Software Defined Networking

Supported by IEEE 802.1Q

János Farkas, Stephen Haddock, Panagiotis Saltsidis

[email protected], [email protected], [email protected]

Abstract— This paper gives an overview on how Software the exact application. SDN addresses various network
Defined Networking (SDN) principles can be applied to existing scenarios from enterprise through campus to carrier grade
Ethernet merchant silicon considering the requirements modern networks, including data center and backhaul networks.
networks face. We show that existing Layer 2 features specified Therefore, prospective SDN approaches have to meet a large
by IEEE 802.1Q support SDN. The bridge architecture [1] part of the below requirements:
supports control plane/data plane split by design and also allows
for external control e.g. by an SDN Controller. The data plane  Providing L2 and L3 connectivity services
provided by existing chips is feature rich for network
virtualization and supports even more features like OAM. We  Network virtualization
outline the principles of SDN over bridges and show a number of  Supporting several customers or tenants
possibilities for further research and development.
 Scalability
I. INTRODUCTION  Decoupling logical and physical configuration
Software Defined Networking (SDN) is an emerging new  Address separation
networking paradigm, which aims to introduce a new approach
to the control and design of networks of various kinds. SDN  Traffic isolation
relies on directly programming the packet handling  Supporting station mobility, e.g. virtual machine (VM)
mechanisms of the network nodes by a network controller. mobility
That is, the SDN concept allows defining the networking
behavior via software tools that are easy to modify as opposed  Quality of Service (QoS) assurance
to behavior hard-coded in the equipment by design. It is
understood that the behavior of the networking equipment is  Auto-provisioning and service discovery
defined by software today; however, it is often difficult to  Operations, Administration and Maintenance (OAM)
change the behavior and requires expert knowledge of the
equipment. As opposed, SDN provides flexibility along the which are discussed more in detail in the following. Most of
following three characteristic features: these requirements appear whether network virtualization is
provided based on L2 [1] or based on L3 [12].
 Programmability of the network
Hosts, servers, network devices and their virtual
 Separation of the control plane from the data plane equivalents are often (if not exclusively) reached via either
Internet Protocol (IP) or Ethernet for communication.
 A controller that has a view of the entire network and
Therefore, Layer 2 and Layer 3 connectivity is an essential
can control the network devices
requirement.
There are a number of ways to implement SDN
Network virtualization is crucial for a network or a cloud
programming of the network nodes. There are some
provider in several ways and represents a high level
approaches designed with SDN in mind, such as ForCES [9],
requirement that is related to several of the remaining
OpenFlow [14], OpenDaylight [15] or OpenStack [16]. There
requirements. For example, scalability – among other things-
are other approaches where the original goal was not SDN but
requires the support of a number of customers or tenants.
they can be applied for SDN as well, e.g. SNMP or
Similarly, scalability requires that physical resources may be
NETCONF. The exact implementation choice is out of scope
re-used across multiple customers. This is an essential
for this paper. Instead, we focus on the principles and their
characteristic of network virtualization and depends on the
application on a high level. We note that the term “distributed
ability to decouple logical networks from the physical network
control” is used in this paper to denote existing distributed
as well as the separation of address spaces, which are necessary
bridge control protocols.
to eliminate address assignment dependencies among the
Similar to networks under distributed control, SDN customers and for the support of mobility, e.g. VM mobility. In
networks have to meet several requirements, which depend on order to prevent mis-delivery of one customer's data to other

