scholarly journals PARD: Hybrid Proactive and Reactive Method Eliminating Flow Setup Latency in SDN

2020 ◽  
Vol 28 (4) ◽  
pp. 1547-1574
Author(s):  
Michal Rzepka ◽  
Piotr Borylo ◽  
Artur Lason ◽  
Andrzej Szymanski
Keyword(s):  
Packet Loss ◽  
Traffic Engineering ◽  
Hardware Design ◽  
Software Defined Networking ◽  
Fine Grained ◽  
Flow Table ◽  
Scientific Papers ◽  
Reactive Method ◽  
Full Maturity

Abstract Advantages of Software Defined Networking are unquestionable and are widely described in numerous scientific papers, business white papers and press articles. However, to achieve full maturity, crucial impediments to this concept and its shortcomings must be overcame. One of the most important issues regards significant setup latency of a new flow. To address this issue we propose PARD: a hybrid proactive and reactive method to manage flow table entries. Additional advantages of the proposed solution are, among the others, its ability to preserve all capabilities of Software Defined Networking, utilization of multiple flow tables, a possibility to employ fine-grained traffic engineering and, finally, compatibility with existing protocol and hardware design. It is shown that the proposed solution is able to significantly reduce latency of first packets of a new flow, which directly impacts packet loss and perceived throughput. Thus, our solution is expected to enable a wide deployment of Software Defined Networking concept without any need for protocol changes or, what is extremely important, hardware modifications.

Toward Formal Verification of SDN Access-Control Misconfigurations

2019 ◽  
pp. 146-161
Author(s):  
Amina Saadaoui
Keyword(s):  
Access Control ◽  
Network Management ◽  
Formal Verification ◽  
Software Defined Networking ◽  
Management Control ◽  
New Method ◽  
Automatic Identification ◽  
Security Challenges ◽  
Flow Table ◽  
Single Flow

Software-defined networking (SDN) allows centralizing and simplifying network management control. It brings a significant flexibility and visibility to networking, but at the same time creates new security challenges. The promise of SDN is the ability to allow networks to keep pace with the speed of change. It allows frequent modifications to the network configuration. However, these changes may introduce misconfigurations by writing inconsistent rules for single flow table or within a multiple open flow switches that need multiple FlowTables to be maintained at the same time. Misconfigurations can arise also between firewalls and FlowTables in OpenFlow-based networks. Problems arising from these misconfigurations are common and have dramatic consequences for networks operations. To avoid such scenarios, mechanisms to prevent these anomalies and inconsistencies are of paramount importance. To address these challenges, the authors present a new method that allows the automatic identification of inter and inter Flowtables anomalies. They also use the Firewall to bring out real misconfigurations.

scholarly journals Attribute-Guard: Attribute-Based Flow Access Control Framework in Software-Defined Networking

2020 ◽  
Vol 2020 ◽  
pp. 1-18 ◽  
Author(s):  
Xianwei Zhu ◽  
ChaoWen Chang ◽  
Qin Xi ◽  
ZhiBin Zuo
Keyword(s):  
Access Control ◽  
Software Defined Networking ◽  
Authentication Protocol ◽  
Network Characteristics ◽  
Fine Grained ◽  
Control Framework ◽  
Data Plane ◽  
Data Validity ◽  
The One ◽  
Matching Field

Software-defined networking (SDN) decouples the control plane from the data plane, offering flexible network configuration and management. Because of this architecture, some security features are missing. On the one hand, because the data plane only has the packet forwarding function, it is impossible to effectively authenticate the data validity. On the other hand, OpenFlow can only match based on network characteristics, and it is impossible to achieve fine-grained access control. In this paper, we aim to develop solutions to guarantee the validity of flow in SDN and present Attribute-Guard, a fine-grained access control and authentication scheme for flow in SDN. We design an attribute-based flow authentication protocol to verify the legitimacy of the validity flow. The attribute identifier is used as a matching field to define a forwarding control. The flow matching based on the attribute identifier and the flow authentication protocol jointly implement fine-grained access control. We conduct theoretical analysis and simulation-based evaluation of Attribute-Guard. The results show that Attribute-Guard can efficiently identify and reject fake flow.

scholarly journals Software Defined Networking Flow Table Management of OpenFlow Switches Performance and Security Challenges: A Survey

