Chen Tian,Ali Munir,Alex X. Liu,Jie Yang,Yangming Zhao

DOI: https://doi.org/10.1109/tnet.2018.2829882

2018-01-01

IEEE/ACM Transactions on Networking

Abstract:We propose OpenFunction, an extensible data plane abstraction protocol for platform-independent software-defined middleboxes. The main challenge is how to abstract packet operations, flow states and event generations with elements. The key decision of OpenFunction is: actions/states/events operations should be defined in a uniform pattern and independent from each other. We implemented a working SDM system including one OpenFunction controller and OpenFunction boxes based on Netmap, DPDK and FPGA to verify OpenFunction abstraction.

Yi Shen,Chunming Wu,Qiumei Cheng,Dezhang Kong

DOI: https://doi.org/10.1109/hpcc-smartcity-dss50907.2020.00122

2020-01-01

Abstract:Software-Defined Networking (SDN) is an emerging network platform, which decouples the control and data planes. As the most popular southbound protocol and standard, OpenFlow converts network forwarding policies to rule entries and stores them in the flow table. However, the capacity of the flow table is restricted, which can lead to table-overflow if the space is inefficiently used. In this paper, we propose an adaptive flow table management scheme (AFTM) on the control plane, which combines assigning dynamic timeout and proactive eviction to manage the limited flow table resources. The timeout assignment module and the proactive eviction module are not independent parts but work collaboratively. The timeout assignment module sets suitable timeouts for rule entries according to flow characteristics, so that entries of short-lived flows are quickly removed while entries of flows with large packet intervals are retained. When the table space is insufficient, the proactive eviction module removes rule entries to protect the flow table from table-overflow. In our design, the eviction thresholds and parameters in both modules can be adaptively adjusted according to the network load. Experimental results show that AFTM can effectively manage the flow table resource and reduce the number of packet drop rates by up to 81% compared with existing schemes.

Boyang Zhou,Wen Gao,Chunming Wu,Bin Wang,Ming Jiang,Yansong Wang

DOI: https://doi.org/10.1007/978-3-319-13326-3_39

2014-01-01

Abstract:The Software-Defined Networking (SDN) separates the control plane from the data plane to increase the flexibility. In the data plane, the unavailability of data forwarding is a common problem preventing a switch from configuring a new arrival flow into its flow table. When the burst flows arrived at the switch, the flow table can be consumed, causing the unavailability occurred. However, the problem is more complicated than in Internet due to the limited channel bandwidth for detecting the table usage. Hence, we propose a transparent core layer in the controller. The mechanism of the layer improves the availability in such way, configuring switches adapting to arrival patterns of flows to prevent the resource of switch exceeding its limit. This paper introduces the design and mechanisms of the layer as well as their algorithms. We further use a real flow trace from a Internet core router to evaluate the performance of layer. By emulating on on miniNet-HiFi, the results demonstrate that the layer can smooth the burst flows without making the flow table exceeding its size, without the layer, the switch lost 8% ingress flows. Meanwhile, the control throughput is lowered by 25.8% than before.

Chen Sun,Jun Bi,Haoxian Chen,Hongxin Hu,Zhilong Zheng,Shuyong Zhu,Chenghui Wu

DOI: https://doi.org/10.1109/tnet.2017.2726550

2017-01-01

IEEE/ACM Transactions on Networking

Abstract:As the prevailing technique of software-defined networking (SDN), open flow introduces significant programmability, granularity, and flexibility for many network applications to effectively manage and process network flows. However, open flow only provides a simple "match-action" paradigm and lacks the functionality of stateful forwarding for the SDN data plane, which limits its ability to support advanced network applications. Heavily relying on SDN controllers for all state maintenance incurs both scalability and performance issues. In this paper, we propose a novel stateful data plane architecture (SDPA) for the SDN data plane. A co-processing unit, forwarding processor (FP), is designed for SDN switches to manage state information through new instructions and state tables. We design and implement an extended open flow protocol to support the communication between the controller and FP. To demonstrate the practicality and feasibility of our approach, we implement both software and hardware prototypes of SDPA switches, and develop a sample network function chain with stateful firewall, domain name system (DNS) reflection defense, and heavy hitter detection applications in one SDPA-based switch. Experimental results show that the SDPA architecture can effectively improve the forwarding efficiency with manageable processing overhead for those applications that need stateful forwarding in SDN-based networks.

Nian Xue,Daojing Guo,Jie Zhang,Jihao Xin,Zhen Li,Xin Huang

DOI: https://doi.org/10.1109/isncc52172.2021.9615751

2021-01-01

Abstract:The recent surge in the prosperity of the Internet of Things (IoT) has been attracting an increasing number of researchers and experts with great attention due to its significant economic and social values. The IoT brings appealing opportunities and new challenges for both the current and future Internet. In practice, various IoT smart devices are generally pre-programmed and deployed specifically in the proper place to fulfill corresponding functions according to divergent requirements. However, lately, these pre-stored functions tend to be upgraded or reprogrammed more frequently on account of the increment of dynamic needs or urgent situations. Inspired by Software Defined Networking (SDN), the authors propose a framework in this work: Software Defined Function (SDF) for IoT, enabling IoT smart devices to be upgraded or reprogrammed securely and remotely. The authors further present a protocol named as OpenFunction stemmed from OpenFlow. Moreover, the security properties of this protocol are analyzed. Finally, the authors implement a preliminary SDF system and evaluate its performance. Experimental results indicate that OpenFunction allows a controller to update or rewrite functions in IoT devices, as well as to obtain flexibility and security. Accordingly, this work contributes to the future fusion of SDN and IoT technologies.

Jun Bi,Shuyong Zhu,Chen Sun,Guang Yao,Hongxin Hu

DOI: https://doi.org/10.1109/MNET.2016.7474342

IF: 10.294

2016-01-01

IEEE Network

Abstract:A recent trend known as NFV attempts to replace dedicated hardware appliances with generic compute, storage, and network resources. NFV based on SDN can extend programmability and flexibility features of advanced network functions. Many of these network functions, however, need concrete state information to effectively process network flows. However, OpenFlow only provides a simple "match-action" paradigm and lacks the function of stateful processing in the SDN data plane, which limits its support of advanced network functions. Heavily relying on SDN controllers for all state maintenance incurs both scalability and performance issues. In this article, we propose a novel SDPA for the SDN data plane. A co-processing unit, the forwarding processor, is designed for SDN switches to manage state information through new instructions and state tables. We demonstrate the practicality and feasibility of our approach through a proof-of-concept implementation of VNFs, a stateful firewall based on SDPA. Experimental results show that VNFs which need to process state information can be supported well by the SDPA architecture, and the forwarding efficiency is improved.

Shuyong Zhu,Jun Bi,Chen Sun,Chenghui Wu,Hongxin Hu

DOI: https://doi.org/10.1109/icnp.2015.45

2015-01-01

Abstract:As the prevailing technique of Software-Defined Networking (SDN), OpenFlow introduces significant programmability, granularity and flexibility for many network applications to effectively manage and process network flows. However, OpenFlow only provides a simple "match-action" paradigm and lacks the function of stateful forwarding for SDN data plane, which limits it to support advanced network applications. Heavily relying on SDN controllers for all state maintenance incurs both scalability and performance issues. In this paper, we propose a novel Stateful Data Plane Architecture (SDPA) for SDN data plane. A co-processing unit, Forwarding Processor (FP), is designed for SDN switches to manage state information through new instructions and state tables. We design and implement an extended OpenFlow protocol to implement the communication between the controller and FP. To demonstrate the practicality and feasibility of our approach, we implement both software and hardware prototypes of SDPA switches, and develop a sample network function chain with stateful firewall, DNS reflection attack defense and NAT applications in one SDPA-based switch. Experimental results show that the SDPA architecture can effectively improve the forwarding efficiency with manageable processing overhead for those applications that need stateful forwarding in SDN-based networks.

Shuyong Zhu,Jun Bi,Chen Sun

2014-01-01

Abstract:Software Defined Networking (SDN) is a new network architecture where network control is decoupled from forwarding and is directly programmable. However, existing techniques provide limited support for stateful forwarding in SDN data plane. Relying on the controller for all state maintaining gives rise to scalability and performance issues. In this paper, we present Stateful Forwarding Abstraction (SFA) in SDN data plane. And we design a co-processing unit in SDN switches named Forwarding Processor (FP). It can deal with state information in data plane and its instructions can be flexibly extended to meet application requirements. Through SFA, we implement stateful network processing on the datapath which covers a full range of Layer 4 to Layer 7 services. We validate its performance based on IPsec. The experiment result proves that the forwarding efficiency is greatly improved.

Haoyu Song,Jun Gong,Hongfei Chen,Justin Dustzadeh

DOI: https://doi.org/10.48550/arXiv.1405.0060

2014-05-01

Abstract:In many real-world OpenFlow-based SDN deployments, the ability to program heterogeneous forwarding elements built with different forwarding architectures is a desirable capability. In this paper, we discuss a data plane programming framework suitable for a flexible and protocol-oblivious data plane and show how OpenFlow can evolve to provide a generic interface for platform-independent programming and platform-specific compiling. We also show how an abstract instruction set can play a pivotal role to support different programming styles mapping to different forwarding chip architectures. As an example, we compare the compiler-mode and interpreter-mode implementations for an NPU-based forwarding element and conclude that the compiler-mode implementation can achieve a performance similar to that of a conventional non-SDN implementation. Built upon our protocol-oblivious forwarding (POF) vision, this work presents our continuous efforts to complete the ecosystem and pave the SDN evolving path. The programming framework could be considered as a proposal for the OpenFlow 2.0 standard.

Networking and Internet Architecture

Shengru Li,Daoyun Hu,Wenjian Fang,Shoujiang Ma,Cen Chen,Huibai Huang,Zuqing Zhu

DOI: https://doi.org/10.1109/mnet.2017.1600030nm

IF: 10.294

2017-01-01

IEEE Network

Abstract:Software-defined networking separates the control and forwarding planes of a network to make it more programmable and application- aware. As one of the initial implementations of SDN, OpenFlow abstracts a forwarding device as a flow table and realizes flow processing by applying the "match-and-act" principle. However, the protocol-dependent nature of OpenFlow still limits the programmability of the forwarding plane. Hence, in this article, we discuss how to leverage protocol-oblivious forwarding (POF) to further enhance the network programmability such that the forwarding plane becomes protocol-independent and can be dynamically reprogrammed to support new protocol stacks seamlessly. We first review the development of OpenFlow and explain the motivations for introducing POF. Then we explain the working principle of POF, discuss our efforts on realizing the POF development ecosystem, and show our implementation of POF-based source routing as a novel use case. Finally, we elaborate on the first WAN-based POF network testbed that includes POF switches located in two cities in China.

Nian Xue,Lulu Liang,Jie Zhang,Xin Huang

DOI: https://doi.org/10.1007/978-3-319-59608-2_43

2016-01-01

Abstract:The OpenFlow protocol, as a fundamental element for Software Defined Networking (SDN) architecture, only supports for packet forwarding across switches in general networks. In this paper, the authors propose Software-Defined Function (SDF) which entitles administrators to manage the Internet of Things (IoT) devices and services through abstraction of the underlying infrastructure. The authors further present OpenFunction, a secure communications protocol stemmed from OpenFlow, which enables the IoT devices to be upgraded or reprogrammed remotely and securely. Finally, the authors implement a preliminary SDF system and evaluate its performance. The experimental results demonstrate that the SDF and OpenFunction can grant programmability, flexibility, centralization and security to the IoT.

Tao Feng,Jun Bi,Peiyao Xiao,Xiuli Zheng

DOI: https://doi.org/10.1109/inm.2015.7140368

2015-01-01

Abstract:The application of SDN and OpenFlow in a production network will face the challenges of integration with legacy routers and legacy control and management protocols. Our contribution is to preserve distributed basic functions in legacy network devices and improve central control on complex functions with OpenFlow. This paper describes a refactoring process of an intra-AS source address validation from a traditional network application to an OpenFlow-based one. It shows practical solutions about introducing OpenFlow into a commercial router by fireware updating without device hardware modification, extending OpenFlow for routing notification and packets sampling to integrate with legacy control protocols, extending an OpenFlow controller to receive and forward routing status and packets sampling messages for external control.

