Inter-flow consistency: A novel SDN update abstraction for supporting inter-flow constraints

Software Defined Networks (SDNs) have opened up a new era for networking by decoupling the control and data planes. With a centralized controller, the process of updating networks becomes much more convenient when compared to traditional networks. However, even with SDNs, transitional network states during network updates may still cause problems. Such states may result in a breakdown of isolation guarantees or other critical constraints and this could lead to incorrect behavior or even security vulnerabilities. In this paper, we propose a novel abstraction for network updates, inter-flow consistency, that can account for relationships and constraints among different flows during updates. We present a generic inter-flow consistency constraint, version isolation, and a special case, spatial isolation. We propose update scheduling algorithms based on dependency graphs and a data structure that captures dependencies among different update operations & network elements. We also implemented a prototype system on a Mininet OpenFlow network and Ryu SDN controller to evaluate our approach. Experimental results show that our approach is able to enforce inter-flow consistency constraints with reasonable overheads and that overheads for version isolation are higher than for spatial isolation. Furthermore, when only spatial isolation constraints are in use, overheads on update times for flows that have no isolation constraints are very small (around 1%).