Currently, core networking architecture is facing disruptive developments, due to the emergence of SDN for control, NFV for services and so on. SDN promises more versatility in routing and managing traffic flows, while NFV represents a large shift in how network functions and services are built, deployed, and managed. We present OpenPATH (aPplication Aware software-defined swiTcHing framework)—A software-defined switching framework for NFV processing and orchestration of Network Functions (NFs) and steering the flows through service chains. Inspired by the potential benefits of encapsulating the application logic into the SDN dataplane, OpenPATH is built on the concept of a modular dataplane, which consists of two layers - switching fabric layer to control packet forwarding; and switch management layer, which inspects the incoming packets, steers the flows through a sequence of NFs and determines the next forward/drop action. The application logic of the NFs can be introduced and pushed to the dataplane at runtime and the framework offers fast packet processing and I/O functionalities to support NF parallelism in the Service Function Chaining (SFC) scenarios. OpenPATH is a modular framework for software switches and offers flexibility for programming run time functions depending on the dynamic behavior of the network traffic and cyberattacks. The architecture components are not hard-coded or rigidly implementations in conventional switches/bridges and standard OpenFlow based SDN stacks. The design allows the vendors, operators, or developers to configure policies at run time and deploy custom logic and NF (also series of NFs) through software programs embedded in the switching fabric. While the basic concept is similar to some pioneering works in this area, OpenPATH does not sacrifice portability, performance, or security for programmability. The OpenPATH as a programmable switching platform takes a different approach to meet most of the requirements of application-aware and intent-based networking. OpenPATH helps administrators to quickly configure network security services using a rich set of standard APIs, with simplified flow tables. The evaluation shows that our design can leverage complex states in the data plane without overloading the SDN controller. Compared to conventional SDN methods, this provides much greater versatility and precision. The key findings indicate that OpenPATH achieves lower cost for scaling, higher overall throughput, and reductions in latency for real-world service chains.
Read full abstract