A user mode implementation of filtering rule management plane using key-value store

With the rapid advance of network virtualization technology which realizes SDN (Software Defined Network) and Cloud computing, current networking environment has become more flexible, diversified and complex. At the same time, complex networking environment sometimes imposes a great burden on network administrators for coping with complicated filtering rules. In this paper we present a user mode support for centralized filtering rule management base. Proposed system enables us to handle fine grained traffic engineering functionality for diversified environment of Cloud and SDN. Our architecture adopts KV (Key-Value) based Datastore for handling a large scale of filtering rules. By leveraging Datastore for centralized access control of instances on virtualized environment, we can provide alternative access control framework for reducing the burden of managing complicated and dynamic filtering policy on instances (virtual machine) on virtualized networking environment. Besides, KV representation can simplify the filtering rule set and provide generic interfaces for querying. In experiment, we have prototyped a lightweight management plane for IP filtering. Access filtering rules including target IP address, prefix and gateway is represented as radix tree. It is shown that proposed method can achieve reasonable utilization in filtering IP packets.