Shrinking network development time-scales: flexible virtual networks

by 1. M. Leslie

A new type of virtual network is presented which allows the virtual network owner to exert control over their network resources in a completely flexible fashion. These

virtual networks use a technique known as 'switchlets', which result from partitioning the resources, both physical and logical, of a switch. Each partition is a switchlet. Switchlets from different physical switches may be interconnected together in a manner consistent with the physical connectivity of the real switches. Each set of interconnected switchlets can be controlled by its own system, called a 'control

architecture'. Such an arrangement results in a set of virtual networks, each with i t s own control architecture. These control architectures may be identical, that is they

may be different instances of the same control architecture, or they may be radically different. This paper examines how switchlets can be used to provide functionality

which is either impossible or problematic to provide using conventional approaches to network control.

1 Introduction

The communication network industry today is still largely vertically structured, much like the mainframe model of the computer industry pre 1980. Vendors produce switching hardware and the software which controls it. A decade ago they also produced higher level services which ran in the network. Although the Internet has broken the link between service implementation and hardware implementation, the network control link remains.

A vertically structured communication industry is not sustainable. Communication is about interaction. Vertical structures, in the extreme, are about providing total solutions, which in this context must interact with other total solutions and, moreover, must interact correctly at a number of levels. This leads to a moribund standards process and an industry slow to adopt innovation.

Much of the success of the Internet is attributed to its simplicity in network structure: the notion of service, other than the basic transport of packets, is left to the edges. This can be viewed as a horizontal functional cut (one does not buy a Web service from a router manufacturer - except to manage the router). However it is becoming clear that innovation in the development of the Internet is also slowing down as routing and control within the network becomes more complex.

To address this situation many have proposed the notion

of open control in which one can purchase hardware from a number of vendors and then a control system from a single vendor. This would represent a horizontal functional cut at a lower layer than the service cut. Intelligent networks can be seen as an approach which is along this direction. What we are describing here is at a lower level. Using the computer industry analogy we are dealing with an operating-system-level approach rather than an application-level approach.

Innovation will not be greatly encouraged simply by opening up the box if all that results is the dominance of the network control market by a few dominant vendors - presumably the same dominant hardware vendors that we have today. Virtual networks each of which can have its own control system, if its owner so chooses, do provide a path for innovation; they decrease the activation energy for the implementation of new ideas in a real network.

This paper discusses a novel idea, called switchlets, for splitting up network switching resources. It then develops this concept to show how virtual networks with novel properties can be built, and attempts to place these new virtual networks within a taxonomy in order to contrast them with present day virtual networks.

The discussion is somewhat ATM-centric; this is because the implementation work so far has been done with ATM (asynchronous transfer mode). However, the techniques apply to any switching technology.

ELECTRONICS & COMMUNICATION ENGINEERING JOURNAL JUNE 1999 149

control architecture

standard switch control interface

Fig. 1 Open signalling

2 Switchlets: an overview

A switchlet is a set of switch resources that results from partitioning the resources of a switch (or indeed a switchlet). Consider an ATM switch as an example. The resources include the transmission capacity on each link, the virtual path (VP)/virtual channel (VC) address space on each link and the buffers within the switch. Resources can be partitioned so that two switchlets can share the same link by having different parts of the address space.

Switchlets on a given switch are controlled by their own control architecture. This is based on the general concept of open signalling''2, in which a public control interface is made available to a control architecture. Open signalling without using switchlets is shown in Fig. 1. The arrangement shown in this figure is more or less the usual way in which switches are implemented. The key here is that the switch control protocol is specified so that, in principle, anyone can build a control architecture. This does not imply that anyone attached to the network can

exert control over the switch; this is a matter of network and switch configuration.

An example of a system which adopts this approach is the Ipsilon IP-Switching system. This makes use of standard ATM in-band features but specifies a switch control protocol, the Generic Switch Management Protocol (GSMP), and provides its own control architecture whose UN1 (user-to-network interface) and NNI (network-to-network interface) 'signalling' protocol is the Ipsilon Flow Management Protocol (IFMP). Both IFMP and GSMP are specified in Internet RFCs (requests for comments).

