Protecting control planes in networking hardware from high rate packets is a critical issue for networks under operation. One common approach for conventional networking hardware is to offload expensive functions onto hard-wired offload engines as ASICs. This approach is inadequate for OpenFlow networks because it restricts a certain amount of flexibility for network control that OpenFlow tries to provide. Therefore, we need a control plane protection mechanism in OpenFlow switches as a last resort, while preserving flexibility for network control. In this paper, we propose a mechanism to filter out Packet-In messages, which include packets handled by the control plane in OpenFlow networks, without dropping important ones for network control. Switches record values of packet header fields before sending Packet-In messages, and filter out packets that have the same values as the recorded ones. The controllers set the header fields in advance whose values must be recorded, and the header fields are selected based on controller design. We have implemented and evaluated the proposed mechanism on a prototype software switch, concluding that it dramatically reduces CPU loads on switches while passes important Packet-In messages for network control.

Many public cloud datacenters have adopted the Edge-Overlay model which supports virtual switch-based network virtualization using IP tunneling. However, software-implemented virtual switches can cause performance degradation because the packet processing load can concentrate on a particular CPU core. As a result, such load concentration decreases and destabilizes the performance of virtual networks. Although multi-queue functions like Receive Side Scaling (RSS) can distribute the load onto multiple CPU cores, they still have performance problems such as IRQ core collision between priority flows as well as competitive resource use between host and guest machines for received packet processing. In this paper, we propose Virtual Switch Extension (VSE) that adaptively determines CPU core assignment for SoftIRQ to prevent performance degradation. VSE supports two types of SoftIRQ core selection mechanisms, on-the-fly or predetermined. In the on-the-fly mode, VSE selects a SoftIRQ core based on current CPU load to exploit low-loaded CPU resources. In the predetermined mode, SoftIRQ cores are assigned in advance to differentiate the performance of priority flows. This paper describes a basic architecture and implementation of VSE and how VSE assigns a SoftIRQ cores. Moreover, we evaluate fundamental throughput of various CPU assignment models in the predetermined mode. Finally, we evaluate the performance of a priority VM in two VM usecases, the client-usecase which is receive-oriented and the router-usecase which performs bi-directional communications. In the client-usecase, the throughput of the priority VM was improved by 31% compared with RSS when the priority VM had one dedicated core. In the router-usecase, the throughput was improved by 29% when three dedicated cores were provided for the VM.

In this paper, we apply the concept of software-defined data plane to defining new services for Mobile Virtual Network Operators (MVNOs). Although there are a large number of MVNOs proliferating all over the world and most of them provide low bandwidth at low price, we propose a new business model for MVNOs and empower them with capability of tailoring fine-grained subscription plans that can meet users' demands. For example, abundant bandwidth can be allocated for some specific applications, while the rest of the applications are limited to low bandwidth. For this purpose, we have recently proposed the concept of application and/or device specific slicing that classifies application and/or device specific traffic into slices and applies fine-grained quality of services (QoS), introducing various applications of our proposed system [9]. This paper reports the prototype implementation of such proposal in the real MVNO connecting customized smartphones so that we can identify applications from the given traffic with 100% accuracy. In addition, we propose a new method of identifying applications from the traffic of unmodified smartphones by machine learning using the training data collected from the customized smartphones. We show that a simple machine learning technique such as random forest achives about 80% of accuracy in applicaton identification.

An L2-in-L3 tunneling technology plays an important role in network virtualization based on the concept of Software-Defined Networking (SDN). VXLAN (Virtual eXtensible LAN) and NVGRE (Network Virtualization using Generic Routing Encapsulation) protocols are being widely used in public cloud datacenters. These protocols resolve traditional VLAN problems such as a limitation of the number of virtual networks, however, their network performances are low without dedicated hardware acceleration. Although STT (Stateless Transport Tunneling) achieves far better performance, it has pragmatic problems in that STT packets can be dropped by network middleboxes like stateful firewalls because of modified TCP header semantics. In this paper, we propose yet another layer 4 protocol (Segment-oriented Connection-less Protocol, SCLP) for existing tunneling protocols. Our previous study revealed that the high-performance of STT mainly comes from 2-level software packet pre-reassembly before decapsulation. The SCLP header is designed to take advantage of such processing without modifying existing protocol semantics. We implement a VXLAN over SCLP tunneling and evaluate its performance by comparing with the original VXLAN (over UDP), NVGRE, Geneve, and STT. The results show that the throughput of the proposed method was comparable to STT and almost 70% higher than that of other protocols.

