CORA: Conflict Razor For Policies In SDN

Hao Li Xi'an Jiaotong University, P.R. China
Kaiyue Chen Xi'an Jiaotong University, P.R. China
Tian Pan Beijing University of Posts and Telecommunications, P.R. China
Yadong Zhou Xian Jiaotong University, P.R. China
Kun Qian Tsinghua University, P.R. China
Kai Zheng 2012 Labs, Huawei Technologies, P.R. China
Bin Liu Tsinghua University, P.R. China
Peng Zhang Xi'an Jiaotong University, P.R. China
Yazhe Tang Xi'an JiaoTong University, P.R. China
Chengchen Hu Xi'an Jiaotong University, P.R. China


Software Defined Network (SDN) enables flexible update of network functions with a well-defined abstraction between the control and the data plane. However, multiple active network functions with the same priority will potentially trigger conflicts among policies with overlapped flow space, causing the flow table explosion. In contrast to the local switch conflict resolution schemes proposed by previous works, this paper tackles the same problem from a different angle and resolves the policy conflict problem by coordinating all switches under a global centralized view. Specifically, we propose COnflict RAzor (CORA), which tremendously reduces the storage cost of conflicting policies leveraging the global network information obtained in the controller. The basic idea of CORA is migrating policies causing large explosions across the network if necessary, while keeping the semantics equivalence. We prove CORA's NP hardness and propose a heuristic to efficiently search a near-optimal policy migration strategy. Our experiments demonstrate that, CORA can effectively reduce the flow table storage occupation by at least 49% within less than 40 seconds.

You may want to know: