Kai Bu,Xitao Wen,Bo Yang,Yan Chen,Li Erran Li,Xiaolin Chen

DOI: https://doi.org/10.1109/infocom.2016.7524333

2016-01-01

Abstract:Software-Defined Networking (SDN) promises un-precedentedly flexible network management but it is susceptible to forwarding faults. Such faults originate from data-plane rules with missing faults and priority faults. Yet existing fault detection ignores priority faults because they are not discovered on commercial switches until recently. In this paper, we present RuleScope, a more comprehensive solution for inspecting SDN forwarding. RuleScope offers a series of accurate and efficient algorithms for detecting and troubleshooting rule faults. They inspect forwarding behavior using customized probe packets to exercise data-plane rules. The detection algorithm exposes not only missing faults but also priority faults. Beyond simply detecting rule faults, the troubleshooting algorithms uncover actual data-plane flow tables. They help track real-time forwarding status and benefit reliable network monitoring. We explore various techniques for enhancing algorithm efficiency without sacrificing inspection accuracy. Experiments with our prototype on the Ryu SDN controller and Pica8 P-3297 switch show that RuleScope achieves accurate and efficient forwarding inspection with limited bandwidth and packet-switching overhead.

Shaoke Xi,Kai Bu,Wensen Mao,Xiaoyu Zhang,Kui Ren,Xinxin Ren

DOI: https://doi.org/10.1109/tnet.2022.3194970

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:Reliable Software-Defined Networking (SDN) should mitigate forwarding anomalies due to cross-plane rule inconsistencies. Most existing countermeasures either inject probe packets to infer forwarding correctness or collect packet traces to detect forwarding anomalies. They, however, cannot detect or filter forwarding anomalies for production packets in real time. In this paper, we propose RuleOut as the first attempt to automatically throttle SDN forwarding anomalies. It disambiguates dependent rules via augmenting their matching fields with unique tags. Leveraging source routing, we further bind each packet with the tag sequence corresponding to rules the packet should match. RuleOut thus renders each packet to match at most one rule on each switch. This completely addresses the root cause of forwarding ambiguity. To implement RuleOut, we develop a non-overlapping rule dependency graph, a series of algorithms for incremental rule update and tag generation upon it, and various optimization techniques toward scalability and efficiency. We prototype RuleOut on the Ryu controller and Open vSwitch and evaluate its performance over public rule sets such as Stanford, Internet2, and Airtel1. RuleOut can use tags of only several bits long to disambiguate thousands to millions of rules and generate tags fairly fast within a few milliseconds.

Gao Wen,Zhou Boyang,Wu Chunming,Zhou Haifeng,Jiang Ming,Hong Xiaoyan

DOI: https://doi.org/10.1049/cje.2015.07.035

IF: 1.019

2015-01-01

Chinese Journal of Electronics

Abstract:In the Software-defined networking（SDN）,when multiple control domains are used in control services,the transient state problem can occur causing the service flow interruption when border switches are updated asynchronously. We analyze the uniqueness of this problem for SDN, and propose a light-weight protocol for safe reconfiguration of the border switches in order to improve the availability of the services running in SDN. Our solution is designed as a generic supervision layer added in the control plane to support different types of services. To demonstrate the benefits, we implement a prototype of Informationcentric networks（ICN） with the protocol, and conduct experiments using Planet Lab. The results show the ICN service can continuously serve high volume requests for contents despite the congestions built by the heavy background traffic. The performance gains in terms of the mean and standard deviation of the content retrieve delay are40.5% and 21.56%.

Yongning Tang,Yangxuan Wu,Guang Cheng,Zhiwei Xu

DOI: https://doi.org/10.1109/hpsr.2019.8808121

2019-01-01

Abstract:Intelligent Fault localization for SDN becomes one of the most critical but difficult tasks. This paper proposes a new approach called Policy-Aware In-band Network Telemetry (PAINT) to tackle SDN fault localization. In the PAINT system, network operators define and deploy network services using a high-level Service Provisioning Language (SPL). Then, PAINT automatically parses the service policy to infer the causal relationship between service related network components and (end-to-end) service-level observable symptoms. Based on the causality model, PAINT deploys monitoring instruments for the symptoms. PAINT utilizes a dynamically created Symptom-Fault-Telemetry model to incorporate In-band Network Telemetry (INT) actions systematically into the fault reasoning process to improve the efficiency and accuracy of fault localization for SDN. PAINT has been extensively evaluated in a simulation environment for its accuracy and scalability with very positive results.

