Inter-flow consistency: A novel SDN update abstraction for supporting inter-flow constraints

Weijie Liu, Rakesh B. Bobba, Sibin Mohan, Roy H. Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Software Defined Networks (SDNs) have opened up a new era for networking by decoupling the control and data planes. With a centralized controller, the process of updating networks becomes much more convenient when compared to traditional networks. However, even with SDNs, transitional network states during network updates may still cause problems. Such states may result in a breakdown of isolation guarantees or other critical constraints and this could lead to incorrect behavior or even security vulnerabilities. In this paper, we propose a novel abstraction for network updates, inter-flow consistency, that can account for relationships and constraints among different flows during updates. We present a generic inter-flow consistency constraint, version isolation, and a special case, spatial isolation. We propose update scheduling algorithms based on dependency graphs and a data structure that captures dependencies among different update operations & network elements. We also implemented a prototype system on a Mininet OpenFlow network and Ryu SDN controller to evaluate our approach. Experimental results show that our approach is able to enforce inter-flow consistency constraints with reasonable overheads and that overheads for version isolation are higher than for spatial isolation. Furthermore, when only spatial isolation constraints are in use, overheads on update times for flows that have no isolation constraints are very small (around 1%).

Original languageEnglish (US)
Title of host publication2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages469-478
Number of pages10
ISBN (Electronic)9781467378765
DOIs
StatePublished - Dec 3 2015
Event3rd IEEE International Conference on Communications and Network Security, CNS 2015 - Florence, Italy
Duration: Sep 28 2015Sep 30 2015

Publication series

Name2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015

Other

Other3rd IEEE International Conference on Communications and Network Security, CNS 2015
CountryItaly
CityFlorence
Period9/28/159/30/15

Fingerprint

Controllers
Scheduling algorithms
Data structures

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Liu, W., Bobba, R. B., Mohan, S., & Campbell, R. H. (2015). Inter-flow consistency: A novel SDN update abstraction for supporting inter-flow constraints. In 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015 (pp. 469-478). [7346859] (2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CNS.2015.7346859

Inter-flow consistency : A novel SDN update abstraction for supporting inter-flow constraints. / Liu, Weijie; Bobba, Rakesh B.; Mohan, Sibin; Campbell, Roy H.

2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015. Institute of Electrical and Electronics Engineers Inc., 2015. p. 469-478 7346859 (2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Liu, W, Bobba, RB, Mohan, S & Campbell, RH 2015, Inter-flow consistency: A novel SDN update abstraction for supporting inter-flow constraints. in 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015., 7346859, 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015, Institute of Electrical and Electronics Engineers Inc., pp. 469-478, 3rd IEEE International Conference on Communications and Network Security, CNS 2015, Florence, Italy, 9/28/15. https://doi.org/10.1109/CNS.2015.7346859
Liu W, Bobba RB, Mohan S, Campbell RH. Inter-flow consistency: A novel SDN update abstraction for supporting inter-flow constraints. In 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015. Institute of Electrical and Electronics Engineers Inc. 2015. p. 469-478. 7346859. (2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015). https://doi.org/10.1109/CNS.2015.7346859
Liu, Weijie ; Bobba, Rakesh B. ; Mohan, Sibin ; Campbell, Roy H. / Inter-flow consistency : A novel SDN update abstraction for supporting inter-flow constraints. 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 469-478 (2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015).
@inproceedings{6e90028824864d59af16cc579804313a,
title = "Inter-flow consistency: A novel SDN update abstraction for supporting inter-flow constraints",
abstract = "Software Defined Networks (SDNs) have opened up a new era for networking by decoupling the control and data planes. With a centralized controller, the process of updating networks becomes much more convenient when compared to traditional networks. However, even with SDNs, transitional network states during network updates may still cause problems. Such states may result in a breakdown of isolation guarantees or other critical constraints and this could lead to incorrect behavior or even security vulnerabilities. In this paper, we propose a novel abstraction for network updates, inter-flow consistency, that can account for relationships and constraints among different flows during updates. We present a generic inter-flow consistency constraint, version isolation, and a special case, spatial isolation. We propose update scheduling algorithms based on dependency graphs and a data structure that captures dependencies among different update operations & network elements. We also implemented a prototype system on a Mininet OpenFlow network and Ryu SDN controller to evaluate our approach. Experimental results show that our approach is able to enforce inter-flow consistency constraints with reasonable overheads and that overheads for version isolation are higher than for spatial isolation. Furthermore, when only spatial isolation constraints are in use, overheads on update times for flows that have no isolation constraints are very small (around 1{\%}).",
author = "Weijie Liu and Bobba, {Rakesh B.} and Sibin Mohan and Campbell, {Roy H.}",
year = "2015",
month = "12",
day = "3",
doi = "10.1109/CNS.2015.7346859",
language = "English (US)",
series = "2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "469--478",
booktitle = "2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015",
address = "United States",

