A parallel approach for detecting OpenFlow rule anomalies based on a general formalism
Journal article, Peer reviewed
MetadataShow full item record
Original versionAryan R, Yazidi A, Kure Ø, Engelstad P.E.. A parallel approach for detecting OpenFlow rule anomalies based on a general formalism. Concurrency and Computation. 2020 https://dx.doi.org/10.1002/cpe.5907
As the policies of a software-defined networking (SDN) network can be updated dynamically and often at a high pace, conflicts between policies can easily occur. Due to the large number of switches and heterogeneous policies within a typical SD Nnetwork, detecting those conflicts is a laborious and challenging task. This article presents Three main contributions. First, we devise an offline method for detecting unmatched OpenFlow rules, that is, rules that are never fired. In our taxonomy such anomalies can stem from either invalid or irrelevant unmatched rules. Second, we introduce a new set of definitions for the intraanomalies between rules in the same table, which might occur when using the multiaction feature of an OpenFlow rule. Third, our detection method has been enhanced to support parallel execution, which makes it a viable solution for troubleshooting large-scale networks. We provide some comprehensive experimental results based on both synthetic and real-life setup the synthetic set up is designed in such a way that the rule matching takes place in the last rules of the switch and thus putting more stress on the rule detection process. The parallel method is shown to outperform the single-threaded checking method by order of magnitude up to 21.