2020 ◽  
Vol 12 (9) ◽  
pp. 147 ◽  
Author(s):  
Babangida Isyaku ◽  
Mohd Soperi Mohd Zahid ◽  
Maznah Bte Kamat ◽  
Kamalrulnizam Abu Bakar ◽  
Fuad A. Ghaleb
Keyword(s):  
Large Scale ◽  
Network Performance ◽  
Software Defined Networking ◽  
Cloud Services ◽  
Future Research ◽  
Control Plane ◽  
Processing Load ◽  
Flow Table ◽  
Data Plane ◽  
Large Scale Networks

Software defined networking (SDN) is an emerging network paradigm that decouples the control plane from the data plane. The data plane is composed of forwarding elements called switches and the control plane is composed of controllers. SDN is gaining popularity from industry and academics due to its advantages such as centralized, flexible, and programmable network management. The increasing number of traffics due to the proliferation of the Internet of Thing (IoT) devices may result in two problems: (1) increased processing load of the controller, and (2) insufficient space in the switches’ flow table to accommodate the flow entries. These problems may cause undesired network behavior and unstable network performance, especially in large-scale networks. Many solutions have been proposed to improve the management of the flow table, reducing controller processing load, and mitigating security threats and vulnerabilities on the controllers and switches. This paper provides comprehensive surveys of existing schemes to ensure SDN meets the quality of service (QoS) demands of various applications and cloud services. Finally, potential future research directions are identified and discussed such as management of flow table using machine learning.

Flow Table Scalability in Software-Defined Networking: A Brief Overview

2021 ◽  
pp. 113-145
Author(s):  
Abinas Panda ◽  
Ashok Kumar Turuk ◽  
Aliva Panda ◽  
Tarinee Prasad Sahoo ◽  
Ankit Aryan ◽  
...  
Keyword(s):  
Software Defined Networking ◽  
Flow Table

Congestion-Free Transient Plane (CFTP) Using Bandwidth Sharing During Link Failures in SDN

2019 ◽  
Vol 63 (6) ◽  
pp. 832-843
Author(s):  
Muthumanikandan Vanamoorthy ◽  
Valliyammai Chinnaiah
Keyword(s):  
Packet Loss ◽  
Effective Bandwidth ◽  
Bandwidth Utilization ◽  
Bandwidth Sharing ◽  
Link Failures ◽  
Data Packets ◽  
Multiple Flows ◽  
Flow Table ◽  
Speed Up ◽  
Plane Technique

Abstract Software-defined networking (SDN) is an emerging trend where the control plane and the data plane are separated from each other, culminating in effective bandwidth utilization. This separation also allows multi-vendor interoperability. Link failure is a major problem in networking and must be detected as soon as possible because when a link fails the path becomes congested and packet loss occurs, delaying the delivery of packets to the destination. Backup paths must be configured immediately when a failure is detected in the network to speed up packet delivery, avoid congestion and packet loss and provide faster convergence. Various SDN segment protection algorithms that efficiently reduce CPU cycles and flow table entries exist, but each has drawbacks. An independent transient plane technique can be used to reduce packet loss but is not as efficient when multiple flows try to share the same link. The proposed work focuses on reducing congestion, providing faster convergence with minimal packet loss and effectively utilizing link bandwidth using bandwidth-sharing techniques. An analysis and related studies show that this method performs better and offers a more reliable network without loss, while simultaneously ensuring the swift delivery of data packets toward the destination without congestion, compared to the other existing schemes.

Experimental Research on Diffserv-Aware MPLS Traffic Engineering

2012 ◽  
Vol 263-266 ◽  
pp. 1858-1863
Author(s):  
Jin He Zhou ◽  
Guo Min Xia
Keyword(s):  
Quality Of Service ◽  
Experimental Research ◽  
Packet Loss ◽  
Traffic Engineering ◽  
High Performance ◽  
Loss Rate ◽  
Differentiated Services ◽  
Packet Loss Rate ◽  
Differentiated Service

Diffserv-aware and Traffic Engineering combine the advantages of MPLS, Traffic Engineering (TE) and Differentiated Services (Diffserv, DS) to provide high performance and Quality of Service(QoS) in networks. We have designed three scenarios on Juniper Networks platforms to analyze the packet loss rate and delay for video, voice and data. The results show that MPLS DS-TE can improve the QoS for differentiated service effectively. The research has practical value for the development of DS-TE based on MPLS.

Sign in / Sign up

Export Citation Format

Share Document