Software defined networking: State-of-the-art

2.2.1. Three necessary abstractions

SDN can be accurately defined by these three fundamental abstractions. Abstractions divide the network control problem into tractable pieces by decomposing it and provides fundamental validity and general applicability to the idea of SDN. It is through these abstractions that no distributed control protocols are needed instead it involves designing a common distribution layer which converges into a network operating system providing a global network view and the network can be managed by control programs or network applications.

Distribution abstraction or Distributed state abstraction shields the network mechanisms from vagaries of distributed state. The network is distributed but an annotated network graph provided through an API presents a global network view so that the control mechanism is now programmed using that API. The fact remains same here that the control logic is centralized not the physical devices.

Configuration abstraction or Specification abstraction specifies the desired behavior of the network through the control program but at the same time is not responsible for implementing that behavior on physical network infrastructure. Specification abstraction provides a simplified model of the network that is simplified enough to focus on details to specific goals. To actualize this abstraction virtualization is the key.

Forwarding abstraction offers a common API for programming network hardware and hides the details of underlying hardware crucial for evolving beyond vendor specific solutions. Through this control plane is provided with a flexible forwarding model that supports whatever forwarding behavior is essential for the network.

2.2.2. Difference between traditional networking & SDN

The disparity between traditional networking and SDN based approach can be perceived through their architectural framework. On one hand, when we talk about traditional networking the data plane, control plane and management plane are tightly coupled bringing innovation at standstill. When it comes to adding new protocols, network functionalities, policy enforcement and other network related issues traditional networks are a nightmare. Troubleshooting and reconfiguration of the network can lead to high Capex and Opex costs and deployment of revised network policies is complex [106,249]. As seen with the enterprises globally, if they want to upgrade their network systems in context with security or efficiency of the network all the network devices need to be reconfigured or even in some cases, new devices need to be installed. So in traditional networks, new policies or features are deployed into the network in form of new hardware equipment or generally known as middleboxes. These specialized hardware devices can perform the functionalities of load balancers, firewalls, intrusion detection systems but they are expensive and need specially trained professionals for operational requirements [247,304].

On the other hand, SDN pursues a whole different approach where it decouples or separates the control plane from data plane which leads to innovation in both the surfaces. A logically centralized SDN controller communicates with forwarding devices acting as network operating system which implements the network applications present on top of it which can be directly programmed with the help of abstractions. With this approach adding new protocols or introducing new network policies in the existing infrastructure becomes easier. Having a global network view helps in efficient implementation of policy decisions while troubleshooting and reconfiguration of hardware devices are not that much challenging [106]. The network applications can provide services of load balancer, firewall or intrusion detection systems eliminating the use of specialized hardware or middleboxes [138,247,304].

3.1.1. Infrastructure layer

It is composed of simple forwarding devices without embedded control or software programs. These forwarding devices are specialized in packet forwarding, they can be hardware based or software based depending on the requirements of the desired network. The control is present in the centralized controller which is also known as network brain where all the logics are present. Most of these forwarding devices are OpenFlow based which is a standard southbound interface with widespread acceptability across the community because of its open standards and vendor free approach. The OpenFlow based forwarding devices work on the principle of flow tables stored in them. Each entry of this flow table consists of three parts which are: a rule for matching different field entries, the action to be performed on the incoming packet arrivals and a counter which is incremented and decremented based on the stats performed with each packet arrival and matching patterns.

Although there are other standards and protocols being developed for communication between the forwarding elements and the controller by different working groups that are in use; one of the early examples is Protocol Oblivious Forwarding (POF) [39,263] but OpenFlow being one the most influential forwarding specification is discussed in this paper.

Analysis of OpenFlow: OpenFlow is defined as the first standardized protocol developed for the communication between the forwarding elements of data plane and the controller residing in the control plane of SDN architecture. According to ONF, a user led international organization which is responsible for the development and standardization of OpenFlow protocol, OpenFlow is the first standard communications interface defined between the control and forwarding layers of an SDN architecture. OpenFlow allows direct access and manipulation of the forwarding plane of network devices such as switches and routers, both physical and virtual (hypervisor-based) [189]. When the OpenFlow was firstly proposed by Nick McKeown et al., at Stanford University, the three key ideas behind OF were separation of control and data plane, centralization of control and flow based control. Initially, OpenFlow was seen or started as a security concept but later on it was discovered that it can be used in other fields of computer networking and presently OpenFlow is being used in many types of SDN researches as a reference protocol.

The Switches based on OpenFlow protocol or commonly known as OpenFlow switches are those Ethernet switches that contain flow tables rather than routing tables. The basic specification architecture of SDN based OpenFlow switches as defined by ONF is shown in Fig. 4. Each flow table contains field entries for different networking functions such as MAC address, source address, destination address, etc. The flow tables are divided into three parts namely, header part which is again subdivided into differents parts which specify the rules, the action part which specifies the actions to be performed and the statistics part which handles the counter flow. The communication between OpenFlow switch and the controller occurs through a secured channel called Secure Sockets Layer (SSL) [63,235] through the exchange of OpenFlow messages.

According to one of the ONF archives, the data path presents flow table abstraction which contains field entries to match and perform actions accordingly. If it receives a packet with unknown flow entries, the packet is sent to the controller and then the controller decides whether the packet is there to reside inside the controller in form of instruction or not [190].

OPEN IN VIEWER

Fig. 4.

OpenFlow switch [160].

OpenFlow is considered as the starting point for SDN, it was through OpenFlow that the idea of Software Defined Networking came into existence because it supported most of the features which are now part of SDN and NFV [102]. Now as SDN grows OpenFlow will follow because of the parallel framework and design that they are built on. We can conclude that the future of OpenFlow relies on the future of SDN.