If widely adopted, open signalling provides a way for a network operator (whether a public carrier or within an enterprise) to purchase switching hardware from one set of suppliers and network control software from another. It represents a split. of the business very much in the same way that the introduction of the mini-computer and the PC split the mainframe software and hardware business in two.

In order to provide switchlets, this concept is extended. Switchlets are implemented by using a divider which enforces the partition of the resources by ensuring that a control architecture only invokes control operations on the subset of resources allocated to it. This is shown in Fig. 2.

As shown, switchlets allow multiple control architectures to run concurrently, much as many processes run concurrently on a multitasking computer. The divider is providing a function analogous to that of an operating system.

Also shown in Fig. 2 is the partition controller, which is responsible for configuring the divider. It is the divider controller which determines the partition of resources among the switchlets; the physical switch need not be aware of this partitioning.

Switchlets can be tied together to form virtual networks as shown in Fig. 3. This tying together of switchlets is performed by an entity called the network builder, which uses the services provided by the divider controllers

partition c control

I I I _ _ _ _ -

I I I I

ATMF = ATM Forum PNNl = private network-to-

UN1 = user-to-network interface SCS = switch control service

- invocation on switch

network interface

1 I

Fig. 2 Switchlets

associated with each switch to create switchlets in a consistent manner, for example so that the outgoing address space from a switchlet matches the incoming address space for the switchlet at the receiving end of the link. The network builder can be built as either a centralised, distributed, or federated service, as required.

Note that not every switch need have a switchlet in every virtual network and that end systems need not belong to more that one virtual network.

As well as tying switchlets together, the network builder starts up a control architecture to control a virtual network. This may involve starting up many standard elements of the control architecture which form a distributed control system. It could also involve handing a set of switchlets back to the creator of the virtual network, which could provide its own control architecture to control

150 ELECTRONICS & COMMUNICATION ENGINEERING JOURNAL JUNE 1999

the virtual network. A fuller discussion of the

switchlet concept can be found in References 3-5.

3 Using switchlets

General repercussions Switchlets allow the open

signalling concept to reach its full potential. Without switchlets, open signalling provides a mechanism to allow the separation of switching and control functions. This is of value in experimental situations and can cause a partition within the industry. However, in production networks it will essentially cause one standard general-purpose control architec- ture to be replaced by another.

Fig. 3 Virtual networks using switchlets

By using the switchlet concept we achieve a more fluid situation. While a set of resources can be partitioned off and used to provide a standard service (in the sense of a standard control architecture), new control architectures meeting the challenges of new applications can be developed. The switchlet approach allows completely standard control architectures to coexist with new control architectures. It allows new players to come into the control architecture arena. Service providers may take advantage of this in order to deliver their services in a more cost effective fashion.

The rest of this section examines a number of systems which can be deployed using switchlets.

Multiple virtual networks As a base case, consider the diagram of Fig. 3. Suppose

that each of the control architectures is in fact simply a standard ATM Forum (UN1 4.0 , PNNI [private "I]) control architecture. What we would have provided would be a set of standard virtual ATM networks. This provides all the benefits of standard virtual networks implemented through virtual paths, but allows control to be exercised within the physical network in order to allow full multiplexing within the virtual network. This is clearly more efficient then a set of point-to-point permanent virtual paths.

If we fix the partition between switchlets then we have provided availability guarantees to each of the virtual networks. We have traded away the economy of multiplexing in order to do so, but we have still benefited from the economy of scale. Furthermore, by controlling the processing resource available to each control architecture we can prevent signalling overload on one virtual network from impacting on another virtual network.

It could be argued that it is possible to configure a connection admission control (CAC) algorithm to enforce the rigid partitioning of resource between virtual networks. Although this may be true, specifying the partitioning within the algorithm (and in particular changing it during

the operation of the network) would be problematic. Moreover, in doing so one is introducing policy into the CAC algorithm and it seems reasonable that each virtual network would want its own CAC policy. With the switchlet approach the partitioning is natural and each virtual network can have its own CAC algorithm and policy.

