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 86 1. Introduction 88 1.1. Context 90 The Internet has become the federative network that supports a wide 91 range of service offerings. The delivery of network services such as 92 IP VPNs assumes the combined activation of various capabilities that 93 include (but are not necessarily limited to) forwarding and routing 94 capabilities (e.g., customer-specific addressing scheme management, 95 dynamic path computation to reach a set of destination prefixes, 96 dynamic establishment of tunnels, etc.), quality of service 97 capabilities (e.g., traffic classification and marking, traffic 98 conditioning and scheduling), security capabilities (e.g., filters to 99 protect customer premises from network-originated attacks, to avoid 100 malformed route announcements, etc.) and management capabilities 101 (e.g., detection and processing of faults). 103 As these services not only grow in variety but also in complexity, 104 their design, delivery and operation have become a complex alchemy 105 that often requires various levels of expertise. This situation is 106 further aggravated by the wide variety of (network) protocols and 107 tools, as well as recent Any Time Any-Where Any Device 108 (ATAWAD)-driven convergence trends that are meant to make sure an 109 end-user can access the whole range of services he/she has subscribed 110 to, whatever the access and device technologies, wherever the end- 111 user is connected to the network, and whether this end-user is in 112 motion or not. 114 Yet, most of these services have been deployed for the past decade, 115 based solely on often static service production procedures that are 116 more and more exposed to the risk of malformed configuration 117 commands. In addition, most of these services do not assume any 118 specific negotiation between the customer and the service provider or 119 between service providers besides the typical financial terms. 121 At best, five-year master plans are referred to as the network 122 planning policy that will be enforced by the service provider, given 123 the foreseen business development perspectives, manually-computed 124 traffic forecasts and the market coverage (fixed/mobile, residential/ 125 corporate). This so-called network planning policy may very well 126 affect the way resources are allocated in a network, but clearly 127 fails to be adequately responsive to highly dynamic customer 128 requirements in an "always-on" fashion. 130 In addition, various tools are used for different, sometimes service- 131 driven, management purposes but their usage is not necessarily 132 coordinated for the sake of event aggregation, correlation and 133 processing. At the cost of extra complexity and possible customer's 134 Quality of Experience degradation. 136 Multi-service, multi-protocol, multi-technology convergent and 137 dynamically-adaptive networking environments of the near future have 138 therefore become one of the major challenges faced by service 139 providers. 141 1.2. Scope 143 This document is a contribution to clarify the SDN landscape: 145 o Section 2 clarifies items which are considered as viable goals and 146 exclude others from the scope. 147 o Section 3 provides a tentative definition from a service provider 148 perspective. 149 o Section 3 discusses several issues and identifies some 150 requirements. 152 2. What is In and What is Out? 154 The networking ecosystem has become awfully complex and highly 155 demanding in terms of robustness, performance, scalability, 156 flexibility, agility, etc. This means in particular that service 157 providers and network operators must deal with such complexity and 158 operate networking infrastructures that can evolve easily, remain 159 scalable, guarantee robustness and availability, and are resilient 160 against denial-of-service attacks. 162 The introduction of new SDN-based networking features should 163 obviously take into account this context, especially from a cost 164 impact assessment perspective. 166 2.1. Remember the Past 168 SDN techniques cannot be seen as a brand new solution but rather as 169 some kind of rebranding of proposals that have been investigated for 170 several years, like Active or Programmable Networks. As a matter of 171 fact, some of the claimed "new" SDN features have been already 172 implemented (e.g., NMS (Network Management System), PCE (Path 173 Computation Element, [RFC4655])), and supported by vendors for quite 174 some time. 176 Some of these features have also been standardized (e.g., DNS-based 177 routing [RFC1383] that can be seen as an illustration of separated 178 control and forwarding planes). 180 2.2. Be Pragmatic 182 SDN approaches should be holistic. This means that it must be 183 global, network-wise. It is not a matter of configuring devices one 184 by one to enforce a specific forwarding policy. It is about 185 configuring and operating a whole range of devices at the scale of 186 the network for the sake of automated service delivery 187 ([I-D.boucadair-network-automation-requirements]), from service 188 negotiation and creation to assurance and fulfillment. 190 Because the complexity of activating SDN capabilities is hidden (to 191 the user) and pushed to software, a clear understanding of the 192 overall ecosystem is needed to figure out how to manage this 193 complexity and to what extent this hidden complexity does not have 194 side effects on network operation. 