vNFC: A Virtual Networking Function Container for SDN-Enabled Virtual Networks

Software-defined networks (SDN) has gradually been deployed on commercial networks such as datacenter networks. Current SDN is based on OpenFlow technology that is a set ofnetwork flow control API for switch devices. For instance, network reachability between end-hosts (or virtual machines), packet filtering mechanisms, and status management of switches are enabled by the API. In practice, however, current OpenFlow-based SDN has following problems: no application-layer protocol support and switch-oriented flow control. Since OpenFlow targets L2-L4 flow handling, users have to arrange additional mechanism for upper-layer flow control. Furthermore, executing a lot of flow matching on a single switch (or virtual switch) can cause difficulty in network trace and overall performance degradation.This paper proposes a virtual networking function container (vNFC) that is a set of software implemented networking functions for VM-to-VM communications, and it is located between a virtual machine and a virtual network device of the host machine. vNFC enables not only lower-layer functions OpenFlow providing, but also upper-layer functions like application firewall in the same manner. That is, vNFC is a virtual machine dedicated flow handling function set. In addition, OpenFlow-compatible vNFC configuration protocol named OpenNF and vNFC controller are also presented. OpenNF provides communication path between each networking function and the controller for configuration and decision making.In this paper, architectural design and implementation of vNFC are presented, and also performance evaluation of using vNFC. The evaluation result shows that a lightweight networking function does not impact on the performance, but a function that frequently communicates with the controller incurs millisecond order cost per frame transmission.