1
March 17, 2014
customers, traffic for each logical network (or virtual network
instance) must be isolated from traffic of all other virtual SDN Controller
network instances. Scalability is also a general requirement in SDN Protocol
order (for instance) to avoid explosive growth in forwarding SDN Node 1 SDN Node 2 SDN Node 3
table size. Creation of a new virtual network instance or Local Control Local Control Local Control Control Plane
modification of an existing one (such as expansion) must be Data Plane
Packet Pkt Pkt Packet
something that the provider can do with relative ease. Action Set Action Set Action Set
Difficulty in changing a service impacts on the ability of the
provider to increase revenue and/or control the expenses Fig. 1. SDN Architecture
associated with service provisioning especially in a cloud
environment. Auto-provisioning and verification of a virtual which actions are invoked on the packets out of the commands
network must be enabled by network features. For services available to the network nodes by means of an SDN Protocol.
with traffic classes requiring differentiated Quality of Service The programming of the network is then implemented by the
(QoS), this must be enabled by the network. In order to support local control in the nodes, which interprets the instructions
monitoring and diagnosis of services, a solution must support from the remote control and configures the local data plane
Operations Administration and Maintenance (OAM) accordingly.
capabilities on a per-virtual network (per service) basis.
Overall, the data plane consists of generic boxes
This is a lot of requirements. The good news for early SDN programmed by the control plane such that the network
deployments is that there is no need to do it from scratch. behavior is determined by the remote SDN Controller
Actually, some networking technologies already provide a very controlling several devices.
good basis for SDN, which could be leveraged by SDN
research and development. This paper explores Ethernet B. Bridge Architecture
networking, i.e. bridging features useful for SDN. The reason
to focus on Ethernet is its key role in networking today. The IEEE 802.1 standards rely on a model that is based on a
paper shows that the existing Ethernet data plane features form clear separation of the data and the control planes. This fact is
a good basis for SDN systems. Furthermore, the bridging often overlooked because the control plane was originally
standard [1] supports the separation of the control plane from distributed and the separation was inside the bridges. The MAC
the data plane by design and also allows control by an SDN bridge architecture is specified by IEEE 802.1Q [1]1; and is
Controller. Additional features, such as OAM or VM illustrated in Fig. 2. Note that MAC bridges are often referred
migration, are not only described by the standard, but are to as Ethernet switches because IEEE 802.3 Ethernet is the
already supported by merchant silicon today. The paper also most common IEEE 802.n media access method for IEEE
demonstrates how Ethernet meshes with SDN and outlines the 802.1 bridges. The distributed control protocols, e.g. Shortest
design principles of a potential Ethernet-based SDN system. Path Bridging (SPB) [3], are implemented by the so-called
Higher Layer Entities, which then control the data plane as
The rest of the paper is structured as follows. Section II shown in the figure. In addition, the standard also allows
explains the architecture. Section III provides details on control by an External Agent [4], even co-exist with distributed
network control. Network virtualization is then explained in control in the same network. Distributed control is turned off
Section IV. The puzzles are then put into a big picture in for the packets controlled by External Agents.
Section V by presenting a hybrid network approach and by
providing a network example in Section VI. The paper is
finally summarized in Section VII. External Agent

MAC Bridge
II. SDN AND BRIDGE ARCHITECTURE Control
command
Higher Layer Entities Control Plane
Splitting the architecture into separate control and data
planes is beneficial for independent scaling and innovation. It Control Data Plane
Relay
packet
allows modularity and helps fractioning the functionality into (Action Set2)
Ingress Port

Egress Port

components that can be well defined.

(Action Set1)

(Action Set3)

IEEE 802.1

Data
A. SDN Architecture packet
The control and data planes are separated in the SDN
IEEE 802.n
e.g. 802.3

architecture as shown in Fig. 1. The data plane is configured Packet in Packet out
with the blueprint of the actions invoked on an incoming LAN1 LAN2

packet out of the possible Action Set supported by the device.

The control plane has two components: local control and Fig. 2. Bridge architecture
remote control. Typically, there is a central remote controller
that performs all the computation required for determining the
forwarding paths for the data packets. Furthermore, the SDN
Controller determines how the network nodes should be set up 1
When referring to “IEEE 802.1Q” one actually refers to the latest approved revision of the standard,
which is 802.1Q-2011 today. Note that a revision [2] is ongoing, which e.g. merges [3] and [6] into the
in order to achieve the desired forwarding behavior, i.e. exactly main standard.

2
March 17, 2014
 External Agents providing topological separation to the Action Set3 of Egress Ports involves the following actions:
already split control and data planes were introduced by
802.1Qay [4], which has been already merged to the bridge  Drop (filter)
standard [1]. The External Agent can for example be an SDN  Tagging, untagging
Controller, a Path Computation Element (PCE) [10] or even a
protocol like the Generalized Multiprotocol Label Switching  VID translation
(GMPLS) [11]. If the control is provided by one or more
 Encapsulation, decapsulation
External Agents, then the task of the control (Higher Layer
Entity) local to the bridge is to implement the instructions of  Queueing
the External Agent. The standard [1] specifies the Information
Model and the Data Model that External Agents can rely on.  Transmission selection

The data plane of a bridge shown in Fig. 2 depicts two ports That is, the Egress Port drops the packet if Egress Filtering
and a relay in-between them. For the ease of explanation, the is turned on and the port is not member of the VLAN that the
ports have a direction in the figure, i.e. Ingress and Egress packet belongs to. The Egress Port may remove or add an outer
represent their role for a single packet. Data packets are tag or header. VID translation may be also performed based on
received by the Ingress Port, which may perform one or more the VID translation table. Queuing and transmission selection
actions on the packet out of its Action Set1, depending on how governs how a packet is sent out.
it is programmed. Data packets are then sent to the central In summary, the bridge architecture provides a wide range
processing, i.e. to the Relay, which can also perform actions of knobs for network programmability. The bridge architecture
out of its Action Set2. Finally, the Egress Port carries out splits the control plane from the data plane; furthermore, it
actions from Action Set3. Control packets are sent to Higher allows network control or programming by an external entity
Layer Entities by the Ingress Port and the Egress Port may thus allowing geographical separation. That is, the bridge
receive them from Higher Layer Entities as shown in the architecture provided by the standard [1] is in-line with the
figure. three main characteristics of SDN.
It is either the External Agent or the distributed control that
determines what exactly happens to a data packet. The actions III. NETWORK CONTROL
are grouped into three sets: ingress, relay and egress action Ethernet networks have multiple topology layers, which are
sets. Each action set of a standard bridge provides a wide range shown in Fig. 3. All these layers can be programmed by SDN
of programmable features, which are discussed in the or controlled by an appropriate distributed control protocol as
following. illustrated in the figure. The control of the network is based on
Action Set1 of an Ingress Port of a bridge involves the the control of these layers; therefore, it is discussed in this
following actions that can be performed on a data packet: section. The topology layers lay down the basics for network
virtualization, which is discussed in the next section.
 Drop (filter)
The physical topology is the bottom layer, which is
 Tagging, untagging managed by means of enabling or disabling the ports of the
 Virtual LAN (VLAN) IDentifier (VID) translation nodes by SDN control or by the network management.
On top of the physical topology, there is the loop-free
 Encapsulation, decapsulation
active topology, which is a subset of the physical topology and
 Metering contains the active links. The active topology is comprised of
trees; shortest path trees, spanning trees or explicit trees. Aside
The packet is dropped if Ingress Filtering is turned on and from SDN control, the active topology can be controlled by IS-
the Ingress Port is not a member of the VLAN the packet IS or by a spanning tree protocol. An SDN Controller may
belongs to (based on the outermost VLAN tag carried in the even leverage the Intermediate System to Intermediate System
packet). In addition, the packet may also be dropped for loop (IS-IS) [5] routing protocol in order to easily maintain explicit
mitigation. Furthermore, the Ingress Port may add a new tag or trees [8].
a new Ethernet header to the packet as outermost header fields;
or may remove the outermost tag or header. In addition, VID The VLAN topology is practically determined by the
translation can also be performed based on the VID translation VLAN membership of the ports of the nodes, which is
table, i.e. the outermost VID can be replaced by another VID.
Metering may result in marking or dropping packets exceeding Distributed protocols SDN
bandwidth limits.
SPB, MMRP
source address learning
Address Location
The Relay is responsible for forwarding the packet to
SPB, MVRP VLAN Topology
output ports based on the VLAN ID and the destination address
carried in the packet. The operation of the Relay is based on SPB, MSTP, RSTP Active Topology
forwarding tables, which may contain entries of various types. Management
Physical Network Topology
(enable/disable port)
The Relay may also drop the packet. That is Action Set2 is
either forward or drop based on table entries.
Fig. 3. Topology layers in an Ethernet LAN

