All network elements—switches and routers, virtual or physical—have one ultimate task to fulfill, which is to forward incoming packets to a next element or a next hop on their way to the destinations. In some cases, the determination as to which next hop leads a packet towards an eventual destination depends on the current state of network. In these cases, the forwarding elements promptly react to the changes in the state of the network (e.g., configuration changes as well as to any network failures) by re-computing the forwarding rules as necessary. The division of functionalities within modern switches and routers into data plane and control plane reflects the two aspects of the operations of the switches and routers. That is, data plane forwards packets according to the instructions, which control plane computes and provides based on the network and configuration changes that the control plane observes.
In traditional physical networks, the control plane implementation is distributed over the network elements and the network elements all participate in a distributed routing and/or switching protocol to compute the forwarding instructions for their local data planes. In some software-defined datacenters, a centralized controller cluster replaces the distributed protocols in order to avoid the complications of developing the distributed protocols and implementing control with pure distributed algorithms. That is, in these datacenters, the controllers provide the network elements with up-to-date forwarding instructions.
A physical network device executes a processing pipeline to process packets. At each step of the pipeline, the physical network device looks up a lookup table to find an instruction to execute, using a combination of various packet header fields and some metadata (e.g., the result of executing the previous step of the pipeline). This lookup operation is challenging for the generic central processing units (CPUs) to process at high speed. Hence, the physical network devices tend to rely on special hardware in their data planes, and use generic CPUs only for running their control planes. Control plane programs use special-purpose application-specific integrated circuits (ASICs) to execute the packet forwarding pipeline. The ASICs use ternary content addressable memories (TCAMs) to provide constant-time longest-prefix matches and ACL lookups at rates sufficient for forwarding packets at line speed. FIG. 1 is an example of a simple layer 2 (L2) pipeline that include three lookup tables—an ingress access control list (ACL), a layer 2 (L2) forwarding table, and an egress ACL.
However, in a datacenter, enterprise application workloads (e.g., virtual machines that use enterprise applications) need networking functionalities beyond the standard Internet Protocol (IP) connectivity (as do other public datacenter VMs, in some cases). This is because the enterprise applications often come with strict security and performance requirements that necessitate complicated network topologies including switches, routers and middleboxes providing the workloads with application-level services. Therefore, moving the enterprise workloads onto a virtualized data center requires not only server virtualization but also the virtualization of the networks and the services.
In a software-defined data center, it is the virtualization software (e.g., the hypervisors) that implement and provide the workloads with logical networks with all the services in some embodiments. In these embodiments, the physical network becomes a provider of the IP transport between the hypervisors. This means that the network functionality visible to the workloads is provided by the standard x86 servers at the network edge realizing the logical networks and not by the network appliances scattered throughout the physical network. The shift in placement of functionality from the physical network to the logical networks creates a tremendous pressure on the hypervisor and its networking components in terms of keeping up the performance level because the hypervisor and its virtual switch software are compared against the features and capabilities traditionally provided by hardware components in the physical network.