An improved mechanism for flow rule installation in-band SDN

https://doi.org/10.1016/j.sysarc.2019.01.016Get rights and content

Abstract

Software Defined Network (SDN) is a new network architecture that controls the network through a logically centralized controller. The controller computes and installs the flow rules (i.e., entries) in the flow table at switches. When a switch receives the data packet and does not have the flow rule in its flow table, the switch contacts controller. The best path is computed by using topology and network policies. Then controller installs flow rules at switches along the path. Subsequently, the packet is forwarded to the switches accordingly. Due to the asynchronous nature of SDN, the packet may reach an intermediate switch before the corresponding flow rules. In this case, the packet is dropped by the switch. To address this problem, we propose a new technique that computes delay of both, the flow rules installation and packet arrival at a switch along the path. In case the packet arrival delay at the switch S1 is less than the delay of corresponding flow rule installation at S1, then the packet is delayed for a minimum duration at the predecessor switch of S1 in such a way that the corresponding flow rule is installed before the packet arrival. Thus, the proposed mechanism ensures flow rule installation before the corresponding packet reaches switches and subsequently reduces packet loss. To compute the delay between any two switches, and a switch and controller, our proposed technique exploits the keep-alive messages exchanged between switch and controller in order to reduce the redundant traffic in the network. We evaluated our proposed technique in terms of packet delivery ratio and average packet end-to-end delay in Mininet emulator. Our proposed technique improves the packet delivery ratio up to 36% and average packet end-to-end delay is reduced to 74% in case of a varying number of flows as compared to an existing mechanism. Moreover, we testify our proposed technique by running the real network traces.

Introduction

A computer network has two planes; control and data planes. While the former controls the flow of data across the network, the later forwards the data packets according to the decision of control plane. In a traditional computer network, both control and data planes are implemented in each forwarding devices. Each forwarding device executes the control plane to build the forwarding tables that are used to find the interface for forwarding packet. Thus, the traditional network is distributed in nature that makes the network hard to manage and control [1]. A new networking architecture, called Software Defined Network (SDN), has been proposed which proposes the separation of the control plane from data plane of the forwarding device. The control plane is implemented at a logically centralized device, called controller. Due to this centralization, SDN simplifies network management, control and policy enforcement.This separation provide facilitation for the network evolution and innovation in traffic engineering [2], [3], optimizing usage of resources in data center networking [4], [5], improvement in performance and management [6], [7], [8], [9], Energy Saving [10], [11] and Hybrid SDN for fine-grained control over legacy networks [12]. In SDN, the controller communicates with switches through a well-defined application programming interface (API). Currently, the popular API is OpenFlow protocol [13], [14]. The OpenFlow switch contains a flow table that consists of flow rules. The flow rule comprises of match fields, counters and set of instructions. The incoming packets at the switch are matched with the flow rules of flow table and the switch executes a specified action like forwarding the packets in present form; modifying the packets before forwarding, dropping the packets or sending the packet to the controller for computing the flow rules. Upon receiving a packet for computing flow rules, the controller computes the best path according to network topology and policy. Then the controller returns the path by installing the flow rules in forwarding tables of the switches along the path [15].

Flow rules are installed at switches through either a proactive or a reactive approach. In a proactive approach, the controller installs flow rules in advance for every host at every switch as the network gets configured. In a reactive approach, the flow tables at switches are empty as the network gets configured. When a packet arrives at switch and the switch does not have the corresponding flow rule, the switch forwards the packet to controller. Then, the controller computes the path and adds to the network by installing the flow rules in the forwarding tables of the switches along the path. Thus, the reactive approach installs the flow rules in on-demand fashion. In a proactive approach has a low end-to-end delay because the path is already installed for a packet. However, this approach has an extra traffic and computation overhead due to an installation of flow rules for the destinations for which no packets need to be sent [16]. The reactive approach is being used more prominently because it avoids the extra overhead by installing the flow rules only for those destinations to which the packets are to be sent. For example, data center networks use a reactive approach where often traffic fluctuates, and it is necessary for achieving management and security objectives [2], [17], [18].

