A software defined networking (SDN) infrastructure may include a management plane, one or more control planes, and a data plane. The management plane generally provides configuration, monitoring, and management services for the network. Control planes determine the network topology and maintains and distributes configuration information for network entities such as switches, routers, virtual machines, etc. A network may include a central control plane (CCP) as well as local control planes (LCP) at different network elements. The data plane carries user traffic, and typically includes a plurality of physical or virtual hosts. Sharding is a mechanism used to provide high scalability and availability of a CCP by identifying “master” nodes among a plurality of nodes within the CCP for handling data from particular sources or of particular types. Master roles may be determined by individual CCP nodes, such as based on a predetermined hash algorithm, which may be provided by a user from the management plane.
One type of sharding is physical sharding, in which one CCP node serves as the physical master of each host in the data plane. Another type of sharding is logical sharding, in which one CCP node serves as the logical master for each logical entity, such as logical routers, logical switches, and domain objects received from the management plane. A domain object may be a logical representation of an item in a particular domain, such as a rule or policy. While most systems only employ one type of sharding, there are cases in which it becomes useful to employ both types of sharding in parallel. For example, in a system which employs physical sharding, a category of domain objects may be introduced which is handled more efficiently by logical sharding. One such category could be, for example, distributed network encryption (DNE) key policies. DNE involves distributing encryption functionality across multiple network entities in a network in order to enhance security. A DNE key policy may be related to multiple hosts in the data plane, and each of these hosts may have a different CCP node as its physical master. If the DNE key policy requires additional processing from a CCP node before being provided to the hosts to which the policy relates, it would be inefficient to have this processing be performed by multiple CCP nodes. Based on the DNE key policy, a CCP node may generate key information (such as IDs for the keys and the Security Parameter Index (SPI) for packet headers) for the hosts to use. This generated key information may be based on an individual CCP node's confidential information (such as its secure shell (SSH) certificate). Further, different CCP nodes may generate different key information for the same key policy (for example, the IDs may be generated randomly and different CCP nodes may generate different random numbers). Thus, if only physical sharding is employed, the generated key information may be different for each CCP node, resulting in inconsistent data paths, and encryption/decryption may therefore not function properly. As such, it may be advantageous to employ a logical sharding mechanism for these domain objects so that each domain object is only processed by one CCP node regardless of how many hosts in the data plane the domain object relates to.
Adding logical sharding in this manner to a system that otherwise employs physical sharding can present certain difficulties, however. For example, the CCP node which is the logical master of a domain object may not be the physical master of every host in the data plane to which the domain object must be published. Furthermore, the physical sharding mechanism may not wait until a logical sharding operation is complete before publishing an object to the data plane, and this may result in incomplete or out-of-date information being provided to hosts. Accordingly, a method is needed for adding logical sharding to a physical sharding architecture in a manner which allows for up-to-date domain objects to be provided to all relevant hosts.