Haifeng Zhou,Chunming Wu,Chengyu Yang,Pengfei Wang,Qi Yang,Zhouhao Lu,Qiumei Cheng

DOI: https://doi.org/10.1109/TNET.2018.2859483

2018-01-01

IEEE/ACM Transactions on Networking

Abstract:A software-defined network (SDN) is increasingly deployed in many practical settings, bringing new security risks, e.g., SDN controller and switch hijacking. In this paper, we propose a real-time method to detect compromised SDN devices in a reliable way. The proposed method aims at solving the detection problem of compromised SDN devices when both the controller and the switch are trustless, and ...

Yongning Tang,Guang Cheng,Zhiwei Xu,Feng Chen,Khalid Elmansor,Yangxuan Wu

DOI: https://doi.org/10.1186/s13174-016-0043-y

2016-01-01

Journal of Internet Services and Applications

Abstract:Fault localization for SDN becomes one of the most critical but difficult tasks. Existing tools typically only address a specific part of the problem (e.g., control plane verification, flow checker). In this paper, we propose a new approach to tackle SDN fault localization by automatically Modeling via Policy Inference (called MPI) the causality between SDN faults and their symptoms to a belief network. In the MPI system, a service oriented high level policy language is used to specify network services provisioned between end nodes. MPI parses each service provisioning policy to a logical policy view, which consists of a pair of logical end nodes, a traffic pattern specification, and a list of required network functions (or a service function chain). An SDN controller takes the policies from multiple parties and provisions the requested services on its orchestrated SDN network. MPI queries the controller about the network topology and retrieves flow rules from all SDN switches. MPI maps the policy view to the corresponding implementation view, in which all the logical components in the policy view are mapped to the actual system components along with the actual network topology. Referring to the component causality graph templates derived from SDN reference model, the implementation view of the current running network services can be modeled as a belief network. A heuristic fault reasoning algorithm is adopted to search for the most likely root causes. MPI has been evaluated in both a simulation environment and a real network system for its accuracy and efficiency. The evaluation shows that MPI is a highly scalable, effective and flexible modeling approach to tackle fault localization challenges in a highly dynamic and agile SDN network.

Peng Zhang,Shimin Xu,Zuoru Yang,Hao Li,Qi Li,Huanzhao Wang,Chengchen Hu

DOI: https://doi.org/10.1109/icdcs.2018.00085

2018-01-01

Abstract:A crucial requirement for Software Defined Network (SDN) is that data plane forwarding behaviors should always agree with control plane policies. Such requirement cannot be met when there are forwarding anomalies, where packets deviate from the paths specified by the controller. Most anomaly detection methods for SDN install dedicated rules to collect statistics of each flow, and check whether the statistics conform to the flow conservation principle. Such per-flow detection methods have a limited detection scope: they look at one flow each time, thus can only check a limited number of flows simultaneously. In addition, dedicated rules for statistics collection can impose a large overhead on flow tables of SDN switches. To this end, this paper presents FOCES, a network-wide forwarding anomaly detection method in SDN. Different from previous methods, FOCES applies a new kind of flow conservation principle at network wide, and can check forwarding behaviors of all flows in the network simultaneously, without installing any dedicated rules. Experiments show FOCES can achieve a detection precision higher than 90% for four network topologies, even when packet loss rates are as high as 10%.

