Page 154 - 5G Basics - Core Network Aspects
P. 154

1                                                Core network aspects


            11.5    Interfaces

            There are two interfaces in the high-level architecture of SDN: the application-control interface and the
            resource-control interface. They provide access to the SDN controllers and network resources, allowing for
            programmable control of network resources.

            The details of each interface are as follows:
            –       Resource-control interface
                    The  resource-control  interface  is  used  for  interactions  between  the  SDN  control  layer  and  the
                    resource layer. Information exchanged through these interactions include controlling information
                    provided by the SDN control layer to the resource layer (e.g., for configuring a network resource or
                    providing policies) as well as the information that pertains to the (unsolicited) notifications sent by
                    the  resource  layer  whenever  the  network  topology  changes,  congestion  is  detected,  etc.  Such
                    notification information also includes data that are meant to assess the conformance of what has
                    been  delivered  against  what  has  been  negotiated  (hence  the  notion  of  service  fulfilment  and
                    assurance). This interface provides high-level accesses to the network resources regardless of their
                    respective technology.

            –       Application-control interface
                    The application-control interface is used for interactions between the application layer and the SDN
                    control layer. The application-control interface can be used by the application layer to feed the SDN
                    control layer information that will contribute to the decision-making process in terms of dynamic
                    resource allocation or policy enforcement, for example. The SDN control layer can also expose the
                    information and data models that reflect the resource abstraction to the application layer through
                    this interface.

            12      Environmental considerations

            SDN is meant to facilitate self-adaptability, so that resource availability and usage efficiency can be improved.
            This is likely to contribute to the optimization of resource usage and therefore reduced energy consumption.

            SDN relocates the control of network resources to a logically centralized SDN controller. This may contribute
            to simplify the design of network elements, thus power consumption is expected to decrease. However, the
            function that is logically centralized may become complicated, thus its power consumption may increase.

            13      Security considerations

            The introduction of a high level of automation in the overall service delivery procedure by means of SDN
            techniques inevitably raises security challenges. In particular, access to network resources by applications
            must be granted in order to protect the networking infrastructure and its components from a denial of service
            attack that may jeopardize the overall robustness, quality and reliability of the SDN architecture, or the
            services that it delivers.
            SDN provides new possibilities to combat security breaches. The affected resources may be easily and quickly
            isolated,  malicious  traffic  may  be  safely  terminated,  sensitive  flows  can  be  identified  and  separately
            transferred  in  a  more  secure  manner,  e.g.,  with  dedicated  equipment  and  security  protocols.  All  these
            processes may be automated due to SDN for improved availability. Moreover, a logically centralized control
            of SDN enables operators and/or entities to have a broader and/or a global view of the current status of
            networks, which makes security operations easier and more efficient.

            On  the  other  hand,  SDN  may  aggravate  the  damage  of  security  breaches,  misconfiguration,  privacy
            infringement  and  other  incidents.  Properties  that  were  traditionally  implemented  in  hardware  and
            impossible to change can now be modified, misconfigured or can function improperly. Such damage can
            expand  quickly  as  responses  of  various  software  programs  and  human  operation  may  be  too  slow  for
            appropriate reaction. It is therefore necessary to enhance monitoring capability and automated operations.
            More careful checking of e.g., policy configuration, becomes necessary. Moreover, a logically centralized
            controller can be a single point of failure, and can be a target of malicious attacks, thus special attention is
            required.


            144
   149   150   151   152   153   154   155   156   157   158   159