ABSTRACT
Software-defined network(SDN) provides flexible management by separating control plane and data plane. Multiple function modules distribute flow entries to OpenFlow switches via centering controllers. Unfortunately, making and managing flow entries and policies are often error- prone and complex due to the lack of systematic analysis tools. Since the network updating takes place frequently, the analysis scheme must be efficient enough. In this paper, we propose a Trie based scheme to analysis collision occurring in the data plane. Extensive experiments demonstrate that our method is 3-40× faster than the traditional scheme andcost less memory. Moreover, a policy-oriented strategy was introduced to help resolve the collision, which can be treated as reference advice for administrators. Also, we implement and evaluate our scheme in the simulation environment to verify its practicability.
- McKeown N, Anderson T, Balakrishnan H, et al. OpenFlow: enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2): 69--74.Google ScholarDigital Library
- Jain S, Kumar A, Mandal S, et al. B4: Experience with a globally-deployed software defined WAN[C]//ACM SIGCOMM Computer Communication Review. ACM, 2013, 43(4): 3--14.Google Scholar
- Agarwal S, Kodialam M, Lakshman T V. Traffic engineering in software defined networks[C]//2013 Proceedings IEEE INFOCOM. IEEE, 2013: 2211--2219.Google Scholar
- Wang R, Butnariu D, Rexford J. OpenFlow-Based Server Load Balancing Gone Wild[J]. Hot-ICE, 2011, 11: 12--12.Google Scholar
- Curtis A R, Mogul J C, Tourrilhes J, et al. DevoFlow: Scaling flow management for high-performance networks[C]//ACM SIGCOMM Computer Communication Review. ACM, 2011, 41(4): 254--265.Google Scholar
- Koerner M, Kao O. Multiple service load-balancing with OpenFlow[C]//2012 IEEE 13th International Conference on High Performance Switching and Routing. IEEE, 2012: 210--214.Google Scholar
- Cheng H, Liu J, Mao J, et al. A Compatible OpenFlow Platform for Enabling Security Enhancement in SDN[J]. Security and Communication Networks, 2018, 2018.Google Scholar
- Qiu X, Zhang K, Ren Q. Global Flow Table: A convincing mechanism for security operations in SDN[J]. Computer Networks, 2017, 120: 56--70.Google ScholarDigital Library
- Li Q, Chen Y, Lee P P C, et al. Security Policy Violations in SDN Data Plane[J]. IEEE/ACM Transactions on Networking (TON), 2018, 26(4): 1715--1727.Google Scholar
- Luo S, Yu H, Li L. Practical flow table aggregation in SDN[J]. Computer Networks, 2015, 92: 72--88.Google ScholarDigital Library
- An Innovative Combination of Standards and Open Source Software https://www.opennetworking.org/software-defined-standards/overview/Google Scholar
- Porras P, Shin S, Yegneswaran V, et al. A security enforcement kernel for OpenFlow networks[C]//Proceedings of the first workshop on Hot topics in software defined networks. ACM, 2012: 121--126.Google Scholar
- Ryu SDN Framework http://osrg.github.io/ryu/Google Scholar
- Son S, Shin S, Yegneswaran V, et al. Model checking invariant security properties in OpenFlow[C]//ICC. 2013: 1974--1979.Google Scholar
- Wang P, Huang L, Xu H, et al. Rule anomalies detecting and resolving for software defined networks[C]//2015 IEEE Global Communications Conference (GLOBECOM). IEEE, 2015: 1--6.Google Scholar
- Al-Shaer E S, Hamed H H. Modeling and management of firewall policies[J]. IEEE Transactions on network and service management, 2004, 1(1): 2--10.Google ScholarDigital Library
- Al-Shaer E, Hamed H, Boutaba R, et al. Conflict classification and analysis of distributed firewall policies[J]. IEEE journal on selected areas in communications, 2005, 23(10): 2069--2084.Google ScholarDigital Library
- Hu H, Ahn G J, Kulkarni K. Detecting and resolving firewall policy anomalies[J]. IEEE Transactions on dependable and secure computing, 2012, 9(3): 318--331.Google ScholarDigital Library
- Nilsson S, Karlsson G. IP-address lookup using LC-tries[J]. IEEE Journal on selected Areas in Communications, 1999, 17(6): 1083--1092.Google ScholarDigital Library
- Fundulaki I, Marx M. Specifying access control policies for XML documents with XPath[C]//Proceedings of the ninth ACM symposium on Access control models and technologies. ACM, 2004: 61--69.Google Scholar
- Jajodia S, Samarati P, Subrahmanian V S. A logical language for expressing authorizations[C]//Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No. 97CB36097). IEEE, 1997: 3Google ScholarCross Ref
Index Terms
- Detecting and Resolving Flow Entries Collisions in Software Defined Networks
Recommendations
Implementation of WLRU algorithm to improve scalability in software defined network
SIET '20: Proceedings of the 5th International Conference on Sustainable Information Engineering and TechnologyPacket forwarding in a Software Defined Network (SDN) architecture was conducted by a matching process between packet information with flow entry. Network traffic with multiple IP or MAC addresses will increase the number of flow entry insertion and may ...
Efficient topology discovery in OpenFlow-based Software Defined Networks
Software Defined Networking (SDN) is a new networking paradigm, with a great potential to increase network efficiency, ease the complexity of network control and management, and accelerate the rate of technology innovation. One of the core concepts of ...
Software-Defined Networking: On the Verge of a Breakthrough?
Many experts predict that software-defined networking, a technology that's been highly touted for several years, will soon finally begin gaining ground in the marketplace.
Comments