Multiple IP networks The above scheme can of course be applied to provide

multiple IP virtual networks over the same ATM infrastructure. This could be done by using schemes such as MPOA (MultiProtocol over ATM) or by using more innovative approaches such as Tag Switching or IP Switching, or by using all of these concurrently. A carrier can provide different service classes to its customers. This might be used to provide intranets for different customers over the same ATM infrastructure where it is clearly not desirable for the traffic on one intranet to affect the traffic on another. An Internet access provider (IAP) can use this to provide different service classes to the same customer base - indeed this can be extended to provide a mechanism for billing for Internet service use. Such a class-based service would provide clear product differentiation within the IAP market place.

An example of avirtual intranet configuration is shown in Figs. 4 and 5. Fig. 4 shows the physical configuration of the network as seen by the network operator; Fig. 5 shows the virtual network seen by enterprise B.

To IAPs, switchlets offer three benefits:

the ability to migrate from one IP-over-ATM scheme to another and, in particular, to run different schemes simultaneously

0 the ability to provide completely partitioned intranets over the same ATM infrastructure, and

0 the ability to offer different service classes as a public Internet access provider.

Rapid service deployment Switchlets allow the coexistence of different control

ELECTRONICS & COMMUNICATION ENGINEERING JOURNAL JUNE 1999 151

U uuu edge routers

Fig. 4 Virtual intranets using switchlets and IP switching

architectures and the possibility of dynamic resource allocation. This forms a foundation for a significant change in the process of service deployment. The threshold for introduction of a new service is lowered dramatically. A service provider can start the life cycle of a new service on a small scale and let the demand develop over time without having to allocate more resources to the new service than are actually required. In a switchlet environment, services develop, mature and decay in a continuous manner because the resources released by a decaying service can be reused by an emerging one. This introduces sustainability into the domain of service deployment, removing the, hitherto so common, requirement for a separate, new infrastructure for each new service.

In order to fully exploit these new possibilities for speeding up the introduction of new services, new tools for the development of service-specific control architectures are envisaged. These tools will allow assembly of generic service component objects into a control architecture, providing a desired final utility for the service user.

to create their own virtual networks provides this service and can be created with the switchlet concept. We call this service a managed virtual network service; what we are doing is providing a management system to allow clients to create their own virtual networks. Most of the work here is to do with policy and scheduling; the underlying switchlet concept provides all the necessary network mechanism.

Global provisioning Opening up the control interface and allowing multiple

control architectures to run simultaneously raises the possibility of carriers running virtual networks on top of other carriers’ real networks. Thus, again referring to Fig. 3, we can imagine the real switches being in different countries and owned by different operators. Each operator could, however, make bilateral agreements with the other operators to provide switchlets on each other’s switches. This would allow each to provide a global service. This service could be entirely standard or could be customised as the operator saw fit.

Fig. 5 B’s virtual intranet

Rapidprovisioning: the managed virtual network service

The time-scales on which networks are created and destroyed have so far been assumed to be quite long. However, the use of the network builder and some associated policy creation and enforcement tools allows the consideration of more rapid time-scales. A company might wish to bring one of its intranets into an exhibition centre for a single day. A collaborative piece of work might require a very high capacity network but just for a few hours a week for a number of weeks.

A service which allows clients

Network control evolution Switchlets overcome the need to

believe that there is one control system which will satisfy all requirements. The success of the Internet can be directly attributed to its flexibility. ATM will not be flexible if it adheres to its current control system. Indeed, current ATM signalling standards are lacking in support of an IP multicast model (although it can be argued that ATM could do a rather good job supporting the IP multicast model if it had an appropriate control system) and supporting RSVP (Resource reservation Protocol) merging is

152 ELECTRONICS & COMMUNICATION ENGINEERING JOURNAL JUNE 1999

simply out of the current scope of ATM signalling. Providing a framework in which ATM signalling can evolve will meet these obvious challenges and will go on to meet the unforeseen ones.

