BigMaC: Reactive Network-wide Policy Caching for SDN Policy Enforcement

Bo Yan, Yang Xu, H. Jonathan Chao

Research output: Contribution to journalArticle

Abstract

Enforcing network policies is critical for service deployments over Software-defined Networks (SDN). Most existing studies suggest proactively compiling policies into flow entries in the data plane and updating the installed entries when necessary. With a growing amount of applications, taking a proactive approach may overflow underlying switch memory. Meanwhile, certain policies can be frequently updated. Such updates may propagate across configurations in the network, leading to long time for correctness validation. To improve both the scalability and the flexibility of SDN policy enforcement, we advocate reactively deploying network policies in the data plane. To this end, we propose a network-wide policy enforcement framework named BigMaC. BigMaC advertises a neat policy model for network managers to specify various network policies as rules. It then caches the rules as flow entries in the switches reactively on demand. One major challenge for the BigMaC design is to guarantee the consistency of defined policies and cached entries in the network. To maintain consistency with efficient table usage and simple updates, we group rules into buckets and perform rule caching in the unit of buckets. With trace-driven simulations, we verify that BigMaC can significantly save table space and reduce update complexity compared to prior proposals.

Original languageEnglish (US)
JournalIEEE Journal on Selected Areas in Communications
DOIs
StateAccepted/In press - Jan 1 2018

Fingerprint

Switches
Scalability
Managers
Data storage equipment

Keywords

  • Chaotic communication
  • Complexity theory
  • Engines
  • Scalability
  • Servers
  • Switches

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

@article{9b9e16b72fc24d72b630229a6784ab71,
title = "BigMaC: Reactive Network-wide Policy Caching for SDN Policy Enforcement",
abstract = "Enforcing network policies is critical for service deployments over Software-defined Networks (SDN). Most existing studies suggest proactively compiling policies into flow entries in the data plane and updating the installed entries when necessary. With a growing amount of applications, taking a proactive approach may overflow underlying switch memory. Meanwhile, certain policies can be frequently updated. Such updates may propagate across configurations in the network, leading to long time for correctness validation. To improve both the scalability and the flexibility of SDN policy enforcement, we advocate reactively deploying network policies in the data plane. To this end, we propose a network-wide policy enforcement framework named BigMaC. BigMaC advertises a neat policy model for network managers to specify various network policies as rules. It then caches the rules as flow entries in the switches reactively on demand. One major challenge for the BigMaC design is to guarantee the consistency of defined policies and cached entries in the network. To maintain consistency with efficient table usage and simple updates, we group rules into buckets and perform rule caching in the unit of buckets. With trace-driven simulations, we verify that BigMaC can significantly save table space and reduce update complexity compared to prior proposals.",
keywords = "Chaotic communication, Complexity theory, Engines, Scalability, Servers, Switches",
author = "Bo Yan and Yang Xu and Chao, {H. Jonathan}",
year = "2018",
month = "1",
day = "1",
doi = "10.1109/JSAC.2018.2871296",
language = "English (US)",
journal = "IEEE Journal on Selected Areas in Communications",
issn = "0733-8716",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - BigMaC

T2 - Reactive Network-wide Policy Caching for SDN Policy Enforcement

AU - Yan, Bo

AU - Xu, Yang

AU - Chao, H. Jonathan

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Enforcing network policies is critical for service deployments over Software-defined Networks (SDN). Most existing studies suggest proactively compiling policies into flow entries in the data plane and updating the installed entries when necessary. With a growing amount of applications, taking a proactive approach may overflow underlying switch memory. Meanwhile, certain policies can be frequently updated. Such updates may propagate across configurations in the network, leading to long time for correctness validation. To improve both the scalability and the flexibility of SDN policy enforcement, we advocate reactively deploying network policies in the data plane. To this end, we propose a network-wide policy enforcement framework named BigMaC. BigMaC advertises a neat policy model for network managers to specify various network policies as rules. It then caches the rules as flow entries in the switches reactively on demand. One major challenge for the BigMaC design is to guarantee the consistency of defined policies and cached entries in the network. To maintain consistency with efficient table usage and simple updates, we group rules into buckets and perform rule caching in the unit of buckets. With trace-driven simulations, we verify that BigMaC can significantly save table space and reduce update complexity compared to prior proposals.

AB - Enforcing network policies is critical for service deployments over Software-defined Networks (SDN). Most existing studies suggest proactively compiling policies into flow entries in the data plane and updating the installed entries when necessary. With a growing amount of applications, taking a proactive approach may overflow underlying switch memory. Meanwhile, certain policies can be frequently updated. Such updates may propagate across configurations in the network, leading to long time for correctness validation. To improve both the scalability and the flexibility of SDN policy enforcement, we advocate reactively deploying network policies in the data plane. To this end, we propose a network-wide policy enforcement framework named BigMaC. BigMaC advertises a neat policy model for network managers to specify various network policies as rules. It then caches the rules as flow entries in the switches reactively on demand. One major challenge for the BigMaC design is to guarantee the consistency of defined policies and cached entries in the network. To maintain consistency with efficient table usage and simple updates, we group rules into buckets and perform rule caching in the unit of buckets. With trace-driven simulations, we verify that BigMaC can significantly save table space and reduce update complexity compared to prior proposals.

KW - Chaotic communication

KW - Complexity theory

KW - Engines

KW - Scalability

KW - Servers

KW - Switches

UR - http://www.scopus.com/inward/record.url?scp=85054273967&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85054273967&partnerID=8YFLogxK

U2 - 10.1109/JSAC.2018.2871296

DO - 10.1109/JSAC.2018.2871296

M3 - Article

AN - SCOPUS:85054273967

JO - IEEE Journal on Selected Areas in Communications

JF - IEEE Journal on Selected Areas in Communications

SN - 0733-8716

ER -