Software-defined networking (SDN) is a general term which includes a number of networking technologies. SDN aims to separate the control plane of the network from the data plane of the network to create an agile and flexible network. In a software-defined network, the switch(es) or other components that form the physical topology of the network can communicate with the controller to determine how frames should be directed within the network. In this way, the controller can create, modify, or remove connections between two endpoints to dynamically provision services between the endpoints.
During this provisioning of services, it is important to note that the physical topology of the network remains unchanged. Instead, to provision a service between two endpoints (e.g., between a user's home and an edge switch of a provider), the controller will typically employ knowledge of the network topology including how the endpoints are physically interconnected, current traffic on the network, and any quality of service requirements (among possible other factors) to select and create a virtual network between the endpoints. This is accomplished by programming the appropriate switches or other components to forward frames pertaining to the service so that they traverse a selected path to reach their endpoint. In some implementations, only components located at the edge of the network topology may implement this software-defined networking technique.
Various protocols and techniques exist for provisioning services in this manner. For example, a software-defined network may be configured to employ VLAN tags (or other identifiers) within the frames to define to which service the frames pertain. By accessing the VLAN tag in a frame it receives, a switch can determine, based on its programmed rules, how to forward the frame so that the frame traverses the path that was defined for that service. In this type of environment, frames pertaining to multiple services can be transferred over the same physical wire but remain isolated due to the VLAN tags they include.
FIG. 1 provides a simplified example of a prior art software-defined network architecture 100. Architecture 100 includes a network 130 that consists of a number of interconnected switches 130a-130n that form a switching fabric (where n represents any integer greater than one). A number of entities can connect to network 130 including service providers and end users. Service providers may typically include a network that connects to network 130 via an edge switch. In contrast, an end user may typically employ a gateway to connect to network 130. A controller 131 can control components within architecture 100. In some embodiments, controller 131 may configure gateway 110 for the purpose of provisioning services between the end user and a service provider. In some embodiments, controller 131 may also configure edge switch 132 or some or all of switches 130a-130n to provision such services.
In one example, a streaming video provider network 140a (e.g., Netflix, Hulu, Sling, etc.), an internet service provider network 140b, and a security provider network 140n can each be connected to a particular port of edge switch 132. Additionally, a user's premises (e.g., a home or business location) includes a smart TV 100a, a PC 100b, and a security system 100n. 
The user may desire to employ smart TV 100a, PC 100b, and security system 100n to receive services over network 130. To connect smart TV 100a, PC 100b and security system 100n (or any other network connectable device) to network 130, the user can employ gateway 110. Gateway 110 includes an outbound (or wide area network (WAN)) port 112 by which it connects to a switch (e.g., switch 131c) of network 130. Gateway 110 also includes a number of inbound (or local area network (LAN)) ports 111a-111n by which the end user may connect the various devices to gateway 110.
An important distinction between a software-defined network and a typical internet connection is that a software-defined network allows a user to access a service independent of the internet. For example, in an internet-based scenario, if the user desires to subscribe to Netflix, the user must first subscribe to an internet service provider (e.g., Comcast, Verizon, Time Warner, AT&T, etc.) to access Netflix. In this scenario, the user accesses Netflix over the internet. In contrast, with a software-defined network and assuming streaming video provider network 140a is Netflix, controller 131 can provision the delivery of Netflix to the user's premises independent of any internet access.
As mentioned above, architecture 100 may use layer two identifiers (hereinafter generally “IDs”) to distinguish between different services that have been provisioned over network 130. For example, a streaming video service that has been provisioned for the end user could be assigned an ID of 1234. In such a case, any frame that the streaming video provider sends to the end user will be labeled with 1234. On the service side, this labeling of frames is performed at the edge switch by which the provider's network is connected to network 130. Therefore, edge switch 132 would label a frame that is intended for the end user with 1234 if that frame is received over the port associated with streaming video provider network 140a. 
As mentioned above, gateway 110 includes multiple inbound ports 111a-111n. This is necessary to enable multiple services to be delivered to the user's premises via gateway 110. In particular, as part of provisioning a service to the user's premises, controller 131 can instruct gateway 110 to deliver incoming frames that have a particular ID to one of ports 111a-111n. Similarly, controller 131 can instruct gateway 110 to assign the particular ID to any outgoing frame that is received at the same port. In other words, each service delivered to the user's premise requires its own inbound port on gateway 110.
Accordingly, in FIG. 1, it is assumed that the streaming video service is provided to the user's premises via port 111a, the internet service is provided via port 111b, and the security system service is provided via port 111n. In this scenario, gateway 110 creates the appearance that there are multiple separate networks available at the user's premises (i.e., gateway 110 provides multiple virtual networks).
Although this one-to-one relationship between services and ports provides service isolation, it also creates various practical difficulties. For example, to use a service on a device, the device will have to be connected to the appropriate port. In FIG. 1, smart TV 100a will have to be connected (whether via an Ethernet cable, Wi-Fi, or another interface) to port 111a in order to use the streaming video service. On the other hand, PC 100b will have to be connected to port 111b to use the internet. In this scenario, the internet will not be available on smart TV 100a and the streaming video service will not be available on PC 100b. It can also be difficult to physically connect each device to the proper port. For example, many homes and businesses are wired for a single network that is shared by all devices. In such cases, it would be necessary to either purchase multiple routers to employ separate Wi-Fi networks for each service and/or add additional wiring to connect the devices to the appropriate port of gateway 110. Also, in many cases, gateway 110 may not be located inside the building or in an easily accessible area.