Niels L. M. van Adrichem,Farabi Iqbal,Fernando A. Kuipers

DOI: https://doi.org/10.48550/arXiv.1605.09350

2016-05-31

Abstract:The past century of telecommunications has shown that failures in networks are prevalent. Although much has been done to prevent failures, network nodes and links are bound to fail eventually. Failure recovery processes are therefore needed. Failure recovery is mainly influenced by (1) detection of the failure, and (2) circumvention of the detected failure. However, especially in SDNs where controllers recompute network state reactively, this leads to high delays. Hence, next to primary rules, backup rules should be installed in the switches to quickly detour traffic once a failure occurs. In this work, we propose algorithms for computing an all-to-all primary and backup network forwarding configuration that is capable of circumventing link and node failures. Omitting the high delay invoked by controller recomputation through preconfiguration, our proposal's recovery delay is close to the detection time which is significantly below the 50 ms rule of thumb. After initial recovery, we recompute network configuration to guarantee protection from future failures. Our algorithms use packet-labeling to guarantee correct and shortest detour forwarding. The algorithms and labeling technique allow packets to return to the primary path and are able to discriminate between link and node failures. The computational complexity of our solution is comparable to that of all-to-all-shortest paths computations. Our experimental evaluation on both real and generated networks shows that network configuration complexity highly decreases compared to classic disjoint paths computations. Finally, we provide a proof-of-concept OpenFlow controller in which our proposed configuration is implemented, demonstrating that it readily can be applied in production networks.

Networking and Internet Architecture

Peng Zhang,Fangzheng Zhang,Shimin Xu,Zuoru Yang,Hao Li,Qi Li,Huanzhao Wang,Chao Shen,Chengchen Hu

DOI: https://doi.org/10.1109/tnet.2020.3033588

2020-01-01

IEEE/ACM Transactions on Networking

Abstract:A crucial requirement for Software Defined Network (SDN) is that data plane forwarding behaviors should always agree with control plane policies. Such requirement cannot be met when there are forwarding anomalies, where packets deviate from the paths specified by the controller. Most anomaly detection methods for SDN install dedicated rules to collect statistics of each flow, and check whether the statistics conform to the “flow conservation principle”. We find these methods have a limited detection scope: they look at one flow each time, thus can only check a small number of flows simultaneously. In addition, dedicated rules for statistics collection can impose a large overhead on flow tables of SDN switches. To this end, this paper presents FOCES, a network-wide forwarding anomaly detection and localization method in SDN. Different from previous methods, FOCES applies a new kind of flow conservation principle at network wide, and can check forwarding behaviors of all flows in the network simultaneously, without installing any dedicated rules. Finally, FOCES applies a voting-based method to localize malicious switches when anomalies are detected. Experiments with four network topologies show that FOCES can achieve a detection precision higher than 90%, when the packet loss rate is no larger than 10%, and a localization accuracy of around 80% when the packet loss rate is no larger than 5%.

Qi Li,Yunpeng Liu,Zhuotao Liu,Peng Zhang,Chunhui Pang

DOI: https://doi.org/10.1109/icc.2016.7510990

IF: 5.3

2021-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Packet forwarding anomaly is an abnormal network state where flows are forwarded along wrong paths. Current practice of forwarding anomaly detection in Software Defined Networks (SDN) is achieved by sending probing packets or analyzing flow statistics. However, these approaches are not effective and efficient. For example, the probing approaches cannot capture all attacks, and the statistics approaches induce high communication overheads since they collect statistics of all flows. In order to address these issues, we propose a novel scheme called FADE. FADE detects forwarding anomalies by accurately analyzing flow statistics of a minimal set of flows. It generates a small number of dedicated flow rules associated with these flows to accurately measure their statistics. Moreover, it controls the installing and timeout of these dedicated flow rules so that all dedicated flow rules generated for the same flow operate on the same set of packets. Therefore, it achieves high efficiency and accuracy in anomaly detection. We prototype FADE and implement it as an application in Opensource controller, Floodlight, and evaluate the performance by Mininet experiments. The experiment results show that FADE can detect almost all forwarding anomalies and only reduces the throughput by 4%.

Kai Bu,Minyu Weng,Junze Bao,Zhenchao Lin,Zhikui Xu

DOI: https://doi.org/10.1109/icdcsw.2016.16

2016-01-01

Abstract:This paper explores a RIGHT framework for reliable policy enforcement in Software-Defined Networking (SDN). Current SDN uses overlapping rules with common matching packets. Even if a packet's expectant rule is inactive, it might hit another rule and experience incorrect yet unnoticed processing. This leads to inconsistency between control plane and data plane, that is, unreliable policy enforcement. RIGHT advocates three adaptations to respectively mitigate, detect, and correct packet processing errors. It is challenging for RIGHT to maintain both accuracy and efficiency. We explore lightweight modifications to current SDN policy enforcement toward better reliability. For example, we decouple rules and priorities through tagging to mitigate matching ambiguity. We also use exact-match rules to efficiently, correctly process packets in the same micro-flow. RIGHT can remedy mis-forwarded packets as well. We expect that a comprehensive design and deployment of RIGHT helps ensure correct per-packet processing in real time for SDN.