196 As an example, SDN designs that assume a central decision-making 197 entity must avoid single points of failure. They must not affect 198 packet forwarding performances either (e.g., transit delays must not 199 be impacted). 201 SDN techniques are not necessary to develop new network services per 202 se. The basic service remains IP connectivity that solicits 203 resources located in the network. 205 SDN techniques can thus be seen as another means to interact with 206 network service modules and invoke both connectivity and storage 207 resources accordingly in order to meet service-specific requirements. 209 By definition, SDN techniques remain limited to what is supported by 210 embedded software and hardware. One cannot expect SDN techniques to 211 support unlimited customizable features. 213 Policy-based management framework[RFC2753] was designed to 214 orchestrate available resources, by means of a typical Polociy 215 Decision Point (PDP) which masters advanced offline traffic 216 engineering capabilities. As such, this framework has the ability to 217 interact with in-band software modules embedded in controlled devices 218 (or not). 220 SDN techniques as a whole are an instantiation of the policy-based 221 network management framework. Within this context, SDN techniques 222 can be used to activate capabilities on demand, to dynamically invoke 223 network and storage resources and to operate dynamically-adaptive 224 networks according to events (e.g., alteration of the network 225 topology) and triggers (e.g., dynamic notification of a link 226 failure), etc. 228 2.3. Measure Experience Against Expectations 230 Because several software modules may be controlled by external 231 entities, means to ensure the experienced outcome complies with the 232 expected outcome belong to the set of SDN techniques. 234 These techniques, as an instantiation of Policy-Based Management, 235 should interact with Service Structuring engines and the network to 236 continuously assess whether the experienced network behavior is 237 compliant with the objectives set by the Service Structuring engine, 238 and which may have been dynamically negotiated with the customer. 239 This requirement applies to several regions of a network: 241 1. At the interface between two adjacent IP network providers, 242 2. At the access interface between a service provider and an IP 243 network provider, 244 3. At the interface between a customer and the IP network provider. 246 Ideally, a fully automated service delivery procedure from 247 negotiation and ordering, through order processing, to delivery, 248 assurance and fulfillment, should be supported. This approach 249 assumes widely adopted standard data and information models, let 250 alone interfaces. 252 2.4. Design Carefully 254 Exposing open and programmable interfaces has a cost, from both a 255 scalability and performance standpoints. 257 Maintaining hard-coded performance optimization techniques is 258 encouraged. So is the use of interfaces that allow the direct 259 control of some engines (e.g., routing, forwarding) without requiring 260 any in-between adaptation layer (generic objects to vendor-specific 261 CLI commands for instance). 263 SDN techniques will have to accommodate vendor-specific components 264 anyway. Indeed, these vendor-specific features will not cease to 265 exist mainly because of the harsh competition. 267 The introduction of new functions or devices that may jeopardize 268 network flexibility should be avoided, or at least carefully 269 considered in light of possible performance and scalability impacts. 270 SDN-enabled devices will have to coexist with legacy systems. 272 One single SDN, network-wise deployment is unlikely. 274 Instead, multiple instantiations of SDN techniques will be 275 progressively deployed and adapted to various network and service 276 segments. 278 2.5. There is Life Beyond OpenFlow 280 Empowering networking with in-band controllable modules does not 281 necessarily mean the use of the OpenFlow protocol, which is only a 282 protocol that helps devices populate their forwarding tables 283 according to a set of instructions. 285 As such, OpenFlow is clearly not the "next big thing": there are 286 many, many other protocols that have been standardized (think Routing 287 Policy Specification Language (RPSL, [RFC2622]), for one) - or not - 288 and which have been massively deployed. 290 The forwarding of the configuration information can currently rely 291 upon a variety of protocols that include (but is not necessarily 292 limited to) PCEP [RFC5440], NETCONF [RFC6241], COPS-PR [RFC3084], 293 etc. 295 There is no 1:1 relationship between OpenFlow and SDN. Rather, 296 OpenFlow is one of the candidate protocols to convey specific 297 configuration information towards devices. As such, OpenFlow is one 298 possible component of the global SDN toolkit. 300 2.6. Non Goals 302 There are inevitable trade-offs between the current networking 303 ecosystem and the proposed SDN paradigm. Operators do not have to 304 choose between the two as both models may be needed. 306 In particular, the following considerations can be seen as a non-goal 307 to justify the deployment of SDN techniques: 309 o Fully flexible software implementations, whereas the claimed 310 flexibility will be limited by respective software and hardware 311 limitations, anyway. 312 o Fully modular implementations are difficult to achieve (because of 313 the implicit complexity) and may introduce extra effort for 314 testing, validation and troubleshooting. 