A Study Of Invasive Problems On Two Control Functions In Software Defined Networks

To face the blooming number of Internet users,the fast growth in service demand,and the need for various network applications,computer networks must constantly introduce new technologies and add new functions to meet the needs of performance,security,and efficient management.However,traditional networks have weaknesses such as device specialization,the tight coupling of control and forwarding functions,and high management complexity.These weaknesses make it difficult to add new network functions or optimize existing ones,which hinders network development.Software Defined Network(SDN)architecture provides new designs and schemes to address the above problems.By separating the control functions from switches,it forms a logically centralized control plane with controllers to manage the network globally and a data plane focused on data forwarding.This new architecture provides convenience for the network to expand new control functions,accelerate the implementation of new applications and services.In an SDN,various control functions such as network management,monitoring,backup,fault tolerance,and security are deployed.Each of which plays a specific and vital role.However,there are also interactions between control functions.We refer to the harmful effects between control functions as invasive problems,which mainly include three categories:performance invasion,functional invasion,and resource invasion.The existence of invasive problems can affect the regular operation of existing network functions,leading to many issues,such as degraded performance or insufficient available resources.Due to the wide variety of control functions,we have selected two commonly used and representative control functions,namely,middlebox policy routing deployment and flow statistics collection,to deeply study the invasive problems caused by them.Their deployment and operation involve control planes,data planes,and control links.Their negative impacts include functional,performance,and resource invasions.Therefore,studying and resolving these issues is not only crucial for reducing deployment costs and improving network operation and management efficiency but also provides a reference for solving other types of control function invasive problems.The main research contents and contributions of this paper are as follows:1.Middlebox policy routing is critical in achieving service function chain and network security requirements.To identify the current packet forwarding status,embedding tags in packets is a common solution.However,when implementing fine-grained policy routing deployment and subsequent routing updates,existing ordinary tag-based solutions require a large amount of flow table entry resources for the SDN switches.Meanwhile,embedding tags into existing data packet header fields can also affect other protocols’ regular operation,causing resource and functional invasion.To address these issues,this paper designs and proposes a Low Invasive Forwarding Tunable Middlebox Policy Enforcement and Routing Scheme(LIFT-ME).In this scheme,a new tag structure and independent protocol header are designed based on segment routing to fully store middlebox forwarding policies and routing optimization information.On this basis,different implementation mechanisms are provided for P4-based and OpenFlowbased data planes.Four types of matching tables and packet forwarding mechanisms that enforce middlebox policies are designed subsequently for data plane SDN switches.The control plane also constructs a middlebox policy routing and optimization update mechanism based on the new tag structure.Experimental and simulation results show that compared to existing tag schemes based on source-destination address pairs,LIFTME can reduce the flow table entry occupation by over 93%.Furthermore,compared to the SAFE-ME scheme,it can maintain similar load balancing performance during route updates,reducing 54%of a flow table entry occupation and 47%of route update latency.It can be seen that the new scheme significantly reduces the resource consumption of flow table entries,eliminates the negative impact on existing protocol functions,and further provides low-cost fine-grained routing optimization capabilities while ensuring middlebox policy enforcement.2.In Software Defined Networks,flow-level fine-grained traffic statistics are essential to support various network functions.Although flow statistics collection(FSC)is convenient in SDNs,it generates significant controller processing overhead and control link bandwidth consumption.Previous research has focused on reducing these costs.However,performing FSC and basic forwarding functions on the same controller can cause an unacceptable flow rule installing delay even if the controller and control link capacity is sufficient.This invasion problem of FSC(FSCIP)can result in the failure of new network connections and a high packet loss rate of the control links.To fully address FSCIP,this paper designs and proposes a low invasive control plane FSC scheme based on the controller role.Firstly,we offload the FSC function to a selected backup controller and enhance the existing local control plane with a role-based FSC scheme.Then we formulate a joint optimization of backup controller placement and FSC routing problem(JBPR)to minimize the statistic collection cost.Due to its NPhardness,we propose a randomized rounding-based algorithm as a general solution and a cookie-based FSC routing mechanism as an advanced solution with the help of more programmable devices(e.g.,P4-based switches).We implement the proposed solutions on our SDN test bed and perform large-scale investigations with simulations.The extensive experimental and simulation results show that our solutions can reduce the FSC-caused route installing delay by at most 91.3%on the primary controller and minimize the maximum control link bandwidth cost by about 46%compared with ECMP and other benchmark routing schemes.3.In the SDN data plane,deploying real-time fine-grained flow statistic collection(FSC)requires a huge amount of additional flow table entry resources.It also has a negative performance impact on SDN switches.To address these issues,this paper designs and proposes a low-invasive data plane FSC scheme based on a side-way flow mirroring mechanism.First,we adopted the side-way deployment of SDN software switches for duplicating flow-based traffic statistics.Then we proposed a joint optimization problem of SDN software switch placement and concerned flow traffic mirroring strategies by taking the flow-mirroring capability of data plane switches as a constraint.After solving the problem based on dynamic programming and greedy algorithms,we deployed the solution using kernel bypass and flow traffic mirroring technologies.Then we integrated the data plane solution with the role-based control plane FSC scheme proposed in the previous chapter.By doing so,a complete SDN low-invasive FSC architecture was designed and proposed.Experimental and simulation results show that the proposed scheme and architecture can significantly reduce the overall consumption of the flow table entry resources in the data plane by 79.4-85.3%,reducing the maximum FSC workload of the SDN switch to 76.2-87.8%and maintaining good compatibility with existing SDN architectures and protocols.