Wenmao LIU,Xiaofeng QIU,Pengcheng CHEN,Xutao WEN,Xinxin HE,Dongsheng WANG,Jun LI

DOI: https://doi.org/10.3778/j.issn.1673-9418.1407061

2015-01-01

Abstract:Current OpenFlow specifications provide limited access to packet details, making it inefficient to deploy security applications. Moreover, current security solutions become less flexible as software defined-networking (SDN) develops. This paper proposes a distributed software-defined security architecture (SDSA), which offloads heavy security processing from SDN controller to a dedicated security controller and security APPs, providing both flow and packet level protections against various attacks in the SDN and virtual environment. This paper gives the global view and knowledge of flows, IaaS assets and devices, which can make accurate decisions and ensures devices to execute security rules instantly. The architecture simplifies security device logic greatly by separating security data and control planes, the detection and protection are automated with standardized control messages, making the secu-rity reaction fast. The experiments demonstrate that SDSA can detect DoS attack, port scan and abnormal high traffic with low cost and little overhead.

Min ZHAO,Ye TIAN

DOI: https://doi.org/10.3969/j.issn.2095-347X.2018.01.009

2018-01-01

Abstract:Software Defined Network (SDN) enables users to dynamically configure the network according to their needs by programming the network,greately increasing the flexibility of the network by separating the control plane from the data plane.As one of SDN's representstive agreement,OpenFlow has evolved a number of versions,but the user's operation on data plane of network device is limited because of OpenFlow's specification constraints.P4,which is a high-level programming language and POF,an SDN technology both proposed to effectively solve the above problems.This paper expounds the differences between P4 and POF from three aspects:forwarding model,process control and instruction operation,also summarizes the advantages and disadvantages of the two.

Wen Wang,Wenbo He,Jinshu Su

DOI: https://doi.org/10.1109/pccc.2015.7410312

2015-01-01

Abstract:In traditional networks, it is difficult to manage the distributed detection and prevention nodes of IDS and IPS due to the laborious manual deployment and independent configuration. Software defined networking (SDN) provides a flexible approach to control the underlying network infrastructures efficiently. However, the OpenFlow flow table is too simple to provide complex functions with the match-action style processing. To support more functionalities, in this paper, we propose a middlebox management architecture with SDN - OpenMiddlebox, by extending OpenFlow to support middleboxes with ClickOS virtual machines (VM), so that programmable middleboxes could be deployed and managed in switches with fast booted ClickOS VMs flexibly. We then design automatic deployment and update schemes of network intrusion detection and prevention middleboxes with the centralized controller. The evaluation results show that OpenMiddlebox could manage the distributed middleboxes efficiently and is scalable to large networks, and the centralized control also improves the network intrusion detection and prevention accuracy.

Shaofei Tang,Hui Liang,Min Wang,Tingyu Li,Zuqing Zhu

DOI: https://doi.org/10.1109/ICCCN52240.2021.9522342

2021-01-01

Abstract:In this work, we try to combine software-defined networking (SDN), in-band network telemetry (INT), and data analytics to realize a novel closed-loop network automation system. To architect the data plane, we jointly consider P4-based and protocol-oblivious forwarding (POF) based programmable data plane switches (PDP-SWs) to build a generic programmable data plane (G-PDP), such that the two types of PDP-SWs can benefit each other mutually to overcome their own drawbacks. In the control plane, we expand ONOS to ensure that it can effectively manage the PDP-SWs in the G-PDP. We also design and implement data analyzers (DAs) in its data analytics subsystem, and deploy them distributedly in the G-PDP to alleviate the burden of data processing in the control plane. Our proposal is demonstrated experimentally with a network system prototype that consists of six PDP-SWs, and the results confirm that it can realize closed-loop network automation effectively and balance the tradeoff between flexibility and performance properly.

