Auto-Configuration of ACL Policy in Case of Topology Change in Hybrid SDN
Software-defined networking (SDN) has emerged as a new network architecture, which decouples both the control and management planes from data plane at forwarding devices. However, SDN deployment is not widely adopted due to the budget constraints of organizations. This is because organizations are a...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2016-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/7790850/ |
| _version_ | 1828963029350350848 |
|---|---|
| author | Rashid Amin Nadir Shah Babar Shah Omar Alfandi |
| author_facet | Rashid Amin Nadir Shah Babar Shah Omar Alfandi |
| author_sort | Rashid Amin |
| collection | DOAJ |
| description | Software-defined networking (SDN) has emerged as a new network architecture, which decouples both the control and management planes from data plane at forwarding devices. However, SDN deployment is not widely adopted due to the budget constraints of organizations. This is because organizations are always reluctant to invest too much budget to establish a new network infrastructure from scratch. One feasible solution is to deploy a limited number of SDN-enabled devices along with traditional (legacy) network devices in the network of an organization by incrementally replacing traditional network by SDN, which is called hybrid SDN (Hybrid SDN) architecture. Network management and control in Hybrid SDN are vital tasks that require significant effort and resources. Manual handling of these tasks is error prone. Whenever network topology changes, network policies (e.g., access control list) configured at the interfaces of forwarding devices (switches/routers) may be violated. That creates severe security threats for the whole network and degrades the network performance. In this paper, we propose a new approach for Hybrid SDN that auto-detects the interfaces of forwarding devices and network policies that are affected due to change in network topology. In the proposed approach, we model network-wide policy and local policy at forwarding device using a three-tuple and a six-tuple, respectively. We compute graph to represent the topology of the network. By using graph difference technique, we detect a possible change in topology. In the case of topology change, we verify policy for updated topology by traversing tree using six-tuple. If there is any violation in policy implementation, then affected interfaces are indicated and policies that need to be configured are also indicated. Then, policies are configured on the updated topology according to specification in an improved way. Simulation results show that our proposed approach enhances the network efficiency in term of successful packet delivery ratio, the ratio of packets that violated the policy and normalized overhead. |
| first_indexed | 2024-12-14T10:17:13Z |
| format | Article |
| id | doaj.art-3e1523f8511549dca67bd6fa7204438c |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-14T10:17:13Z |
| publishDate | 2016-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-3e1523f8511549dca67bd6fa7204438c2022-12-21T23:06:44ZengIEEEIEEE Access2169-35362016-01-0149437945010.1109/ACCESS.2016.26414827790850Auto-Configuration of ACL Policy in Case of Topology Change in Hybrid SDNRashid Amin0Nadir Shah1https://orcid.org/0000-0003-1173-4272Babar Shah2Omar Alfandi3COMSATS Institute of Information Technology, Wah Cantt, PakistanCOMSATS Institute of Information Technology, Wah Cantt, PakistanZayed University, Abu Dhabi, United Arab EmiratesZayed University, Abu Dhabi, United Arab EmiratesSoftware-defined networking (SDN) has emerged as a new network architecture, which decouples both the control and management planes from data plane at forwarding devices. However, SDN deployment is not widely adopted due to the budget constraints of organizations. This is because organizations are always reluctant to invest too much budget to establish a new network infrastructure from scratch. One feasible solution is to deploy a limited number of SDN-enabled devices along with traditional (legacy) network devices in the network of an organization by incrementally replacing traditional network by SDN, which is called hybrid SDN (Hybrid SDN) architecture. Network management and control in Hybrid SDN are vital tasks that require significant effort and resources. Manual handling of these tasks is error prone. Whenever network topology changes, network policies (e.g., access control list) configured at the interfaces of forwarding devices (switches/routers) may be violated. That creates severe security threats for the whole network and degrades the network performance. In this paper, we propose a new approach for Hybrid SDN that auto-detects the interfaces of forwarding devices and network policies that are affected due to change in network topology. In the proposed approach, we model network-wide policy and local policy at forwarding device using a three-tuple and a six-tuple, respectively. We compute graph to represent the topology of the network. By using graph difference technique, we detect a possible change in topology. In the case of topology change, we verify policy for updated topology by traversing tree using six-tuple. If there is any violation in policy implementation, then affected interfaces are indicated and policies that need to be configured are also indicated. Then, policies are configured on the updated topology according to specification in an improved way. Simulation results show that our proposed approach enhances the network efficiency in term of successful packet delivery ratio, the ratio of packets that violated the policy and normalized overhead.https://ieeexplore.ieee.org/document/7790850/Topology changepolicy configurationtreegraph differencecommunication switching |
| spellingShingle | Rashid Amin Nadir Shah Babar Shah Omar Alfandi Auto-Configuration of ACL Policy in Case of Topology Change in Hybrid SDN IEEE Access Topology change policy configuration tree graph difference communication switching |
| title | Auto-Configuration of ACL Policy in Case of Topology Change in Hybrid SDN |
| title_full | Auto-Configuration of ACL Policy in Case of Topology Change in Hybrid SDN |
| title_fullStr | Auto-Configuration of ACL Policy in Case of Topology Change in Hybrid SDN |
| title_full_unstemmed | Auto-Configuration of ACL Policy in Case of Topology Change in Hybrid SDN |
| title_short | Auto-Configuration of ACL Policy in Case of Topology Change in Hybrid SDN |
| title_sort | auto configuration of acl policy in case of topology change in hybrid sdn |
| topic | Topology change policy configuration tree graph difference communication switching |
| url | https://ieeexplore.ieee.org/document/7790850/ |
| work_keys_str_mv | AT rashidamin autoconfigurationofaclpolicyincaseoftopologychangeinhybridsdn AT nadirshah autoconfigurationofaclpolicyincaseoftopologychangeinhybridsdn AT babarshah autoconfigurationofaclpolicyincaseoftopologychangeinhybridsdn AT omaralfandi autoconfigurationofaclpolicyincaseoftopologychangeinhybridsdn |