Process of Standardization: It has been a continuous process to standardize OpenFlow and it keeps on evolving overtime. Before the formation of ONF, the first OpenFlow Switch Consortium [160] released the first OpenFlow reference implementation, version 0.1.0, with its source code on November 30, 2007. Then came version 0.2.0 which was released on March 28, 2008 and other upcoming versions like version 0.8.0, version 0.9.0 were released in a short period of time with some minor changes which were specified in the release notes [191]. But with OpenFlow version 1.0 released on December 31, 2009 came some important features like slicing, flow cookies, querying port stats for individual ports [191]. OpenFlow version 1.1 released on February 28, 2011 supported multiple tables, groups, MultiProtocol Label Switching (MPLS) [61] and Virtual Local Area Network (VLAN) [229]. With the release of OpenFlow version 1.2 on December 5, 2011 the responsibility of standardization process came into the hands of ONF. This version supported extensible match support, IPv6 and rudimentary group capabilities as specified in the release notes [191]. And so on this process is still going on with the latest version released on March 26, 2015, by ONF under the name of OpenFlow version 1.5.1 with some new features and bug fixes [191]. Alongside this standardization process of OpenFlow protocol another protocol OF-Config [192,196], which is used for configuration and management of OpenFlow switches and controllers have gone through multiple iterations. We have summarized all of this in Table 2.

OpenFlow devices: With the advancement in OpenFlow standardization process and the ever growing need of the industry for advanced networking functions several vendors ranging from high-end players like Cisco, Juniper, NEC, Hewlett-Packard to mid-range enterprises like Pronto, Pica8, Cyan are providing OpenFlow based switches and controllers. OpenFlow switches can either be software based/test switches or hardware based/commercial switches. OpenFlow devices come with a sequence of flow tables and flow level control which is missing in vendor proprietary solutions.

There are several OpenFlow enabled solutions available in the market that offer flow level control which are qualified for deployment needs of service providers and network operators. Most of these forwarding devices come enabled with Ternary Content Addressable Memory (TCAMs). We have put up a list of different software and hardware based OpenFlow switches which are in use for both research purposes and also deployed by different vendors for commercial purposes.

Software Switches: OpenFlow enabled software switches allows network automation bringing agility, scalability and performance improvement in terms of network optimization. These switches are mostly focused on data center networking, network virtualization and cloud infrastructure [158,250,295]. These software switches may come with full support for network hypervisors and commodity hardware platforms which are made of merchant silicon [158]. Examples of implementation of OpenFlow enabled software switches is Switch Light [35] which is a thin switching software for both physical and virtual switches with hypervisors, Open vSwitch [206], Pica8 [217], LINC [148] among others which are presented in Table 3. Open vSwitch is an open source production quality virtual switch which can run as a standalone hypervisor switch or distributed switch. It is used in multiple products to enable massive network automation through multi-tenancy support, virtual machine migration, resource efficiency, etc.

Hardware Switches: Generous number of hardware equipment manufacturers are incorporating support for OpenFlow protocol for organizations to deliver SDN/NFV solutions and overlay technologies. Some of these products come with hybrid capabilities which mean they can support traditional networking protocols and also integrate OpenFlow protocol for providing flexible flow control. They even support tunneling technologies like NVGRE [267] and MPLS at a line rate ranging from 10, 40 to 100 GbE presented in Table 4.

With this list of hardware and software based OpenFlow devices it can be detected that large-number of hardware and software manufacturers are focusing on SDN based solutions. There is a large variety of SDN or OpenFlow enabled products available in the market starting a more competitive and open source market. The rise of merchant silicon for manufacturing whitebox devices and bare metal switches is going hand in hand because it’s a necessary piece of infrastructure but non-differentiating.

Southbound interface in an SDN architecture acts as a communication link between the central controller and forwarding elements like switches and routers. Southbound interface or southbound API interacts with the forwarding elements to dynamically control the network in situations where real time guidance is vital. These APIs provide an abstraction to the infrastructure layer facilitating the developer to innovate and make enhancements to address some of the issues that service providers or network administrators face. Most of these APIs are open source but their capabilities predominantly depend on the underlying hardware and infrastructure.

The requisite for southbound APIs originated because of the limitations faced by manufacturers of commercial hardware switches. The traditional network switches face problems of upgradation and, development of new product is a complex task because of the software features related to it [129]. Whenever the network administrators want to deploy new policies to the existing network infrastructure, it is a tedious task with high Capex and Opex costs embedded with it. The development of southbound APIs deals with these issues faced by network operators and enterprises. The first proposal for a southbound API came from the Stanford University in the form of OpenFlow protocol which was accepted by the industry because it removed vendor lock in and promoted interoperability. The OpenFlow standards are regarded as a reference point for the development of other southbound APIs.

When we talk about southbound interfaces, OpenFlow is most widely accepted and deployed southbound interface. In an OpenFlow enabled device, the interaction with the SDN controller or network operating system is attained through three information sources. First, is the notification sent by the forwarding device to the controller when the link is triggered in the form of event based messages. Second, is the message sent by the forwarding device when the packet or incoming flow is unknown to it, the device sends a message to the central controller informing that no table entries were in sync with the respective packet arrival. Third, are the statistics messages generated with every flow entry which increases the monitoring capabilities. The OpenFlow enabled devices provide these flow level information to the central controller.

