SFA: Stateful Forwarding Abstraction in SDN Data Plane
نویسندگان
چکیده
Software Defined Networking (SDN) is a new network architecture where network control is decoupled from forwarding and is directly programmable. However, existing techniques provide limited support for stateful forwarding in SDN data plane. Relying on the controller for all state maintaining gives rise to scalability and performance issues. In this paper, we present Stateful Forwarding Abstraction (SFA) in SDN data plane. And we design a co-processing unit in SDN switches named Forwarding Processor (FP). It can deal with state information in data plane and its instructions can be flexibly extended to meet application requirements. Through SFA, we implement stateful network processing on the datapath which covers a full range of Layer 4 to Layer 7 services. We validate its performance based on IPsec. The experiment result proves that the forwarding efficiency is greatly improved.
منابع مشابه
OpenFunction: Data Plane Abstraction for Software-Defined Middleboxes
The state-of-the-art OpenFlow technology only partially realized SDN vision of abstraction and centralization for packet forwarding in switches. OpenFlow/P4 falls short in implementing middlebox functionalities due to the fundamental limitation in its match-action abstraction. In this paper, we advocate the vision of Software-Defined Middleboxes (SDM) to realize abstraction and centralization f...
متن کاملInter - Flow Consistency : Novel Sdn Update
Software Defined Networks (SDN) are opening a new era in the world of networking by decoupling the data plane and control plane. With the centralized control plane, updating the networks becomes much more convenient to the network operators. However, due to the distributed nature of the data plane, people fail to avoid transitional states of SDN during network updates. The transitional states m...
متن کاملFast failure detection and recovery in SDN with stateful data plane
When dealing with node or link failures in SoftwareDefined Networking (SDN), the network capability to establish an alternative path depends on controller reachability and on the round-trip times (RTTs) between controller and involved switches. Moreover, current SDN data plane abstractions for failure detection, such as OpenFlow “Fast-failover”, do not allow programmers to tweak switches’ detec...
متن کاملDemo: Implementing iptables using a programmable stateful data plane abstraction
Iptables is a well known Linux’s user interface to control the Netfiltermodule, which is responsible for processing packets traversing the Linux’s networking subsystem. In cooperation with the conntrackmodule, Netfilter supports a wide range of network functions such as: filtering, NAT, stateful firewall, load balancer, anomaly detection, etc. Given the central role of the iptables’ functions i...
متن کاملBUZZ: Testing Context-Dependent Policies in Stateful Networks
Checking whether a network correctly implements intended policies is challenging even for basic reachability policies (Can X talk to Y?) in simple stateless networks with merely L2/L3 devices. In practice, operators implement more complex context-dependent policies by composing stateful network functions; e.g., if the IDS flags X for sending too many failed connections, then subsequent packets ...
متن کامل