A General Formalism for Defining and Detecting OpenFlow Rule Anomalies

Author(s)

Publication date

2017

Publisher

IEEE

Document type

Abstract

SDN network's policies are updated dynamically at a high pace. As a result, conflicts between policies are prone to occur. Due to the large number of switches and heterogeneous policies within a typical SDN network, detecting those conflicts is a laborious and challenging task. This paper presents two-fold contributions. First, we devise an offline method for detecting unmatched OpenFlow rules, i.e., those rules that are never fired. At the heart of our scheme is a formal approach for predicting the packet's path inside a SDN network. In this perspective, we proffer the taxonomy: invalid and irrelevant anomalies for the unmatched rules. Second, we introduce a new set of definitions for the intra-anomalies, which might occur when using the OpenFlow rule's multi-action feature. We provide some comprehensive experimental results that show the feasibility of our approach and its ability to scale within large SDN network.

Keywords

Version

publishedVersion

Permanent URL (for citation purposes)

  • https://hdl.handle.net/10642/6066