The Road to SDN: An Intellectual History of Programmable Networks (五）

3. Network Virtualization

单词学习

翻译

In this section, we discuss network virtualization, a prominent early “use case” for SDN. Network virtualization presents the abstraction of a network that is decoupled from the underlying physical equipment. Network virtualization allows multiple virtual networks to run over a shared infrastructure, and each virtual network can have a much simpler (more abstract) topology than the underlying physical network. Forexample, a Virtual Local Area Network (VLAN) provides the illusion of a single LAN spanning multiple physical subnets, and multiple VLANs can run over the same collection of switches and routers. Although network virtualization is conceptually independent of SDN, the relationship between these two technologies has become much closer in recent years

在本节中，我们将讨论网络虚拟化，这是SDN早期的一个突出的“用例”。网络虚拟化表示从底层物理设备分离的网络的抽象，网络虚拟化允许多个虚拟网络在共享基础设施上运行，并且每个虚拟网络可以具有比底层物理网络更简单（更抽象）的拓扑。例如，虚拟局域网（VLAN）提供了一个跨越多个物理子网的单一LAN的假象，多个VLAN可以在相同的交换机和路由器集合上运行。尽管网络虚拟化在概念上独立于SDN，但近年来这两种技术之间的关系变得更加密切。

We preface our discussion of network virtualization with three caveats. First, a complete history of network virtualization would require a separate survey; we focus on developments in network virtualization that relate directly to innovations in programmable networking. Second, although network virtualization has gained prominence as a use case for SDN, the concept predates modern-day SDN and has in fact evolved in parallel with programmable networking. The two technologies are in fact tightly coupled: Programmable networks often presumed mechanisms for sharing the infrastructure (across multiple tenants in a data center, administrative groups in a campus, or experiments in an experimental facility) and supporting logical network topologies that differ from the physical network, both of which are central tenets of network virtualization. Finally, we caution that a precise definition of “network virtualization” is elusive, and experts naturally disagree as to whether some of the mechanisms we discuss (e.g., slicing) represent forms of network virtualization. In this article, we define the scope of network virtualization to include any technology that facilitates hosting a virtual network on an underlying physical network infrastructure.

在讨论网络虚拟化之前，我们有三个注意事项：首先，一个完整的网络虚拟化历史将需要一个单独的调查，我们专注于网络虚拟化的发展，这些发展与可编程网络的创新直接相关。第二，虽然网络虚拟化作为sdn的一个用例已经获得了显著的地位，但这个概念早于现代SDN，事实上已经与可编程网络并行发展。这两种技术实际上是紧密耦合的——可编程网络通常被认为是共享基础设施的机制（在数据中心的多个租户之间，在校园的管理组之间，或者在实验设施中进行实验），并支持不同于物理网络的逻辑网络拓扑，这两者都是网络虚拟化的核心原则。最后，“网络虚拟化”的精确定义是难以捉摸的，对于我们讨论的一些机制（例如切片）是否代表网络虚拟化的形式，专家们自然不同意。在本文中，我们定义了网络虚拟化的范围，以包括任何有助于在底层物理网络基础设施上托管虚拟网络的技术。

Network Virtualization before SDN. For many years, network equipment has supported the creation of virtual networks, in the form of VLANs and virtual private networks. However, only network administrators could create these virtual networks, and these virtual networks were limited to running the existing network protocols. As such, incrementally deploying new technologies proved difficult. Instead, researchers and practitioners resorted to running overlay networks, where a small set of upgraded nodes use tunnels to form their own topology on top of a legacy network. In an overlay network, the upgraded nodes run their own controlplane protocol, and direct data traffic (and control-plane messages) to each other by encapsulating packets, sending them through the legacy network, and decapsulating them at the other end. The Mbone (for multicast) [50], the 6bone (for IPv6) [43], and the X-Bone [76] were prominent early examples

