Cited By
View all- Kiani RBohlooli A(2021)Distributed Rule Anomaly Detection in SDN-based IoT2021 5th International Conference on Internet of Things and Applications (IoT)10.1109/IoT52625.2021.9469714(1-6)Online publication date: 19-May-2021
Detecting and Resolving Flow Entries Collisions in Software Defined Networks
Pages 245 - 251
Abstract
Software-defined network(SDN) provides flexible management by separating control plane and data plane. Multiple function modules distribute flow entries to OpenFlow switches via centering controllers. Unfortunately, making and managing flow entries and policies are often error- prone and complex due to the lack of systematic analysis tools. Since the network updating takes place frequently, the analysis scheme must be efficient enough. In this paper, we propose a Trie based scheme to analysis collision occurring in the data plane. Extensive experiments demonstrate that our method is 3-40× faster than the traditional scheme andcost less memory. Moreover, a policy-oriented strategy was introduced to help resolve the collision, which can be treated as reference advice for administrators. Also, we implement and evaluate our scheme in the simulation environment to verify its practicability.
References
[1]
McKeown N, Anderson T, Balakrishnan H, et al. OpenFlow: enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2): 69--74.
[2]
Jain S, Kumar A, Mandal S, et al. B4: Experience with a globally-deployed software defined WAN[C]//ACM SIGCOMM Computer Communication Review. ACM, 2013, 43(4): 3--14.
[3]
Agarwal S, Kodialam M, Lakshman T V. Traffic engineering in software defined networks[C]//2013 Proceedings IEEE INFOCOM. IEEE, 2013: 2211--2219.
[4]
Wang R, Butnariu D, Rexford J. OpenFlow-Based Server Load Balancing Gone Wild[J]. Hot-ICE, 2011, 11: 12--12.
[5]
Curtis A R, Mogul J C, Tourrilhes J, et al. DevoFlow: Scaling flow management for high-performance networks[C]//ACM SIGCOMM Computer Communication Review. ACM, 2011, 41(4): 254--265.
[6]
Koerner M, Kao O. Multiple service load-balancing with OpenFlow[C]//2012 IEEE 13th International Conference on High Performance Switching and Routing. IEEE, 2012: 210--214.
[7]
Cheng H, Liu J, Mao J, et al. A Compatible OpenFlow Platform for Enabling Security Enhancement in SDN[J]. Security and Communication Networks, 2018, 2018.
[8]
Qiu X, Zhang K, Ren Q. Global Flow Table: A convincing mechanism for security operations in SDN[J]. Computer Networks, 2017, 120: 56--70.
[9]
Li Q, Chen Y, Lee P P C, et al. Security Policy Violations in SDN Data Plane[J]. IEEE/ACM Transactions on Networking (TON), 2018, 26(4): 1715--1727.
[10]
Luo S, Yu H, Li L. Practical flow table aggregation in SDN[J]. Computer Networks, 2015, 92: 72--88.
[11]
An Innovative Combination of Standards and Open Source Software https://www.opennetworking.org/software-defined-standards/overview/
[12]
Porras P, Shin S, Yegneswaran V, et al. A security enforcement kernel for OpenFlow networks[C]//Proceedings of the first workshop on Hot topics in software defined networks. ACM, 2012: 121--126.
[13]
Ryu SDN Framework http://osrg.github.io/ryu/
[14]
Son S, Shin S, Yegneswaran V, et al. Model checking invariant security properties in OpenFlow[C]//ICC. 2013: 1974--1979.
[15]
Wang P, Huang L, Xu H, et al. Rule anomalies detecting and resolving for software defined networks[C]//2015 IEEE Global Communications Conference (GLOBECOM). IEEE, 2015: 1--6.
[16]
Al-Shaer E S, Hamed H H. Modeling and management of firewall policies[J]. IEEE Transactions on network and service management, 2004, 1(1): 2--10.
[17]
Al-Shaer E, Hamed H, Boutaba R, et al. Conflict classification and analysis of distributed firewall policies[J]. IEEE journal on selected areas in communications, 2005, 23(10): 2069--2084.
[18]
Hu H, Ahn G J, Kulkarni K. Detecting and resolving firewall policy anomalies[J]. IEEE Transactions on dependable and secure computing, 2012, 9(3): 318--331.
[19]
Nilsson S, Karlsson G. IP-address lookup using LC-tries[J]. IEEE Journal on selected Areas in Communications, 1999, 17(6): 1083--1092.
[20]
Fundulaki I, Marx M. Specifying access control policies for XML documents with XPath[C]//Proceedings of the ninth ACM symposium on Access control models and technologies. ACM, 2004: 61--69.
[21]
Jajodia S, Samarati P, Subrahmanian V S. A logical language for expressing authorizations[C]//Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No. 97CB36097). IEEE, 1997: 3
Index Terms
- Detecting and Resolving Flow Entries Collisions in Software Defined Networks
Recommendations
Implementation of WLRU algorithm to improve scalability in software defined network
SIET '20: Proceedings of the 5th International Conference on Sustainable Information Engineering and TechnologyPacket forwarding in a Software Defined Network (SDN) architecture was conducted by a matching process between packet information with flow entry. Network traffic with multiple IP or MAC addresses will increase the number of flow entry insertion and may ...
Efficient topology discovery in OpenFlow-based Software Defined Networks
Software Defined Networking (SDN) is a new networking paradigm, with a great potential to increase network efficiency, ease the complexity of network control and management, and accelerate the rate of technology innovation. One of the core concepts of ...
Software-Defined Networking: On the Verge of a Breakthrough?
Many experts predict that software-defined networking, a technology that's been highly touted for several years, will soon finally begin gaining ground in the marketplace.
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
December 2019
370 pages
ISBN:9781450376273
DOI:10.1145/3374587
Copyright © 2019 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
- Shenzhen University: Shenzhen University
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 March 2020
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
CSAI2019
CSAI2019: 2019 3rd International Conference on Computer Science and Artificial Intelligence
December 6 - 8, 2019
IL, Normal, USA
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 48Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Reflects downloads up to 18 Feb 2025
Other Metrics
Citations
Cited By
View all- Kiani RBohlooli A(2021)Distributed Rule Anomaly Detection in SDN-based IoT2021 5th International Conference on Internet of Things and Applications (IoT)10.1109/IoT52625.2021.9469714(1-6)Online publication date: 19-May-2021
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in