Figure 2 - available via license: CC BY
Content may be subject to copyright.
Source publication
As the network environment expands and becomes more complex, the deficiencies of decision-making capabilities in the single-controller software-defined network architecture are increasingly exposed. Currently, software-defined networks have gradually adopted a multi-controller-based architecture. However, in this architecture, multiple controllers...
Similar publications
Software-Defined Networking (SDN) has become one of the most promising paradigms to manage large scale networks. Distributing the SDN Control proved its performance in terms of resiliency and scalability. However, the choice of the number of controllers to use remains problematic. A large number of controllers may be oversized inducing an overhead...
Citations
... This complexity causes inconsistencies and conflicts between policies that in fact make the overall management inefficient and ineffective. Thus, more extensive models and algorithms must be developed for policy conflict detection and resolution (Lu et al, 2019;Pisharody, 2017). ...
Policy conflicts detection and resolution in distributed management systems are very crucial issues which strongly influence the efficiency of management. In this paper, first the management policies are discussed in the context of their complexity in the management structures. Next, the policy conflicts that may arise in a management hierarchy are examined along with the various proposed resolutions techniques in the literature. Then the significance of propagation policies down through a management hierarchy is examined. A conflict resolution algorithm for propagation policies, is proposed based on similar well-known inheritance mechanisms used in the object-oriented programming. Next, fruitful case examples in the cloud computing services and Internet of Things (IoT) management depict the high value of the proposed algorithm in distributed systems and network policy-based management. Finally, open issues and future work are discussed.
... A number of researchers have used a Static Programming language module by leveraging the OF Analyzer module named Brew; a security policy analysis framework that is developed on an Open Daylight (ODL) based SDN controller [9]. In [10], a method was proposed for accurate detection of universal conflicts. In the proposed mechanism, checks are carried out for policy conflict with machine learning for 500 policies applied in a simulated network. ...
Software Defined Networks (SDN) are a modern networking technology introduced to simplify network management via the separation of the data and control planes. Characteristically, flow entries are propagated between the control plane layer and application or data plane layers respectively while following flow table instructions through open flow protocol. More often than not, conflicts in flows occur as a result of traffic load and priority of instructions in the data plane. Several research works have been conducted on flow conflicts in SDN to reduce the effect of conflict. The flow conflict solutions in SDN have three main limitations. First, the OpenFlow table may still cause a defect in the security module according to the priority and action matching in the open flow in the control plane. Second, flow conflict detection requires more time for flow tracking and incremental update, whereas in such a case, delay affects the efficiency of SDN. Besides, the SDN algorithm and mechanism have substantially high memory requirement for instruction and proper functioning. Third, most of the available algorithms and detection methods used to avoid flow conflicts have not fully covered the security model policy. This study reviews these limitations and suggest solutions as future open research directions.
ABSTRAK: Rangkaian Perisian Tertentu (SDN) adalah teknologi rangkaian moden yang diperkenalkan bagi memudahkan pengurusan rangkaian melalui pecahan data dan kawalan permukaan. Seperti biasa, aliran kemasukan disebar luas antara lapisan permukaan kawalan dan aplikasi atau lapisan permukaan data masing-masing, sambil mengikuti arahan meja melebar melalui protokol aliran terbuka. Kebiasaannya konflik dalam aliran berlaku disebabkan oleh beban trafik dan keutamaan arahan pada permukaan data. Beberapa kajian dibuat terhadap konflik aliran SDN bagi mengurangkan kesan konflik. Solusi konflik aliran dalam SDN mempunyai tiga kekurangan besar. Pertama, jadual Aliran Terbuka mungkin masih menyebabkan kekurangan dalam modul keselamatan berdasarkan keutamaan dan tindakan persamaan dalam aliran terbuka permukaan kawalan. Kedua, pengesanan aliran konflik memerlukan lebih masa bagi pengesanan aliran dan peningkatan kemaskini, kerana setiap penangguhan memberi kesan terhadap kecekapan SDN. Selain itu, algoritma SDN dan mekanisme memerlukan memori yang agak besar bagi memproses arahan dan berfungsi dengan baik. Ketiga, kebanyakan algoritma dan kaedah pengesanan yang digunakan bagi mengelak konflik pengaliran tidak sepenuhnya dilindungi polisi model keselamatan. Oleh itu, kajian ini meneliti kekurangan dan memberi cadangan penambahbaikan bagi arah tuju kajian masa depan yang terbuka.
... This process is considered an SDN advantage compared to traditional network services. SDNs are gradually spreading to large-scale (such as data centers) and complex networks (multi-agency collaborative networks) [10]. ...
When Internet of Things (IoT) big data analytics (BDA) require to transfer data streams among software defined network (SDN)-based distributed data centers, the data flow forwarding in the communication network is typically done by an SDN controller using a traditional shortest path algorithm or just considering bandwidth requirements by the applications. In BDA, this scheme could affect their performance resulting in a longer job completion time because additional metrics were not considered, such as end-to-end delay, jitter, and packet loss rate in the data transfer path. These metrics are quality of service (QoS) parameters in the communication network. This research proposes a solution called QoSComm, an SDN strategy to allocate QoS-based data flows for BDA running across distributed data centers to minimize their job completion time. QoSComm operates in two phases: (i) based on the current communication network conditions, it calculates the feasible paths for each data center using a multi-objective optimization method; (ii) it distributes the resultant paths among data centers configuring their openflow Switches (OFS) dynamically. Simulation results show that QoSComm can improve BDA job completion time by an average of 18%.
... In addition, our future work includes the investigation of potential conflict resolution mechanisms per policy conflict category, as well as the evaluation of their applicability in real operating environments. In addition, we intend to implement policy conflict detection mechanisms for multicontroller software-defined network which is suggested by Lu et al. (2019). Finally, its effectiveness has been tested in their campus network experimentally. ...
Policy conflict detection in distributed systems and network management is a crucial issue that strongly influences the management efficiency. In this paper, after investigating thoroughly the related approaches on management policy conflict categorization, a new systematic categorization is proposed that is based on four main perspectives, namely, modality, manageability, interoperability and system specification. Subsequently, an organizational network structure that is managed through policies depicts the high applicability of our approach in policy conflict detection, while implementation examples are also given. Finally, conclusions and future work are discussed.
... In addition, our future work includes the investigation of potential conflict resolution mechanisms per policy conflict category, as well as the evaluation of their applicability in real operating environments. In addition, we intend to implement policy conflict detection mechanisms for multicontroller software-defined network which is suggested by Lu et al. (2019). Finally, its effectiveness has been tested in their campus network experimentally. ...
Policy conflict detection in distributed systems and network management is a crucial issue that strongly influences the management efficiency. In this paper, after investigating thoroughly the related approaches on management policy conflict categorization, a new systematic categorization is proposed that is based on four main perspectives, namely, modality, manageability, interoperability and system specification. Subsequently, an organizational network structure that is managed through policies depicts the high applicability of our approach in policy conflict detection, while implementation examples are also given. Finally, conclusions and future work are discussed.
SDN changes the networking vision with an impressive thought of segregating the networking control from the data management hardware and brings new functionalities such as programmability, elasticity, flexibility, and adoption capability in the network, which are difficult to think of in traditional rigid network architecture. However, a wide range of vulnerable surfaces directly or indirectly affect the SDN-based system’s information security and launch various attacks. The paper begins with a glimpse of the advantages of SDN over the traditional network but, the findings of the research work take off the wraps regarding vulnerabilities and their consequences on information security. Consequently, the threat surfaces are exposed that exist in SDN architecture due to weak information security. In addition, the research findings also disclose other prominent issues irrespective of information security issues. The inclusion intends to ring the bell in the maximum SDN aspects and make researchers or professionals aware of current trends of SDN in the best possible way. The comprehensiveness of this work is retained by detailing every part of SDN, which helps the researchers or professionals to improve SDN structurally or functionally.
OpenFlow implements flow-based control over switches with improved network management performance. However, a packet may match more than one flow entry due to the intra-table dependency phenomenon among flow entries. Moreover, different packets may incur different conflicting flow entries under the intra-table dependency. Forwarding packets by the first-match scheme for prioritized flow entries may not always produce the best outcome. Thus, an online conflict detection procedure executed for each incoming packet is needed to flag the conflicts to network administrators. In addition, the SDN controller may frequently update the service provisioning policies that are specified in the flow entries and deliver them to the switches in a large OpenFlow-based environment. This needs a high-performance conflict detection mechanism to support real-time updating. However, performing conflict detection within a large flow table will be very time consuming. This paper first develops a graph-based multilevel redundancy reduction scheme to construct highly compact matching trees that will be used in conflict detection for a large flow table. Then, a conflict detection algorithm with higher performance and lower cost, the Compact Bit Vector algorithm (CBV), is proposed. The performance of the CBV has been validated through an extensive mathematical performance analysis followed by simulations, with good results in terms of requiring less time for the search, lower memory requirement and lower incremental updating time. Obviously, the CBV is very suitable for the conflict detection task of a large and frequently updated flow table.