An unknown question is how content providers might take advantage of more flexible network control capabilities. Quite simply, they have yet to consider it; it has not yet been put on the table. However, work in embedded systems which exploit flexible scheduling has produced such things as distributed video servers which use ATM switches to provide their logical interconnect; a client is unaware that the stream of video which they are watching is being sent from different machines at different times.

Application control of the network Open signalling allows what might be called

‘programming the control plane’. Switchlets offer a way to confine such programming to a set of network resources without impacting other users of the network. Such systems might provide a switchlet control environment comprising a set of resources and an execution environment for, say, a piece of Java code to control the set of network resources as part of a distributed application. These ideas are explored in detail in Reference 6.

4 A taxonomy of virtual networks

Virtual networks provide the illusion of running many networks over a single physical network. The analogy with operating systems allowing multiple processes to run concurrently is obvious. But whenever one encounters a virtual thing, one should examine the relationship between the virtual thing and the real underlying thing. Virtual networks can be categorised in terms of how much of the underlying network resource is visible to the virtual network. In the operating system analogy, for example, virtual memory can be locked down or a process might have a configurable working set of physical pages.

Closed user groups The first type of virtual networks comprises closed user

groups (in a general sense). Closed user groups are perhaps the weakest form of virtual network. The only resource being exposed is the address space of the network. Other resources are statistically multiplexed with other closed user groups. There may be charging implications (e.g. distributed Centrex) which provide other advantages.

These virtual networks can also be configured to provide a guaranteed access rate into a shared network. In many cases the access goes into a core which is large enough that the statistical mix provides an acceptable performance guarantee.

Dedicated paths across the network The second type of virtual networks is constructed from

a set of provisioned links which are carried across the real network. For example, in an ATM network these might be virtual paths which have resource/bandwidth allocated to

Type 2 virtual network Type 3 virtual network

Fig. 6 Virtual networks with dedicated paths

them, say in terms of a leaky-bucket specification. For simplicity we can consider them to be constant-rate channels. Such a scheme (as far as the users of the virtual networks are concerned) is shown on the left of Fig. 6. Note that the figure represents resource dedicated to a particular virtual network, not the overall resource of the underlying physical network.

Dedicated paths within the network The third type of virtual network in our taxonomy is a

network in which there are link resources within the physical network dedicated to the virtual network. This necessarily entails the virtual network performing its own switching. This is depicted on the right of Fig. 6. This arrangement allows the virtual network to share in the benefits of a switched network and clearly becomes more important as the virtual network grows in size. These networks not only require dedicated link resources but also resources within the switching nodes which the links interconnect. Switchlets allow such operation.

Virtual networks of the fourth kind Switchlets also allow the construction of virtual

networks in which, in addition to link and switching resources, the control of the switching decisions, and thus resource allocation within the virtual network, is decided by the virtual network ‘owner’, either by selecting from a set of possible control architectures or by supplying the control architecture itself.

5 Networks on demand

An interface on the divider server of Fig. 2 which has not been discussed in detail is the partition control. This interface allows an external agent to create new partitions of resource and to shift resource between partitions. This agent is called the network builder.The network builder is responsible for creating a set of switchlets with consistent resource allocations (i.e. internal address spaces line up) in response to a demand for a particular network. The network builder can offer a low-level service in which it exposes the entire network topology and switch capabilities. Users of this service would then ask for resources on particular physical switches. The main user of this service would be the network builder itself, which would also offer a higher layer service. This service would be invoked by providing a set of requirements on a virtual

ELECTRONICS & COMMUNICATION ENGINEERING JOURNAL JUNE 1999 153

Ian Leslie graduated in Engin- eering Science (CS Option) in 1977 at the University of Toronto, where he also completed a Masters degree in Electrical Engineering. In 1983 he was awarded a PhD degree for work at the University of Cambridge Computer Laboratory, where he is now a Professor. His interests are in operating systems, distributed systems, networks and machine architecture for distributed multimedia applications. He was a cefounder of Nemesys Research Ltd. (now part of FORE Systems), which produces hardware and software to allow cost-effective video connection to ATM networks, and is now involved in a new venture, CPlane Inc., which is exploiting research in the field of network control. He is a technical advisor to Oftel, the UK telecommunications regulator.

