Flow Entry Conflict Detection Using Reduced Bit Vector for Software-Defined Network

• Main Authors: Pei-YuWu, 吳佩育
• Other Authors: Yau-Hwang Kuo
• Format: Others
• Language: en_US
• Published: 2015
• Online Access: http://ndltd.ncl.edu.tw/handle/79520995746576488306

碩士 === 國立成功大學 === 資訊工程學系 === 103 === Software-Defined Network (SDN) is a promising networking paradigm that decouples the network control plane from the data forwarding plane. This separation makes it possible to provide network administrators to overcome complexity caused by modern networking environments. With a programmable centralized control, network administrators can create applications that provide a more flexible and agile network management to improve network resource utilization, reduce operating cost, and promote innovation and evolution. OpenFlow is a great concept to realize SDN architecture that simplifies the network and traffic management in enterprise and data center environments by utilizing flow-based control over the OpenFlow switches and providing global view of the network status. It not only utilizes first-matching mechanism to forward packets in the network, but also uses a field of arbitrary bitmask wildcards that have binary flags in the match. However, by applying the first-matching mechanism to match flow entries at a switch may not always produce the desire outcome. This is because flow entries with wildcard fields sometimes create conflicts between flow entries. Thus, the policy selected in this situation may be undesired and wrong action is used for the incoming packet. In addition, with the rapid growth in communication needs for modern networking environments, it is a challenging task for network administrators to manage large amount of flow entries in the flow table. Therefore, an automated conflict detection method is necessary in OpenFlow to identify conflict flow entry problem. In previous studies, the bit vector algorithm (BV) and the aggregated bit vector algorithm (ABV) have been widely applied to packet classification and rule conflict detection in firewalls. So, we studied the applicability of BV and ABV algorithm in OpenFlow to deal with conflict detection in flow entries. However, the BV algorithm reads all bits in processed bit vectors resulting in higher search time and the ABV algorithm could generate excess mapping back cost to detect truly conflicting flow entries. Therefore, inspired by BV and ABV, this thesis presents a conflict detection method called Reduced Bit Vector (RBV) to detect the existence of conflicting flow entries. This is achieved by adopting Redundancy Reduction and Group Classification. The benefits includes that: 1) reducing redundant flow entries in a flow table could decrease memory cost and search time; 2) the number of bits associated with each valid node in each trie is reduced according to Group Classification; 3) some flow entries could avoid repeatedly reading when searching the corresponding tries. Experimental results showed that RBV algorithm requires less search time, lower memory cost, and less incremental update time is required than BV and ABV algorithm for conflict detection in flow entries.