Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Software Defined Virtual Networks

Summary

NIST is working to develop test and measurement techniques to advance the state of the art in network virtualization, network service function chaining, software defined networks, technologies and techniques to address robustness safety and security of virtualized network services.  Explore novel applications of NFV/SDN to domains such as network security and intrusion detection,  support of machine to machine communications, support of advanced mobility and cloud computing.

Description

SDVN logo

Background

Data networks have enabled extraordinary growth in capabilities such as email, the web, and social media; and today form the technical basis for our information-centric economy[1]. However, current network architectures and processes for technical evolution cannot support the complexity and pace innovation in emerging applications such as Virtualized / Cloud Computing, Internet of Things, ubiquitous Mobile Computing and Big Data Analytics. Today’s industry norm of deploying special purpose, fixed-function hardware appliances (e.g., routers, switches, firewalls, load balancers) that implement standardized protocols no longer scales with the required pace of innovation for new services, nor the economics of modern virtualized computing.  In today’s networking industry, these barriers to innovation result in lead times of years to design and develop new network services and require tremendous capital and operational expenses to deploy and operate new network functions.  

In response, the industry has developed new initiatives in Network Function Virtualization (NFV) and Software Defined Networking (SDN). These are radical departures from today’s industry norms, in that they abstract the implementation of new network functions and decouple them from specific hardware platforms and topological constraints (i.e., the location in a network where functions/services must be deployed).  In essence, NFV/SDN make the network itself “programmable,” offering the promise of rapid innovation of network services customized and tightly integrated with specific application domains. NFV/SDN will enable the networking industry to follow the same virtualization model that cloud computing has successfully demonstrated with both cost savings and business growth measured in the billions of dollars. The results of NFV/SDN research and development are creating fundamentally new measurement challenges in network behavior, software quality, and security properties of dynamically composed, programmable networks.  Given the critical position of basic network control systems, the need to accurately measure and thoroughly test the safety, robustness, security, and performance of software defined networks will be paramount in ensuring the success of these technologies use in future mission/business-critical networks.

 

Major Accomplishments

  • Designed and developed programmable measurement framework for software defined networks - including both low-level data plane measurement and virtualized network functions for distributed measurement applications and open source prototypes based upon OVS.
  • Designed and developed a software-defined approach to policy based IoT networking base upon Manufactures Usage Description (MUD) profiles.
  •  

 

Industry and academic leaders started the NFV/SDN movement to change the economics and complexity of network innovation.  The Open Network Foundation[2],[3] and the Open Network Research Center[4] were established to research and define SDN and to create an open market for network control functions that can be tightly coupled with the changing technical requirements of specific applications and services.  Recently other industry research groups[5] [6] and standards bodies[7],[8] have emerged to address the issues of programming languages and virtualized computing infrastructures for the implementation, composition and management of these new network control applications.

Virtualized networking to support vast data centers was the initial commercial force driving SDN/NFV, with network switch, hypervisor, and cloud service vendors driving the pace and the direction of innovation.  The realization of the power and potential of “opening up” networking platforms and enabling the seamless integration of programmable networks and applications set off a series of billion dollar acquisitions[9] and triggered even broader efforts by the industry to commoditize network hardware platforms[10] and software environments[11].   Today the potential applications software defined virtual networks range from global telecommunications[12] to completely software defined data centers[13].  Current market analyses project the NFV/SDN market to reach $100B by 2020[14].

NIST’s Role:

While this revolution in networking industry has great potential, there are numerous test and measurement challenges that must be met to ensure that SDNs are robust and secure enough to meet the mission critical requirements of our information-centric society.  To date, the potential of dramatic cost reductions coupled with rapid feature innovation is driving aggressive early deployment of NFV/SDN technologies well before their behavioral properties are well understood.   The existing technologies for distributed routing and switching control protocols (that NFV/SDN technologies will displace) are the result of decades of research and development experience focused on robustness, security and scalability.  Failure to devote significant effort to development of the measurement techniques necessary to characterize, predict and control the robustness and security properties of software defined networks could result in significant technical and market-place failures going forward.     NIST is uniquely positioned to address these issues for the networking industry.

Technical Approach

The NIST program will focus on the robustness, safety and security of NFV/SDN technology and its potential disruptive application to national priority initiatives.  The following key activities/outcomes are planned for the first 3 years:

  • Measurement Science for NFV/SDN – NIST will research and develop the measurement science necessary to meaningfully characterize and test the behavior, performance and robustness of emerging NFV/SDN technologies.  Our particular focus will be metrics and techniques to measure the safety and security of NFV/SDN networks at scale and the ability of such networks to meet strict performance requirements. Specific outcomes will include:
    • Design of Programmable Measurement Extensions for SDN
    • A Complex Systems Analysis of SDN
    • Software Verification of Open vSwitch
  • Distributed NFV/SDN Testbed - To meaningfully explore SDN technologies we must develop the capability to experiment, test, model and measure designs and implementations.  NIST will establish the ability to conduct large-scale simulations, emulations and live experiments with NFV/SDN technologies.  ITL will leverage existing capabilities for large-scale network simulation and emulation experiments to this effort and will establish a NIST presence in national scale distributed testbeds for demonstrating the results of NFV/SDN R&D.  Specific outcomes will include:
    • Establishment of a hybrid physical / emulation SDN testbed at NIST
    • Linking of NIST’s testbed with GENI, Internet2, and ESNet national scale testbeds
  • Disruptive NFV/SDN Applications – Leveraging the capabilities above, NIST will examine the potential for NFV/SDN technologies to contribute significantly to other high priority programs.   NIST will explore two such domains in the first two years: software-defined Internet of Things (IoT) networking and novel uses of SDN for network security.  Specific outcomes will include:
    • Design of Policy Based Security Automation for IoT Networks using SDN
    • Design of DDoS Detection and Mitigation used Programmable SDN Monitoring
  • Acquisition and Deployment Guidance – Finally, NIST has been approached by several other government agencies and industry partners to develop acquisition tools and secure deployment guidance for emerging NFV/SDN technologies.  Specific outcomes will include:
    • An Acquisition Profile for NFV/SDN Technologies
    • Guidelines for the Secure Deployment of NFV/SDN Technologies

