论文信息 - Detection mechanisms of rule conflicts in SDN based on a path-tree model

Detection mechanisms of rule conflicts in SDN based on a path-tree model

The emergence of the SDN architecture greatly promote the development of the current network management, the open programmable characteristics brought unprecedented flexibility for network management. SDN, however, itself also faces many secure challenges. Due to the unconscious flow entries, it is easy to appear forward loops, rule conflicts in the network. In this paper, we propose a rule conflict detection mechanism based on a Path-Tree model. Through the classification of flow entries, the reconstruction of the network topology, we could quickly find conflict rules in networks. Finally, we tested the model in mininet, the results showed that the model can quickly detect policy conflicts in networks.

[1] Yang Xiang,et al. Path-tree: An efficient reachability indexing scheme for large directed graphs , 2011, TODS.

[2] Mabry Tyson,et al. A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[3] Brighten Godfrey,et al. VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[4] Nick McKeown,et al. OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[5] George Varghese,et al. Usenix Association 10th Usenix Symposium on Networked Systems Design and Implementation (nsdi '13) 99 Real Time Network Policy Checking Using Header Space Analysis , 2022 .