Architecture of dynamic VPNs in OpenFlow

The increasing complexity of networks and NMSs is starting to affect operators, who are seeing a growing demand for Dynamic VPNs. DVPNs are application-specific VPNs which can be altered multiple time over their potentially short lifetime, requiring a certain degree of flexibility and agility from the network and its support systems. To implement DVPNs in the network, operators need to solve the complexity of NMSs and allow for granular control over network resources. A possible candidate to provide this solution is the SDN architecture and the OpenFlow specification. However, it is unclear if this solution will actually provide any benefit over the use of state of the art technologies. This research compares the differences between implementing a DVPN service using the contemporary MPLS stack and implementing it using OpenFlow. We found that the MPLS implementation can provide the VPN service but due to its large protocol stack and lack of a defined management interface, will prove to be unsuitable when implementing DVPNs. On the other hand, the SDN architecture can solve complexity and provide manageability by providing network abstractions to applications which can be developed by the operators themselves. However, until the northbound and east/westbound interfaces are defined, portability and flexibility is still limited. Additionally, this research shows that OpenFlow is missing monitoring in its forwarding plane allowing for individual components to make independent choices to provide fast failover times. This limitation means that the networking devices will need support from the controller to detect faults in the path, yielding recovery times above operator requirements.