3
March 17, 2014
typically a subset of the active topology. The VLAN The control protocol for a particular VLAN can be selected
membership of the ports can be controlled by SDN aside by allocating the VLAN to the Multiple Spanning Tree
distributed control. Instance (MSTI) dedicated to the control protocol aimed to be
used. There is an MSTI dedicated to External Agents, which is
The forwarding table entries, i.e. the location of the referred to as Ext-MSTI (hex FFE) [4] in the following. The
addresses destined by the data traffic also define a topology rest of the MSTIs are under distributed control as specified
within a VLAN. The sum of the forwarding paths to a unicast today, e.g. three MSTIs are associated with IS-IS control.
destination form a tree rooted at the destination. In case of VLANs that are not touched by distributed control but
distributed control, forwarding table population can be controlled by an SDN Controller have to be allocated to the
performed e.g. by SPB. Furthermore, MAC auto learning, i.e. Ext-MSTI.
learning of the source addresses of data packets may be also
performed. Naturally, table entries can also be manipulated by Taking a look on the network requirements listed in the
External Agents – a hook for SDN. MAC learning from data introduction, we can see that a couple of them are already met
packets can be turned off for external control and for SPB. by the features discussed up to this point. The auto-discovery
of link state SPB provides service discovery, which is
As we can see the different topology layers provide very explained more in detail in Section VI. Furthermore, the auto-
flexible control of the forwarding paths with several knobs to discovery supports station migration and the mapping of
manipulate them. Let us investigate the control options a bit addresses to services and to VLAN tunnels.
more in detail.
IV. NETWORK VIRTUALIZATION
A. SDN Control
As the previous section explained, basic Ethernet already
An SDN Controller (i.e. an External Agent) can program
each topology layer shown in Fig. 3. That is, it is fully up to the provides network virtualization by means of Virtual LANs.
The specialty of this virtualization is that the ID of the virtual
controller to determine which manner to program the different
topology layers in order to achieve the desired forwarding network is carried in the header of data packets thus making
behavior if the network is under SDN control. For example, possible to decide which virtual network the packet belongs to.
VLAN membership of ports can be set and forwarding table This makes the provisioning of virtual networks easy.
entries can be inserted or removed by the SDN Controller. Nevertheless, its scalability was limited by the 12-bit VID
This, in effect will result in controlling filtering and space. Therefore, further virtualization techniques have been
encapsulation behavior of the switches and can potentially lead added to Ethernet, thus scalability limitations have been
to new behavior. resolved. Fig. 4 depicts all the possible Ethernet header formats
available today for network virtualization.
SDN based on Ethernet can be implemented for example as
The widely-known VLAN tagging standardized in 1998 is
follows. As Section II explains, a standard data plane model is
referred to as Customer VLAN (C-VLAN) tagging (second
defined for Ethernet, which involves the packet fields, the sets
column). The next step was the specification of the Service
of actions and their compositions. The standard [1] defines the
VLAN (S-VLAN) tag introduced by Provider Bridges (PB) [1]
Information Model and the Data Model that the SDN Protocol
which is sometimes referred to as Q-in-Q, due the use of two
shown in Fig. 1 can use for controlling the bridges by an SDN
Controller. During the specification of 802.1Qay [4], SNMP VLAN tags. Thus, instead of the former 12 bits, 24 bits were
was considered as the SDN Protocol. For controlling explicit provided for network virtualization. After that, full Ethernet
trees and paths, IS-IS [8] can be used as the protocol for header encapsulation was introduced by Provider Backbone
instructing the bridges by an SDN Controller. Other SDN Bridges (PBB) [1], which is sometimes referred to as MAC-in-
Protocols can be used for the programming of the data plane if MAC, due to the encapsulation in another full MAC header.
for example the Local Control shown in Fig. 1 performs
Payload Payload
translation between the SDN Protocol and the models specified
by the standard [1]. Even though each chip implements a Payload
Ethertype Ethertype

C-tag S-tag
proprietary API to manipulate the data plane, they provide C-VID C-VID
optional

Ethertype Ethertype Ethertype

access to program the data plane by the SDN Protocol as they Payload
VID S-VID S-VID
are compliant to the standard. Ethertype Ethertype Ethertype Ethertype

Src Addr SA C-SA C-SA

B. Distributed Control DA C-DA C-DA
I-tag

Dst Addr
802.1D-1990 802.1Q-1998 Provider I-SID
SPB is considered as the main form of distributed control in
Bridges (PB) Ethertype
this paper because it is able to control all the topology layers 802.1ad-2005
B-tag B-MAC