Zheng Zhao,Xiaoya Fan,Xin Xie,Qian Mao,Qi Zhao

DOI: https://doi.org/10.3837/tiis.2023.07.009

2023-01-01

KSII Transactions on Internet and Information Systems

Abstract:Software-Defined Networking (SDN) offers several advantages in dynamic routing, flexible programmable control and custom application-driven network management. However, the programmability of the data plane in traditional SDN is limited. A network operator cannot change the ability of the data plane and perform complex packet processing on the data plane, which limits the flexibility and extendibility of SDN. In the paper, AP-SDN (Action Program enabled Software-Defined Networking) architecture is proposed, which extends the action set of SDN data plane. In the proposed architecture, a modified Open vSwitch is utilized in the data plane allowing the execution of action programs at runtime, thus enabling complex packet processing. An example action program is also implemented which transparently encrypts traffic for terminals. At last, a prototype system of AP-SDN is developed and experiments show its effectiveness and performance.

LIN Ping-ping,BI Jun,HU Hong-yu,JIANG Xiao-ke

DOI: https://doi.org/10.3969/j.issn.1000-1220.2013.09.001

2013-01-01

Abstract:Currently,the architecture of network device is closed.This is detrimental to the network innovation.Software defined networking(SDN) decouples the vertically coupled architecture.At the same time,it opens up the control plane and the protocol implementation in control plane.By this way,software defined network promotes the innovation and the rapid evolution of the network.At present the idea of software defined network is widely accepted by academic and industry researchers.OpenFlow as a typical instance of the software defined network has been deployed by many universities and research institutions all over the world.With the increasing scale of deployment,the poor scalability of the OpenFlow centralized control mode becomes more and more obvious.To solve this problem,this paper adopts the idea of load balance to solve the scalability issue in OpenFlow control plane.And it proposes and designs a high scalable mechanism named MSDN to balance the data flow initialization requests.And then those requests are parallelly processed with a shared global network view.Besides,MSDN also builds a data cluster for the network view.By this way,the scalability in control plane is completely solved.Finally,the emulation in this paper proves the feasibility of the solution.

Hongyu Hu,Jun Bi,Tao Feng,You Wang,Pingping Lin

2011-01-01

Abstract:The Internet has made great success and big progress. However, the network-layer of Internet and the network devices in Internet have been relatively stagnant. Few changes or improvements have been made in last forty years, which is a stark contrast to the prosperity of the application-layer of the Internet. OpenFlow aims to enable innovation for the network-layer and network devices, which decouples the traditional network devices and rebuilds each module of the devices in an open and standardized way. But there are still some challenges that need to be overcome before OpenFlow can become more practicable and more usable, and ultimately, achieve larger scale commercial applications. Based on our analysis of OpenFlow, we proposed some extensions for OpenFlow (OpenFlow) in this paper, including these four aspects: standard hardware extension, control mode extension, communication interface extension, and low-cost FlowTable realization. Next, the implementation details of OpenFlow in a commercial router are described, and finally, two new applications based on OpenFlow are demonstrated. We believe that OpenFlow will help to speed up the business development of OpenFlow and promote its large-scale use and applications.

Douglas Comer,Adib Rastegarnia

DOI: https://doi.org/10.48550/arXiv.1807.02205

2018-07-06

Abstract:Software Defined Networking (SDN) offers flexibility to program a network based on a set of network requirements. Programming the networks using SDN is not completely straightforward because a programmer must deal with low level details. To solve the problem, researchers proposed a set of network programming languages that provide a set of high level abstractions to hide low level hardware details. Most of the proposed languages provide abstractions related to packet processing and flows, and still require a programmer to specify low-level match-action fields to configure and monitor a network. Recently, in an attempt to raise the level at which programmers work, researchers have begun to investigate Intent-based, descriptive northbound interfaces. The work is still in early stages, and further investigation is required before intent-based systems will be adopted by enterprise networks. To help achieve the goal of moving to an intent-based design, we propose an SDN-based network programming framework, the Open Software Defined Framework (OSDF). OSDF provides a high level Application Programming Interface (API) that can be used by managers and network administrators to express network requirements for applications and policies for multiple domains. OSDF also provides a set of high level network operation services that handle common network configuration, monitoring, and Quality of Service (QoS) provisioning. OSDF is equipped with a policy conflict management module to help a network administrator detect and resolve policy conflicts. The paper shows how OSDF can be used and explains application-based policies. Finally, the paper reports the results of both testbed measurements and simulations that are used to evaluate the framework from multiple perspectives, including functionality and performance.

Networking and Internet Architecture