Skip to main content
SpringerLink
Log in
Book cover

International Conference on E-Business and Telecommunications

ICETE 2015: E-Business and Telecommunications pp 39–57Cite as

High Level Policies in SDN

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 585))

Abstract

Policies for network traffic handling define packet routes through networks, enforce required quality of service, and protect networks from security threats. When expressing a policy, one needs to characterise the traffic to which the policy applies by traffic identifiers. Low level traffic identifiers, such as IP addresses and port numbers, are available in each packet. Indeed, low level traffic identifiers are perfect for data plane routing and switching. However, high level traffic identifiers, such as user name and application name, are better for the readability and clarity of a policy. In this paper, we extend software defined networks with high level traffic identifiers. We propose to add additional interface to SDN controllers for collecting traffic meta data and high level traffic identifiers. The controller maintains a database that maps high level traffic identifiers to a set of flows defined by low level traffic identifiers. SDN applications can apply policies based on both high level and low level traffic identifiers. We leave the southbound protocols intact. This paper provides two examples of High Level SDN paradigms – Application-Aware Networks and Identity-Aware Networks. The first paradigm enables policies depending on application names and characteristics. The latter allows policies based on user names and their roles.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://www.opendaylight.org/.

  2. 2.

    http://www.noxrepo.org/pox/about-pox/.

  3. 3.

    http://frenetic-lang.org/pyretic/.

  4. 4.

    http://www.videolan.org/vlc/index.html.

References

  1. Bendrath, R.: Global technology trends and national regulation: explaining variation in the governance of deep packet inspection. Technical report, Delft University of Technology (2009), Paper originally prepared for the International Studies Annual Convention

    Google Scholar 

  2. Bredel, M., Barczyk, A., Newman, H.: Application-aware traffic engineering for wide area networks using openflow. In: SuperComputing Conference, Emerging Technologies (2013)

    Google Scholar 

  3. Caldarola, L., Choukir, A., Cuda, D., Dondero, M., Ficara, D., Muccifora, R., Polčák, L., Trifilo, A.: Towards a real application-aware network. In: Proceedings of the 6th International Conference on Data Communication Networking (DCNET-2015), pp. 5–12. SciTePress - Science and Technology Publications (2015)

    Google Scholar 

  4. Choukir, A., Caldarola, L., Cuda, D., Dondero, M., Ficara, D., Muccifora, R., Polčák, L., Trifilo, A.: Towards a real application aware network (2013). http://youtu.be/QHYPhAhIwVw

  5. Cisco: Cisco identity services engine (2015). http://www.cisco.com/c/en/us/products/security/identity-services-engine/

  6. Cisco Systems: Cisco MSI Deployment Guide (2013). http://www.cisco.com/web/solutions/medianet/docs/Cisco_MSI_Installation_Guide.pdf

  7. Cisco Systems: Application Visibility and Control (2014). http://www.cisco.com/c/en/us/products/routers/avc_control.html

  8. Council of Europe: Convention on Cybercrime (2001), ETS No. 185

    Google Scholar 

  9. Curtis, A.R., Kim, W., Yalagandula, P.: Mahout: low-overhead datacenter traffic management using end-host-based elephant detection. In: IEEE INFOCOM (2011)

    Google Scholar 

  10. Dainotti, A., Pescape, A., Claffy, K.: Issues and future directions in traffic classification. IEEE Network 26(1), 35–40 (2012)

    Article  Google Scholar 

  11. Das, S., Yiakoumis, Y., Parulkar, G., McKeown, N.: Application-aware aggregation and traffic engineering in a converged packet-circuit network. In: Optical Fiber Communication Conference and Exposition (OFC/NFOEC) and the National Fiber Optic Engineers Conference (2011)

    Google Scholar 

  12. ETSI: ETSI ES 201 158: Telecommunications security; Lawful Interception (LI); Requirements for network functions. European Telecommunications Standards Institute (2002), version 1.2.1

    Google Scholar 

  13. Fraleigh, C., Moon, S., Lyles, B., Cotton, C., Khan, M., Moll, D., Rockell, R., Seely, T., Diot, S.: Packet-level traffic measurements from the sprint IP backbone. IEEE Network 17(6), 6–16 (2003)

    Article  Google Scholar 

  14. Franková, B.: Lawful Interception in Software Defined Networks (2015). Master’s thesis (in Czech), Brno University of Technology, CZ