Network Function Virtualization and Software Defined Networking is a dramatic shift in the way network technology will be defined, developed and deployed in the future.  NIST must develop the capability to contribute measurement science to emerging standards in this area.  In addition there is a need to explore the potential application of this new paradigm to other network-centric initiatives of national importance.  By focusing on IoT, NIST will explore the potential for NFV/SDN to be a disruptive technology in initiatives such as public safety, energy conservation, transportation, and e-Healthcare.


References:


[1] Internet Matters: The Net’s Sweeping Impact on Growth, Jobs and Prosperity; http://www.mckinsey.com/industries/high-tech/our-insights/internet-matters

[2] Open Networking Foundation (ONF) ; https://www.opennetworking.org/

[4] Open Network Research Consortium (ONRC); http://onrc.stanford.edu/

[5] IRTF Network Function Virtualization Research Group (NFVRG); https://irtf.org/nfvrg

[6] IRTF Software-Defined Networking Research Group (SDNRG); https://irtf.org/sdnrg

[7] ETSI Network Functions Virtualization; http://www.etsi.org/technologies-clusters/technologies/nfv

[10] Open Network Linux; https://opennetlinux.org/

[12] ATT: A Network Built in Software; http://about.att.com/innovation/sdn

[13] Openstack: Open Source Software for Creating Private and Public Clouds; https://www.openstack.org/

 

  • towards-ztn-nist.pdfztn-measurement.pdf
  • A. Wang,  Y. Guo, S. Chen (George Mason University), F. Hao, T.V. Lakshman (Bell Labs, Nokia), D. Montgomery, K. Sriram; "vPROM: vSwitch Enhanced Programmable Measurement in SDN";  The 25th IEEE International Conference on Network Protocols (ICNP 2017); October 2017.  Presentation Slides . Poster.
  • A. Wang, Y. Guo, et al; "UMON: Flexible and Fine Grained Traffic Monitoring in Open vSwitch";  Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies (CoNEXT '15); Heidelberg, Germany — December 01 - 04, 2015.  Presentation slides
  • Yang Guo, Online VM Auto-Scaling Algorithms for Application Hosting in a Cloud, IEEE Transactions on Cloud Computing, April 2018.
    • Draft Journal Publication is currently not available online.
  • Yang Guo, Doug Montgomery, Instrumenting Open vSwitch with Monitoring Capabilities: Designs and Challenges, ACM SOSR 2018, March 2018.
    • Final Conference Publication is also available online here.
  • Yang Guo, Key Note Address: Software Defined Networking (SDN) and SDN Based Programmable Measurement, IEEE Baltimore Section, Co-sponsored by Reliability Society, WIE NOVA, December 2017.
    • Draft Invited Presentation is also available online here.
  • Junfei Xie, Yan Wan, Kevin Mills, , James J. Filliben, A Scalable Sampling Method to High-dimensional Uncertainties for Optimal and Reinforcement Learning-based Controls, accepted for presentation at IEEE Control Systems Society 56th IEEE Conference on Decision and Control (Melbourne, Australia, December 12-15, 2017), December 2017.
    • Draft Conference Publication is also available online here.
  • Mudumbai Ranganathan, Charif Mahmoudi, Laurence Chang, Max Kimmelman, Doug Montgomery, Prophylactic MUD: Preventing BotNet Attacks in IoT Networks, ITL Science Day poster., November 2017.
    • Final Poster is currently not available online.
  • Yang Guo, Doug Montgomery, High Speed Data Plane Measurement Using Programmable Switches, ITL Science Day, November 2017.
    • Final Poster is currently not available online.
  • Yang Guo, Doug Montgomery, Kotikalapudi Sriram, vSwitch Enhanced Programmable Measurement in SDN, ITL Science Day, November 2017.
    • Final Poster is currently not available online.
  • Khalid HALBA, Charif MAHMOUDI, Edward GRIFFOR, Vehicle Networking Architecture for Next Generation Intelligent Transportation Systems, ITL Science Day, November 2017.
    • Final Poster is currently not available online.
  • Doug Montgomery, Mudumbai Ranganathan, Charif Mahmoudi, Laurence Chang, Max Kimmelman, Software Defined Security for Scalable IoT Defense, ITL Science Day, November 2017.
    • Keywords: DDoS, SDN, MUD, Manufacturer Usage Description
    • Final Presentation is currently not available online.
  • Yang Guo, Doug Montgomery, Kotikalapudi Sriram, vPROM: VSwitch enhanced programmable measurement in SDN, IEEE ICNP 2017, October 2017.
    • Final Conference Publication is also available online here.
  • Yang Guo, vPROM: vSwtich Enhance Programmable Measurement in SDN, IEEE ICNP 2017, October 2017.
    • Final Presentation is currently not available online.
  • Khalid HALBA, Charif MAHMOUDI, Edward GRIFFOR, Vehicle Networking Architecture for Next Generation Intelligent Transportation Systems, IETF Internet Draft (in progress), October 2017.
    • Draft Conference Publication is currently not available online.
  • Yang Guo, Source Code for Instrumented Open vSwtich, Github, July 2017.
    • Final Software Release is also available online here.

 

 

Created August 14, 2016, Updated July 17, 2018