B-VID
shown in Fig. 3 except for the physical topology. SPB is based Ethertype

on the Intermediate System to Intermediate System (IS-IS) [5] B-SA

link state routing protocol. As such, SPB has an in-built auto- B-DA
discovery for topology and for the services or addresses Provider
assigned to network nodes. SPB then automatically sets the Backbone
forwarding paths necessary to provide the connectivity based Bridges (PBB)
802.1ah-2008
on its auto-discovery.
Fig. 4. Encapsulation formats provided by Ethernet

4
March 17, 2014
Besides keeping the formerly specified VLAN tags, a new 24- Payload
bit ID referred to as I-SID was introduced for service IP Subnet
Ethertype

C-SA
identification, which in fact provides a 24-bit Layer 2 virtual C-DA

I-tag
network ID. This means that 16 million virtual networks can be SDN I-SID I-SID
Ethertype

supported by one Backbone VLAN (B-VLAN). Altogether a

B-tag
B-VLAN B-VID
Ethertype

60-bit space is provided for network virtualization by Ethernet B-SA

B-DA
today, which removes all scalability concerns. Note, that in
case of PBB, the payload with its Ethertype may immediately
follow the I-tag or can optionally be preceded by VLAN tags PBB
as illustrated in the figure. Let us now take a look on how the EB DCN EB

Ethernet packet formats provide network virtualization.

Fig. 6. Layer 3 overlay
In effect, network virtualization means providing overlay
networks. A basic overlay is provided by the C-VLAN on top Flow-based programmability is provided for network wide
of the physical topology as shown in Fig. 3. Interpreting the SDN by means of mapping data flows to a flow ID at edge
overlay as a service provided by the network, the VID is the bridges and programming the forwarding for the flow ID
service ID, which also has a key role in the forwarding of the throughout the network. That is, the mapping of data flows to
data packet, i.e. in the transport. The full PBB packet format I-SIDs or B-VIDs can be much more flexible than the direct
allows 4 layers of overlays as shown in Fig. 5. Each of these mapping of an IP subnet or a VLAN to an I-SID, and the direct
overlays may be used for example if customer networks are mapping of an I-SID to a B-VID as discussed before. In fact,
connected to PB networks connected to Edge Bridges (EB) of a arbitrary mapping can be applied on the data flows in the edge
provider’s PBB network or in a PBB Data Center Network nodes of the networks. A flow, for example, can be mapped to
(DCN) as illustrated in the figure. an I-SID, a B-VID, or a Flow Hash [7] based on an n-tuple
A key aspect of PBB is that it separates the service layer classification or any other field in the packet, e.g. TCP port.
from the transport layer. That is, the first overlay provided by Having the classification and the per-flow mapping
the physical network is the B-VLAN for the transport and the implemented by the edge bridges, core bridges can perform the
service layer is on top of the B-VLANs. A service provided by forwarding based on the standard Ethernet header without
the backbone is identified by an I-SID, which can be point-to- performing deeper packet inspection.
point, multipoint-to-multipoint or rooted multipoint. An I-SID As discussed in this section, an SDN controlled network
can offer different services, i.e. further overlays. In the example providing L2 and L3 connectivity leveraging the existing
shown in Fig. 5, the I-SID provides an S-VLAN overlay, which Ethernet features is able to provide network virtualization
then provides a C-VLAN overlay. All of the overlays, i.e. fulfilling all network virtualization related requirements. This
virtual networks can be controlled by SDN. means that a large number of tenants or customers can be
Payload
supported due to the scalability provided. Furthermore, the
Ethertype customer or tenant may have its own customers because of the
C-tag S-tag

C-VLAN
C-VID
Ethertype
several layers of virtual networks provided.
S-VID
Ethertype
S-VLAN C-SA
SDN C-DA
V. HYBRID NETWORKS
I-tag

I-SID I-SID
Ethertype There are a couple of features already available in Ethernet,
B-tag