多年来，网络设备一直支持以VLAN和虚拟专用网的形式创建虚拟网络。但是，只有网络管理员才能创建这些虚拟网络，并且这些虚拟网络仅限于运行现有的网络协议，因此逐步部署新技术被证明是困难的。相反，研究人员和实践者求助于运行覆盖网络，其中一小组升级的节点使用隧道在遗留网络的基础上形成自己的拓扑。在覆盖网络中，升级后的节点运行自己的控制平面协议，并通过封装数据包、通过传统网络发送数据包和在另一端解封装数据流（和控制平面消息）来相互引导数据流。Mbone（用于多播）、6bone（用于ipv6）和X-bone是早期的突出例子。

These early overlay networks consisted of dedicated nodes that ran the special protocols, in the hope of spurring adoption of proposed enhancements to the network infrastructure. The notion of overlay networks soon expanded to include any end-host computer that installs and runs a special application, spurred by the success of early peer-to-peer file-sharing applications (e.g., Napster and Gnutella). In addition to significant research on peer-to-peer protocols, the networking research community reignited research on using overlay networks as a way to improve the network infrastructure, such as the work on Resilient Overlay Networks [4], where a small collectionof communicating hosts form an overlay that reacts quickly to network failures and performance problems

这些早期的覆盖网络由运行特殊协议的专用节点组成，希望能刺激对网络基础设施的改进。覆盖网络的概念很快扩展到包括任何安装和运行特殊应用程序的终端主机，这是受到早期对等文件共享应用程序（如Napster和Gnutella）成功推动的。除了对点对点协议的重要研究外，网络研究界重新开始了使用覆盖网络作为改善网络基础设施的方法的研究，例如弹性覆盖网络的研究，在该网络中形成了少量的通信主机集合对网络故障和性能问题作出快速反应的覆盖层

In contrast to active networks, overlay networks did not require any special support from network equipment or cooperation from the Internet Service Providers, making them much easier to deploy. To lower the barrier for experimenting with overlay networks, researchers began building virtualized experimental infrastructures like PlanetLab [60] that allowed multiple researchers to run their own overlay networks over a shared and distributed collection of hosts. Interestingly, PlanetLab itself was a form of “programmable router/switch” active networking, but using a collection of servers rather than the network nodes, and offering programmers a conventional operating system (i.e., Linux). These design decisions spurred adoption by the distributed-systems research community, leading to a significant increase in the role of experimentation with prototype systems in this community.

与主动网络相比，覆盖网络不需要网络设备的任何特殊支持，也不需要互联网服务提供商的合作，因此部署起来容易得多。为了降低实验覆盖网络的障碍，研究人员开始构建虚拟实验基础设施，如Planetlab，允许多个研究人员在共享和分布式主机集合上运行自己的覆盖网络。有趣的是，Planetlab本身是一种“可编程路由器/交换机”的主动网络形式，但它使用的是一组服务器而不是网络节点，并为程序员提供了一个传统的操作系统（即Linux）。这些设计决策刺激了分布式系统研究社区的采用，导致在这个社区中原型系统实验的角色显著增加。

Based on the success of shared experimental platforms in fostering experimental systems research, researchers started advocating the creation of shared experimental platforms that pushed support for virtual topologies that can run custom protocols inside the underlying network [7, 61] to enable realistic experiments to run side-by-side with operational traffic. In this model, the network equipment itself “hosts” the virtual topology, harkening back to the early Tempest architecture [78] where multiple virtual ATM networks could co-exist on the same set of physical switches [78]; the Tempest architecture even allowed switch-forwarding behavior to be defined using software controllers, foreshadowing the work on control and data-plane separation

基于共享实验平台在促进实验系统研究方面的成功，研究人员开始提倡创建共享实验平台，推动对虚拟拓扑的支持。该虚拟拓扑可以在底层网络中运行自定义协议，以使实际的实验，以运行流量并排运行。在这个模型中，网络设备本身“托管”了虚拟拓扑，回到了早期的Tempest体系结构，其中多个虚拟ATM网络可以在同一组物理交换机上共存。Tempest体系结构甚至允许交换机转发行为使用软件控制器定义，为控制和数据平面分离工作做铺垫。

