Field of Invention
The disclosed invention generally relates to the controller component of a Software Defined Network (SDN). In particular, it relates to such controllers automatically discovering and authenticating each other as part of the control plane operations, without any need for manual configuration of other controllers as it is being done in prior art. The system of this invention is a new capability of the controller that receives Controller-Advertisement messages from other controllers in the same or different SDN, performing authentication and subsequently performing control plane information exchange. The Controller-Advertisement messages used for discovery are also used to periodically check the health of the pool of discovered controllers. Multiple controllers can be used for load sharing, improved reliability under failure of a controller by enabling seamless take over and recovery. Also, controllers can cooperate to enable end-to-end services to work across multiple SDNs.
Discussion of Related Art
Software-Defined Networking (SDN) is a new paradigm where the control of computer and communication networks is accomplished via programmatic interfaces. There are a number of approaches to SDN. In the most popular approach, the data and control planes that typically reside in a switch are separated and the control plane is moved to a separate device, commonly referred to as the controller as described in the article “OpenFlow: Enabling Innovation in Campus Networks” by Nick McKeown et al., which appeared in ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, April 2008 and also in the Pre-Grant Application by Casado et al. (2009/0138577). When triggered, the controller calculates the most appropriate route through the network between two nodes and programs all switches along this route accordingly. The controller can be a physical server, a virtual machine or an appliance. There can be multiple controllers in a computer network in this approach. It is possible to divide the network into regions and have different controllers control each region. It is also possible to have multiple controllers control a single switch for reliability and/or performance issues, where each controller may control different ports, or different flow types, or flows with different end nodes. In this approach, a well-defined protocol, OpenFlow, is used for communication between the network forwarding devices and the controller. The controller also has a northbound application programming interface so that different, custom control applications that use the OpenFlow data may be installed on the controller. This approach is advocated by the Open Networking Foundation (ONF) that aims to standardize the OpenFlow protocol. The latest version of the OpenFlow protocol may be accessed via the ONF web page. It is also possible to use a protocol other than OpenFlow to enable proper operation of this approach. FIG. 1 illustrates the OpenFlow-based SDN concept with a single controller 100 and a plurality of switches 109, 110, 111, and 112. In FIG. 1, dotted lines 101, 102, 103 and 104 represent control plane connections between the controller and the switches, while solid lines 105, 106, 107, and 108 represent the switch-to-switch data plane connections. All interactions in FIG. 1 between the controller and the switches use a clearly defined protocol, such as OpenFlow. This protocol allows for the control plane operations, wherein the controller programs the switches to specify the route of data paths (or flows, slices). The controller programs the switch by simply uploading one or more forwarding table(s) (or table entries).
In a second approach to SDN, virtual switches, as described in the Pre-Grant Application by Casado et al. (2010/0257263), are deployed as part of an overlay network on top of the existing network infrastructure using protocols such as VXLAN or NVGRE, which are defined in IETF Internet Drafts, draft-mahalingam-dutt-dcops-vxlan-00.txt and draft-sridharan-virtualization-nvgre-01.txt, respectively. In this approach, the data and control planes are still kept separate in the overlay, and the controller (or a group of controllers) is used to control the virtual switches.
In a third SDN approach, the data and control planes are not physically separated. Instead, every forwarding device in the network uses programmatic interfaces for network control, on which custom control applications may be installed. This vendor specific approach may be visualized as having an SDN controller in each forwarding device and using a vendor-specific protocol for communication between the controller and the forwarder.
The Pre-Grant Publication to Kato (2012/025049) describes a Load Distribution System, Load Distribution Method, and Program for SDN. In Kato, the load distribution amongst controllers is made possible using a proxy server that is situated between the switches and the controllers. The proxy server enables transparency of the different controllers to each of the switches. It also enables seamless load-balancing amongst the controllers unbeknownst to the switches in the network.
The Pre-Grant Publication to Yamato et al. (2011/0317701) describes one possible method to formulate routing decisions in a SDN architecture where multiple controllers are deployed. The routing decision, as calculated by the controller that controls the switch from which the route originates, is communicated to the other, relevant controllers in the network by this controller using a message that includes the forwarding path information.
In Kato as well as Yamata et al., as with the remainder of the prior art, when multiple controllers are used, a manual configuration step is needed to program each controller with the information of the other controller(s). The present invention eliminates this manual step by providing a system and method that allow each controller to automatically discover and authenticate other controllers in the network.
Embodiments of the present invention are an improvement over prior art systems and methods.