315 o Fully centralized control systems that raise some scalability 316 issues. Distributed protocols and their ability to react to some 317 events (e.g., link failure) in a timely manner remains a key to 318 scalable networks. This means that SDN designs can rely upon a 319 logical representation of centralized features (an abstraction 320 layer that would support inter-PDP communications, for example). 322 3. A Definition of Software-Defined Networking 324 3.1. A Tautology 326 The separation of the forwarding and control planes (beyond 327 implementation considerations) have almost become a gimmick to 328 promote flexibility as a key feature of the SDN approach. 329 Technically, most of current router implementations have been 330 assuming this separation for years if not decades. Routing processes 331 (such as IGP and BGP route computation) have often been software- 332 based, while forwarding capabilities are hardware-encoded. 334 As such, the current state-of-the-art tends to confirm the said 335 separation, which rather falls under a tautology. 337 But a somewhat centralized, "controller-embedded", control plane for 338 the sake of route computation before FIB population is certainly 339 another story. 341 3.2. On Flexibility 343 This "flexibility argument" that has been put forward by SDN 344 promoters is undoubtedly one of the key objectives that must be 345 achieved by service providers. This is because the ability to 346 dynamically adapt to a wide range of customer's requests for the sake 347 of flexible network service delivery is an important competitive 348 advantage. But flexibility is much, much more than separating the 349 control and forwarding planes to facilitate forwarding decision- 350 making processes. Note: 352 o The exact characterization of what flexibility actually means is 353 still required. 354 o The exposure of programmable interfaces is not a goal per se, 355 rather a means to facilitate configuration procedures. 357 3.3. A Tentative Definition 359 We define Software-Defined Networking as the set of techniques used 360 to facilitate the design, the delivery and the operation of network 361 services in a deterministic, dynamic, and scalable manner. 363 Such a definition assumes the introduction of a high level of 364 automation in the overall service delivery and operation procedures. 366 Because networking is by essence software-driven, the above 367 definition does not emphasize the claimed "Softwire-Defined" property 368 of SDN-labeled solutions. 370 3.4. Functional Meta-Domains 372 SDN techniques can be classified into the following functional meta- 373 domains: 375 o Techniques for the dynamic discovery of network topology, devices 376 and capabilities, along with relevant information models that are 377 meant to precisely document such topology, devices and 378 capabilities. 379 o Techniques for exposing network services (and their 380 characteristics; e.g., 381 [I-D.boucadair-connectivity-provisioning-profile]) and for dynamic 382 negotiation of the set of corresponding parameters that will be 383 used to measure the level of quality associated to the delivery of 384 a given service or a combination thereof, 386 o Techniques used by service requirements-derived dynamic resource 387 allocation and policy enforcement schemes, so that networks can be 388 programmed accordingly, 389 o Dynamic feedback mechanisms that are meant to assess how 390 efficiently a given policy (or a set thereof) is enforced from a 391 service fulfillment and assurance perspective. 393 4. Disscussion 395 4.1. Full Automation: a Viable Objective? 397 The path towards full automation is paved with numerous challenges 398 and requirements, including: 400 o Simplify and foster service delivery, assurance and fulfillment, 401 as well as network failure detection, diagnosis and root cause 402 analysis: 404 * This can be achieved thanks to automation, possibly based upon 405 a logically centralized view of the network infrastructure (or 406 a portion thereof), yielding the need for highly automated 407 topology, device and capabilities discovery as well as 408 operational procedures, 409 * The main intelligence resides in the PDP, which suggests that 410 an important part of the investigation effort should focus on a 411 detailed specification of the PDP function, including 412 algorithms and behavioral details, based upon a complete set of 413 standardized data and information models. 414 o Need for abstraction layers: clear interfaces between business 415 actors, clear interaction between layers, cross-layer 416 considerations, etc. 418 * Ability to build and package differentiated (network) services, 419 * Need for IP connectivity service exposure to customers, peers, 420 applications, content/service providers, etc. (e.g., 421 [I-D.boucadair-connectivity-provisioning-profile]), 422 * Need for a solution to map IP connectivity service requirements 423 with network engineering objectives, 424 * Need for dynamically-adaptive objectives based on current 425 resource usage and demand, for the sake of highly responsive 426 dynamic resource allocation and policy enforcement schemes. 427 o Better accommodate technologically heterogeneous networking 428 environments: 430 * Need for vendor-independent configuration procedures, based 431 upon the enforcement of vendor-agnostic generic policies 432 instead of vendor-specific languages, 433 * Need for tools to aid manageability and orchestrate resources, 434 * Avoid proxies and privileged direct interaction with engines 435 (e.g., routing, forwarding). 