Welcome back. In this lesson, we'll talk about Slicing Network Control. I'll give an overview of Network Slicing. I'll talk about what Network Slicing is and I'll talk about why you might want to Slice Network Control. Then I'll talk about specific concepts of flowspace, and various ways that slicing policies can be defined. I'll then talk about FlowVisor, which is a particular SDN controller, that virtualizes SDN Control, allowing multiple SDN controllers, to control a single set of switches, without interfering with one another. I'll then talk about several applications of Network Slicing. As we know from previous lessons existing SDN controlled network devices, are typically controlled from a single control plane, that computes forwarding rules and pushes the rules down to the data plane using an agreed upon control protocol. The data plan then, enforces those rules, and exceptions can be pushed back to the control plane, as they arise. The basic idea behind slicing the network, or slicing the control plane is to add a layer between the control and data plane. So that each control slice believes that it owns the data path. The slicing layer then has the responsibility of enforcing isolation between these slices. Policies defined at the slicing layer control which slices should have access to, or control over, different parts of the data plane. In short, network slicing defines the production network into logical slices. So that each slice controls its own packet forwarding. Users or applications might be able to pick which slices control their network traffic. Additionally, existing production services can run in their own slice or slices that are separate from slices that might be used for testing or experimentation. Slicing enforces strong isolation between each of the control slices. So that actions in one slice, don't affect other slices. Each slice can also mirror a production network. These additional slices might be used for testing, or for research. For example, for trying out new, experimental types of control protocols. There are various reasons you might want to slice the network. One, is that the network might have multiple administrative groups, such as different departments on a campus. Another is that the network might have multiple customers. A common example of this might be multiple tenants in a shared data center or researchers operating on a shared test bed infrastructure. Another reason why you might want to slice the network is to separate experiments from the operational network. So that research or experiments can be supported without breaking the real operational services. Virtualization can also be used to expand a network's footprint. It can also allow multiple services or applications to operate in the same domain. With Slicing, the data plane operates essentially unmodified, so there's no performance penalty. It merely implements forwarding according to what the control plane tells it. The Slicing policy which sits above the data plot, determines which control slice, can control different parts of the data point. A Slicing policy, specifies resource limits for each slice. Such as the link bandwidth, the maximum number of forwarding rules, the topology or the fraction of switch or router CPU that that control slice should have access to. One way of slicing control is through a concept called flow space. We can think of traffic as being divided according to a multidimensional space. According to fields in the packet, this diagram shows a simple example of flow space being divided according to MAC address, IP address and TCP port. Slices can be defined based on groups of packets that share one or more of these fields in common. One simple way to enforce isolation is to ensure that no two controllers control the same portion of flow space. One example of a SDN controller that slices the network is called FlowVisor. FlowVisor is an OpenFlow controller that acts as a transparent proxy between OpenFlow switches and multiple OpenFlow controllers that might be controlling the network. Each slice is defined on any combination of fields from layer one, through layer four. FlowVisor act's as the slicing layer, that enforces isolation between each slice. FlowVisor sits between multiple OpenFlow controllers that might be operating in the control plane, and open flow enabled switches, in the data path. It performs different types of policy checks. For example, when a controller attempts to install a rule, it attempts to determine whether that controller is allowed to install that rule in the switch. It also determines which controller controls a particular packet. So that if a packet needs to be sent to the controller, it's sent to the right one. There are various ways to Slice the Network. For example, you could Slice the Network by switch port, which provides basically the same functionality as VLANs. Another way to Slice the Network, might be by application, or TCP port. Doing this in today's network is technically possible, but it would require some more complicated access control lists and Dynamism might be a bit more difficult without the benefits of SDN control. One application of Network Slicing is testing. Using slicing, an operator could connect a fully operational network that essentially mirrors the existing production topology. This type of slicing could allow for more realistic evaluation and testing is the same control software that's being used in the mirrored network. And actually, simply we migrated to the production network, and the operator can have some assurance with the same control logic, and software that was tested in the shadow network, will operate in the same way in the production network. Another potential application for Network Slicing is in home networks, or the internet of things. Here's an example where a Home Network is sliced so that multiple service providers can have access toward the access network and the users home network. In this example an access network owner by gives a slice of the last mile to the user, and it might rent another one to utility company for smart grid applications. In turn, the user inside the home might slice his or her own home network for applications such as guest WiFi, network management, and video streaming. An application of this type of slicing, might be to slice a particular portion of the home network for a group of users or for application for quality of service purposes. In summary, Slicing the SDN control plane allows the possibility for multiple administrative entities to control a single set of SDN switches which might be used for pre-production testing. And also, sharing the network between multiple entities, or tenants. Slicing can be performed in a variety of ways, including by switch board, or on any part of what's called flow space. FlowVisor is one example of slicing SDN control, but of course, there are other ways to do this as well. The notion of slicing isn't particularly new. As we know, virtual LANs is one rudimentary way of slicing a network. But slicing SDN control allows for many more possibilities, for slicing the network, and sharing it, among multiple entities.
