During the past few years, Software-defined Networking has evolved to be a new network paradigm that gives hope to change limitations of current network infrastructures. By separating and abstracting control plane functions from network elements into a logically centralized entity, which is called controller, SDN simplifies the management of complex flows, enables programmability and provides better virtualization. In a SDN environment, the network applications communicates and sends their network service requests to the controller via Northbound Application Programming Interfaces (NBIs). Accordingly, the controller translates the requests into low-level forwarding rules and installs them in the data plane network devices via Southbound Application Programming Interfaces (SBIs), while providing relevant information up to the network applications. Both the academia and the industry have put a lot research effort in southbound SDN, which leads to the birth of the OpenFlow protocol as the first standard SBI for the communications between the controller and forwarding devices.
Network-as-a-Service(NaaS) is frequently offered in a multi-tenant style, where customers, who are also called tenants, and their end-users share network resources and services including software and hardware, while they are strictly logically isolated from each other. SDN has naturally provided a direct approach to the provision of virtual network services by the owners of the network infrastructures to the third parties, with network virtualization on control-plane, or hypervisor layer either on northbound or on southbound. In SDN, we can have multi-tenancy on different layers, for different purposes, using different techniques, each of which provides different levels of control while requiring different types of isolation among users. For instance, we can have southbound multi-tenancy with several guest controllers sharing the same data forwarding elements, or we may prefer northbound multi-tenancy with several guest applications sharing the whole SDN infrastructure including the master controller.
Some solutions have been proposed in order to implement multi-tenancy in SDN environments. FlowN is one example that is designed to provide container-based control-plane virtualization to enable multi-tenancy on the northbound. Another example is FlowVisor, which is a typical southbound multi-tenancy solution that enabling multiple guest controllers transparently manage their own slice of networks on top of the same network infrastructure. However, there are quite few comprehensive research on SDN multi-tenant models, moreover, in contrast to rich research outcomes on the southbound for virtualization and multi-tenancy such as FlowVisor and OpenVirteX based on OpenFlow, the multi-tenancy on northbound is rarely researched due to the lack of standardization. Therefore in this project, I give a comprehensive definition of Software Defined Multi-Tenant Networking(SDMTN), examine the feasible models along with available enabling techniques, and then,I investigate some representative solutions that currently exist in academia or industry. In addition, I propose a new framework for providing northbound multi-tenancy of SDN, and evaluate the framework by designing and implementing a prototype based on Mininet and OpenDaylight. The solution provides satisfactory level of isolation, domain-based fine-grained Access control, and good interoperability among SDN provider and tenants.
1. Architecture:
2. Use Case:
Tenant 2 configures its virtual network to connect its hosts with three vBridges respectively and use Service 1 as below.
SDN provider maps the virtual network configurations into global physical commands and configures service function chaining for Tenant 2 according to SLA.