The communication model between the controller and switches can be out-of-band or in-band. In out-of-band communication model, the controller is connected to every switch through a dedicated link/channel. The advantages of the out-of-band communication are a lower end-to-end delay due to the dedicated network for control traffic, more secure as separate communication path is used for the control channel, and switches can also communicate with a controller even when data path network is not available [19]. However, out-of-band communication has the following disadvantages.

  • (i)

    It is expensive to build and maintain, particularly in a situation where the offices connected through the network are widely geographically distributed.

  • (ii)

    In out-of-band communication model, supplementary links are required, the configuration is hard, and maintenance of separate control network leads to more complexity of the network.

  • (iii)

    In distributed control plane environment, additional out-of-band coordination mechanisms are required [20].

  • (iv)

    Extra physical ports are required in each switch for out-of-band communication model [21].

  • (v)

    Scalability will be an issue in out-of-band communication because expanding the network will be dependent on ports available in switches.

  • (vi)

    The network links in the control plane cannot be used when needed even if available. Thus leading to inefficient utilization of network resources [22].

Due to these limitations of out-of-band communication model, in-band communication is prominently used in SDN. In-band communication model uses the same data network for communication between the controller and the switches. Therefore, in this paper, we target the SDN scenario where in-band communication model is used between the controller and switches, and the flow rules are installed reactively. In this scenario, various events occur at the controller and switches asynchronously causing several problems, For example, a race condition can occur when the flow rules for a flow generated by the controller are on transit (i.e., yet to reach the switch), and the data packets of the flow reach the switch. Consequently, the data packets will be forwarded by the switch to the controller. The controller labels them as spoofed packets and drops the packets [23]. This race condition will be discussed in detail in Section 3.

We propose a novel approach for installing flow rules at switches in such a way that the flow rules are installed before their corresponding packet arrives at the switch. This is achieved by estimating round-trip-time (RTT) between the controller and switches, and between the two switches. Through simulation, we show that our proposed solution performs better in term of packet delivery ratio and end-to-end delay compared to existing approaches.

We would like to explicitly mention our contributions that are:

  • (i)

    We identify a problem in the existing approaches as follows. Due to the asynchronous nature of SDN, a data packet may get loss in the flow installation process if the data packet arrives earlier than its corresponding flow rules at the switch. This problem is well explained in Section 3 through an example.

  • (ii)

    To solve the above-mentioned problem, we propose a new mechanism that ensures flow rule installation before the corresponding packet reaches a switch and subsequently reduces packet loss.

  • (iii)

    The delay between two switches and between a switch and controller, our proposed techniques exploits the keep-alive messages exchanged between switch and controller in order to reduce the redundant traffic in the network.

  • (iv)

    We testify our proposed technique both through simulation in Mininet and real network traces.

The rest of the paper is organized as follows. Section 2 presents related work. We explain the detail of the problem scenario in Section 3. Section 4 describes few possible solutions. Our proposed approach is presented in Section 5. Section 6 discusses the simulation results. Finally, Section 7 concludes the paper with future research directions.

Section snippets

Literature review

In this section, we provide literature review related to flow rules management, computing RTT and in-band communication model in SDN.

Problem statement

In order to show the race condition happening in existing approach through an example scenario, let’s suppose a computer network shown in Fig. 1 is just configured and initially all flow tables at switches are empty. Suppose that the first packet of the host X reaches to switch D. Switch D checks its flow table which is empty and then sends a digest message to the controller to get flow rules. The controller has topology information and computes the best path from host X to Y. Suppose the path

Possible solutions

To avoid the problem described in Section 3, the following can be the possible solution.

Proposed solution

Our proposed system contains components: Topology module, Delay Measurement module, Routing Engine and Flow Installation module. Topology module holds information about the network topology and supplies this information to the routing engine for best path calculation. Each switch/router sends its link state information periodically to the controller through the discovery module. Thus, from this information Topology module computes the network topology. The topology is presented as an undirected

Evaluation

We implemented our proposed approach using POX [47] controller in Mininet [48]. POX is a python based OpenFlow controller used for developing python based software-defined networking control applications. It is modular and provides rapid development and prototyping. Mininet [48] provides an environment for creating a realistic virtual network in which devices run real kernel and application code. It provides a command line (CLI) and an API interface to interact with your network.

We evaluated

Conclusion and future work

Due to asynchronous communication between the controller and switches in the software-defined network, the first packet of flow may reach to a switch before the corresponding flow rule reaches the switch. This leads to packet loss. In our proposed mechanism, we monitor flow rule installation delay of all switches. During the flow installation process, it is checked whether flow rule installation takes more time than the time taken by the first packet of flow to reach a specific switch, say S.

Israr Iqbal Awan is working as Lecturer at department of computer science, Islamia College Peshawar, Pakistan since March 2012. He is pursuing his Ph.D. degree from Iqra National University, Peshawar Pakistan under the supervision of Dr. Nadir Shah, Earlier he received his MS degree in computer science from International Islamic University Islamabad. His MS research work was on Distributed Integrity Measurement Using XACML for trusted computing environment under the supervision of Prof. Dr

References (52)

  • V. Sharma et al.

    Efficient management and fast handovers in software defined wireless networks using uavs

    IEEE Netw.

    (2017)
  • X. Jia et al.

    Intelligent path control for energy-saving in hybrid SDN networks

    Comput. Netw.

    (2018)
  • R. Amin et al.

    Hybrid SDN networks: a survey of existing approaches

    IEEE Commun. Surv. Tutorials

    (2018)
  • N. McKeown et al.

    OpenFlow: enabling innovation in campus networks

    ACM SIGCOMM Comput. Commun. Rev.

    (2008)
  • Open networking foundation, Accessed on Jan 5, 2017 [Online]. Available:...
  • D. Kreutz et al.

    Software-defined networking: a comprehensive survey

    Proc. IEEE

    (2015)
  • M.P. Fernandez

    Comparing OpenFlow controller paradigms scalability: reactive and proactive

    Advanced Information Networking and Applications (AINA), 2013 IEEE 27th International Conference on

    (2013)
  • A.R. Curtis et al.

    DevoFlow: scaling flow management for high-performance networks

    ACM SIGCOMM Computer Communication Review

    (2011)
  • B. Stephens et al.

    Past: scalable ethernet for data centers

    Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies

    (2012)
  • S. Sharma et al.

    In-band control, queuing, and failure recovery functionalities for OpenFlow

    IEEE Netw

    (2016)
  • L. Schiff et al.

    In-band synchronization for distributed SDN control planes

    ACM SIGCOMM Comput. Commun. Rev.

    (2016)
  • S. Sharma et al.

    Fast failure recovery for in-band OpenFlow networks

    Design of Reliable Communication Networks (DRCN), 2013 9th International Conference on the

    (2013)
  • C.-C. Tu et al.

    In-band control for an ethernet-based software-defined network

    Proceedings of International Conference on Systems and Storage

    (2014)
  • M. Canini et al.

    A nice way to test OpenFlow applications

    Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI)

    (2012)
  • D. Kotani et al.

    A packet-in message filtering mechanism for protection of control plane in OpenFlow switches

    IEICE Trans. Inf. Syst.

    (2016)
  • P. Perešíni et al.

    Of.CPP: Consistent packet processing for OpenFlow

    Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking

    (2013)
  • Cited by (8)

    View all citing articles on Scopus

    Israr Iqbal Awan is working as Lecturer at department of computer science, Islamia College Peshawar, Pakistan since March 2012. He is pursuing his Ph.D. degree from Iqra National University, Peshawar Pakistan under the supervision of Dr. Nadir Shah, Earlier he received his MS degree in computer science from International Islamic University Islamabad. His MS research work was on Distributed Integrity Measurement Using XACML for trusted computing environment under the supervision of Prof. Dr Muhammad Sher Chairman Department of Computer Science International Islamic University Islamabad. His area of research is Software Defined Networks, Trusted Computing and Cyber Security.

    NADIR SHAH received the B.Sc. and M.Sc. degrees from Peshawar University, Peshawar, Pakistan, in 2002 and 2005, respectively, the M.S. degree from International Islamic University, Islamabad, Pakistan, in 2007, all in computer science, and the Ph.D. degree from Sino-German Joint Software Institute, Beihang University, Beijing, China. He was a Lecturer with the Department of Computer Science, COMSATS Institute of Information Technology, Abbottabad, Pakistan, from 2007 to 2008. He is currently an Associate Professor with the COMSATS Institute of Information Technology. He has authored several research papers in international journals/conferences, such as the ACM Computing Surveys and the IEEE Communication Letters. His current research interests include computer networks, distributed systems, and network security. He has been serving as a Reviewer for several journals/conferences, including the ICC, the INFOCOM, the WCNC, Computer Networks (Elsevier), the IEEE Communications Letters, the IEEE Communication Magazine, theIEEE Transactions on Industrial Informatics, and The Computer Journal.

    Muhammad Imran is working as assistant professor in the college of computer and information sciences, King Saud University (KSU) since 2011. He is a Visiting Scientist with Iowa State University, USA. His research interest includes mobile ad hoc and sensor networks, WBANs, M2M, IoT, SDN, fault tolerant computing and Security and privacy. He has published number of high quality research papers in refereed international conferences and journals. His research is financially supported by several grants. Recently, European Alliance for Innovation (EAI) has appointed him as a Co-Editor in Chief for EAI Transactions on Pervasive Health and Technology. He also serves as an associate editor for IEEE Access, IEEE Communications Magazine, Wireless Communication and Mobile Computing Journal (SCIE, Wiley), Ad Hoc and Sensor Wireless Networks Journal (SCIE), IET Wireless Sensor Systems, International Journal of Autonomous and Adaptive Communication Systems (Inderscience) and International Journal of Information Technology and Electrical Engineering. He served/serving as a guest editor for IEEE Communications Magazine (SCIE), Computer Networks (SCIE, Elsevier), MDPI Sensors (SCIE), International Journal of Distributed Sensor Networks (SCIE, Hindawi), Journal of Internet Technology (SCIE), and International Journal of Autonomous and Adaptive Communications Systems. He has been involved in more than fifty conferences and workshops in various capacities such as a chair, co-chair and technical program committee member. These include IEEE ICC, Globecom, AINA, LCN, IWCMC, IFIP WWIC and BWCCA. He has received number of awards such as Asia Pacific Advanced Network fellowship.

    Muhammad Shoaib received his Ph.D. degree in communication and information system from Beijing University of Posts and Telecommunications, China (2010). He received his M.Eng. (2005) and B.Eng. (1995) from NED University of Engineering and Technology, Karachi. His areas of research include video compression techniques, multilayer video coding, commercial Data Center facilities and IP packet based network, infrastructure and security. He worked as a Senior Manager (IP Operations, South) in Pakistan Telecommunication Company Limited, Pakistan. He also worked as a Maintenance Engineer in R. M. International. Currently, he is working as an Assistant Professor in the College of Computer and Information Sciences (Information Systems Department) in King Saud University.

    Dr. Nasir Saeed received his Bachelors of Telecommunication degree from University of Engineering and Technology Peshawar Pakistan in 2009 and received Master degree in Satellite Navigation from Polito di Torino Italy in 2012. He received his Ph.D. degree in Electronics and Communication Engineering from the Department of Electronics and Communication Engineering, Hanyang University, Seoul, South Korea. He has worked as an assistant professor at Gandhara Institute of Science and Technology, Peshawar, Pakistan from September 2015 to September 2016. He is now serving as an Assistant Professor at the Department of Computer Science, IQRA National University, Peshawar, Pakistan. His current areas of interest includes Cognitive Radio Networks, Localization in Wireless Sensor Networks and 5G networks.

    View full text