Even though OpenFlow standards are regarded as the reference point for southbound interfaces, there are several other participants in this field. A considerable amount of commercial vendors have come up with proprietary solutions that don’t prefer OpenFlow protocol as their southbound interface like Cisco OpFlex [261]. Other open source southbound APIs include Network Configuration Protocol (NETCONF) [70], Location Identifier Separation Protocol (LISP) [154], Open vSwitch Database Management Protocol (OVSDB) [215], SNMP [222], ForCES [65] and Programmable Abstraction of Datapath (PAD) [29].

NETCONF [70] is a network management protocol that provides a mechanism to install, manipulate and delete the configuration of network devices. The operations of NETCONF are based on Remote Procedure Calls (RPCs) which uses Extensible Markup Language (XML) based data encoding techniques for configuration and message transactions. NETCONF is an IETF initiative which was developed by NETCONF working group and standardized by IETF itself. IETF published a paper in December 2006 under the name RFC 4741 and later on revised and published it in June 2011 under the name RFC 6241.

OVSDB [215] is a simple management schema based protocol which allows network administrators to define the schema and OVSDB handles the communication part with the controller. This protocol supports all the basic database operations like delete, modify, create, select and is used to configure Open vSwitch (OVS) through these standard database commands. It was introduced with OVS created by Nicira and later acquired by VMware. OVSDB is regarded as an add on to OpenFlow because there are some functionalities which cannot be performed by OpenFlow alone so it is used to manage OVS implementations. This management protocol supports distribution across multiple physical servers by delivering configuration information to database servers.

Cisco OpFlex [261] is also a southbound policy protocol or API that communicates between the controller and underlying hardware for which Cisco has published a draft in IETF. OpFlex provides abstractions policies rather than device specific configuration providing network services with interoperability across vendors. Although OpenFlow and OpFlex look similar the difference is in their approaches, OpenFlow is application centric with imperative control whereas OpFlex is not an application centric model with declarative control. OpFlex distributes the network complexity to edges and operates in a disconnected mode from policy manager.

ForCES [65], an undertaking of IETF is considered as an alternative to OpenFlow protocol because it serves the purpose of separating the control and data plane with added data path functionality. ForCES also provide legacy support because ForCES framework backs older protocols of the existing network infrastructure. This differentiation of ForCES framework from OpenFlow can be contemplated by the fact that ForCES allows the notion of elastic routing architecture for networking devices by considering data plane and control plane part of the same network element which does not serve as a barrier in up gradation cycles.

One of the first adversaries to the monopoly of OpenFlow is POF [264]. POF is Huawei’s proposal where forwarding rules and behavior are controlled by control plane and physical infrastructure do not need to be reconstructed to adapt to new services because it can support any existing or new protocols. In POF enabled forwarding elements the network services are deployed as a third party customized software. As in the case of OpenFlow where forwarding devices match the flow entries of the incoming packets with the flow tables stored within them. In POF, the forwarding device is independent of the packet format and the flow table search keys are defined as tuples and instruction access data as tuples. Huawei has offered two prototypes for POF, one is open source software prototype and other is NP-based router platform. The company is investing in research work to come up with a perfect Flow Instruction Set (FIS) and solve some underlying technical issues related to standardization, forwarding plane virtualization and design of high-level language.

3.2.1. Network hypervisors

Network hypervisors or virtualization platforms reside between the forwarding elements of the network and central controller. To understand what are network hypervisors first we need to understand the concept of network virtualization and what role does it play in software defined networks.

Traditional networks have a strong dependency on hardware and vendor specific physical equipment. This type of infrastructure increases the Capex and Opex costs because making changes to this rigid framework and introducing new services often involves a long period of time. The standardization process between the vendors and operators is a very complex process and could take years [51]. So to tackle all these complexities, the network needs to be more flexible and adapt to new changes in a faster way which is achieved through network virtualization.

Virtualization from the network point of view means creating a virtual network over the physical infrastructure that decouples the underlying hardware from the virtual platform to allow multi-tenancy and provides isolation of services [134]. Virtualization started with cloud service providers, when they decided to decouple the physical hardware resources of servers like storage, computation and use a virtualization software to automate the slicing of these resources among multiple users [50]. So virtualization has come along years expanding its wings to networking field with the introduction of software defined networks [134].

What can be called as one of the first subsidiaries of network virtualization is topology virtualization where network administrators create virtual links among virtual nodes for the purpose of broadcast isolation by creating tunnels using the technologies like VLAN. In this, a whole network consisting of different commercial products, hardware devices are treated as a single node employing policy decisions as a whole. Next type of virtualization that exists in networking field is address virtualization where virtual address is provided to the server and the host in multi-tenant environments to prevent address collision at IP level or Media Access Control (MAC) level by using the technologies like Virtual Routing and Forwarding (VRF) [127], MPLS, Network Address Translation (NAT) and VLANs [212,312]. These two types of virtualization are supported by SDN based infrastructure in addition with network function virtualization [276].

Network hypervisors are virtual machine managers that create an abstraction layer between the network operating system and forwarding elements. The logically centralized controller depends upon the virtual global view of the network available to it. Like in the case of server virtualization the network hypervisors provide multi-tenancy support for public and private cloud service providers. They provide infrastructure-as-a-service (IaaS) or NaaS [31] regardless of the workload on their topology enabling each user to share storage resources and computational capabilities. For better resource utilization the cloud providers divide the workloads coming into their network with the help of network fragmentation. Virtualization is used in networks for simplified management as in the case of migration of network policies among different virtual machines. This means that when VMs are migrated from one physical server to another, they do not fall apart in terms of policies which is achieved by decoupling the policies from topology [212,312].

