A centralized flow routing network consists of a set of switches and a logically centralized controller. A flow comprises an aggregation of packets between a source and a destination in the centralized flow routing system. For instance, all hyper text transport protocol (HTTP) packets between two hosts may be defined as a flow. A flow may be a subset of another flow. For example, a specific HTTP connection from the source to the destination can be a subset of all HTTP packets from the source to the destination. A flow may be bidirectional or unidirectional. Centralized flow routing systems provide a framework to enable finer grained, flow-level control of Ethernet (or other kinds of) switches from a global controller.
OpenFlow is one current centralized flow routing system. Upon receiving a packet, a switch in an OpenFlow system extracts a flow identification (flow-ID), defined in one version of the OpenFlow specification by 10 packet header fields across various layers. The switch searches for the flow-ID in its local flow table. The switch performs this search for every packet in the flow. If the flow-ID is found in the flow table, the flow table is known to provide actions such as “forward on the next-hop link I” and “drop packet”. If, however, the flow is unknown, the switch forwards the packet to the global controller. The global controller then makes a decision about whether to admit the flow, and how to route the flow through the switches. The global controller sets up the corresponding flow table entries for this new flow in all relevant switches, and sends back the packet to the switch.
Global control offers several benefits. One benefit is the consistent implementation of global policies. For example, instead of having to ensure that firewall rules at each individual router are consistent across the network, in an OpenFlow network the global controller requires only one description of an global access control policy. Another benefit is that the global controller, by participating in all flow-setup decisions, has better visibility of network conditions, and can make globally sound admission-control and quality of service (QoS) decisions.
Unfortunately, the twin benefits of central control and flow-by-flow forwarding decisions may increase costs, such as, increased network overhead from flow-setup communications. When a packet does not match an existing flow-table entry in a switch, the packet is sent to the global controller. The global controller then evaluates its policy rules, picks a path for the flow, installs a flow entry in each switch on the path, and finally forwards the packet to the switch. In addition, any subsequent packet received by a switch before the corresponding flow entry is installed must also be forwarded to the global controller. These round trips to the global controller from each switch delay the delivery of the first packet, or first set of packets. They also consume bandwidth on the control channel, limiting the scalability of flow setup. There is an additional cost of a connection setup overhead. Because a first packet of each new flow goes to the controller, the connection setup time for the flow increases.