A REVIEW OF FLOW CONFLICTS AND SOLUTIONS IN SOFTWARE DEFINED NETWORKS (SDN)

Mutaz Hamed Hussien  Khairi; PM. IR. DR. Sharifah  Hafizah Syed  Ariffin; PROF. MADYA DR. Nurul Muazzah   Abdul  Latiff; DR. Kamaludin Mohamad   Yusof; Mohamed  Khalalfalla  Hassan

doi:10.31436/iiumej.v22i2.1613

Authors

Mutaz Hamed Hussien Khairi University of Technology Malaysia https://orcid.org/0000-0002-5904-7642
Sharifah Hafizah Syed Ariffin University of Technology Malaysia
Nurul Muazzah Abdul Latiff University of Technology Malaysia
Kamaludin Mohamad Yusof University of Technology Malaysia
Mohamed Khalalfalla Hassan University of Technology Malaysia

DOI:

https://doi.org/10.31436/iiumej.v22i2.1613

Keywords:

software defined networking, open flow table, flow entries conflict

Abstract

Software Defined Networks (SDN) are a modern networking technology introduced to simplify network management via the separation of the data and control planes. Characteristically, flow entries are propagated between the control plane layer and application or data plane layers respectively while following flow table instructions through open flow protocol. More often than not, conflicts in flows occur as a result of traffic load and priority of instructions in the data plane. Several research works have been conducted on flow conflicts in SDN to reduce the effect of conflict. The flow conflict solutions in SDN have three main limitations. First, the OpenFlow table may still cause a defect in the security module according to the priority and action matching in the open flow in the control plane. Second, flow conflict detection requires more time for flow tracking and incremental update, whereas in such a case, delay affects the efficiency of SDN. Besides, the SDN algorithm and mechanism have substantially high memory requirement for instruction and proper functioning. Third, most of the available algorithms and detection methods used to avoid flow conflicts have not fully covered the security model policy. This study reviews these limitations and suggest solutions as future open research directions.

ABSTRAK: Rangkaian Perisian Tertentu (SDN) adalah teknologi rangkaian moden yang diperkenalkan bagi memudahkan pengurusan rangkaian melalui pecahan data dan kawalan permukaan. Seperti biasa, aliran kemasukan disebar luas antara lapisan permukaan kawalan dan aplikasi atau lapisan permukaan data masing-masing, sambil mengikuti arahan meja melebar melalui protokol aliran terbuka. Kebiasaannya konflik dalam aliran berlaku disebabkan oleh beban trafik dan keutamaan arahan pada permukaan data. Beberapa kajian dibuat terhadap konflik aliran SDN bagi mengurangkan kesan konflik. Solusi konflik aliran dalam SDN mempunyai tiga kekurangan besar. Pertama, jadual Aliran Terbuka mungkin masih menyebabkan kekurangan dalam modul keselamatan berdasarkan keutamaan dan tindakan persamaan dalam aliran terbuka permukaan kawalan. Kedua, pengesanan aliran konflik memerlukan lebih masa bagi pengesanan aliran dan peningkatan kemaskini, kerana setiap penangguhan memberi kesan terhadap kecekapan SDN. Selain itu, algoritma SDN dan mekanisme memerlukan memori yang agak besar bagi memproses arahan dan berfungsi dengan baik. Ketiga, kebanyakan algoritma dan kaedah pengesanan yang digunakan bagi mengelak konflik pengaliran tidak sepenuhnya dilindungi polisi model keselamatan. Oleh itu, kajian ini meneliti kekurangan dan memberi cadangan penambahbaikan bagi arah tuju kajian masa depan yang terbuka.

Downloads

Download data is not yet available.

Author Biographies

Mutaz Hamed Hussien Khairi, University of Technology Malaysia

A researcher and ICT specialist with 16 years of wide range of research and ICT experience. Received his B.S. in Computer Engineering from Future University in 2002 and M.S. degrees in Electrical Engineering from Linkoping University in 2007, PhD Student at Universiti Technologi Malaysia (UTM) respectively. In 2002 -2007, he worked at Future University as a Lecturer in Faculty of Engineering and Director of Information Technology Department. His main research interests are Software Define Network (SDN), Machine learning, Telecommunication Network and Antenna Design and implementation.

Sharifah Hafizah Syed Ariffin, University of Technology Malaysia

Received her B.Eng. (Hons) from London, in 1997, and obtained her MEE and Ph.D. in 2001 and 2006 from Universiti Teknologi Malaysia, and Queen Mary, University of London, London, respectively. She is currently an Associate Professor with the Faculty of Electrical Engineering, Universiti Teknologi Malaysia. Her current research interest are on Internet of Things, Ubiquitous computing and smart devices, Wireless sensor networks, IPV6, Handoff Management, Network and Mobile Computing System. She had published 116 papers, 17 copyrights, 1 integrated circuit, and 1 trademark

Nurul Muazzah Abdul Latiff , University of Technology Malaysia

Associate Professor at School of Electrical Engineering, Universiti Teknologi Malaysia, Johor Bahru, Malaysia, where she has been since 2002. She received her B.Eng. in Electrical-Telecommunications from Universiti Teknologi Malaysia in 2002, before pursued for her M.Sc. in Communications and Signal Processing at Newcastle University, UK in 2003. She completed her PhD in Wireless Telecommunication Engineering in 2008. Her research interests lie in the area of wireless networks, ranging from theory, to design and implementation. In particular, she has great interest in wireless sensor networks, mobile ad hoc networks, cognitive radio networks, Internet of Things, optimisation of wireless network based on Artificial Intelligence and machine learning algorithm for healthcare applications. She is a senior member of IEEE and an active volunteer in IEEE Communication/Vehicular Technology Society in Malaysia. She is also a Chartered Engineer of the Institution of Engineering and Technology (IET).

Kamaludin Mohamad Yusof , University of Technology Malaysia

Received the B.Eng. degree in Electrical - Electronics Engineering and M.Eng. Degree in Electrical Engineering from Universiti Teknologi Malaysia. He received Ph.D. degree from University of Essex, U.K. He is currently a senior lecturer in the Division of Communication Engineering, School of Electrical Engineering, Faculty of Engineering, Universiti Teknologi Malaysia and member of Communication Network System (CNetS). His current research interests include Internet-of-Things, Big Data and Software-Defined Network.

Mohamed Khalalfalla Hassan, University of Technology Malaysia

A researcher and ICT specialist with 16 years of wide range of research and ICT experience. Received his BSc in computer engineering in 2004 from future university Sudan and MSc from Universiti Putra Malaysia (UPM) in 2009 in communication network engineering. currently he is a PhD candidate in communication engineering at Universiti Technology Malaysia (UTM), he has 15 paper published in international peer reviewed conferences and journals, his main research interests are Forwards scattering Radar, Machine learning, NFV, vSDN and resources management in communication networks.

References

Lo C, Wu P, Kuo Y. (2015) Flow entry conflict detection scheme for software-defined network. International Telecommunication Networks and Applications Conference (ITNAC), Sydney, Australia, pp. 220-225. DOI: https://doi.org/10.1109/ATNAC.2015.7366816

Metter C, Seufert M, Wamser F, Zinner T, Tran-Gia P. (2017) Analytical model for SDN signaling traffic and flow table occupancy and its application for various types of traffic. IEEE Transactions on Network and Service Management, 14(3): 603-615. DOI: https://doi.org/10.1109/TNSM.2017.2714758

Hu H, Han W, Ahn GJ. Zhao Z. ( 2014) FLOWGUARD: Building robust firewalls for software-defined networks. in Proceedings of the third workshop on Hot topics in software defined networking August 2014. pp 97-102. DOI: https://doi.org/10.1145/2620728.2620749

Akyildiz, IF, Lee A., Wang P, Luo M, Chou W. (2014) A roadmap for traffic engineering in SDN-OpenFlow networks. Computer Networks, 71: 1-30. DOI: https://doi.org/10.1016/j.comnet.2014.06.002

Bozakov Z, Sander V. (2013) OpenFlow: A perspective for building versatile networks. in: Network-Embedded Management and Applications, Clemm A, Wolter R. (eds). Springer, New York, NY. https://doi.org/10.1007/978-1-4419-6769-5_11 DOI: https://doi.org/10.1007/978-1-4419-6769-5_11

sdx central [https://www.sdxcentral.com/networking/sdn/definitions/what-the-definition-of-software-defined-networking-sdn]

Fang Y, Lu Y. (2019) Checking intra-switch conflicts of rules during preprocessing of network verification in SDN. IEEE Communications Letters, 23(9): 1547-1550. DOI: https://doi.org/10.1109/LCOMM.2019.2923622

OpenFlow Specification [http://networkstatic.net/wp-content/uploads/2013/02/openflow-spec-v1.3.0.pdf]

Pisharody S, Natarajan J, Chowdhary A, Alshalan A, Huang D. (2019) Brew: A security policy analysis framework for distributed SDN-based cloud environments. IEEE Transactions on Dependable and Secure Computing, 16(6): 1011-1025. DOI: https://doi.org/10.1109/TDSC.2017.2726066

