All network switches, whether physical or virtual, need a way to update configuration, management and other setting from time to time. In a standard network architectures, this is usually done manually as new core, edge, access and other devices are brought on-line.
In a Software Defined Architecture (SDN), network pathways are provisioned, mapped and routed in a highly dynamic atmosphere. It's not unreasonable to imagine network configuration modules embedded in the application, allowing it to build and change network environments according to its needs. Naturally, this will require a fair amount of automation, built largely on a sophisticated networking protocol. In the OpenFlow (OF) platform, that protocol is OF-Config 1.1, which was recently upgraded to include new ways to build, maintain and protect SDN environments.
OF-Config 1.1 is basically the means to enable remote configuration of datapaths on an OpenFlow switch. This is where much of the network abstraction takes place in the OpenFlow format, allowing for logical network resources to rest on top of physical infrastructure so they can be configured and reconfigured on a dynamic basis.
Through OF-Config, network datapaths are viewed as OpenFlow Logical Switches, which then communicate with the OF controller through the broader OF protocol. Multiple datapaths can then be configured as an OpenFlow Capable Switch, which functions like a physical Ethernet switch but with the ability to partition ports, queues and other resources among its hosted logical switches. OF-Config offers a high degree of flexibility in the partitioning process and assumes that all resources will be partitioned in some way, essentially giving logical switches full control over the resources that are available.
OF-Config also utilizes a mechanism called an OpenFlow Configuration Point to send messages to OpenFlow Capable Switches. Configuration points can originate in a variety of ways, such as a software system on the OpenFlow Controller or from an existing network management platform. As such, OF-Config does not define the configuration point, but merely uses them to maintain network communications.
OF-Config 1.1 provides a number of enhanced capabilities compared to previous versions. These include:
- configuration of various tunneling options used primarily to create overlay networks to encapsulate various Ethernet layers within one another. To date, the options include IP-in-GRE, NV-GRE and VxLAN
- capability discovery on the OpenFlow Logical Switch to determine what ports and related resources are OpenFlow-ready and what their capabilities are. Config can also remotely change some port aspects, such as up/down settings
- configuration of security certificates for protected communication between logical switches and controllers. Both the switch certificate and the controller certificate are created in OF-Config
The Open Networking Foundation is quick to point out the OF-Config is designed to be a foundational protocol on which any number of automated and advanced configuration processes can be built. At the moment, Config does not encompass functions like switch or topology discovery, capability configuration, event triggering or logical switch instantiation. However, it is possible that these and other tools can be added to future versions.
Config 1.1 received final approval from the ONF earlier this year. As of yet there are no vendor implementations in the market. The protocol saw a public demonstration at the organization's recent Plugfest at Indiana University's Center for Network Translational Research and Education, although it underwent only limited testing.
Since much of OpenFlow's functionality centers around automating the network configuration process, OF-Config 1.1 can be considered the true heart of the protocol. As the vendor community increases production of OF-compatible systems, the possibility of highly dynamic, abstract network architectures residing on commodity hardware will move from the "distinct possibility" phase to a working reality.
Details on OF-Config 1.1 are available here.