Qi Li,Yanyu Chen,Patrick P. C. Lee,Mingwei Xu,Kui Ren

DOI: https://doi.org/10.1109/tnet.2018.2853593

2018-01-01

IEEE/ACM Transactions on Networking

Abstract:Software-defined networking (SDN) utilizes a centralized controller to distribute packet processing rules to network switches. However, rules are often generated by the applications developed by different organizations, so they may conflict with each other in data plane and lead to violations with security rules. The problem is similar to firewall conflicts in IP networks. Rule conflict resolution should incur negligible process delay, such that all rules can he correctly and safely enforced in the data plane in real time. However, since SDN allows users to use more than 35 fields to specify rules (including field transition rules), it is much more complicated to prevent enforcement of SDN rules from violating with security rules than to resolve firewall rule violation, and in particular, field transition rules are enforced. Therefore, it is extremely difficult to resolve such rule conflicts in real time before the rules are installed in SDN data plane. In this paper, we investigate the rule conflict problem in SDN and identify new covert channel attacks due to rule conflicts. To the end, we propose the covert channel defender (CCD) that prevents covert channel attacks by verifying and resolving rule conflicts. Specifically, CCD tracks all rule insertion and modification messages from applications running on the controller. It analyzes the correlation among rules based on multiple packet header fields and resolves any identified rule conflict in real time before rule installation. We implement CCD with the Floodlight controller and evaluate its performance with the real-world Stanford topology. We show that CCD can efficiently detect and prevent rule conflicts in the data plane that may raise covert channels within hundreds of microseconds and brings small overhead to the packet delivery.

Qi Li,Yunpeng Liu,Zhuotao Liu,Peng Zhang,Chunhui Pang

DOI: https://doi.org/10.1109/tpds.2021.3068135

IF: 5.3

2021-11-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Data centers, the critical infrastructure underpinning Cloud computing, often employ Software-Defined Networks (SDN) to manage cluster, wide-area and enterprise networks. As the network forwarding in SDN is dynamically programmed by controllers, it is crucial to ensure that the controller intent is correctly translated into underlying forwarding rules. Therefore, detecting and locating forwarding anomalies in SDN is a fundamental problem in production networks. Existing research proposals, roughly categorized into probing-based, packet piggybacking-based, and flow statistics analysis-based, either impose significant overhead or do not provide sufficient coverage for certain forwarding anomalies. In this article, we propose ${sf FADE}$FADE, a controllable and passive measuring scheme to simultaneously deliver detection efficiency and accuracy. ${sf FADE}$FADE first analyzes the entire network topology and flow rules, and then computes a minimal set of flows that can cover all forwarding rules. For each selected network flow, ${sf FADE}$FADE decides the optimal number of monitoring positions on its path (much less than total number of hops), and installs dedicated rules to collect flow statistics. ${sf FADE}$FADE controls the installation and expiration of these rules, along with unique flow labels, to guarantee the accuracy of collected statistics, based on which ${sf FADE}$FADE algorithmically decides whether a forwarding anomaly is detected, and if so it further locates the anomaly. On top of ${sf FADE}$FADE, we propose ${sf iFADE}$iFADE (a more scalable version of ${sf FADE}$FADE) to further optimize the usage and deployment of dedicated measurement rules. ${sf iFADE}$iFADE achieves over 40 percent rule reduction compared with ${sf FADE}$FADE . We implement a prototype of both

computer science, theory & methods,engineering, electrical & electronic

Yinbo Yu,Xing Li,Xue Leng,Libin Song,Kai Bu,Yan Chen,Jianfeng Yang,Liang Zhang,Kang Cheng,Xin Xiao