The GENI [33, 59] initiative took the idea of a virtualized and programmable network infrastructure to a much larger scale, building a national experimental infrastructure for research in networking and distributed systems. Moving beyond experimental infrastructure, some researchers argued that network virtualization could form the basis of a future Internet that enables multiple network architectures to coexist at the same time (each optimized for different applications or requirements, or run by different business entities), and evolve over time to meet changing needs

GENI倡议将虚拟化和可编程网络基础设施的概念扩展到更大的范围，为网络和分布式系统的研究建立了一个国家实验基础设施。除了实验性的基础设施，一些研究人员认为网络虚拟化可以成为未来互联网的基础，使多个网络架构同时共存（每个架构都针对不同的应用或需求进行了优化，或者由不同的业务实体运营），并随着时间的推移而发展以满足不断变化的需求。

Relationship of Network Virtualization to SDN. Network virtualization (an abstraction of the physical network in terms of a logical network) clearly does not require SDN. Similarly, SDN (the separation of a logically centralized control plane from the underlying data plane) does not imply network virtualization. Interestingly, however, a symbiosis between network virtualization and SDN has emerged, which has begun to catalyze several new research areas. SDN and network virtualization relate in three main ways

网络虚拟化（从逻辑网络的角度对物理网络进行抽象）显然不需要SDN。同样，SDN（逻辑集中控制平面与底层数据平面的分离）并不意味着网络虚拟化。然而，有趣的是，网络虚拟化和SDN之间的共生关系已经出现，这已经开始催化几个新的研究领域。SDN和网络虚拟化主要有三种关系。

SDN as an enabling technology for network virtualization. Cloud computing brought network virtualization to prominence, because cloud providers need a way to allow multiple customers (or “tenants”) to share the same network infrastructure. Nicira’s Network Virtualization Platform (NVP) [54] offers this abstraction without requiring any support from the underlying networking hardware. The solution is use overlay networking to provide each tenant with the abstraction of a single switch connecting all of its virtual machines. Yet, in contrast to previous work on overlay networks, each overlay node is a actually an extension of the physical network—a software switch (like Open vSwitch [58, 62]) that encapsulates traffic destined to virtual machines running on other servers. A logically centralized controller installs the rules in these virtual switches to control how packets are encapsulated, and updates these rules when virtual machines move to new locations。

云计算使网络虚拟化变得突出，因为云提供商需要一种方式，允许多个客户（或“租户”）共享同一网络基础设施。Nicira的网络虚拟化平台（Network Virtualization Platform，NVP）提供了这种抽象，而不需要底层网络硬件的任何支持,解决方案是使用覆盖网络为每个租户提供连接其所有虚拟机的单个交换机的抽象。然而，与先前在覆盖网络上的工作相比，每个覆盖节点实际上是物理网络的一个扩展——一个软件交换机（如Open vSwitch），它封装了发送到其他服务器上运行的虚拟机的流量。逻辑集中式控制器在这些虚拟交换机中安装规则，以控制如何封装数据包，并在虚拟机移动到新位置时更新这些规则。

Network virtualization for evaluating and testing SDNs. The ability to decouple an SDN control application from the underlying data plane makes it possible to test and evaluate SDN control applications in a virtual environment before the application is deployed on an operational network. Mininet [41, 48] uses process-based virtualization to run multiple virtual OpenFlow switches, end hosts, and SDN controllers—each as a single process on the same physical (or virtual) machine. The use of process-based virtualization allows Mininet to emulate a network with hundreds of hosts and switches on a single machine. In such an environment, a researcher or network operator can develop control logic and easily test it on a full-scale emulation of the production data plane; once the control plane has been evaluated, tested, and debugged, it can then be deployed on the real production network.

