Separating Data and Control planes approaches

Several research works have addressed the network management complexity by raising two key points: (1) separating the functionality of the data plane and control plane and (2) programmability instead of configuration [73, 56]. This has led to a new paradigm named software defined networking (SDN).

The grandfather of SDN is 4D project [34], which has addressed the need for sepa- rating between control and data planes as well as centralized administrative domain. 4D

architecture actually proposed four planes: decision plane, dissemination plane, discovery plane, and data plane. The decision plane determines the overall network behavior based on network-wide view collected from the underline devices. The data plane performs ba- sic packet processing functions such as forwarding, filtering, etc. The dissemination plane serves as a communication mechanism between the decision plane and data plane. The dis- covery plane is responsible for discovering the underlying physical devices. The concept of 4D concept has been implemented in Tesseract system [97]. The system has been designed to provide a platform with pluggable programmable modules.

CONMan [8] architecture defines a set of abstract modules that capture data or control plane functions. Ethane [16], NOX [35], and Maestro [97], which are all inspired by 4D project, are focusing on network flow access control management. Ethane has been deployed at Stanford’s Computer Science Department, which gave the developers a real evaluation to the concept of 4D.

The success of Ethane has led to OpenFlow, an open standard for programmable flow- based switch developed by Open Networking Foundation [71]. An OpenFlow-capable switch processes packets according to a flow table. The flow table is a set of matching rules over packet headers such that each rule has an action to be taken. A “logically” centralized controller is responsible to control the flow tables in OpenFlow capable switches using a set of pluggable, programmable modules.

Currently, SDN paradigm is a popular programmable architecture. It allows administra- tors to program their network and to deploy network services via programmability instead of configuration. on the other hand, our work is focusing on network configuration manage- ment.

2.5.7

Discussion and Critique

We presented various techniques to automate network configuration management. Majority of these techniques rely on a high-level language where the language has its own data type

definitions. This may create a conflict between the data type of a specific configuration parameter defined in the language and the data type defined at the device level. Moreover, if network devices are managed via standard protocol like SNMP, the overall management architecture will end up with two different data models: a data model at higher level (part of high-level language) and a data model provided by the standard protocol (such as YANG or SMI). Our approach provides automation by using programming and policy based approach; however, the language is designed to orchestrate with the data modeling language. Thus, instead of having a single complex model to translate high level policies into device native language (as in FOCALE and SmartFrog), our proposed framework divides management complexity into a set of layers where the lower layers are based on a standard architecture which is the NETCONF framework.

We mentioned various approaches that define the interaction protocol between a manager and an agent in order to manage configuration data. A manager can access the configu- ration data either directly or indirectly. A direct access is achieved by using CLI through manual configuration or script-based configuration. These approaches have the advantage of efficiency since they do not require a translator (to translate from high-level language to device-native language). The disadvantage is that each device may have its own language or CLI. Using manual configuration and script-based configuration in a heterogeneous network are impractical.

Indirect access is achieved by having a high-level language and a management protocol. It requires a translator application (agent application) to translate high-level language to device-native language. The purpose of having a high level language is to have a unified view of related configuration data regardless of the device manufacturer. SNMP-based approach is considered the most dominant approach to access configuration data indirectly due to its simplicity and low cost. Before SNMP-based approach, the object-based approach existed but was not widely accepted due to the extra overhead when transferring managed objects. With advent of Internet, HTTP-based approach has been introduced. HTTP-based

configuration has the same advantage as in SNMP-based approach. However, it has the same disadvantages as in the script-based approach.

XML-based approach is considered the most attractive technique to access configuration data due to the powerful features of XML technology. The work in this dissertation uses XML-based approach since we rely on NETCONF protocol to convey configuration data. As reported by [100], the downside of XML is overhead when handling with a single value of configuration data.

Recent approaches to automating network configuration management are influenced from software engineering principles. The main shortcoming in these approaches is the device life cycle, which is based on an isolated computer system life cycle [89]. However, our approach concerns about the life cycle of a whole network in order to achieve network-wide configuration.

Our work is not much different from the concept of SDN even though our work focuses on traditional network management. OpenFlow-enabled network can still benefit from our work in two areas: the bootstrapping of the network and policy manipulation. Based on [71], OpenFlow-enabled network is relying on NETCONF protocol as a main protocol to configure switches and controllers during the bootstrapping. Moreover, the work in this dissertation provides a solution to manipulate and verify flow tables.