}

TY - GEN

T1 - Inter-flow consistency

T2 - A novel SDN update abstraction for supporting inter-flow constraints

AU - Liu, Weijie

AU - Bobba, Rakesh B.

AU - Mohan, Sibin

AU - Campbell, Roy H.

PY - 2015/12/3

Y1 - 2015/12/3

N2 - Software Defined Networks (SDNs) have opened up a new era for networking by decoupling the control and data planes. With a centralized controller, the process of updating networks becomes much more convenient when compared to traditional networks. However, even with SDNs, transitional network states during network updates may still cause problems. Such states may result in a breakdown of isolation guarantees or other critical constraints and this could lead to incorrect behavior or even security vulnerabilities. In this paper, we propose a novel abstraction for network updates, inter-flow consistency, that can account for relationships and constraints among different flows during updates. We present a generic inter-flow consistency constraint, version isolation, and a special case, spatial isolation. We propose update scheduling algorithms based on dependency graphs and a data structure that captures dependencies among different update operations & network elements. We also implemented a prototype system on a Mininet OpenFlow network and Ryu SDN controller to evaluate our approach. Experimental results show that our approach is able to enforce inter-flow consistency constraints with reasonable overheads and that overheads for version isolation are higher than for spatial isolation. Furthermore, when only spatial isolation constraints are in use, overheads on update times for flows that have no isolation constraints are very small (around 1%).

AB - Software Defined Networks (SDNs) have opened up a new era for networking by decoupling the control and data planes. With a centralized controller, the process of updating networks becomes much more convenient when compared to traditional networks. However, even with SDNs, transitional network states during network updates may still cause problems. Such states may result in a breakdown of isolation guarantees or other critical constraints and this could lead to incorrect behavior or even security vulnerabilities. In this paper, we propose a novel abstraction for network updates, inter-flow consistency, that can account for relationships and constraints among different flows during updates. We present a generic inter-flow consistency constraint, version isolation, and a special case, spatial isolation. We propose update scheduling algorithms based on dependency graphs and a data structure that captures dependencies among different update operations & network elements. We also implemented a prototype system on a Mininet OpenFlow network and Ryu SDN controller to evaluate our approach. Experimental results show that our approach is able to enforce inter-flow consistency constraints with reasonable overheads and that overheads for version isolation are higher than for spatial isolation. Furthermore, when only spatial isolation constraints are in use, overheads on update times for flows that have no isolation constraints are very small (around 1%).

UR - http://www.scopus.com/inward/record.url?scp=84966429485&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84966429485&partnerID=8YFLogxK

U2 - 10.1109/CNS.2015.7346859

DO - 10.1109/CNS.2015.7346859

M3 - Conference contribution

AN - SCOPUS:84966429485

T3 - 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015

SP - 469

EP - 478

BT - 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015

PB - Institute of Electrical and Electronics Engineers Inc.

ER -