TFS release 2 cycle is well underway, with novel features being proposed, developed, consolidated and updated. In this second release, a big focus is put on scalability and resilience of the controller, with a complete re-design of the Context Component to include a scalable database (i.e., CrocoachDB) to support the stringent non-functional requirements. Also, a lot of attention if put on network automation, with the implementation of a long list of new workflows, including L3VPN establishment with SLA, multi-layer topology discovery, service Access Control List (ACL), service restoration, service location-awareness, traffic engineering, slice SLA enforcement, slice grouping, forecasting, inter-domain slice SLA enforcement, inter-domain connectivity provisioning and SLA enforcement using DLT, and Energy-aware network service placement.
Release 2 will provide extended support for OpenConfig-based routers and a new type of interaction with optical SDN controllers through the ONF Transport API. Moreover, release 2 will include complete integration for microwave network elements (through the IETF network topology YANG model), and Point-to-Multipoint integration of XR optical transceivers and P4 routers. New capabilities for P4 routers include the ability to load a P4 pipeline on a given P4 switch; to obtain runtime information (i.e., flow tables) from the switch; and to push runtime entries into the switch pipeline.
SLA validation has been re-engineered through all the workflows, from device monitoring, up to service and slice life cycle management. Thus, the Slice, Service, Policy, Device and Monitoring Components have been updated to support the necessary network automation workflows. Moreover, Release 2 brings a new component called Path Computation, enabling new use cases, such as energy-aware service placement.
Cyber-security mechanisms have been improved, including new components for distributed or centralized attack detection, inference, and mitigation, enabling also novel use cases. DLT has been extended to interact with the Inter-domain Component and make use of deployed Hyperledger Fabric.
To support all the above, the TeraFlowSDN architecture has been evolved, as shown in Figure below.
An updated description of each component is provided hereafter.
- The Context Component
- Is responsible for the stateful record of necessary information. It allows the internal NBI to obtain and manipulate TeraFlow status. It is responsible for interacting with a cloud-scale database.
- The Device Component
- Provides inventory information and allows to configure and manage specific devices though multiple SBI plugins including OpenConfig routers, ONF Transport API, IETF Network Topology and P4.
- The Service Component
- Manages the lifecycle of several TeraFlow services (including L3 and L2 VPN network models).
- The Forecaster
- Is a component able to perform proactive SDN traffic optimization by means of ML algorithms, through the collection of real-time KPI data and use of ML to forecast where and when a problem is likely to occur, allowing to reroute traffic before it happens.
- The Monitoring Component
- Includes and alarm manager and a subscription manager, offering subscription capabilities to the rest of components of the TeraFlowSDN controller.
- The Traffic Engineering Component
- Manages Segment Routing LSPs.
- The Path Computation Component
- Handles route and network resource selection enabling network connectivity services and targeting specific network objectives (e.g., energy-efficiency, resource-efficiency).
- The Automation Component
- Can automatically add/update/delete a physical or virtual device to/in/from the network with no human intervention, while ensuring that the correct device configuration parameters and device processing logic are installed, updated, or deleted in each case.
- The Policy Component
- Automatically translates high-level network policy rules to actual configuration to be applied to either devices and/or services. A policy rule may generate configuration changes across an entire network domain, thus may require re-configuration of multiple devices.
- The Slice Manager
- Handles Transport Network Slices with an SLA lifecycle, including Slice monitoring and SLA violation recovery mechanisms. Moreover, it includes a slice grouping algorithm allowing to increase resource utilization efficiency.
- The Centralized Attack Detector
- Coordinates the cybersecurity loop of the TeraFlowSDN controller both at L3 and optical layer.
- The Distributed Attack Detector
- Is used for security monitoring of layer 3 traffic. It detects attacks at remote sites (network edge) in a distributed fashion and classifies them.
- The Attack Inference Component
- Performs anomaly detection inference based on a set of samples. The implementation currently uses an unsupervised learning algorithm for anomaly detection.
- The Attack Mitigator component
- Is responsible for computing viable attack remediation solutions, depending on the attack detected by other components.
- The Distributed Ledger component
- allows to record, query, and process relevant data for network management enabling the detection of compromised edge-devices.
- The Compute Component
- Allows interaction with ETSI OpenSourceMANO (OSM) SDN/WIM connector.
- The Inter-domain Component
- Enables the interaction of a TeraFlowSDN instance with other peer TeraFlowSDN instances managing different network domains, to create E2E Transport Network slicing services.