Lu Y, Fu Q, Xi X, Chen Z, Zou E, Fu B. (2019) A policy conflict detection mechanism for multi-controller software-defined networks. International Journal of Distributed Sensor Networks 15 No (5),http://doi.org/10.1177/1550147719844710. DOI: https://doi.org/10.1177/1550147719844710

Wang C, Youn HY. (2019) Entry aggregation and early match using hidden Markov model of flow table in SDN. Sensors, 19(10), 2341; https://doi.org/10.3390/s19102341. DOI: https://doi.org/10.3390/s19102341

Cui J, Zhou S, Zhong H, Xu Y, Sha K. (2018) Transaction-based flow rule conflict detection and resolution in SDN. 27th International Conference on Computer Communication and Networks (ICCCN), Hangzhou, China, pp. 1-9. DOI: https://doi.org/10.1109/ICCCN.2018.8487415

Hao W, Jiang Y, J. Gao J. (2017) Detection mechanisms of rule conflicts in SDN based on a path-tree model. 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), Beijing, China, pp. 336-339. DOI: https://doi.org/10.1109/ICSESS.2017.8342927

Halder B, Barik MS, Mazumdar C. (2017) A graph based formalism for detecting flow conflicts in software defined network. 2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), Bhubaneswar, India, pp. 1-6. DOI: https://doi.org/10.1109/ANTS.2017.8384101

Lopes Alcantara Batista B, Lima de Campos GM, Fernandez MP. (2014) Flow-based conflict detection in OpenFlow networks using first-order logic. 2014 IEEE Symposium on Computers and Communications (ISCC), Funchal, Portugal, pp. 1-6. DOI: https://doi.org/10.1109/ISCC.2014.6912577

Hong ETB, Wey CY. (2017) An optimized flow management mechanism in OpenFlow network. 2017 International Conference on Information Networking (ICOIN), Da Nang, Vietnam, pp. 143-147. DOI: https://doi.org/10.1109/ICOIN.2017.7899493

Lin YD, Lai YK, Tsou YL, Lai YC, Liou EC, Chiang Y. (2019) Generic validation criteria and methodologies for SDN applications. IEEE Systems Journal, 13(4): 3909-3920. DOI: https://doi.org/10.1109/JSYST.2019.2921599

Tran CN, Danciu, V. (2020) A general approach to conflict detection in software-defined networks. SN Comput. Sci, 1(1), 9, https://doi.org/10.1007/s42979-019-0009-9 DOI: https://doi.org/10.1007/s42979-019-0009-9

Yoshioka K, Hirata K, Yamamoto M. (2017) Routing method with flow entry aggregation for software-defined networking. 2017 International Conference on Information Networking (ICOIN), Da Nang, Vietnam, pp. 157-162, DOI: https://doi.org/10.1109/ICOIN.2017.7899496

Pallavi N., Anisha A.S., Leena V. (2017) Detection of Incongruent Firewall Rules and Flow Rules in SDN. In: Dash S., Vijayakumar K., Panigrahi B., Das S. (eds) Artificial Intelligence and Evolutionary Computations in Engineering Systems. Advances in Intelligent Systems and Computing, vol 517. Springer, Singapore. https://doi.org/10.1007/978-981-10-3174-8_2. DOI: https://doi.org/10.1007/978-981-10-3174-8_2

Shin SW, Porras P, Yegneswara V, Fong M, Gu G, Tyson M. (2013) Fresco: Modular composable security services for software-defined networks. in February 2013- 20th Annual Network & Distributed System Security Symposium. http://hdl.handle.net/10203/205914

Huang L, Shen Q, Wenjuan S. (2016) A source routing based link protection method for link failure in SDN. 2nd IEEE International Conference on Computer and Communications (ICCC), Chengdu, China, pp. 2588-2594.

Jarschel M, Zinner T, Hoßfeld T, Tran-Gia P, Kellerer W. (2014) Interfaces, attributes and use cases: A compass for SDN. IEEE Communications Magazine, 52(6): 210-217. DOI: https://doi.org/10.1109/MCOM.2014.6829966

Zhou, J. (2014) Multicatalyst system in asymmetric catalysis. John Wiley & Sons. DOI: https://doi.org/10.1002/9781118846919

OpenFlow Switch Specification OpenFlow Switch Specification, O.S., Version 1.4. 0, October 14, 2013. [https://opennetworking.org/wp-content/uploads/2014/10/openflow-spec-v1.4.0.pdf]