HotNets '13: Applying Operating System Principles to SDN Controller Design

Presented by: Matthew Monaco

Authors: Matthew Monaco, Oliver Michel, Eric Keller

SDN controller platforms are often compared to operating systems, but existing controllers are more like kernels. This means that programmers must re-implement common functionality such as event handlers, timers, etc. from scratch in each new application.

Yanc (Yet Another Network Controller) is a new SDN controller platform based on classic Unix principles. It follows the "everything is a file" philosophy, which leads naturally to a simple and lightweight interface for accessing network hardware, and enables re-using standard off-the-shelf utilities in network control programs. As an example, the directory structure for a single OpenFlow switches is organized as follows:

   /sw1
    |-- counters/
    |-- flows/
    |-- ports/
    |-- actions
    |-- capabilities
    |-- id
    +-- num_buffers

This work is important because it represents a serious attempt to deliver on the vision of a "network operating system" and it proposes a fresh SDN controller architecture that makes it possible to put existing operating system abstractions to work. For example, programmers can re-use existing Linux abstractions such as:

• inotify for event processing
• file permissions and access control lists for security
• namespaces and cgroups for performance isolation
• distributed file systems for simple forms of state replication and coordination

rather than having to implement their own from scratch.

The Yanc prototype is based on File System in Userspace (FUSE), a C++ OpenFlow driver, a Python discovery module, and a shell script to push rules. Future work includes defining new drivers for other back-ends such as Snort, developing richer operators for composing network programs, and further investigating issues related to distributed control.

Q: What about performance? The POSIX filesystem imposes all kinds of semantics that might limit parallelism. Does the FUSE implementation serialize a list of creations?

A: No, many file system operations can be implemented in parallel or asynchronously. Moreover, even if they were sequential, the latency of a packet_in "miss" far exceeds the latency of these file system operations anyway.

Q: Can distributed file systems be used to coordinate SDN controllers?

A: Perhaps! We are exploring the use of distributed file systems to implement functionality such as distributing locks for concurrency control, etc.