Algorithm for Reducing the Number of Forwarding Rules Created by SDN Applications

Software-Defined Networking (SDN) is a network architecture that introduces a physical separation of data-plane from control-plane. It implements a new way of analyzing network statistics through counters installed on forwarding rules. These counters measure the number of packets processed by these rules and represent per-flow network statistics. In order to get information about the number of packets from different flows SDN applications can install additional forwarding rules, sole purpose of which is to count packets with specific headers. But in order to produce a full network statistics analysis these applications may install a large amount of forwarding rules thus limiting the space in the forwarding table for other applications. So we need algorithms to minimize the number of such rules. In this paper, we consider the problem of minimizing the number of forwarding rules installed on SDN switches by applications that analyze network statistics. We introduce a heuristic algorithm that creates a reduced representation for sets of rules installed in the network. The experimental results show that this algorithm reduces the number of rules by at least 2.2 times on uniformly distributed random input.

1. Petrov I.S., Smeliansky R.L., "Minimization of Multicast Traffic and Ensuring Its Fault Tolerance in Software-Defined Networks", Journal of Computer and Systems Sciences International, 57:3 (2018), 407-419.

2. Petrov I. S., "Mathematical model for predicting forwarding rule counter values in SDN", Young Researchers in Electrical and Electronic Engineering (2018 IEEE Conference of Russian), 1313-1317.

3. Smeliansky R.L., "Software Defined Network", Open Systems. DBMS, 9 (2012), 15-26, (in Russian).

4. OpenFlow Switch Specification, Version 1.5.1 (Protocol version 0x06), Open Networkig Foundation, 2015.

5. Kazemian P., Varghese G., McKeown N., "Header Space Analysis: Static Checking for Networks", Proceedings of NSDI'12, 2012, 1-14.

6. Lozhkin S. A., Lektsii po osnovam kibernetiki, Moscow, 2017, (in Russian).

7. Akyildiz I.F., et al., "A roadmap for traffic engineering in SDN-OpenFlow networks", Computer Networks, 71 (2014), 1-30.

8. Pang Chunhui, Yong Jiang, and Qi Li, "FADE: Detecting forwarding anomaly in softwaredefined networks", 2016 IEEE International Conference on Communications (ICC), IEEE, 2016, 1-6.

9. Kamisinski A., Carol F., "Flowmon: Detecting malicious switches in software-defined networks", Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense, ACM, 2015, 39-45.

10. Chao Tzu-Wei, et al, "Securing data planes in software-defined networks", NetSoft Conference and Workshops (NetSoft), IEEE, 2016, 465-470.

11. Gaivoronskaya S.A., Petrov I.S., "Towards Applicability of Shellcode Detection Methods Based on x86 Platform for Arm", Information Security Problems. Computer Systems, 2014, № 3, 115-122, (in Russian).

12. Dhawan M., et al., "SPHINX: Detecting Security Attacks in Software-Defined Networks", NDSS, 2015, 8-11.