Towards a Scalable Software-Defined Network Virtualization Platform Zdravko Bozakov and Panagiotis Papadimitriou Institute of Communications Technology, Leibniz Universit¨ at Hannover, Germany {zdravko.bozakov, panagiotis.papadimitriou}@ikt.uni-hannover.de Abstract—Software-defined networking (SDN) has emerged to circumvent the difficulty of introducing new functionality into the network. The widespread adoption of SDN technologies, such as OpenFlow, can facilitate the deployment of novel network functions and new services. Network infrastructure providers can significantly benefit from the SDN paradigm by leasing network slices with SDN support to Service Providers and end-users. Currently, the deployment of arbitrary virtual SDN topologies entails significant configuration overhead for SDN operators. To this end, we present a SDN virtualization layer that orches- trates the deployment and management of virtual SDNs (vSDN). The so-called SDN hypervisor generates and installs the forward- ing entries required for vSDN setup and also coordinates the necessary switch flow table modifications for seamless resource migration. Furthermore, the hypervisor transparently rewrites all control messages enforcing flowspace isolation while giving to the vSDN operator the illusion of exclusive access control. We explore the design space and prerequisites for SDN virtualization, including the selection and encoding of packet identifiers, the resolution of flowspace identifiers, and the configuration and consolidation of multiple virtual flow tables onto a single switch in order to provide support for arbitrary topologies. Furthermore, we discuss the scalability of the SDN control and data plane. I. I NTRODUCTION Network virtualization constitutes a promising solution for the concurrent deployment and operation of isolated network slices on top of shared network infrastructures [15], [20]. Fun- damentally, network virtualization offers significant benefits to Service Providers and network infrastructure providers. In particular, Service Providers (SP) have the ability to efficiently deploy network services within customized virtual networks (VN), which can be extended on demand allowing the SP to scale his offered service. Most importantly, network virtual- ization decouples the network operations from the underlying infrastructure, allowing SPs and VN users to retain the man- agement and control of their own slices. Furthermore, adaptive VN provisioning [8] combined with techniques for virtual resource migration [17] can facilitate VN fault management in response to substrate node/link failures and changes in traffic loads and network topologies. For network infrastructure providers, network virtualization improves resource utilization, reduces operational (OPEX) and technology investment costs (CAPEX), and can generate revenue by leasing VNs to third parties. Recently, the software-defined networking (SDN) paradigm has emerged to facilitate the deployment of new network functions and services by offering an abstract network view which is decoupled from the underlying switching hardware. SPs can benefit from the faster development cycles associated with the increased abstraction level and, consequently, network infrastructure providers have more incentives to offer virtual networks with SDN support. FlowVisor [16] has taken a first step towards SDN vir- tualization. FlowVisor allows multiple users to control SDN slices by regulating the type of flow entries installable by each user, based on the notion of flowspaces. However, FlowVisor provides slicing rather than full virtualization of resources. Hence, it only allows the deployment of vSDN topologies that represent a subset of the substrate network topology. Furthermore, the provision of virtual address spaces is not possible. As such, FlowVisor represents only one building block for the presented SDN virtualization. Besides these restrictions, the planning and deployment of virtual SDNs (vSDN) with FlowVisor requires substantial network operator intervention. In fact, the instantiation of a vSDN, which from a user perspective is virtually indistinguishable from a physical network, is nontrivial. The assignment of virtual resources to physical switches and links, the choice of flowspace, the appropriate traffic encapsulation and flow entries setup require considerable planing and management resources. Furthermore, vSDN deployment entails considerable scalability challenges both for the control and the forwarding plane. To address these issues, we present a transparent vir- tualization layer, called SDN hypervisor, that orchestrates the embedding, deployment and management of vSDNs. In particular, the SDN hypervisor: (i) computes the mapping of vSDN topologies, (ii) automates the setup of arbitrary vSDNs by transparently generating required substrate flow entries for packet forwarding and encapsulation, (iii) processes and rewrites control messages, allowing each vSDN operator to configure his own slice as an SDN with exclusive access control, (iv) automates vSDN node and link migration by coordinating the necessary switch flow table updates. The transparent control message translation enables ten- ants to install arbitrary packet processing rules within an assigned vSDN, without adversely affecting concurrent users. At the same time, the automation of the infrastructure setup minimizes SDN operator intervention. To scale the SDN hypervisor, we subdivide the SDN substrate into multiple domains and assign a seperate controller proxy (CPX) to each domain, based on our previous work [1]. As such, local operations such as flowspace allocation, flow entry installation, and control message translations, are performed independently 978-1-4799-0913-1/14/$31.00 c  2014 IEEE