We know that current network infrastructures and virtualization technologies like VLAN, MPLS lack the basic amount of flexibility and automation required to address the issues of multi-tenancy, isolation, and migration of VMs because of their box-by-box configuration and lack of abstraction layer [51]. So to address these issues some modern tunneling technologies like VXLAN [153] and NVGRE [266] are introduced with SDN. Several open source and commercial network virtualization platforms or hypervisors are proposed by different enterprises. Prominent examples include FlowVisor [23,252], Network Virtualization Platform (NVP) [134], OpenVirteX (OVX) [8,9], Software Defined Network for Virtual Environment (IBM SDN-VE) [145,226], FlowN [66], AutoVFlow [300], Hyperflex [38], AutoSlice [40], RadioVisor [97], MobileVisor [177], Optical FV [24], etc.

FlowVisor [252] started as an academic project just as OpenFlow with the initial focus on rapid service deployment. This means that each service of the network is isolated enough that something happening in one of the network slices does not affect the other hosted virtual networks. One of the fundamental problems in network service deployment occurs when a service provider want to deploy new services to the network that require configuration changes to switches and routers, it’s really complex for network administrators to test the stability and other aspects of that particular service. FlowVisor solves this problem with the help of network slicing which is a coherent collection of resources on a network. The hypervisor intercepts control plane messages in an infrastructure where data plane is unmodified as in the case of OpenFlow. FlowVisor is conceptually based on OF where forwarding elements that are OF enabled can run FlowVisor in real production networks. A transparent virtualization layer resides between the forwarding elements and controller where every network slice believes it has complete control over every switch in the network maintaining its isolation from other slices. FlowVisor also allows the users to “Opt-In” to services in real time and add new FlowSpace to each slice policy.

Nicira/VMware NVP [134] is an open source virtualization platform which is independent of the hardware and uses OpenvSwitch to remotely login into the network . This is achieved with the help of hypervisors distributed in the network architecture to create an intelligent edge. NVP creates a virtualized view of physical infrastructure with the help of IP connectivity at the edge treating the physical network as Layer-3 fabric. NVP is deployed by many OpenStack production environments such as AT&T, DreamHost, eBay, NTT and Rackspace to accelerate their delivery mechanisms. NVP is a complete virtualization solution, with a distributed system architecture of the NVP controller cluster and security tools produced for utilization in real world deployments.

OpenVirteX [8 ,9] is a network virtualization platform based on OpenFlow which allows the user to create and design their own topology and communicate with different network operating systems to define the behavior of their network. OpenVirteX resides in the virtualization layer between the OpenFlow based forwarding devices and NOS to rewrite the messages in order to create isolation among different virtual networks. OVX is comparable to FlowVisor in terms of features provided by its virtualization tools. Multi-tenancy is supported in a way that several isolated virtual networks can have their own topology and network operating systems with the added feature of resiliency.

IBM has also introduced its solution, IBM SDN-VE [145,226] which is an overlay solution that provides a complete implementation framework for network virtualization. In the words of IBM, SDN VE is a multi-hypervisor, server-centric solution comprising multiple components that overlay virtual networks onto a physical network that provides IP connectivity. SDN VE like other hypervisors operate with no dependency on underlying network infrastructure and automate network provisioning. It enables multi-tenancy in data center networks by allowing existing network addresses to be retained. It abstracts the underlying hardware and presents it to applications as either a service or as an infrastructure.

FlowN [66] hypervisor uses the existing database technology for mapping virtual to physical topologies and is based on container based virtualization. Each container or tenant can have its own central controller that has full control over address space. FlowN contradicts the architectural framework of FlowVisor because the system design of FlowN is based on container based application virtualization where multiple tenants can run multiple application concurrently.

Huawei introduced a new platform Open Network Hypervisor (OpenNH) [111] for SDN based network virtualization. OpenNH creates a network hypervisor layer allowing tenant isolation, increasing traffic scheduling efficiency and customization for customer’s quality of service need. As claimed by Huawei the main benefit of OpenNH is network sandboxing which allows the operators to run their own applications on top of the customer’s SDN controller which enhances security and operational simplicity. One of the main use cases of OpenNH is 5G network slicing by supporting multiple virtual topologies, transparent technologies, and routing algorithms.

Another offering in the field of network hypervisors is from Cisco by the name of OverDrive Network Hypervisor [53] which is a complete virtualization solution that virtualizes network services by mapping a virtual network onto a physical network and creating subnets of addressing space. OverDrive is focused on data center environments and business semantics which follows a top-down approach in managing the network. It also provides orchestration capabilities to the network with real time automation and control.

Concluding the discussion on network hypervisors we can state that there are different types of virtualization platforms and solutions available in the market, some of them are open source and some of them are commercial multi-tenant network hypervisors with closed proprietary. An enormous amount of research work is already in the pipeline to address the issues which include improved network mapping techniques [91] and level of abstraction needed to perform virtualization in an efficient manner. The field of network virtualization is expected to grow in the same manner because of its large implications in the telecommunication field and its use among cloud service providers.

3.2.2. Network operating system

The conventional operating systems provide an interface between the end user and system components to perform the functionalities of memory management, file management, and other related tasks. All this is achieved by providing abstraction at almost every level of computation in the form of programs and applications. System programs continue to evolve much faster than networking because they provide abstractions and abstraction leads to innovation whereas traditional networks mostly depend on a large set of distributed protocols which are enormously complex to manage. There have been major changes in the last decade when we talk about system software because of active participation of application developers and open source codes which is fairly missing in the networking field. As we know traditional networks are broadly managed and configured by closed proprietary network operating systems provided by some big networking giants like Cisco and Juniper. They have their own operating systems to configure the devices and define policies that are to be implemented over a network but they are device specific which lacks transparency putting a barrier to innovation. So, to put all this into a place it can be concluded that network engineers have mastered the complexities of a network but there are some problems that remain and need to be addressed.

