WHITE PAPER

On

THE CONCEPT OF SOFTROUTER

(JULY 2010)

CONTENTS
S.No. 1. 2. 3. 4. 5. INTRODUCTION IP HOUR GLASS THE CONCEPT OF SOFTROUTER THE ARCHITECTURE OF TRADITIONAL ROUTER THE ARCHITECTURE OF SOFTROUTER 5.1 THE SOFTROUTER: DISAGGREGATION BASED APPROACH 5.2 THE SOFTROUTER: SERVERS BASED APPROACH 6. 7. 8. 9. 10. THE BENFITS OF SOFTROUTER SECURITY ISSUES: SOFTROUTER vs TRADITIONAL ROUTERS SOFTROUTER AS AN EXTENSIBLE PLATFORM CONCLUSION REFERENCES Page No. 3 4 5 5 6 8 9 9 10 11 12 14

WhitePaper/NGN/01/2010

Page2

THE CONCEPT OF SOFTROUTER 1. INTRODUCTION

Network operators wordwide are contemplating a move towards a converged 21st century Internet protocol (IP) network in which they expect to carry all types of traffic including voice, video and data. IP routers are the basic network element in these converged IP networks. The new requirements emerging everyday require a redesign of the Internet architecture especially with a focus on improving the security of the control plane infrastructure. As attacks on the internet infrastructure have been increasing steadily in the past few years, the security has been a key focus area in research and protocol development. Traditional router architectures are becoming increasingly complex today. As new features are being defined in internet engineering task force (IETF) Requests For Comments (RFCs), more and more control plane complexity is being added at the routers. Many operational tasks such as routing policy enforcement or traffic engineering require networkwide control are difficult and cumbersome to achieve in a network of autonomous and complex routers. Moreover, current routers have the controllers tightly coupled with the forwarding engine and this static binding often results in shared failures.

Traditional IP networks are constructed using routers that operate relatively autonomously. The high complexity is present at many points all over the network. This has many undesirable consequences. First, the multiple points of control significantly increase operational complexity (e.g., misconfiguration). Second, in certain circumstances, uncoordinated actions of these autonomous routers can lead to sub-optimal performance (e.g., poor recovery time) at best and network instability in the worst case. Finally, the introduction of new features may require upgrades to a large number of routers, which is both complex and error-prone. This has led to drive the data networking towards modularization and standardization. Therefore, the need arises for redesigning the current router systems so that the present

WhitePaper/NGN/01/2010

Page3

routers are not only able to handle the complexity in converged IP networks but are also able to deliver the secured delivery of the data through the network. The concept of Soft Router is a trend in this direction.

2. IP HOUR GLASS
Historically, the Internet Architecture has been modeled as Hourglass - Everything over IP and IP over everything IP Hour Glass is so called as: IP provides end-to-end datagram delivery service to protocols/applications IP can use any link - layer technology that delivers packets

Emerging applications are driving more functions to IP, expanding the waist of the hour glass. The Router vendors are incorporating all new IP functions into routers.

Fig. 1: IP: The waist of the Hourglass

WhitePaper/NGN/01/2010

Page4

Complexity in the IP networks is a problem that is spreading throughout the network. Achieving network-wide objectives such as traffic engineering requires complex translation of global objectives to configuration information in numerous individual routers.

Since, the IP hourglass is increasingly getting out of shape with more complex features and protocols, the current model of routers with integrated control and forwarding may not be able to survive. Soft Router advocates disaggregating the control and forwarding plane of a router. It removes the tight coupling between the two, and allows each to have new degrees of freedom to scale and innovate. At the same time, it improves the performance and stability of the Next Generation network which is primarily based on IP networks.

3. THE CONCEPT OF SOFTROUTER

The basic concept of Soft Router encompasses the following three aspects: (1) Decoupling: The separation of complex control plane processing functions (e.g., routing protocol processing) from the packet forwarding plane. (2) Server: The implementation of control plane processing functions on dedicated external control plane servers. (3) Standard interface: The definition of a standard protocol for control plane servers to interface to the forwarding elements.

4. THE ARCHITECTURE OF TRADITIONAL ROUTER

Traditional router architectures have integrated control and forwarding. The control processors implementing control plane functions are co-located with the line cards that implement forwarding functions and often share the same router backplane. The control processors provide control functions only to the co-located line cards, and vice-versa, leading to a scenario where the line cards cannot be managed when there is a failure of the co-located controller(s).

WhitePaper/NGN/01/2010

Page5

Proprietary API

Control Plane Processor

Forwarding Plane Processor

Fig. 2: Architecture of Traditional Router

5. THE ARCHITECTURE OF SOFTROUTER

The Soft Router architecture separates the implementation of control plane functions from packet forwarding functions. In this architecture, all control plane functions are implemented on general purpose servers called the control elements (CEs) that may be multiple hops away from the forwarding elements (FEs). There are two main types of network entities in the SoftRouter Architecture- the forwarding element (FE) and the control element (CE), which together constitute a network element (NE) router. The FE is a network element that performs the actual forwarding and switching of traffic. In construction, an FE is similar to traditional router; it may have multiple line cards each in turn terminating multiple ports and a switch fabric for shuttling the data traffic from one line card to another. The key difference from a traditional router is the absence of any sophisticated control logic (e.g. a routing process such as OSPF or BGP) running locally. Instead the control logic is hosted remotely. The exact nature of forwarding function can be packet forwarding, which includes Layer-2(MAC based switching) and Layer-3(Longest prefix match) forwarding ; label switching like MPLS switching and optical switching (in which the traffic can be time switched, wavelength switched or space switched among the links.) In each case the switching function is driven by a simple local table, which is computed and installed by a CE in the network. WhitePaper/NGN/01/2010 Page6

The CE is essentially a general purpose computing element such a s a server. It connects to the network like an end host, except that it is typically multi-homed to the network via multiple FEs so that it is not disconnected from the network when a single link fails. A CE runs the control logic on behalf of FEs and hence controls them. In principal any control logic typically found on a traditional router can be migrated to CEs, including routing protocols such as OSPF, BGP, and Mobile IP etc. A network element (NE) or a router is formed using logical grouping between the FEs and the respective CEs. The flexibility of the Soft Router architecture over conventional routers with collocated and tightly integrated control and forwarding functions results in a number of benefits like increased reliability, increased scalability, increased security, ease of adding new functionality, and decreased cost. There are two approaches of separating the CE (Control Plane) from FE (Data Plane) to in SOFTROUTER o Disaggregation based approach o Servers based approach

Packet Forwarding Element Control Element Server

Router

Feature Server

Fig. 3 : Traditional Router Based Network vs Soft Router Based Network

WhitePaper/NGN/01/2010

Page7

5.1 THE SOFTROUTER: DISAGGREGATION BASED APPROACH

In this approach, the control plane is physically separated from the forwarding plane i.e. data plane, similar to the way the SS7 signaling network is separate from the telephony network. Thus all the controllers in the control plane server form their own private network topology that is independent if the underlying forwarding plane topology. This approach is based on disaggregation of router hardware (FEs) from router software(CEs) using openstandards-based protocols for internetworking. This physical separation of FE and CE allows: Centralizing and sharing of complexity Enables scalable introduction of new functions without unduly encumbering IP forwarding functions

Encouraging software vendors to invest in developing carrier-class routing software to supply new entrants to the hardware market

Allowing each component to focus on its innovative curve Hardware: Highest speeds/density at lower cost Software : New features & easier manageability

Control Plane Processing

Control Plane Server

Standard Protocol

Forwarding Plane Processing

Forwarding Element

Figure 2: Soft Router: Disaggregation Model This approach is similar to softswitch-based disaggregation of class 5 switches.

WhitePaper/NGN/01/2010

Page8

5.2 THE SOFTROUTER SERVERS BASED APPROACH

This approach is based on the software servers that a SOFTROUTER houses: a) Control Element Server (CE) Responsible for traditional routing e.g. for both IGP(e.g. OSPF) and EGP(e.g. BGP) b) Feature Server (FS) - Responsible for value added functions and network based applications e.g. QoS, VPN, Mobile IP Control Elements and Feature servers both interface to the Forwarding elements
Control Plane

Control Element Server (CE)

Feature Server (FS)

Standard Protocol

Packet Forwarding Element (FE)

Transport Plane

Fig. 3: SoftRouter: Server Based Model

6. THE BENFITS OF SOFTROUTER

Disaggregation of router hardware from software has many potential advantages: (1) Lower operation costs: In the disaggregated model, the forwarding element is mostly hardware-based and requires little management. The individual router control plane management is consolidated into a few dedicated control plane servers. The reduced number of control plane elements means fewer boxes to manage, thus reducing operation costs. Also the hardware is standards based. (2) Ease of adding new network-based functional capabilities: The separate control plane server facilitates the introduction of network-based functionality. Some examples of these are: a. Support for QoS, b. Scaling of BGP route reflection, WhitePaper/NGN/01/2010 Page9

c. Network-based VPN support and IPv6 deployment. This centralization of the complex functions can be easily done in SoftRouter. Also the new features can be introduced faster and in a less expensive way resulting from open interfaces & incremental deployment. (3) Increased scalability: The control plane servers can be implemented on regular computer servers, and thus can be easily scaled up using well-established server scaling techniques. An important example of the need for server scaling in routers is the performance requirements of the Mobile IP protocol in third generation wireless data networks where scalability on the order of millions of users (Mobile IP sessions) is necessary. (4) Increased reliability: The reduced software in a forwarding element means it is easier to make it robust. On the control plane server side, sophisticated reliability enhancing mechanisms such as automatic fail-over and overload control can be incorporated. (5) Increased control plane security: Fewer management points means it is easier to provide a strong defense around them, thus making the overall network more secure.

7. SECURITY ISSUES: SOFTROUTER vs TRADITIONAL ROUTERS

A number of secure protocols such as IP security (IPsec), transport local area network service (TLS), secure Border Gateway Protocol (S-BGP) and domain naming system security extensions (DNSSEC) have been developed and form the important part of increasing the security of the internet. However in a traditional router architecture the control messages are sent in band and share the same resources as the data plane thus exposing the control plane to many possible attacks. Introducing the separation of control plane from forwarding plane in the soft router architecture has significant benefits in terms of increasing the security of the internet control infrastructure as can be understood with this analogy : In 1980s, the signaling in the telephone network was in band & suffered from security problems because of the phone phreakers who emulated the signaling tones to obtain free phone calls. The move towards

WhitePaper/NGN/01/2010

Page10

a separate signaling network 7 (SS7) network helped significantly improve the security of the telephone network infrastructure. Some of the security concerns in Traditional router vs SoftRouters are as follows: Open source control software vs closed router OS Specialized OS as in traditional routers is not widely as tested and secured as open source in SoftRouters e.g.Linux Multiple Control Blades vs one/two control blades Overload due to malicious traffic can be distributed across a large number of control blades in the SoftRouter server Sophisticated statistical analysis can also be performed on the multiblade SoftRouter servers for intrusion detection A separate firewall protecting control blades vs None Fewer control plane servers in the SoftRouter make it easier to secure using dedicated firewalls Separate signaling network vs Shared signaling network SoftRouter architecture allows for the possibility of a separate signaling network connecting the control servers similar to the SS7 network

8. SOFTROUTER AS AN EXTENSIBLE PLATFORM

For application-aware devices, the lack of open interfaces constraints the rapid adaptation to changing application needs. It is necessary to architect the system to be open and extensible, and be in a position to incorporate new features in an efficient way. This is especially true for an IP services platform as in NGN. The SoftRouter platform integrates support of IP services with routing and switching, thus allowing easy integration into existing network configuration for access to packet streams that require IP processing. Also, the SoftRouter separates the forwarding and control functions in an open system that redistributes the functionality amongst the SoftRouters forwarding elements, service cards, control panel servers and feature servers. SoftRouters support for IP services is uniquely enabled via three system conepts:

WhitePaper/NGN/01/2010

Page11

1. Reprogrammable service cards: Packet applications are loaded on demand onto reprogrammable service cards. Reprogrammability allows system functions to evolve as requirements change. 2. Service Chaining: This permits the multiple packet processing functions to be chained together in a customized manner to perform application specific functions on a packet stream. The chaining is configurable on demand through software control. Service chains implement application bundles. 3. A comprehensive service management framework: Each application chain is monitored for diagnostics and resource usage. The system supports a rich set of high availability mechanisms to ensure automatic recovery with minimal flow disruption upon system faults. SoftRouter provides a flexible way to configure how packet flows can traverse and get serviced by a sequence of service cards. The SoftRouter benefits from the ability to integrate a large number of commercial service cards. Its flexibility through open interfaces permit it to ride the technology curve which is especially critical in areas such a s wireless networks where packet functions ar changing rapidly and underlying technology improvement can often provide a very big performance jump. These factors allow the SoftRouter to be reconfigured and extended for multiple applications without significant redevelopment effort, making the SoftRouter approach well suited for application based networking as in NGN environment.

9. CONCLUSION
The separation of Control Plane from Forwarding Plane (i.e. Data Plane) in SoftRouter architecture has significant benefits in terms of increasing the security of the internet control infrastructure, mainly because of the following four reasons; A separate control plane shields the control plane from Delivery of Service(DoS) attacks on the data plane Fewer control servers than routers allows the cost effective deployment of hardware based special purpose firewalls Higher processing capacity of these control servers help in deploying more secure protocols and handle unexpected overload

WhitePaper/NGN/01/2010

Page12

 And use of open source operating systems in these control servers has the potential to improve the security of the internet control platform. As security increasingly becomes a major concern, new architecture that addresses this vulnerability will play a key role in the migration toward a next generation network internet.

WhitePaper/NGN/01/2010

Page13

REFERENCES

1. Annual Review of Communications, Volume 59, edited by International

Engineering Consortium

2. Softrouter

separate control network http://www.freepatentsonline.com/EP1653690.pdf

Patent

EP1653687

3. SoftRouter: An Open Extensible Platform For Tomorrow's Internet Services by

T. V. Lakshman K. Sabnani, T. Woo,Bell Labs, Alcatel-Lucent

WhitePaper/NGN/01/2010

Page14