Destination-aware Adaptive Traffic Flow Rule Aggregation in Software-Defined Networks

In this paper, we propose a destination-aware adaptive traffic flow rule aggregation (DATA) mechanism for facilitating traffic flow monitoring in SDN-based networks. This method adapts the number of flow table entries in SDN switches according to the level of detail of traffic flow information that other mechanisms (e.g. for traffic engineering, traffic monitoring, intrusion detection) require. It also prevents performance degradation of the SDN switches by keeping the number of flow table entries well below a critical level. This level is not preset as a hard threshold but learned during operation by using a machine-learning based algorithm. The DATA method is implemented within a RESTful application (DATA App) which monitors and analyzes the ongoing network traffic and provides instructions to the SDN controller to adapt the traffic flow matching strategies accordingly. A thorough performance evaluation of DATA is conducted in an SDN emulation environment. The results show that—compared to the default behavior of common SDN controllers—the proposed DATA approach yields significant SDN switch performance improvements while still providing detailed traffic flow information on demand.

[1]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[2]  P. Massart,et al.  Statistical performance of support vector machines , 2008, 0804.0551.

[3]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.

[4]  Ian F. Akyildiz,et al.  A roadmap for traffic engineering in SDN-OpenFlow networks , 2014, Comput. Networks.

[5]  Minho Park,et al.  Efficient Distributed Denial-of-Service Attack Defense in SDN-Based Cloud , 2019, IEEE Access.

[6]  Martin Dräxler,et al.  MaxiNet: Distributed emulation of software-defined networks , 2014, 2014 IFIP Networking Conference.

[7]  Cosmin Caba,et al.  Dynamic aggregation of traffic flows in SDN: Applied to backhaul networks , 2016, 2016 IEEE NetSoft Conference and Workshops (NetSoft).

[8]  Truong Thu Huong,et al.  OpenFlowSIA: An optimized protection scheme for software-defined networks from flooding attacks , 2016, 2016 IEEE Sixth International Conference on Communications and Electronics (ICCE).

[9]  Ying Zhang,et al.  A mechanism for reducing flow tables in software defined network , 2015, 2015 IEEE International Conference on Communications (ICC).

[10]  Alan L. Cox,et al.  PAST: scalable ethernet for data centers , 2012, CoNEXT '12.

[11]  Ramin Yahyapour,et al.  Cloud computing networking: challenges and opportunities for innovations , 2013, IEEE Communications Magazine.

[12]  Myriana Rifai,et al.  Minnie: An SDN world with few compressed forwarding rules , 2017, Comput. Networks.

[13]  Minho Park,et al.  A Novel Hybrid Flow-Based Handler with DDoS Attacks in Software-Defined Networking , 2016, 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld).

[14]  Nello Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .

[15]  Lemin Li,et al.  Fast incremental flow table aggregation in SDN , 2014, 2014 23rd International Conference on Computer Communication and Networks (ICCCN).