Implementing Network Virtualization through SDN

Network virtualization technologies have sufficiently matured such that the ability to provision a virtual network is now something that can be instantiated wholly in software by the Internet2 network. This capability, implemented with software developed by Internet2, has profound implications for the fundamental nature of how the community architects and builds networks in the future. In line with the UCAID name (University Corporation for Advanced Internet Development), Internet2’s high-level vision is to advance the state of networking beyond that provided by commercial carriers, and Internet2’s ability to support network virtualization is a critical piece of realizing that vision. Internet2 and Indiana University have developed a second-generation hypervisor, called Flowspace Firewall (FSFW). FSFW takes the approach of slicing up the available VLANs on a network into VLAN ranges, known as slices. FSFW acts as a proxy between one or more OpenFlow controllers and a set of switches within a single administrative domain. FSFW only carries OpenFlow commands from a controller to a switch (or the reverse) if the command falls within the allocated range of VLANs for that controller. In addition, FSFW acts as a resource protector, ensuring that no controller overconsumes scarce resources such as the rate at which OpenFlow rules can be fed to a switch or the number of OpenFlow entries in the Flow Table. This talk will give an overview of the effort to deploy network virtualization on the Internet2 network as a core network service. It will discuss the technology and operational practices necessary to make this effort succeed. And it will give an overview of working examples of prototype services and production services running in their own slices on the Internet2 network.


Part of session

Operational aspects of SDN

Related documents