    Google Scholar 

  15. Hewlett-Packard: Identity driven management: technical brief (2015). http://www.hp.com/rnd/pdf_html/IDM_technical_brief.htm

  16. Holkovič, M.: SDN Controlled According to User Identity (2015). Master’s thesis, Brno University of Technology, CZ

    Google Scholar 

  17. Jarschel, M., Wamser, F., Hohn, T., Zinner, T., Tran-Gia, P.: SDN-based application-aware networking on the example of youtube video streaming. In: European Workshop on Software Defined Networks (2013)

    Google Scholar 

  18. Juniper Networks: Identity and policy control (2015). http://www.juniper.net/us/en/products-services/ipc/

  19. Juniper Networks Inc: Junos Application Aware: Deep packet Inspection (2015). http://www.juniper.net/us/en/products-services/network-edge-services/service-control/junos-application-aware/

  20. Mattos, D.M.F., Ferraz, L.H.G., Duarte, O.C.M.B.: AuthFlow: Authentication and Access Control Mechanism for Software Defined Networking, Technical Report, Electrical Engineering Program, COPPE/UFRJ, April 2014. http://www.gta.ufrj.br/ftp/gta/TechReports/MFD14.pdf

  21. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: Openflow: enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)

    Article  Google Scholar 

  22. Moore, A.W., Papagiannaki, K.: Toward the accurate identification of network applications. In: Dovrolis, C. (ed.) PAM 2005. LNCS, vol. 3431, pp. 41–54. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  23. Nayak, A.K., Reimers, A., Feamster, N., Clark, R.: Resonance: dynamic access control for enterprise networks. In: Proceedings of the 1st ACM workshop on Research on Enterprise Networking, pp. 11–18, ACM (2009)

    Google Scholar 

  24. PLUMgrid: PLUMgrid: virtual network infrastructure (2014). http://plumgrid.com

  25. Polčák, L.: Integration of SDN and medianet metadata (2014). http://youtu.be/CqDYn4-DKn8

  26. The Council of the European Union: COUNCIL RESOLUTION of 17 January 1995 on the lawful interception of telecommunications (96/C 329/01) (1996)

    Google Scholar 

  27. Wilkins, S.: Designing for Cisco Internetwork Solutions (DESGN) Foundation Learning Guide (CCDA DESGN 640–864). Pearson Education, Boston (2011)

    Google Scholar 

  28. Zhang, D., Mai, S., Guo, H., Tsuritani, T., Wu, J., Morita, I.: Openflow-based control plane for the application-aware lobs network. In: OptoElectronics and Communications Conference (2013)

    Google Scholar 

Download references

Acknowledgements

This work was supported by Cisco Systems Switzerland where the idea of AAN emerged, was implemented, tested and evaluated. The work focusing on IAN and generic High Level SDN is a part of the project VG20102015022 supported by Ministry of the Interior of the Czech Republic and it was also supported by the BUT project FIT-S-14–2299.

Author information

Authors and Affiliations

  1. Faculty of Information Technology, Brno University of Technology, Božetěchova 2, 612 66, Brno, Czech Republic

    Libor Polčák, Barbora Franková & Martin Holkovič

  2. Cisco Systems Sarl, Rolle, Switzerland

    Leo Caldarola, Amine Choukir, Davide Cuda, Marco Dondero, Domenico Ficara, Roberto Muccifora & Antonio Trifilo

Authors
  1. Libor Polčák
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Leo Caldarola
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Amine Choukir
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Davide Cuda
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marco Dondero
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Domenico Ficara
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Barbora Franková
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Martin Holkovič
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Roberto Muccifora
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Antonio Trifilo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Libor Polčák .

Editor information

Editors and Affiliations

  1. Dept. of Computer & Info Science, Fordham University, Bronx, New York, USA

    Mohammad S. Obaidat

  2. IUT, University of Haute Alsace, Colmar, France

    Pascal Lorenz

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Polčák, L. et al. (2016). High Level Policies in SDN. In: Obaidat, M., Lorenz, P. (eds) E-Business and Telecommunications. ICETE 2015. Communications in Computer and Information Science, vol 585. Springer, Cham. https://doi.org/10.1007/978-3-319-30222-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30222-5_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30221-8

  • Online ISBN: 978-3-319-30222-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation