Raze policy conflicts in SDN

Abstract

Software Defined Networking (SDN) enables flexible network management with a well-defined abstraction between control and data plane. In this way, operators could issue the policies, e.g., forwarding path, flow counting and rate limiting, from the control plane, which will be enforced by the flow table rules in the data plane. However, multiple active policies with the same priority will potentially trigger conflicts among policies with overlapped flow space, causing the flow table explosion. In contrast to the local switch conflict resolution schemes proposed by previous works, this paper tackles the same problem from a different angle and resolves the policy conflict problem by coordinating all switches under a global centralized view. Specifically, we propose COnflict RAzor (CORA), which tremendously reduces the storage cost of conflicting policies leveraging the global network information obtained in the controller. The basic idea of CORA is migrating policies causing large explosions across the network if necessary, while keeping the semantics equivalence. We prove CORA’s NP hardness and propose a heuristic to efficiently search a near-optimal policy migration strategy. Our experiments demonstrate that, CORA can effectively reduce the flow table storage occupation by averagely 79.8% within less than 40 s, which is 47.9% more efficient than the state-of-the-art.