Abstract
Software Defined Networking (SDN) as an innovative network paradigm that separates the management and control planes from the data plane of forwarding devices by implementing both the management and control planes at a logically centralized entity, called controller. Therefore, it ensures simple network management and control. However, due to several reasons (e.g., deployment cost, fear of downtime) organizations are very reluctant to adopt SDN in practice. Therefore, a viable solution is to replace the legacy devices by SDN devices incrementally. This results in a new network architecture called hybrid SDN. In hybrid SDN, both SDN and legacy devices operate in such a way to achieve the maximum benefit of SDN. The legacy devices are running a traditional protocol and SDN devices are operating using Open-flow protocols. Network policies play an essential role to secure the entire network from several types of attacks like unauthorized access and port/protocol control. In a hybrid SDN, policy implementation is a tedious task that requires extreme care and attention due to the hybrid nature of network traffic. Network policies may be implemented at various positions in hybrid SDN, e.g., near the destination or source node, and at the egress or ingress ports of a router. Each of these schemes has some trade-offs. For example, if policies are implemented near the source nodes then each packet generated from the source must pass through the filter and, thus, requires more processing power, time, resources, etc. Similarly, if policies are installed near the destination nodes, then a lot of unwanted traffic generated causing network congestion. This is an NP-hard problem. To address these challenges, we propose a systematic design approach to implement network policies optimally by using decision tree and K-partite graph. By traversing all the policies, we built up the decision tree that identifies which source nodes can communicate with which destination. Then, we traverse the decision tree and constructs K-partite graph to find possible places (interfaces of the routers) where ACL policies are to be implemented based on the different criteria (i.e., the minimum number of ACL rules and the minimum number of transmissions for unwanted traffic). The edge weight represents the cost per criteria. Then, we traverse the K-partite graph to find the optimal place for ACL rules implementation according to the given criteria. The simulation results indicate that the proposed technique outperforms existing approaches in terms of computation time, traffic optimization and successful packet delivery, etc. The results also indicate that the proposed method improves network performance and efficiency by decreasing network congestion and providing ease of policy implementation.
Highlights
In a traditional computer network, both control and data planes are vertically implemented at each forwarding device, a traditional computer network is distributed in nature
We proposed a novel approach to optimize the implementation of Access Control Lists (ACL) policies in a hybrid Software Defined Networking (SDN)
We modeled the network policies using a 3-tuple, and by traversing all the policies, a decision tree is built that indicates the possible communication among source and destination nodes
Summary
In a traditional computer network, both control and data planes are vertically implemented at each forwarding device, a traditional computer network is distributed in nature. Electronics 2019, 8, 604 traditional computer network, the operators usually implement fine-grained network policies known as Access Control Lists (ACL) at the network interfaces of switches/routers [1,2] by using low-level commands. In SDN, the network operator can control packet forwarding by implementing ACL policies at the controller [9,10,11]. A misconfiguration can drastically degrade the network performance by enabling unauthorized users to access confidential resources [6] It is a very expensive process requiring a team of 10–30 members to handle a network of hundred switches [7]. We have proposed a tree-based approach to implement the ACL policies at legacy network devices through an SDN controller in case of a topology change in hybrid.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.