B-VID
B-VLAN Ethertype today but difficult to do in a software defined manner (or at
B-SA
B-DA
least not part of centralized SDN solutions). Among these,
OAM and fast protection switching are the most important
ones for carrier-grade networks.
PB PBB PB
Customer
EB EB
Customer
Hybrid networks are comprised of hybrid nodes that
Network Network
support both SDN and distributed control. The hybrid use of
SDN and distributed control enables using the existing features
and make them available for SDN right now almost for free.
PBB Moreover, SDN bootstrapping can rely on distributed control
EB DCN EB
Virtual
Machine Server
Rack
Server Virtual
Rack Machine
(e.g. IS-IS) in a hybrid network, which ensures a default in-
band control channel for the SDN Protocol. Some further
Fig. 5. Layer 2 overlays
advantages of hybrid networks are discussed in the following.
In order to be able to use existing chips and avoid the need
IP is a native overlay for Ethernet according to the ISO for complete replacement of each network node and host,
layering. It is quite common to associate an IP subnet to a packet formats should not be changed by SDN, at least not
VLAN. In case of PBB, the overlay service provided by the I- initially. This even allows the data plane interworking of
SID can be a Layer 3 Virtual Private Network (L3VPN) as devices controlled along different principles, i.e. one can be
illustrated in the DCN example of Fig. 6. In this case, the under distributed control the other one can be under centralized
optional fields of the PBB header are not present. More details SDN control; which also provides a smooth migration path. As
on L3 overlays are available e.g. in [13].

5
March 17, 2014
a result, hybrid operation becomes just the matter of proper the necessary information from the distributed control. Then,
control, i.e. carefully crafted co-existence and operation of upon request for establishment of a service, the SDN Controller
SDN and distributed control in the same network. In case of is able to select the control to be used based on the
Layer 2, special attention is required to preserve the strict loop- requirements of the service and/or on the actual state of the
free operation of existing distributed control, since loops can network. For instance, the default shortest path is satisfactory
cause network meltdowns. for certain services, while other services may require full path
control, and may also require OAM and protection switching.
A way for achieving the desired proper coexistence of SDN For the latter type of services, the SDN Controller programs
and distributed control is already supported by the bridging the forwarding path, sets up and initiates the operation of OAM
standard [1], which is based on VLAN separation. The clear and protection switching based on the exact service
split of the VLAN space and assigning the VLAN sets to the requirements. That is, the level of interaction between the SDN
desired control planes ensures proper operation for both the Controller and distributed control depends on the service
SDN and the distributed control thus avoiding any state requirements; therefore, the SDN touch points for service
conflict or ambiguity in the operation. The standard ensures establishment may vary as well.
that a forwarding table can be only controlled by a single
control plane, thus forwarding table separation is also provided Overall, taking advantage of the hybrid approach allows
besides VLAN separation. The control protocol operation meeting key network requirements, e.g. OAM. SDN control
mode for a VLAN can be selected by allocating the VLAN to can implement auto-provisioning based on the auto-discovery
the MSTI associated with the desired operation mode as of topology and services provided by SPB. In addition, QoS
discussed before in Section III.B. SDN VLANs and forwarding can be enhanced by the proper assignment of services to the
tables are allocated to the Ext-MSTI, hence the SDN Controller appropriate control, i.e. to SDN or SPB. Further work is going
sets up the forwarding paths for these VLANs. Distributed on in the form of P802.1Qca, which aims to better exploit the
control is completely turned off for the Ext-MSTI. The clean potential in hybrid networking based on IS-IS.
separation ensures that conflict is not possible between SDN
and the distributed control. The most important aspect is that by relying on existing
packet and tunneling formats, the hybrid approach enables re-
Besides carrier-grade networks, OAM tools are essential for using existing chips and avoids the need for complete
the maintenance of most networks. It is critical to ensure fate replacement of the data plane, i.e. it is at most software
sharing between data and OAM packets. In order to achieve upgrade to the existing devices.
fate sharing, the operation of Connectivity Fault Management
(CFM), which is the Ethernet OAM, relies on the functionality VI. A NETWORK EXAMPLE
implemented in the ports, i.e. within Action Set1 and Action
After exploring the networking principles in the previous
Set2 of Fig. 2. Thus, CFM can be applied for SDN VLANs too.
sections, let us investigate the operation. A hybrid network
Furthermore, CFM can be used for the virtual overlay networks
example comprising nodes supporting both SDN and SPB is
as well, e.g. between VMs in a DC. The SDN Controller can
discussed in the following. The example PBB network is
instantiate and set up the operation (e.g. time period for
shown in Fig. 7. The I-SIDs provide overlay Virtual Networks
monitoring) in the ports that need to be involved. The proper
(VN) to S-VIDs in the example. Two new virtual networks:
CFM actions out of Action Set1 and Action Set2 can be then
VN1 and VN2 are just being created in the example by the SDN
automatically performed on the OAM packets. That is, hybrid
Controller.
networks make the full blown, proven and already used
Ethernet OAM available for SDN too, thus providing the OAM Let us assume that the multipoint-to-multipoint VN1 has no
tools at each Layer 2 virtual network overlay. special requirements, thus the SDN Controller decides to use
shortest paths for VN1. Therefore, the SDN Controller only
Protection switching state machines based on CFM are also
touches the end points, i.e. it programs the proper associations
specified by [1] for point-to-point VLANs, hence fast
in the Edge Bridges (EB) supporting VN1. Thus, S-VID11 is
protection switching is available for SDN too. Therefore, the
SDN control can instantiate protection switching as well if
needed, e.g. for a carrier-grade service. In addition, a hybrid SDN Controller
network can leverage further features specified by the standard.
For example the features specified by the IEEE 802.1 Data
Center Bridging (DCB) working group are essential in Cloud
deployments relying on Ethernet, e.g. support for VM
migration [6].
Direct collaboration between SDN and distributed control EB2
is required to realize the full potential of the architecture. First, EB1
in addition to manipulating the forwarding behavior, SDN has SDN
I-SID2 +SPB
to be able to set up and control the functionality that has S-VID11
distributed components, e.g. OAM in order to use it for SDN B-VID2
CB5
traffic. Second, the SDN Controller should be aware of the EB3 EB4
topology, the service assignments and the load in some form to
exercise effective control. This can be achieved by retrieving
Fig. 7. A PBB network example

