Dynamic Segmentation, Configuration, and Governance of SDN

Abstract

Software Defined Networks (SDN) is a networking paradigm that helps transform networks by breaking away from the restrictive constraints put by networking hardware used in traditional non-SDN networks. They bring improved agility, scalability, and programmability of the control and the switching of the traffic. The challenges of structuring the SDN data plane for security still necessitate further investigation especially to deal with dynamic SDN networks. The use of the Robust Network and Segmentation (RNS) algorithm, which is based on Product Family Algebra, is essential for implementing layered defence and segmentation strategies to compartmentalize the networks and attain an access-control secure network. In this paper, we present an additional plane in charge of the configuration and governance of SDN data planes that we call Dynamic Configuration and Governance (DCG) plane. It is intended to give agility to dynamic networks. It implements the RNS algorithm in the SDN environment. Moreover, we propose and assess three architectures that use the DCG plane. The assessment results identify an architecture that is suitable for dynamic networks and another for networks that are more stable regarding changes to policies and network topology.