Content

Background

Partitioning of OpenFlow Resources
1. Every application must have their private flow state space (on every switch)
  1. Flow tables, group table, meter table, cookies
Ingress demultiplexing (aka “Table 0 Problem”)
1. Packets entering the switch have to be directed to the correct application pipeline
2. Applications cannot simply write ingress flow entries into table 0 without coordination
3. Need smaller granularity than OF port (e.g. VLAN, VNI, etc)? generalized interface concept
4. Co-existence of multiple applications on the same interface
5. Multi-tenancy: Several isolated service instances of the same application
Integration/Co-operation of different applications
1. Control plane: Service APIs between applications
2. Data plane: Transfer packets between the pipelines of different applications
  1. Take the use of various packet metadata into account!
3. Each application comes with its own overlay solution

Chosen approach in ODL Beryllium between SFC, GPB and Netvirt
1. Partitioning of OpenFlow Resources
  1. Design time coordination between different applications
2. Ingress demultiplexing (aka “Table 0 Problem”)
  1. All application write into table 0, but the flow entries and priorities have been agreed at design time to avoid unwanted interference
3. Integration/Co-operation of different applications
  1. Control plane: MD-SAL service APIs between applications?
  2. Data plane: Direct GOTO Table to transfer the packet from one application pipeline to another
Analysis
1. Can lead to an optimal solution for a group of specific applications
2. Design time coordination needed for every detail
3. Hard-coded dependencies between applications
4. Does not scale to many applications

Multiple applications writing into table 0 (directly or through an Ingress Manager function)
Flow conflict detection mechanisms do not allow for any overlap between flows
Overlap (or rather refinement) should be allowed using priorities to disambiguate:
1. e.g. packets on in_port with certain DMAC to application A, all the rest to application B
How can a generic Ingress Manager ensure that there is no semantic conflict between the flows if the simple non-overlap criterion is not sufficient?

Any ODL application can use these to achieve at minimum interference-free co-existence with other applications using the services
Provide support for co-operation between applications with the minimal amount of design-time coordination and hard-coded dependencies
Use APIs to move design-time coordination to run-time
1. Generic infrastructure APIs to avoid direct coupling where possible
2. Direct inter-application (client-server) APIs where necessary for stronger coupling
Factor out commonly used functions into shared services to avoid duplication & waste of resources, e.g.
1. Overlay Tunnel Manager
2. ID manager
3. MD-SAL Util

Models generic interfaces as attachment point for applications
1. Supports Hierarchy of: Port, VLAN, VXLAN Trunk, VXLAN VNI, GRE Tunnel, ...
2. Extendible to arbitrary other types of interfaces (virtual link, VPN interface, …)
3. Interface ID/tag system wide unique identifier in control/data plane.
4. Ingress interface tag stored in metadata

Handles ingress de-capsulation and de-multiplexing
1. Owns table 0 (and possibly additional tables needed for demultiplexing of interfaces)
2. Application bind to interfaces through API and register application-specific instructions/actions to be added to the interfaces ingress flow entry (e.g. write metadata, goto table)
3. Each bound service is assigned to a separate interface handle, no risk of interference on ingress traffic

South bound protocol agnostic
1. Ability to plug in different south bound renderers
2. Provides tunnel monitoring services
3. Handles egress encapsulation and output, service processing priority