6
March 17, 2014
associated with I-SID1, which is then associated with B-VID1 The resulting SDN architecture has natural limitations,
in EB1, EB2 and EB3. B-VID1 is allocated to the SPBM MSTI, especially due to the first point above. We argue, however, that
therefore, it is a non-SDN VLAN controlled by SPB. The rest for early SDN systems the benefits of readily available features
of actions for the establishment of VN1 are then performed by outweigh the limitations.
the distributed link state SPB; the SDN Controller has no
further task. SPB provides the service discovery, thus the Core Furthermore, Ethernet provides a good basis for future
Bridges (CB) become aware of that EB1, EB2 and EB3 are extensions and for the evolution of SDN, e.g. along the lines of
member of the virtual network identified by I-SID1. Therefore, the third point above. Future work may involve the research on
SPB populates the forwarding tables in the CBs to establish the the interface between the control planes.
multipoint-to-multipoint B- VID1 transport tunnel for I-SID1,
which then provides the connectivity service to S-VLAN11. If a REFERENCES
new end point is required for a service due to e.g. a station [1] IEEE Std. 802.1Q, “IEEE Standard for Local and Metropolitan Area
(VM) movement, then after setting the proper associations at Networks: Media Access Control (MAC) Bridges and Virtual Bridged
the required EB, SPB automatically establishes the Local Area Networks,” 2011.
http://standards.ieee.org/getieee802/download/802.1Q-2011.pdf
connectivity, thus supporting station (VM) migration.
[2] IEEE draft Std. 802.1Q-REV, “IEEE Standard for Local and
Let us assume that based on its requirements, VN2 needs Metropolitan Area Networks: Bridges and Networks,” January 2014.
full path control, which may deviate from the shortest path. http://www.ieee802.org/1/files/private/q-rev-drafts/d2/IEEE802-1Q-
REV-d2-0.pdf
Therefore, the SDN Controller has to program the forwarding
[3] IEEE Std. 802.1aq, “IEEE Standard for Local and Metropolitan Area
at all bridges along the path in addition to performing the Networks: Media Access Control (MAC) Bridges and Virtual Bridged
proper associations at EB3 and EB4. Thus, S-VID22 is Local Area Networks – Amendment 9: Shortest Path Bridging,” March
associated with I-SID2, which is then mapped to B-VID2 in the 2012. http://standards.ieee.org/getieee802/download/802.1aq-2012.pdf
EBs. B-VID2 is an SDN VLAN because it is allocated to the [4] IEEE Std. 802.1Qay, “IEEE Standard for Local and Metropolitan Area
Ext-MSTI. Therefore, the distributed control does not touch Networks: Virtual Bridged Local Area Networks – Amendment 10:
this service. Provider Backbone Bridge Traffic Engineering,” August 2009.
[5] ISO/IEC 10589, Information Technology – Telecommunications and
An interface is required between SPB and the SDN Information Exchange Between Systems – Intermediate System to
Controller to allow the SDN Controller to retrieve the link state Intermediate System Intra-Domain Routing Information Exchange
database of SPB, e.g., from one of the bridges. Thus, the SDN Protocol for Use in Conjunction with the Protocol for Providing the
