ROCA: Auto‐resolving overlapping and conflicts in Access Control List policies for Software Defined Networking

Abstract

SummarySoftware‐defined networking (SDN) is a new networking architecture that decouples both the control and management planes from the data plane of forwarding devices. Control and management planes are implemented at a logically centralized entity called the controller. Despite numerous advantages, SDN is more prone to logical errors like loops, black holes, network reachability problems, and access control list (ACL) policies violation. In the existing approaches, the network requirements are specified by different network administrators using the ACL policies. SDN allows multiple network administrators to specify the ACL policies simultaneously, which may lead to conflicts and overlaps among the ACL policies. In this research work, a novel technique, called auto‐resolving overlapping and conflicts in ACL policies (ROCA), is proposed to efficiently detect and solve both the conflicts and the overlaps among the ACL policies by using the techniques of set theory, 3D structure, and separating axis theorem. It is shown by simulation and testing on the real network traces that ROCA outperforms the existing approaches in terms of computation time avoiding conflicts and overlapping among the ACL policies.