Address: T71, Computer Laboratory, University of Cambridge, New Museum Site, Pembroke Street, Cambridge CB2 3QG, UK. Email: Ian-Leslie@cl.cam.ac.uk

network, naming the endpoints and providing traffic matrices including multicast patterns. The network builder would then allocate a suitable network without exposing the entire network state to the user.

Virtual networks created in this way might last for years, days or hours. However, the time-scale on which a network is created is relatively leisurely. There is time to invoke reasonably complex policy engines to decide the terms on which a user is allowed to create a virtual network.

The time-scale on which recovery of a virtual network must be performed is a different matter. Some virtual networks will specify some reliability constraints and the network builder will have to ensure that it has a plan about reallocation of switchlets in the face of physical link or node failure. Note that this may in turn cause a topology change in the virtual network which will drive that network into a recovery mode. These are issues for future research.

6 Conclusions

Switchlets and virtual networks based on them offer enormous scope for flexibility and evolution. They open the provision of control architectures to companies not involved in switch manufacturing, and offer current switch manufacturers the possibility of selling their control architectures for use on other switches.

For the carrier they offer an escape from the standards process. This is not to say that standards are not important; indeed a key issue is to standardise the switch control interface and the means by which virtual networks are created. However, once these are achieved, the carrier can commission custom control architectures to operate on a set of switches from different manufacturers.

Telecommunication time-scales have shrunk over the past 100 years. However, they are still enormous when compared to those of the computer industry. One of the reasons for this is the standards process. There are

standards within the computer industry, but the bulk of the industry is not standards driven; Microsoft does not seek industry agreement before adding a feature to one of its products. The switchlet approach offers similar opportunities for carriers and control architecture vendors, and may well be the next step in the reduction of time-scales within telecommunications.

The move to network programmability is being adopted in a number of spheres. Perhaps the most influential is the Active Network community in the USA. Although the term can be interpreted in a number of ways, the major concern with Active Networks is the exposure of the shared network infrastructure to erroneous or malicious network programs. Switchlets and the virtual networks they provide go some way to addressing this concern.

A number of applications of switchlets have been outlined above. It may not be the case that all of them will be important or indeed realised. However, the widespread use of switchlets will greatly reduce the ‘activation energy’ in implementing any one of them.

Finally, many of the ideas which are proposed here are finding currency within the Multi Switching Forum. This group of ATM switch vendors, operators, and control architecture vendors is concerned with the clean separation of control and data so that the control plane can be extended to support new functions. Details can be found at http://www.msforum.org.

Acknowledgments

Many have contributed to the work described above. Special mention must go to Kobus van der Menve, Sean Rooney, Simon Crosby, Rebecca Isaacs, Herbert Bos, and the team at CPlane Inc. This work was partly funded by EPSRC under grant GR/K46286, by BT, and by Sprint. The switchlet technique is protected by patent.

References

1 LAZAR, A., and LIM, IC-S.: ‘Realizing a foundation for programmability of ATM networks with the binding architecture’, IEEE J. Sel. Areas Commun., September 1996,

2 LAZAR, A.: ‘Programming telecommunication networks’, IEEE Networks, September/October 1997,11, pp.8-18

3 VAN DER MERWE, J. E., and LESLIE, I. M.: ‘Service-specific control architectures for ATM’, IEEE J. Sel. Areas Commun., April 1998,16, (3), pp.424-436

4 VAN DERMERWE, J., and LESLIE, I.: ‘Switchlets and dynamic virtual ATM networks’, Integrated Network Management V, May 1997, pp.355-368

5 VAN DERMERWE, J. E.: ‘Open service support for ATM’. PhD thesis, Cambridge University, Computer Laboratory, UK, September 1997

6 ROONEY, S.: ‘Connection closures: adding application-defined behaviour to network connections’, Comfiut. Commun. Rev., April 1997,27, (2), pp.74-88

14, pp.1214-1227

OIEE: 1999 First received 12th October 1998 and in revised form 25th January 1999

154 ELECTRONICS & COMMUNICATION ENGINEERING JOURNAL JUNE 1999