Connectionless- Mode Network Service (ISO 8473),” 2nd ed., 2002.
Controller can rely on SPB to discover the physical topology;
[6] IEEE Std. 802.1Qbg, “IEEE Standard for Local and Metropolitan Area
furthermore, the service discovery provided by SPB can be also Networks: Media Access Control (MAC) Bridges and Virtual Bridged
used by the SDN Controller, at least for verification. Local Area Networks – Amendment: Edge Virtual Bridging,” March
2012. http://standards.ieee.org/getieee802/download/802.1Qbg-2012.pdf
VII. SUMMARY [7] IEEE draft Std. 802.1Qbp D1.6, “IEEE Standard for Local and
Metropolitan Area Networks: Bridges and Bridged Networks –
This paper has shown that the basic design principles of Amendment: Equal Cost Multiple Paths (ECMP),” September 2013.
Ethernet bridging are in-line with SDN and today’s network http://www.ieee802.org/1/files/private/bp-drafts/d1/802-1bp-d1-6.pdf
requirements. We set forward three key principles for such [8] IEEE draft Std. 802.1Qca D0.6, “IEEE Standard for Local and
SDN architectures: Metropolitan Area Networks: Bridges and Bridged Networks –
Amendment: Path Control and Reservation,” February 2014.
1) The use of an existing, data plane model (Ethernet). This http://www.ieee802.org/1/files/private/ca-drafts/d0/802-1Qca-d0-6.pdf
includes features that require complex processing in the data [9] IETF RFC 5810, “Forwarding and Control Element Separation
plane, such as OAM or protection switching. Such features are (ForCES) Protocol Specification,” March 2010.
difficult to implement solely using centralized SDN. http://tools.ietf.org/html/rfc5810
[10] IETF RFC 4655, “A Path Computation Element (PCE)-Based
2) Co-existence with and reliance on distributed control Architecture,” August 2006. http://tools.ietf.org/html/rfc4655
plane for useful features, such as topology discovery and path [11] IETF RFC 5828, “Generalized Multiprotocol Label Switching (GMPLS)
setup, where applicable. Such co-existence can happen by the Ethernet Label Switching Architecture and Framework,” March 2010.
two control planes controlling different layers or side-by-side http://tools.ietf.org/html/rfc5828
controlling different parts of the traffic (e.g., separated by the [12] Network Virtualization Overlays, http://datatracker.ietf.org/wg/nvo3
VLAN space). [13] P. Unbehagen, R. Lapuh, S. Hares and P. Ashwood-Smith, “IP/IPVPN
services with IEEE 802.1aq SPB networks,” IETF draft, March, 2012.
3) The coordinated communication between the distributed http://tools.ietf.org/html/draft-unbehagen-spb-ip-ipvpn-00
and SDN control planes. This can be useful, for example, for [14] ONF Std. ver. 1.3.3, “OpenFlow Switch Specification,” December 2013.
the SDN control plane to learn the topology already discovered https://www.opennetworking.org/images/stories/downloads/sdn-
by the distributed control plane. Such communication could resources/onf-specifications/openflow/openflow-spec-v1.3.3.pdf
also enable the SDN control plane to react to topology changes [15] OpenDaylight, http://www.opendaylight.org
and to adjust the parameters of the distributed control plane, [16] OpenStack, http://openstack.org
when needed.

7
March 17, 2014