437 4.2. The Intelligence resides in the PDP 439 The proposed SDN definition in Section 3.3 assumes an intelligence 440 that may reside in the control or management planes (or both). This 441 intelligence is typically represented by a Policy Decision Point, 442 which is one of the key functional components of Policy-Based 443 Management architectures [RFC2753]. 445 The Policy Decision Point (PDP) is where policy decisions are made. 446 PDPs use a directory service for policy repository purposes. The 447 policy repository stores the policy information that can be retrieved 448 and updated by the PDP. The PDP delivers policy rules to the Policy 449 Enforcement Point (PEP) in the form of policy-provisioning 450 information that includes configuration information. 452 The Policy Enforcement Point (PEP) is where policy decisions are 453 applied. PEPs are embedded in (network) devices, which are 454 dynamically configured based upon the policy-formatted information 455 that has been processed by the PEP. PEPs request configuration from 456 the PDP, store the configuration information in the Policy 457 Information Base (PIB), and delegate any policy decision to the PDP. 459 SDN networking therefore relies upon PDP functions that are capable 460 of processing various input data (traffic forecasts, outcomes of 461 negotiation between customers and service providers, resource status 462 (as depicted in appropriate information models instantiated in the 463 PIB, etc.) to make appropriate decisions. 465 The design and the operation of such PDP-based intelligence in a 466 scalable manner remains of the major areas that needs to be 467 investigated within SDN environments. 469 4.3. Simplicity and Adaptability vs. Complexity 471 The above meta functional domains assume the introduction of a high 472 level of automation, from service negotiation to delivery and 473 operation. 475 Automation is the key to simplicity, but must not be seen as a magic 476 button that would be hit by a network administrator whenever a 477 customer request has to be processed or additional resources need to 478 be allocated. 480 The need for simplicity and adaptability thanks to automated 481 procedures generally assumes some complexity that lies beneath 482 automation. 484 4.4. Performance & Scalability 486 The combination of flexibility with software inevitably raises 487 performance and scalability issues as a function of the number and 488 the nature of the services to be delivered and their associated 489 dynamics. 491 While the deployment of a network solely composed of OpenFlow 492 switches within a data center environment is unlikely to raise FIB 493 scalability issues given the current state-of-the-art, data center 494 networking that relies upon complex, possibly IP-based, QoS-inferred, 495 interconnect design schemes meant to dynamically manage the mobility 496 of Virtual Machines between sites is certainly another scale. 498 The claimed flexibility of SDN networking in the latter context will 499 have to be carefully investigated by operators. 501 4.5. Risk Assessement 503 Various risks are to be assessed such as: 505 o Evaluating the risk of depending on a controller technology rather 506 than a device technology. 507 o Evaluating the risk of operating frozen architectures because of 508 potential interoperability issues between a controller and a 509 controlled device. 510 o Assessing whether SDN-labeled solutions are likely to obsolete 511 existing technologies because of hardware limitations. 512 o Etc. 514 5. IANA Considerations 516 This document document does not require any action from IANA. 518 6. Security Considerations 520 This document does not define any protocol nor achitecture. 522 7. Acknowledgements 524 TBC. 526 8. Informative References 528 [I-D.boucadair-connectivity-provisioning-profile] 529 Boucadair, M., Jacquenet, C., and N. Wang, "IP/MPLS 530 Connectivity Provisioning Profile", draft-boucadair- 531 connectivity-provisioning-profile-02 (work in progress), 532 September 2012. 534 [I-D.boucadair-network-automation-requirements] 535 Boucadair, M. and C. Jacquenet, "Requirements for 536 Automated (Configuration) Management", draft-boucadair- 537 network-automation-requirements-00 (work in progress), 538 December 2012. 540 [RFC1383] Huitema, C., "An Experiment in DNS Based IP Routing", RFC 541 1383, December 1992. 543 [RFC2622] Alaettinoglu, C., Villamizar, C., Gerich, E., Kessens, D., 544 Meyer, D., Bates, T., Karrenberg, D., and M. Terpstra, 545 "Routing Policy Specification Language (RPSL)", RFC 2622, 546 June 1999. 548 [RFC2753] Yavatkar, R., Pendarakis, D., and R. Guerin, "A Framework 549 for Policy-based Admission Control", RFC 2753, January 550 2000. 552 [RFC3084] Chan, K., Seligson, J., Durham, D., Gai, S., McCloghrie, 553 K., Herzog, S., Reichmeyer, F., Yavatkar, R., and A. 554 Smith, "COPS Usage for Policy Provisioning (COPS-PR)", RFC 555 3084, March 2001. 557 [RFC4655] Farrel, A., Vasseur, J.-P., and J. Ash, "A Path 558 Computation Element (PCE)-Based Architecture", RFC 4655, 559 August 2006. 561 [RFC5440] Vasseur, JP. and JL. Le Roux, "Path Computation Element 562 (PCE) Communication Protocol (PCEP)", RFC 5440, March 563 2009. 565 [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A. 566 Bierman, "Network Configuration Protocol (NETCONF)", RFC 567 6241, June 2011. 569 Authors' Addresses 570 Mohamed Boucadair 571 France Telecom 572 Rennes 35000 573 France 575 Email: mohamed.boucadair@orange.com 577 Christian Jacquenet 578 France Telecom 579 Rennes 580 France 582 Email: christian.jacquenet@orange.com