Software defined networking assures to solve the problems of distributed state algorithms and routing protocols by providing the right level of abstractions and programming capabilities in the form of a logically centralized controller or network operating system. This centralized controller provides application programming interfaces covering both southbound and northbound which speed up the innovation by facilitating developers to write application programs for functionalities such as network configuration. With NOS, the developers no longer need to care about the low-level details of the network or complexities of distributed routing protocols and topology information. All of this is handled by low-level abstractions creating an ecosystem where innovation can foster.

A network operating system can be defined as a central element of SDN architecture which is responsible for generating control decisions and communicating with southbound forwarding elements, corresponding protocols, and northbound APIs. There is a wide variety of SDN controllers that have emerged over time and diversified set of the architectural framework proposed by the creators of each controller. The classification of SDN controllers can be on the basis of two principles. First, whether they are open source or closed source, second is based on the architectural framework which means whether the controller is centralized or distributed. Apart from this, there are some controller platforms that provide hybrid architecture.

Based on the requirements of network operators and service providers both centralized and distributed platforms have their own set of specifications and functionalities. The centralized SDN controllers are mostly based on the model of parallelism with the system capabilities of multi-threaded and multi-core computer architectures. These controllers are regarded as single entities and are not enough to handle networks that contain a large amount of forwarding devices. One of the major limitation of centralized controllers is scalability. Even though there are some examples of centralized controllers which have achieved the functionalities to operate enterprise class and data center networks. Some popular examples of centralized controller include NOX/POX [82,96,157], Beacon [71], Maestro [44], Floodlight [84], Trema [275], and Meridian [26]. Some specific controllers like Floodlight and ProgrammableFlow [170,171] specifically target data center and cloud based infrastructure.

On the other hand, distributed network operating systems are much more scalable and reliable than centralized controllers. The architectural design of these controllers is in a way that the control logic is centralized but the physical infrastructure is a distributed set of elements. As in the case of data centers, where different data centers are treated as clusters of nodes spanning over a wide area network. And cloud service providers require a hybrid approach to support their diverse operational activities [122]. Example of distributed controllers include some open source and some commercial platforms such as Onix [135], ONOS [140], yanc [163], HyperFlow [281], HP Virtual Application Network (VAN) SDN [110], NVP controller [134], Distributed SDN Control Plane (DISCO) [216], and Unified controller [146]. Many distributed platforms face the problem of elasticity which means that their architecture is static in the terms nodes connected to it. Consistency semantic is a major problem with these controllers as all nodes in the same network read different values for the same property at some specified period of time. The problem of weak consistency is solved by platforms such as Onix and ONOS which provide strong consistency for all controller nodes connected in a network.

One other phenomenon in network operating systems is fault management. Whenever some fault or failure occurs at any instance in a network, by fault we mean a condition where a node in a network does not operate as it is required to, the operations of the faulty node is taken over by some other node in the network. This node can be the adjacent node to the faulty node or any other node present in the network. A centralized controller which is a single entity is not sufficient to manage large networks where crash failures can be arbitrary. Whereas in an ecosystem of distributed controllers where self-reliant controllers are distributed over the network, arbitrary or otherwise crash failures are managed in a much efficient way. Due to high scalability and resilience being the major features of distributed control platforms they reduce the impact of crash failures.

There are several components and elements present in the diversified environment of controllers. Not all components, services and properties are offered on every platform available in the market, some of the platforms have restricted or specific area of focus like cloud and telecom operators. Despite having different design and architecture, three layer design is entertained by almost every platform available till date; the application layer present on top of every architecture providing orchestration control and services, the control layer where the NOS/SDN controller is present and the lowest layer consisting of southbound devices. There are some distributed control platform where eastbound and westbound APIs are also required or implemented for better management and control functionalities.

The application or upper layer communicates with the controller through northbound APIs and programming languages. There are few options available in the section of northbound interfaces such as RESTful API [236] or commercial device/company specific interfaces developed by companies like Cisco, HP, and Juniper. Another approach for communicating with a controller is through programming languages like Frenetic [86], Merlin [265], Maple [290], and Pyretic [165]. One section of this paper focuses on northbound interfaces.

The core layer is where the controller resides and provides the basic network services offered by any network operating system like communication and execution. Other basic functionalities of controller consist of topology design, device management, configuration, memory management of statistics and event handling like notifications implemented through different algorithms. The algorithms used in these platforms can be traditional ones’ like shortest path routing algorithm [85] or specific algorithms designed for handling complexities of modern day networks like Raft [5]. Like other operating systems, a network operating system provide a mechanism for security which includes the isolation capabilities and enforcement of security policies over the services and applications available to the network.

The lowest layer of control platform communicates with the controller through southbound interfaces/APIs. The forwarding devices present in the data plane communicates through a common interface and a defined set of protocols. At this moment there are several southbound APIs available like OpenFlow, OpenDaylight, ForCES, OVSDB, ONOS, and Onix with protocol plugins and extensions to support legacy infrastructure. Most of the controllers are OpenFlow based/enabled but some platforms extend their support to old routing protocols like BGP, SNMP. OpenDaylight, Onix, and HP VAN SDN controllers offer a wide range of interfaces and protocol plugins, OpenFlow being one of them.

Other than these three layers some distributed control platforms implement special eastbound/westbound interfaces for providing functions of import and export of data between different controllers [135]. These interfaces also provide notification and monitoring capabilities, interoperability and compatibility among different platforms. Some important steps towards interoperability and increasing the diversity of an ecosystem include ForCES CE-CE interface [294], AMQP (Advanced Message Queuing Protocol) [287] by DISCO [216] and import/export functions of Onix. The eastbound/westbound interfaces are required in distributed control platforms to leverage the scalability and resiliency and not in centralized platforms [270].