将SDN控制应用程序与底层数据平面分离的能力，使得在将SDN控制应用程序部署到操作网络之前，可以在虚拟环境中测试和评估SDN控制应用程序。Mininet使用基于进程的虚拟化在同一物理（或虚拟）机上运行多个虚拟OpenFlow交换机、终端主机和SDN控制器，每个控制器都作为单个进程。使用基于进程的虚拟化允许Mininet模拟一个网络，在一台机器上有数百个主机和交换机。在这样的环境中，研究人员或网络运营商可以开发控制逻辑，并在生产数据平面的全面仿真上轻松地对其进行测试。一旦对控制平面进行了评估、测试和调试，就可以将其部署到实际的生产网络上。

• Virtualizing (“slicing”) an SDN. In conventional networks, virtualizing a router or switch is complicated, because each virtual component needs to run own instance of controlplane software. In contrast, virtualizing a “dumb” SDN switch is much simpler. The FlowVisor [67] system enables a campus to support a testbed for networking research on top of the same physical equipment that carries the production traffic. The main idea is to divide traffic flow space into “slices” (a concept introduced in earlier work on PlanetLab [60]), where each slice has a share of network resources and is managed by a different SDN controller. FlowVisor runs as a hypervisor, speaking OpenFlow to each of the SDN controllers and to the underlying switches. Recent work has proposed slicing control of home networks, to allow different third-party service providers (e.g., smart grid operators) to deploy services on the network without having to install their own infrastructure [87]. More recent work proposes ways to present each “slice” of a software-defined network with its own logical topology [1, 22] and address space [1].

在传统网络中，虚拟化路由器或交换机是很复杂的，因为每个虚拟组件都需要运行自己的Controlplane软件实例，相比之下虚拟化“哑”SDN交换机要简单得多。FlowVisor系统使校园能够支持在承载生产流量的相同物理设备上进行联网研究的试验台，其主要思想是将业务流空间划分为“片”（Planetlab的早期工作中引入的概念），其中每个片有一个网络资源共享，由不同的SDN控制器管理。FlowVisor作为Hypervisor运行，向每个SDN控制器和底层交换机传递OpenFlow。最近的工作建议对家庭网络进行分层控制，以允许不同的第三方服务提供商（如智能电网运营商）在网络上部署服务，而无需安装自己的基础设施，最近的工作也提出了用自己的逻辑拓扑和地址空间来表示软件定义网络的每个“片段”的方法。

Myths and misconceptions. People often refer to supposed “benefits of SDN”—such as amortizing the cost of physical resources or dynamically reconfiguring networks in multi-tenant environments—that actually come from network virtualization. Although SDN facilitates network virtualization and may thus make some of these functions easier to realize, it is important to recognize that the capabilities that SDN offers (i.e.,the separation of data and control plane, abstractions for distributed network state) do not directly provide these benefits.

人们经常提到所谓的“SDN的好处”——比如分摊物理资源的成本，或者在实际上来自网络虚拟化的多租户环境中动态地重新配置网络。尽管SDN有助于网络虚拟化，因此可能使其中一些功能更易于实现，但必须认识到SDN提供的功能（即数据和控制平面的分离，分布式网络状态的抽象）不能直接提供这些好处。

Exploring a broader range of use cases. Although SDN has enjoyed some early practical successes and certainly offers much-needed technologies in support of the specific use case of network virtualization, more work is needed both to improve the existing infrastructure and to explore SDN’s potential to solve problems for a much broader set of use cases. Although early SDN deployments focused on university campuses [34], data centers [54], and private backbones [44], recent work explores applications and extensions of SDN to a broader range of network settings, including home networks, enterprise networks, Internet exchange points, cellular core networks, cellular and WiFi radio access networks, and joint management of end-host applications and the network. Each of these settings introduces many new opportunities and challenges that the community will explore in the years ahead.

尽管SDN在早期已经取得了一些实际的成功，并且确实提供了支持网络虚拟化的特定用例所急需的技术，但是需要做更多的工作来改进现有的基础设施，并探索SDN解决更广泛的用例集问题的潜力。尽管早期的SDN部署主要集中在大学校园、数据中心和私人骨干网，但最近的工作探索了SDN的应用和扩展，使其扩展到更广泛的网络设置，包括家庭网络、企业网络、Internet交换点，蜂窝核心网络，蜂窝和WiFi无线接入网络，以及终端主机应用和网络的联合管理。每一个这样的环境都会带来许多新的机遇和挑战，社区将在未来几年中探索这些机遇和挑战。