Abstract
Software-defined networks (SDN) replacing the network appliances of traditional networks with logically centrally deployed applications, which are able to introduce the network function they implement into any element in the network. This flexibility renders SDN prone to conflict. We demonstrate conflict between applications in a laboratory setting to emphasize the importance of conflict detection in production networks. The evaluation of an analytical approach shows substantial obstacles in the general case. Our experimental approach produces conflict classes and detection patterns by means of studying network behaviour in the presence of multiple applications and traffic profiles being applied to different topologies. Based on such experiments, we illustrate the extraction of conflict patterns and their application to conflict detection in new situations.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bosshart P, Daly D, Gibb G, Izzard M, McKeown N, Rexford J, Schlesinger C, Talayco D, Vahdat A, Varghese G, et al. P4: programming protocol-independent packet processors. ACM SIGCOMM Comput Commun Rev. 2014;44(3):87–95.
Cui J, Zhou S, Zhong H, Xu Y, Sha K. Transaction-based flow rule conflict detection and resolution in SDN. In: 2018 27th international conference on computer communication and networks (ICCCN). IEEE; 2018. pp. 1–9.
Durante L, Seno L, Valenza F, Valenzano A. A model for the analysis of security policies in service function chains. In: Network Softwarization (NetSoft), 2017 IEEE conference on. IEEE; 2017. pp. 1–6.
Ferguson AD, Guha A, Liang C, Fonseca R, Krishnamurthi S. Hierarchical policies for software defined networks. In: Proceedings of the first workshop on Hot topics in software defined networks. ACM; 2012. pp. 37–42.
Gude N, Koponen T, Pettit J, Pfaff B, Casado M, McKeown N, Shenker S. Nox: towards an operating system for networks. ACM SIGCOMM Comput Commun Rev. 2008;38(3):105–10.
Haleplidis E, Pentikousis K, Denazis S, Hadi SJ, Meyer D, Koufopavlou O. Software-defined networking (SDN): layers and architecture terminology. RFC 7426 (Informational); 2015.
Hamed H, Al-Shaer E. Taxonomy of conflicts in network security policies. IEEE Commun Mag. 2006;44(3):134–41.
Kazemian P, Chan M, Zeng H, Varghese G, McKeown N, Whyte S. Real time network policy checking using header space analysis. In: NSDI. 2013. pp. 99–111.
Kazemian P, Varghese G, McKeown N. Header space analysis: static checking for networks. In: NSDI. vol. 12. 2012. pp. 113–126.
Khurshid A, Zhou W, Caesar M, Godfrey P. Veriflow: verifying network-wide invariants in real time. In: Proceedings of the first workshop on Hot topics in software defined networks. ACM; 2012. pp. 49–54.
Kletzander R. A testbed for researching conflicts in SDN, 2017. Bachelor’s thesis.
Lantz B, Heller B, McKeown N. A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the 9th ACM SIGCOMM workshop on hot topics in networks. ACM; 2010. p. 19.
Li J, Gu Z, Ren Y, Wu H, Shi S. A software-defined address resolution proxy. In: 2017 IEEE symposium on computers and communications (ISCC). IEEE; 2017. pp. 404–410.
Li Shengru, Hu Daoyun, Fang Wenjian, Ma Shoujiang, Chen Cen, Huang Huibai, Zhu Zuqing. Protocol oblivious forwarding (pof): software-defined networking with enhanced programmability. IEEE Netw. 2017;31(2):58–66.
Moffett Jonathan D, Sloman Morris S. Policy conflict analysis in distributed system management. J Organ Comput Electron Commer. 1994;4(1):1–22.
Pisharody S. Policy conflict management in distributed SDN environments. PhD thesis, Arizona State University, 2017.
Pisharody S, Natarajan J, Chowdhary A, Alshalan A, Huang D. Brew: a security policy analysis framework for distributed SDN-based cloud environments. In: IEEE transactions on dependable and secure computing, 2017.
Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, Gu G. A security enforcement kernel for openflow networks. In: Proceedings of the first workshop on Hot topics in software defined networks. ACM; 2012. pp. 121–126.
Shin S, Porras PA, Yegneswaran V, Fong MW, Gu G, Tyson M. Fresco: modular composable security services for software-defined networks. In: NDSS. 2013.
Song H. Protocol-oblivious forwarding: Unleash the power of SDN through a future-proof forwarding plane. In: Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM; 2013. pp. 127–132.
Sun Peng, Mahajan Ratul, Rexford Jennifer, Yuan Lihua, Zhang Ming, Arefin Ahsan. A network-state management service. ACM SIGCOMM Comput Commun Rev. 2015;44(4):563–74.
Tran CN, Danciu V. On conflict handling in software-defined networks. In: Proceedings of 2018 international conference on advanced computing and applications. CPS; 2018. pp. 50–57.
Wang A, Mei X, Croft J, Caesar M, Godfrey B. Ravel: a database-defined network. In: Proceedings of the symposium on SDN research. ACM; 2016. p. 5.
Acknowledgement
The authors wish to thank the members of the Munich Network Management Team (www.mnm-team.org), directed by Prof. Dr. Dieter Kranzlmüller, for valuable comments on previous versions of this paper.
Author information
Authors and Affiliations
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the topical collection “Future Data and Security Engineering” guest edited by Tran Khanh Dang.
Rights and permissions
About this article
Cite this article
Tran, C.N., Danciu, V. A General Approach to Conflict Detection in Software-Defined Networks. SN COMPUT. SCI. 1, 9 (2020). https://doi.org/10.1007/s42979-019-0009-9
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s42979-019-0009-9