For a better understanding of network operating systems we need to discuss the design and architectural framework of some diverse set of controllers and control platforms:

OpenDaylight [ 207 ]: Although OpenFlow is the most talked about southbound protocol being one of the industry and academics favorite. The strategy of co-existence argued by OpenDaylight platform garnered support from the industry giants and other communities also. The core of the OpenDaylight platform is Model Driven Service Abstraction Layer (MD-SAL), an additional layer introduced for better data exchange and adaptation mechanisms. The list of southbound protocols and plugins supported by ODL starts with OpenFlow, OVSDB, NETCONF, BGP, SNMP and much more.

OpenContrail [ 127 ]: OpenContrail is an open source network virtualization control platform built and supported by Juniper networks for cloud networks. OpenContrail forwards network traffic without traversing the gateway and supports existing BGP/MPLS L3VPN standards for network virtualization. It has integration with cloud platforms such as OpenStack and CloudStack and support for a bunch of northbound interfaces such as REST APIs for configuration and operational analysis.

HP VAN SDN [ 110 ]: HP VAN SDN controller is an enterprise class platform for delivery of application based network services such as data discovery and topology information. It is also an open source platform with integration of OpenStack and support for northbound APIs (REST API and GUI Shell). For communicating with southbound devices it uses OpenFlow.

Onix [ 135 ]: Onix is a distributed control platform which operates on a global view of the network and uses state distribution primitives. It collects information from switches and distributes appropriate control state to them. Onix provides network services like data discovery with general purpose Onix northbound API and support for southbound API such as OpenFlow and OVSDB. It also has a service abstraction layer which provides network information base with the additional functionality of import/export of graphs. In the name of eastbound/westbound interface Onix implements a distributed I/O module with no integration of cloud platforms.

To summarize we present a list of some commercially available SDN controllers in Table 5 and open source SDN controllers in Table 6 with a remark that SDN controllers are crucial for the success of SDN [288]. The major issues that need to be addressed in terms of control platforms are interoperability among different vendors and standardized APIs for multi-domain deployments. In multi-domain environments, there is series of diverse northbound and southbound APIs available for both data center networks and cloud infrastructure but lack of east/westbound APIs is an issue of concern which is being tackled by the developers.

Northbound Interface (NBI) is one of the two key abstractions of the SDN ecosystem. The northbound interface is still under the process of getting a standard specific architectural declaration and a final establishment which can be accepted by the industry and academics [64]. On the other hand, the southbound interface already has a widely accepted proposal like OpenFlow. The ONF has formed a working group for the development of northbound interfaces in the year 2013 which has been working on the same since then. It is still quite early to specify any particular standard for NBI. Open and standard northbound interfaces are very important for the flexibility and interoperability among different control platforms.

NOSIX [309] is regarded as the first step towards achieving both portability and controller independence. It is not fundamentally an option for northbound interfaces but rather it is a higher level abstraction for southbound interfaces. All the existing controllers which include Floodlight, Trema, NOX, Onix, and OpenDaylight have proposed different northbound APIs which have different properties and definitions. SFNet [303] is also an example of a northbound interface which is used for translating application requirements into lower level service requests. The services offered by SFNet has a limited scope.

Other proposals that use different approaches for communication between higher level applications and the centralized controller may include the yanc control platform [163] which proposes a general control platform based on Linux and abstractions such as Virtual File System (VFS).

Presently it still not likely to have a single northbound interface which may be declared as standard or reference. Different network applications have different requirements and based on those requirements the northbound APIs may also change. The network security applications work in a totally different way when compared to the financial applications. Therefore, to serve different purposes, different techniques are used for better network resource management and utilization.

There are also controllers like PANE [81] which have been proposed with the concept of participatory networking which allows network administrator to define module-specific quotas and access control policies on network resources. It provides an API which allows dynamic and autonomous requesting of network resources by the end-host applications.

Presently the paradigm which is being discussed for the northbound interfaces is the declarative Intent NBI or intent networking [55]. The intent NBI is characterized by two basic properties which are highly connected with each other, they are non-prescription and provider independence. In non-prescription, the vendor will be specified with, what are the services which can be requested by the user but the way those services would be served depends on the provider. Implementation choices like port, media, node, technology, server, path, virtual machines are left to the providers. The second characteristic, provider independence is derived largely from non-prescription only. Through this, the same intent NBI request may be presented to any provider for which consumer provider association exists. However, mappings will be generally provider-specific.

3.3.1. Programming languages

In computer systems, traditionally and fundamentally programming languages are used to provide abstractions and facilitate the developers or system programmers to hide the complexities of system hardware. In starting, low-level assembly programming languages were developed which were hardware specific and since then programming languages have evolved from low-level machine language to high-level programming languages like C, C++, Java and so on. This has helped the computer industry to grow faster [77,101].

Relatively, programmability in networks has always remained an issue of concern. OpenFlow, which is a low-level machine language provided abstractions for some low-level details but it is highly dependent on underlying hardware which is a barrier for developers to solve some specific network problems. The problem with low-level programming languages such as OpenFlow is that it is really difficult to read/write programs and reuse the code which makes the software development process less modular and more error-prone [164]. So some high-level programming languages are built on top of the central controller to provide higher levels of abstraction to the programmer with a runtime environment that handles the functionalities such as installing rules, responding to switches, and events that happen in the lower level of a network [109,164].

The problem with programming a network is that the software provided by equipment vendors are complex and configuring the network is expensive and error prone. The code used for creating applications is not modular therefore the resultant applications are monolithic and the code cannot be reused. Software defined networking provides an opportunity to solve these problems by creating higher levels of abstractions [231]. These abstractions help the programmer to address the core challenges of lower level instruction sets [100]. There are several challenges faced by network administrators which can be addressed by the use of network programming languages. To list some of the problems: (i) Multitasking is not possible in such a way that the functionalities and properties of one application do not interfere with properties and functionalities of other application. (ii) If there is a single controller to run multiple applications, it is difficult to manage and optimize applications accordingly.

High-level programming languages have been proposed keeping in mind the complexities and issues faced by lower level instructions sets such that they can provide a wide variety of functions and properties possible with the help of software defined networking. Some of the features of programming languages are listed below:

Different network programming languages which have been proposed till date are listed in Table 7. The programming languages can be classified based on the programming paradigm they are built upon. Going into the specifics, some programming languages like Kinetic [133], Pyretic [165] are imperative languages where programs are written as a sequence of statements. Functional languages such as Haskell [114], Frenetic [87] are based on mathematical computational functions. Some are functional reactive programming languages like Procera [289], Nettle [199], and Frenetic [87] where applications are written based on reactive actions triggered by events such as data and device discovery. There are some other network programming languages which are much more specific in their offerings.

Concluding with a remark that there are other several aspects where network programming languages can contribute to the development of software defined networks which need to be embarked upon by developers and researchers. For example, a recent research report published that present policy compilers in network programming languages generate unnecessary rule updates [296]. From the advances in the field of network programming languages and SDN, it is clear that most of the future work and research will be focused on network applications built on top of the SDN ecosystem which is discussed in the next section.

Network applications in context to software defined networks can be termed as software programs written on top of the controller for implementing various network services. Analysing the trend in SDN landscape, the dominance of application development is evident. Most of the research work is aligned towards developing network applications for different controller platforms. Considering the wide area of implementation that software defined networks cover, there are several applications for security, orchestration, monitoring and measurement, traffic engineering, routing, cloud and big data, optical and wireless networking, mobility, and virtualization. As the surge in application development is contemplated by the increased number of use cases in real world deployment of these applications, it is expected to be a major driving force in the adoption of SDN [232].

Current network applications also perform the functions of traditional network applications such as routing, security, load balancing, and monitoring but with additional features of less power consumption and flexibility. Deployment and testing of SDN applications are much more cost effective and simpler because they provide a centralized control with no hardware dependency.

The primary problem in the development of SDN based applications is portability. SDN applications are controller or platform specific, for example, if one application is implemented in one control platform, it is not possible to run the same application on any other control platform. It is also very complex to combine two applications to built a single application with the properties of those two corresponding applications. And same issues remain with debugging of SDN applications, the tools for testing and debugging are controller specific. There is some amount of research work going in this direction for creating an integrated SDN development environment, one result is the NetIDE framework [75] which claims to bring all the elements of software development to networking field.

In this section, we present a brief description of the categories under which the wide variety of SDN applications can be classified namely: Monitoring and measurement, security, optical and wireless networks, cloud and big data, and traffic engineering.

Monitoring and Measurement: Applications that provide monitoring and measurement solutions for software defined networks can be independent software programs with new functionalities such as for monitoring the broadband performance [274]. An example of such application is BISmark [132] which is proposed in the Procera framework for active and passive measurement systems. Another classification of monitoring and measurement applications is where the separation of basic functionalities and heavy analysis functionalities can be seen. There are several techniques which are implemented to achieve this objective: construction of traffic matrix using aggregation for source and destination [282], stochastic and deterministic packet sampling technique [161], monitoring of wildcard rules [298], bloom filters [278], and special monitoring functions.

Several applications and platforms have been proposed for monitoring and measurement purposes such as OpenSample [273] which is a low latency sampling measurement platform, OpenSketch [308] separates data plane for traffic measurement, FlowSense [307] which is used for monitoring network utilization with zero measurement cost, Context Encoding enables layer 2 pathlet tracing, OpenTM [282] is a traffic matrix estimator for OpenFlow networks, OpenSample [200] which is used for monitoring extensible and scalable networks, FleXam [257] is another tool for flexible sampling of OpenFlow networks, OpenNetMon [284] for monitoring Quality of Service (QoS) parameters, and Payless [52] is a query based real time monitoring platform. Some other efforts like online measurement of large traffic through commodity switches [125] and detection of lightweight DDoS flooding attack using NOX/OpenFlow are impactful.

Security: With the emergence of innovation in the diverse area of network applications, network security is one of the crucial fields. As we know, the concept of SDN itself came through the roads of security only. Most of the network operators and service providers leverage SDN functionalities to improve the security services of their respective networks by strict policy enforcement [123], detection of DoS and DDoS attack [41], security of public and private clouds, random host mutation, and other functionalities. Early efforts were made to secure OpenFlow enabled networks and protect them against malicious administrators [156,220] but now security is an important aspect for every greenfield deployment.

There are several examples of prominent steps that have been taken for securing software defined networks and also levering SDN capabilities for securing existing network infrastructures. Some of them are: Ethane [47] which is the first instance of providing security through flow-rule enforcement which was carried forward with SANE project [48] which also implemented security policies, active security is an integrated security framework which is based on feedback controls, CloudWatcher framework [254] is proposed for monitoring cloud platforms, AVANT-GUARD [256] is a specific security extension for OpenFlow networks, Cognition [277] is another effort for enhancing security mechanisms, and the list continues with FlowNAC [155], FRESCO [255], OpenSAFE [25], OrchSec [311], VAVE [302], FortNOX [220], NetFuse [293], Software Defined Remote Triggered Black-Hole (SDN RTBH) [92], Reliable multicasting [136], Resonance [89], LiveSec [291], MAPPER [241], DDoS detection and mitigation [41], SDN based elastic IP and security [268].

Optical and Wireless Networks: SDN allows to manage the network resources that are specific to different technological fields of networking. Gradually this novel approach has been adopted in the domains of optical and wireless communication systems. Current cellular infrastructure is inflexible, equipped with expensive hardware devices and complex control plane protocols. Same is the case with the field of optical networking which requires a technology which is scalable, flexible and at the same time can handle network resources like fiber switches, circuit switches, optical burst switches, which are specific to optical infrastructures.

Therefore, several attempts have been made by the researchers and industry to leverage SDN capabilities to optical and wireless networks. Some influential examples are: Enabling optical internet with OpenFlow [258], deployment of software defined optical networks [150], Odin [245] is a Floodlight controller which is based on a framework for programmable virtualized Wide Local Area Networks (WLANs). SoftRAN [98] is a software defined radio access network with the capabilities of load balancing and interference management, SoftMoW [166] is an architecture built for recursive and reconfigurable WANs, OpenRadio [271] is a design for programmable wireless dataplane with modular interfaces, AeroFlux [243,244] is an extension for Odin which is a scalable hierarchical WLAN control plane, CROWD project [10] focuses on overlapping the functionalities of Long Term Evolution (LTE) and WLAN cell technologies, C-RAN [62] architecture is built for improved performance through RAN virtualization of mobile nets, Flexible Access Management System (FAMS) [301] is an OpenFlow based system for flexible VLAN, and so on the list continues.

Cloud and Big Data: Cloud infrastructure is expanding with a flurry of applications and workloads that require exceptional networking capabilities like improved network management, efficient failure tolerance, troubleshooting techniques, and deployment of production networks. The cloud industry is highly dependent on data centers which face some significant challenges of computing, storage, networking, and power consumption. Most of the modern age data centers are providing the above-mentioned functionalities through network virtualization but some issues still remain a matter of concern. SDN promises to solve the problems by transforming the existing infrastructure with a new modern age infrastructure which is more flexible, scalable and resilience with a better resource utilization.

One of the major focus area where both industry and academia are leveraging functionalities and capabilities of SDN is cloud data centers (CDCs) which span over a large geographical region. By leveraging SDN capabilities the CDCs and Internet Service Providers (ISPs) are engaging in much more cost effective networks which reduce the energy and bandwidth requirements to a reasonable extent [310]. In addition to this, a research has proposed an optimal pricing scheme for inter-AS traffic requests which guarantees QoS which is supposed to benefit both customers and ISPs [128]. These solutions focus on the economical effects of SDN distinctively on commercial network services.

Efforts from researchers and industry have made it possible to come out with some applicable results. Important examples of these results include: Meridian [26] which is a SDN platform for cloud service providers that supports a service-level model for application networking, FlowComb [59] is a network management framework that helps in achieving high resource utilization and low data processing times for Big Data applications, similar to FlowComb is FlowDiff [16] which detects operational problems, leveraging the SDN controller with optical switching at runtime, CloudNaaS [31] is a framework that implements networking primitives for cloud applications, NetGraph [228] is a graph based kernel networking subsystem for network management, LIME [131] model supports transparent and live migration of entire network of virtual machines and switches.

Traffic Engineering: Managing traffic and load balancing over a network is one of the major application areas of SDN. With the incremental growth of SDN in brownfield and greenfield deployments, it is expected to result in efficient use of network resources, better network capacity utilization which will improve network performance. When SDN capabilities are leveraged on data center networks, they become more efficient and flexible in performing traffic engineering functions and optimization techniques. Several algorithms and techniques for load balancing in an SDN environment have been proposed for solving the concerns of scalability.

Extending the scope of above solutions, recent developments and research works are focused on providing better traffic engineering solutions necessary for better flow management, fault tolerance, topology update, and traffic analysis and characterization [6]. In this context, a research work has been done which lists the principal transformations induced by SDN and NFV by providing a better traffic matrix estimation considering both engineering and econometric prospects [83].

Till date, there are several traffic engineering applications and solutions that have been proposed by academics and industry which include: Hedera [7] which is a scalable and dynamic flow scheduling algorithm built for multi-stage switching fabric, load balancing solution Plug-n-Serve [105] minimizes server response time, ElasticTree [107] is a network-wide power manager developed for satisfying changing data center traffic loads, DEFO [2] is a central optimizer which translates high level language into compliant network configuration, wildcard rules [223] are implemented for more scalable solution to achieve a target distribution of the traffic, and the list continues on growing with solutions like ALTO VPN [242], ViAggre SDN [260], Pronto [299], QNOX [124], OpenQoS [68], Middlepipes [123], MicroTE [32], PolicyCop [27], SIMPLE [225], ProCel [168], Flow QoS [246], QoS for SDN [248], Aster*x [104], In-packet Bloom filter [151], QueuePusher [209].

Note: The network application field in the SDN landscape is a fastest growing area where most of the starting use cases were focused around OpenFlow and NOX controller but things are changing very fast, new applications and solutions are considering different controller platforms because of diversity. We presented applications/solutions discussed above in five categories, some applications have fixed area of dominance but properties of some applications are not restricted to one category, they span over other categories blurring the lines and this trend is expected to grow. One more thing to discuss in context SDN applications is an initiative by HP under the name of SDN App Store [67,108] which is an online application market store where customers can purchase SDN applications. This concept is similar to the Android’s Play Store or Apple Store which is highly appreciated by the industry and developers. This trend is expected to grow in the near future because it provides a platform for application developers to create and share their work with an active SDN community.