DOI: https://doi.org/10.1109/COMST.2018.2868922

IF: 35.6

2019-01-01

IEEE Communications Surveys & Tutorials

Abstract:Software-defined networking (SDN) has emerged as a new network paradigm that promises control/data plane separation and centralized network control. While these features simplify network management and enable innovative networking, they give rise to persistent concerns about <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">reliability</italic> . The new paradigm suffers from the disadvantage that various network faults may consistently undermine the reliability of such a network, and such faults are often new and difficult to resolve with existing solutions. To ensure SDN reliability, <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">fault management</italic> , which is concerned with detecting, localizing, correcting and preventing faults, has become a key component in SDN networks. Although many SDN fault management solutions have been proposed, we find that they often resolve SDN faults from an incomplete perspective which may result in side effects. More critically, as the SDN paradigm evolves, additional fault types are being exposed. Therefore, comprehensive reviews and constant improvements are required to remain on the leading edge of SDN fault management. In this paper, we present the first comprehensive and systematic survey of SDN faults and related management solutions identified through advancements in both the research community and industry. We apply a systematic classification of SDN faults, compare and analyze existing SDN fault management solutions in the literature, and conduct a gap analysis between solutions developed in an academic research context and practical deployments. The current challenges and emerging trends are also noted as potential future research directions. This paper aims to provide academic researchers and industrial engineers with a comprehensive survey with the hope of advancing SDN and inspiring new solutions.

Lei Wang,Qing Li,Yong Jiang,Yu Wang,Richard Sinnott,Jianping Wu

DOI: https://doi.org/10.1016/j.comnet.2018.07.027

IF: 5.493

2018-01-01

Computer Networks

Abstract:Software Defined Networking (SDN) enables network innovation and brings flexibility by separation of the control and data planes and logically centralized control. However, this network paradigm complicates flow rule management. Current approaches generally install rules reactively after table misses or pre-installs them by flow prediction. Such approaches consume nontrivial network resources during interactions between the controller and switches (especially for maintaining consistency). In this paper, we explore an intelligent rule management scheme (IRMS), which extends the one-big-switch model and employs a hybrid rule management approach. To achieve this, we first transform all rules into path-based and node-based rules. Path-based rules are pre-installed whilst the paths for flows are selected at the edge switches of the network. To maintain consistency of forwarding paths, we update path-based rules as a whole and employ a lazy update policy. Node-based rules are optimally partitioned into disjoint chunks by an intelligent partition algorithm and organized hierarchically in the flow table. In this way, we significantly reduce the interaction cost between the control and data planes. This scheme enforces an efficient sliding window policy to enhance the hit rate for the installed chunks. We evaluate our scheme by comprehensive experiments. The results show that IRMS reduces the total flow entries by more than 71% on average and the update time by over 56%. IRMS also reduces the flow setup requests by more than one order of magnitude.

Liang Xie,Zhifeng Zhao,Yifan Zhou,Gang Wang,Qianlan Ying,Honggang Zhang

DOI: https://doi.org/10.1109/wcsp.2014.6992181

2014-01-01

Abstract:Software Defined Network (SDN) is undergoing an increasingly high popularity among various schemes of networking deployment. The main advantage of SDN lies in its flexibility in controlling network traffic, which arises from decoupling the control plane and the data plane of network devices. However, despite of the valuable merits of SDN, the outage of data forwarding should not be ignored. The drawback mainly results from the length limitation of switch flow tables, the congestion between controllers and switches, and the deficiency of the controller capacity, which are all closely related to the timeout mechanism of flow table. In our study, the deficiency of SDN system will be analyzed explicitly. Moreover, we propose an adaptive control mechanism aiming at optimizing the idle timeout reset of flow tables and cooperation between controllers and switches. Our mechanism achieves higher matching ratio of flow tables as well as alleviates the congestion in the control channel, enabling more fluent data forwarding in SDN.

