Safe Update of Hybrid SDN Networks

The support for safe network updates, i.e., live modification of device behavior without service disruption, is a critical primitive for current and future networks. Several techniques have been proposed by previous works to implement such a primitive. Unfortunately, existing techniques are not generally applicable to any network architecture, and typically require high overhead (e.g., additional memory) to guarantee strong consistency (i.e., traversal of either initial or final paths, but never a mix of them) during the update. In this paper, we deeply study the problem of computing operational sequences to safely and quickly update arbitrary networks. We characterize cases, for which this computation is easy, and revisit previous algorithmic contributions in the new light of our theoretical findings. We also propose and thoroughly evaluate a generic sequence-computation approach, based on two new algorithms that we combine to overcome limitations of prior proposals. Our approach always finds an operational sequence that provably guarantees strong consistency throughout the update, with very limited overhead. Moreover, it can be applied to update networks running any combination of centralized and distributed control-planes, including different families of IGPs, OpenFlow or other SDN protocols, and hybrid SDN networks. Our approach therefore supports a large set of use cases, ranging from traffic engineering in IGP-only or SDN-only networks to incremental SDN roll-out and advanced requirements (e.g., per-flow path selection or dynamic network function virtualization) in partial SDN deployments

OSHI - Open Source Hybrid IP/SDN networking (and its emulation on Mininet and on distributed SDN testbeds)

The introduction of SDN in IP backbones requires the coexistence of regular IP forwarding and SDN based forwarding. The former is typically applied to best effort Internet traffic, the latter can be used for different types of advanced services (VPNs, Virtual Leased Lines, Traffic Engineering...). In this paper we first introduce the architecture and the services of an "hybrid" IP/SDN networking scenario. Then we describe the design and implementation of an Open Source Hybrid IP/SDN (OSHI) node. It combines Quagga for OSPF routing and Open vSwitch for OpenFlow based switching on Linux. The availability of tools for experimental validation and performance evaluation of SDN solutions is fundamental for the evolution of SDN. We provide a set of open source tools that allow to facilitate the design of hybrid IP/SDN experimental networks, their deployment on Mininet or on distributed SDN research testbeds and their test. Finally, using the provided tools, we evaluate key performance aspects of the proposed solutions. The OSHI development and test environment is available in a VirtualBox VM image that can be downloaded.Comment: Final version (Last updated August, 2014

NUTS: Network Updates in Real Time Systems

International audienceFactories need to adapt their communication networks to versatile customer-driven markets. Software defined networking enables a programmatic approach that provides modularity, flexibility and paves the road for behavior certification. Previous works proposed rigorous programming languages and abstractions offering safety properties and verification in best-effort environments. In this work, we propose an approach to provide live update of network elements behavior while respecting real-time constraints. During the network updates, the traffic can be deviated to devices not involved in the desired upgrade ensuring that communication invariant and software requirements are always taken into account. We leverage Temporal NetKAT to write network wide programs and P4 annotations to give indications on the impact of the implementation on deterministic real-time communications passing through network appliances

Fast network configuration in Software Defined Networking

Software Defined Networking (SDN) provides a framework to dynamically adjust and re-program the data plane with the use of flow rules. The realization of highly adaptive SDNs with the ability to respond to changing demands or recover after a network failure in a short period of time, hinges on efficient updates of flow rules. We model the time to deploy a set of flow rules by the update time at the bottleneck switch, and formulate the problem of selecting paths to minimize the deployment time under feasibility constraints as a mixed integer linear program (MILP). To reduce the computation time of determining flow rules, we propose efficient heuristics designed to approximate the minimum-deployment-time solution by relaxing the MILP or selecting the paths sequentially. Through extensive simulations we show that our algorithms outperform current, shortest path based solutions by reducing the total network configuration time up to 55% while having similar packet loss, in the considered scenarios. We also demonstrate that in a networked environment with a certain fraction of failed links, our algorithms are able to reduce the average time to reestablish disrupted flows by 40%

Security Features in a Hybrid Software-Defined Network

The paper presents a novel paradigm of software-defined network that is significantly different from previous traditional networks and enables new opportunities in the architecture and implementation of security solutions. The analysis of network environments will compare traditional networks and software-defined networks and emphasize significant differences. A survey of the existing research includes vector attacks and troubleshooting using the capabilities of SDN with an emphasis on access control, detection, and prevention of attacks. This paper uses previous research and results to obtain information that will be used in improving critical system network protection and compares it with the existing conventional approach as well as implements it through a hybrid software-defined network

Safe, Efficient, and Robust SDN Updates by Combining Rule Replacements and Additions

IEEE Disruption-free updates are a key primitive to effectively operate SDN networks and maximize the benefits of their programmability. In this paper, we study how to implement this primitive safely (with respect to forwarding correctness and policies), efficiently (in terms of consumed network resources) and robustly to unpredictable factors, such as delayed message delivery and processing. First, we analyze the fundamental limitations of prior proposals, which either: 1) progressively replace initial flow rules with new ones or 2) instruct switches to maintain both initial and final rules. Second, we show that safe, efficient, and robust updates can be achieved by leveraging a more general approach. We indeed unveil a dualism between rule replacements and additions that opens new degrees of freedom for supporting SDN updates. Third, we demonstrate how to build upon this dualism. We propose FLIP, an algorithm that computes operational sequences combining the efficiency of rule replacements with the applicability of rule additions. FLIP identifies constraints on rule replacements and additions that independently prevent safety violations from occurring during the update. Then, it explores the solution space by swapping constraints that prevent the same safety violations, until it reaches a satisfiable set of constraints. Fourth, we perform extensive simulations, showing that FLIP can significantly outperform prior work. In the average case, it guarantees a much higher success rate than algorithms only based on rule replacements, and massively reduces the memory overhead needed by techniques solely using rule additions

An Adaptive and Lightweight Update Mechanism for SDN

To improve the network resources utilization and the quality of service, the provision of an adaptive and customizable network service is deemed a feasible approach. In this paper, based on the Quality of Service (QoS)-aware traffic classification and real-time network status, an adaptive update mechanism is presented to change the traditional rigid update techniques in SDN. The developed update mechanism aims at abstracting the common update mechanism into update operations and calculates the update sequence on the operation granularity. The mechanism has three work modes, and each mode has a corresponding algorithm. It can adjust the work modes adaptively based on the network condition and the flow QoS requirements to improve the performance. The experimental results demonstrate that the three work modes can achieve optimal performance in Ternary Content Addressable Memory (TCAM) overhead reduction, delay, and bandwidth consumption, respectively. For example, when the Tri-fusion work mode is leveraged, it provides at least an 85% reduction of the additional TCAM overhead and improves by at least 9%, 65%, and 82% compared to other work modes and the compared algorithms