Toward Transitional SDN Deployment in Enterprise Networks

Marco Canini

withDan Levin, Stefan Schmid, Anja Feldmann

TU Berlin / Telekom Innovation Labs

Motivation

GOAL: Help SDN succeed!

I♥ SDN

The SDN Deployment Problem

A real large-scale campus network

UPGRADE

FullSDN

Must upgrade to SDN incrementally

Key Questions• How can we incrementally deploy SDN

into enterprise campus networks?

• Can we reap the benefits of SDNwith partial deployment?

Current Transitional Networks

Dual-stack approach

SDNPlatform

LegacyMgmt?

Current Transitional Networks

Dual-stack approach Edge-only approach

SDNPlatform

LegacyMgmt?

LegacyMgmt

SDN Platform

App1

App2

App3

Where the heck is the edge?

TOOLDetermine the partial

SDN deployment

PANOPTICON

SDN ARCHITECTUREOperate the network as

a (nearly) full SDN

The Existing Network

1. Planning the SDN Deployment

A

B

C

D

E

F

Network architect provides set of

ingress ports to becontrolled via SDN

Optimizedpartial SDNdeployment

Tunable parameters• Port priorities• Price model• Utilization thresholds

(link utilization, VLANs, etc.)

Network topology

Cost-awareoptimizer

Objectives• Upgrade budget• Path delay

Trafficestimates

TOOL

The Partial SDN Deployment ( )

A

B

C

D

E

F

Benefits of Partial SDN Deployment?

A

B

C

D

E

F

Harvest unutilizednetwork capacity

A

B

C

D

E

F

Main benefits of SDN=

Principled orchestration ofthe network policy

Can partial SDN deploymentstill take advantage ofprincipled network orchestration?

2. Realizing the Benefits of SDN

A

B

C

D

E

FAccess control

Insight #1:≥ 1 SDN switch

Policy enforcement

IDS

Middleboxtraversal

2. Realizing the Benefits of SDN

A

B

C

D

E

F

Trafficload-balancing

Insight #1:≥ 1 SDN switch

Policy enforcement

Insight #2:≥ 2 SDN switches Fine-grained control

SDN Waypoint Enforcement

Insight #1:≥ 1 SDN switch

Policy enforcement

Insight #2:≥ 2 SDN switches Fine-grained control

Legacy devices must direct traffic to SDN switches

Ensure that all traffic to/froman SDN-controlled port always

traverses at least one SDN switch

A

B

C

D

E

F

Conceptually group SDN ports in Cell Blocks

The SDN ArchitecturePANOPTICON

Traffic restricted to Solitary Confinement Trees

A

B

C

D

E

FPer-port spanning trees thatensure waypoint enforcement

The SDN ArchitecturePANOPTICON

A

B

C

D

E

F

PANOPTICON

B C D E F

A

“Logical SDN”

“Logical SDN”

PANOPTICON

SDN Platform

App1

App2

App3

B C D E F

A

PANOPTICON provides the abstraction of a (nearly)fully-deployed SDN in a partially upgraded network

Results Highlights• Evaluated a large campus network (1713 switches)

• Upgrade 6% of distribution switches – 100% SDN-controlled ingress ports– avg. path stretch < 50%– max. link util. < 70%

PANOPTICON

SDN Platform

App1

App2

App3

B C D E F

A

TOOLDetermine the partial

SDN deployment

SDN ARCHITECTUREOperate the network as

a (nearly) full SDN

Summary

The Collaborators

Anja FeldmannStefan SchmidDan Levin

PANOPTICON

SDN Platform

App1

App2

App3

B C D E F

A

Thank you! Questions?

Come and see us!