Junjie Xie,Deke Guo,Xiaozhou Li,Yulong Shen,Xiaohong Jiang

DOI: https://doi.org/10.1109/jsac.2018.2815358

IF: 16.4

2018-01-01

IEEE Journal on Selected Areas in Communications

Abstract:To enable the network softwarization, network function virtualization (NFV) and software defined networking (SDN) are integrated to jointly manage and utilize the network resource and virtualized network functions (VNFs). For a network flow resulting from any NFV application, an associated switch would send a routing request to the controller in SDN. The controller then generates and configures a routing path to dynamically steer the flow across appropriate VNFs or service function chains. This process, however, exhibits a skew distribution of response latency with a long tail. Cutting the long-tail latency of response is critical to enable the network softwarization, yet difficult to achieve due to many factors, such as the limited capacities and the load imbalance among controllers. In this paper, we reveal that such flow requests still experience the long-tail response latency, even using the up-to-date controller-to-switch assignment mechanism. To tackle this essential problem, we first propose a light-weight and load-aware switch-to-controller selection scheme to cut the long-tail response latency under the simple scenario of homogeneous controllers, and then design a general delay-aware switch-to-controller selection scheme to fundamentally cut the long-tail response latency for the more complicated heterogeneous controller scenario with performance fluctuations. The comprehensive evaluations indicate that our two new switch-to-controller selection schemes can significantly reduce the long-tail latency and provide higher system throughput.

Lu,Zhengguo Xu,Wenhai Wang,Youxian Sun

DOI: https://doi.org/10.1016/j.ress.2012.12.015

IF: 7.247

2013-01-01

Reliability Engineering & System Safety

Abstract:Over the past few years, fault detection for computer networks has attracted extensive attentions for its importance in network management. Most existing fault detection methods are based on active probing techniques which can detect the occurrence of faults fast and precisely. But these methods suffer from the limitation of traffic overhead, especially in large scale networks. To relieve traffic overhead induced by active probing based methods, a new fault detection method, whose key is to divide the detection process into multiple stages, is proposed in this paper. During each stage, only a small region of the network is detected by using a small set of probes. Meanwhile, it also ensures that the entire network can be covered after multiple detection stages. This method can guarantee that the traffic used by probes during each detection stage is small sufficiently so that the network can operate without severe disturbance from probes. Several simulation results verify the effectiveness of the proposed method.

Praveen Tammana,Chandra Nagarajan,Pavan Mamillapalli,Ramana Rao Kompella,Myungjin Lee

DOI: https://doi.org/10.48550/arXiv.1712.08129

2017-12-22

Abstract:The recent advances in network management automation and Software-Defined Networking (SDN) are easing network policy management tasks. At the same time, these new technologies create a new mode of failure in the management cycle itself. Network policies are presented in an abstract model at a centralized controller and deployed as low-level rules across network devices. Thus, any software and hardware element in that cycle can be a potential cause of underlying network problems. In this paper, we present and solve a network policy fault localization problem that arises in operating policy management frameworks for a production network. We formulate our problem via risk modeling and propose a greedy algorithm that quickly localizes faulty policy objects in the network policy. We then design and develop SCOUT---a fully-automated system that produces faulty policy objects and further pinpoints physical-level failures which made the objects faulty. Evaluation results using a real testbed and extensive simulations demonstrate that SCOUT detects faulty objects with small false positives and false negatives.

Networking and Internet Architecture

Dingmin Wang,Qing Li,Lei Wang,Richard O. Sinnott,Yong Jiang

DOI: https://doi.org/10.1109/infcomw.2017.8116383

2017-01-01

Abstract:Software Defined Networks (SDN) enables flexible flow control by installing policy rules into switches. However, one of the challenges is the dependencies between rules, which is generated due to the rules overlapping in filed space with different priorities. To keep the forwarding correctness and avoid complicated scenarios caused by the asynchronous removal, controllers usually adopt a hard timeout mechanism. However, such mechanism is inflexible for evolving and dynamic network flows. A large timeout may waste the switch memory, while a short timeout may cause multiple requests (Packet-in events) to occur for the same flow. To handle such rule dependencies flexibly, we propose a hybrid timeout mechanism. When a table miss occurs, we adaptively assign an idle timeout to the table-miss flow rule, and dependent rules are assigned with no timeout, which allow them to be removed using a proactive eviction strategy. We conduct extensive experiments using real packet traces from data centers. The experimental results show that our hybrid mechanism significantly reduces the number of table misses and the flow table occupation, while adapting quickly to changes of network flows.