Abstract. The inclusion of innovative services in commercial networks is a burdensome task which frequently encounters resistance from Network Operators. Opening up the network is a prerequisite for the Active & Programmable Network paradigm to succeed. In this paper we present a novel network model which addresses three critical points to achieve that goal: network security and safety, service management and high performance. We show that excessive virtualization of network resources penalizes performance and we introduce programmable hardware at the core of our model. We also introduce a two-tier security checking architecture which frees network nodes from the most heavyweight tasks, improving performance. Our single point of service admission permits strict security control. Lastly, the separation between service introduction and service management increases network flexibility and permits the smooth integration of other network architectures in our framework. We also present the Octopus Open Gateway architecture, which shall support our network model.