In this paper, we posit that extension of SDN to support deeply and flexibly programmable, software-defined data plane significantly enhance SDN and NFV and their interaction in terms of (1) enhanced interaction between applications and networks, (2) optimization of network functions, and (3) rapid development of new network protocols. All of these benefits are expected to contribute to improving the quality of diversifying communication networks and services. We identify three major technical challenges for enabling software-defined data plane as (1) ease of programming, (2) reasonable and predictable performance and (3) isolation among multiple concurrent logics. We also promote application-driving thinking towards defining software defined data-plane. We briefly introduce our project FLARE and its related technologies and review four use cases of flexible and deeply programmable data plane.

Due to limitations of today's widely-deployed commercial networks, some end-user applications are only possible through, or greatly improved by execution on virtualized networks that have been enhanced or idealized in a way which specifically supports the application. This paper describes US Ignite and the advantages provided to US Ignite end-user applications running on virtual networks which variously: (a) minimize latency, (b) minimize jitter, (c) minimize or eliminate packet drops, (d) optimize branch points for multicast packet duplication, (e) provide isolation for sensitive information flows, and/or (f) bundle network billing with application use. Examples of US Ignite applications in these categories are provided.

We propose TagFlow, a data plane mechanism for classification in Software-Defined Networking (SDN). We first argue that simple field-matching proposals of current SDN APIs are not efficient and flexible enough and then propose a tag based classification mechanism as an alternative. Moreover, we propose user-defined actions as an improvement over current hardcoded actions in SDN APIs. Our experiments show TagFlow forwarding is almost 40% faster than OpenFlow. Furthermore, our user-defined actions at SDN southbound are thousands of times faster that equivalent northbound implementations in the literature.

The paper presents a survey on OpenFlow related technologies that have been proposed as a means for researchers, network service creators, and others to easily design, test, and deploy their innovative ideas in experimental or production networks to accelerate research activities on network technologies. Rather than having programmability within each network node, separated OpenFlow controllers provide network control through pluggable software modules; thus, it is easy to develop new network control functions in executable form and test them in production networks. The emergence of OpenFlow has started various research activities. The paper surveys these activities and their results.

Software-Defined Networking currently appears to be a major evolution towards network programmability. In this paper, we first analyze the network management capabilities of OpenFlow in order to identify the main challenges that are raised for SDN management. We address current deficiencies of SDN management and suggest solutions that incur research directions to be carried out for the management of enhanced SDN.

The use of computing resources on network is becoming active in the Internet and private networks. OpenFlow/Software-Defined Networking (SDN) is drawing attention as a method to control network virtualization for the cloud computing services and other carrier services. This paper introduces examples of OpenFlow/SDN technologies applied to commercial cloud services. Various activities to expand coverage over commercial carrier networks are also mentioned.

Overlay networking makes it easy for users add new network functionalities while keeping existing Internet connectivity intact. This paper introduces SCONE (Service-COmposable InterNEt) as a networking service to facilitate the management of service overlay networking. By looking into the structure of programmable overlay nodes, SCONE provides programmable IP service gateways (PSGs) that ensure high-speed per-flow packet processing for overlay networking. In order to meet the data-rate requirements of various host applications, each PSG is accelerated by hardware packet processing for its data plane. It also leverages the space-efficient pattern matching of entity cloning and provides localized (i.e., de-centralized) services to assist the scalable support for software-defined networking (SDN). An experiment result shows that the proposed PSGs can support high-fidelity overlay networking from both performance and scalability perspectives.