BigMaC: Reactive network-wide policy caching for SDN policy enforcement

Bo Yan, Yang Xu, H. Jonathan Chao

Research output: Contribution to journalArticlepeer-review

Abstract

Enforcing network policies is critical for service deployments over software-defined networks (SDN). Most existing studies suggest proactively compiling policies into flow entries in the data plane and updating the installed entries when necessary. With a growing amount of applications, taking a proactive approach may overflow underlying switch memory. Meanwhile, certain policies can be frequently updated. Such updates may propagate across configurations in the network, leading to a long time for correctness validation. To improve both the scalability and the flexibility of SDN policy enforcement, we advocate reactively deploying network policies in the data plane. To this end, we propose a network-wide policy enforcement framework named BigMaC. BigMaC advertises a neat policy model for network managers to specify various network policies as rules. It then caches the rules as flow entries in the switches reactively on demand. One major challenge for the BigMaC design is to guarantee the consistency of defined policies and cached entries in the network. To maintain consistency with efficient table usage and simple updates, we group rules into buckets and perform rule caching in the unit of buckets. With trace-driven simulations, we verify that BigMaC can significantly save table space and reduce update complexity compared to prior proposals.

Original languageEnglish (US)
Article number8470932
Pages (from-to)2675-2687
Number of pages13
JournalIEEE Journal on Selected Areas in Communications
Volume36
Issue number12
DOIs
StatePublished - Dec 2018

Keywords

  • SDN
  • network-wide policy caching
  • policy enforcement

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'BigMaC: Reactive network-wide policy caching for SDN policy enforcement'. Together they form a unique fingerprint.

Cite this