Title :
An Adaptable Rule Placement for Software-Defined Networks
Author :
Shuyuan Zhang ; Ivancic, Franjo ; Lumezanu, Cristian ; Yuan, Yuan ; Gupta, Arpan ; Malik, S.
Abstract :
There is a strong trend in networking to move towards Software-Defined Networks (SDN). SDNs enable easier network configuration through a separation between a centralized controller and a distributed data plane comprising a network of switches. The controller implements network policies through installing rules on switches. Recently the "Big Switch" abstraction [1] was proposed as a specification mechanism for high-level network behavior, i.e., the network policies. The network operating system or compiler can use his specification for placing rules on individual switches. However, this is constrained by the limited capacity of the Ternary Content Addressable Memories (TCAMs) used for rules in each switch. We propose an Integer Linear Programming (ILP) based solution for placing rules on switches for a given firewall policy while optimizing for the total number of rules and meeting the switch capacity constraints. Experimental results demonstrate that our approach is scalable to practical sized networks.
Keywords :
computer network management; firewalls; integer programming; linear programming; network operating systems; ILP; SDN; TCAM; adaptable rule placement; big switch abstraction; centralized controller; compiler; distributed dataplane; firewall policy; high-level network behavior; integer linear programming; network configuration; network policies; practical sized networks; software-defined networks; switch capacity constraints; ternary content addressable memories; Control systems; Google; Linear programming; Optimization; Ports (Computers); Routing; Silicon; Big Switch Abstraction; Distributed Firewall; Rule Placement; SDN;
Conference_Titel :
Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on
Conference_Location :
Atlanta, GA
DOI :
10.1109/DSN.2014.24
