High Level Policies in SDN

Policies for network traffic handling define packet routes through networks, enforce required quality of service, and protect networks from security threats. When expressing a policy, one needs to characterise the traffic to which the policy applies by traffic identifiers. Low level traffic identifiers, such as IP addresses and port numbers, are available in each packet. Indeed, low level traffic identifiers are perfect for data plane routing and switching. However, high level traffic identifiers, such as user name and application name, are better for the readability and clarity of a policy. In this paper, we extend software defined networks with high level traffic identifiers. We propose to add additional interface to SDN controllers for collecting traffic meta data and high level traffic identifiers. The controller maintains a database that maps high level traffic identifiers to a set of flows defined by low level traffic identifiers. SDN applications can apply policies based on both high level and low level traffic identifiers. We leave the southbound protocols intact. This paper provides two examples of High Level SDN paradigms – Application-Aware Networks and Identity-Aware Networks. The first paradigm enables policies depending on application names and characteristics. The latter allows policies based on user names and their roles.

[1]  Chase Cotton,et al.  Packet-level traffic measurements from the Sprint IP backbone , 2003, IEEE Netw..

[2]  Otto Carlos Muniz Bandeira Duarte,et al.  AuthFlow: authentication and access control mechanism for software defined networking , 2016, Ann. des Télécommunications.

[3]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[4]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[5]  Diane Teare Designing for Cisco Internetwork Solutions (Desgn) Foundation Learning Guide (Paperback): (Authorized Ccda Selfstudy Guide)(Exam 640-863) , 2012 .

[6]  Praveen Yalagandula,et al.  Mahout: Low-overhead datacenter traffic management using end-host-based elephant detection , 2011, 2011 Proceedings IEEE INFOCOM.

[7]  Takehiro Tsuritani,et al.  OpenFlow-based control plane for the application-aware LOBS network , 2013, 2013 18th OptoElectronics and Communications Conference held jointly with 2013 International Conference on Photonics in Switching (OECC/PS).

[8]  Phuoc Tran-Gia,et al.  SDN-Based Application-Aware Networking on the Example of YouTube Video Streaming , 2013, 2013 Second European Workshop on Software Defined Networks.

[9]  Davide Cuda,et al.  Towards a real application-aware network , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[10]  Preeti Singh,et al.  Application-aware aggregation and traffic engineering in a converged packet-circuit network , 2011, 2011 Optical Fiber Communication Conference and Exposition and the National Fiber Optic Engineers Conference.

[11]  Antonio Pescapè,et al.  Issues and future directions in traffic classification , 2012, IEEE Network.

[12]  Russell J. Clark,et al.  Resonance: dynamic access control for enterprise networks , 2009, WREN '09.

[13]  Ralf Bendrath Global technology trends and national regulation: Explaining Variation in the Governance of Deep Packet Inspection , 2009 .