Data communication systems exchange user data for user devices to provide various data communication services. The user devices may be phones, computers, media players, and the like. The data communication services might be media streaming, audio/video conferencing, data messaging, or internet access. Software-Defined Networks (SDNs) have become a popular data communication system to deliver these data communication services.
An SDN has applications, controllers, and data switches. The SDN controllers expose network-level control-plane Application Programming Interfaces (APIs) to the SDN applications. The SDN applications call these SDN controller APIs to implement the data communication services. In a like manner, the SDN data switches expose network-level data-plane APIs to the SDN controllers. The SDN controllers call these SDN data switch APIs to implement the data communication services. The SDN data switches process user data in response to the SDN data switch API calls.
For example, an SDN application may determine that an update to an SDN Flow Descriptor Table (FDT) is required to support a user data communication service. The SDN application calls a controller API with the FDT update. The SDN controller calls a data switch API with the FDT update. The SDN data switch updates its FDT responsive to the data switch API call from the SDN controller. Subsequently, the SDN data switch receives user data packets, matches the packet addresses to an action in the updated FDT, and performs the action on the user data packets. The SDN data switch may forward, drop, or store the user data packets based on the FDT.
Many SDNs execute on Network Function Virtualization (NFV) computer systems. NFV computer systems have Virtual Network Functions (VNFs) that perform like typical communication network elements or portions of these network elements. The VNFs run under the control of a hypervisor or operating system that controls VNF access to NFV hardware (circuitry, memory, communication interfaces). The VNFs communicate with one another and with other systems over NFV virtual Switches (vSWs) implemented by the hypervisor or operating system.
To implement a data communication service, an NFV Management and Orchestration (MANO) system drives the NFV hardware to execute and support the VNFs based on various descriptors for the data communication service. The NFV MANO system may include a service orchestrator that drives the delivery of data communication services based on forwarding graphs. In NFV SDN systems, the VNFs may be SDN applications and SDN controllers. Unfortunately, the data interface between MANO orchestrators in different data communication networks remains rigid and insecure. The data interface between the SDN controllers in different data communication networks also remains rigid and insecure.