SDPA: Enhancing Stateful Forwarding for Software-Defined Networking

As the prevailing technique of Software-Defined Networking (SDN), OpenFlow introduces significant programmability, granularity and flexibility for many network applications to effectively manage and process network flows. However, OpenFlow only provides a simple "match-action" paradigm and lacks the function of stateful forwarding for SDN data plane, which limits it to support advanced network applications. Heavily relying on SDN controllers for all state maintenance incurs both scalability and performance issues. In this paper, we propose a novel Stateful Data Plane Architecture (SDPA) for SDN data plane. A co-processing unit, Forwarding Processor (FP), is designed for SDN switches to manage state information through new instructions and state tables. We design and implement an extended OpenFlow protocol to implement the communication between the controller and FP. To demonstrate the practicality and feasibility of our approach, we implement both software and hardware prototypes of SDPA switches, and develop a sample network function chain with stateful firewall, DNS reflection attack defense and NAT applications in one SDPA-based switch. Experimental results show that the SDPA architecture can effectively improve the forwarding efficiency with manageable processing overhead for those applications that need stateful forwarding in SDN-based networks.

[1]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[2]  G. Gibb,et al.  Initial thoughts on custom network processing via waypoint services , 2012 .

[3]  Aditya Akella,et al.  Design and implementation of a framework for software-defined middlebox networking , 2013, SIGCOMM.

[4]  George Varghese,et al.  Forwarding metamorphosis: fast programmable match-action processing in hardware for SDN , 2013, SIGCOMM.

[5]  Simon Oechsner,et al.  Modeling and performance evaluation of an OpenFlow architecture , 2011, 2011 23rd International Teletraffic Congress (ITC).

[6]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[7]  Minlan Yu,et al.  Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags , 2014, NSDI.

[8]  Vyas Sekar,et al.  Design and Implementation of a Consolidated Middlebox Architecture , 2012, NSDI.

[9]  Chen Sun,et al.  SFA: Stateful Forwarding Abstraction in SDN Data Plane , 2014, ONS.

[10]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[11]  Nick Feamster,et al.  A slick control plane for network middleboxes , 2013, HotSDN '13.

[12]  Haoyu Song,et al.  Protocol-oblivious forwarding: unleash the power of SDN through a future-proof forwarding plane , 2013, HotSDN '13.

[13]  Giuseppe Bianchi,et al.  OpenState: programming platform-independent stateful openflow applications inside the switch , 2014, CCRV.

[14]  Ramesh Govindan,et al.  Flow-level state transition as a new switch primitive for SDN , 2014, HotSDN.

[15]  Yashar Ganjali,et al.  On scalability of software-defined networking , 2013, IEEE Communications Magazine.

[16]  Minlan Yu,et al.  SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.

[17]  Gunjan Tank,et al.  Software-Defined Networking-The New Norm for Networks , 2012 .

[18]  George Varghese,et al.  P4: programming protocol-independent packet processors , 2013, CCRV.

[19]  George Varghese,et al.  Programming Protocol-Independent Packet Processors , 2013, ArXiv.