Distributed Firewall Policy Based on Traffic Engineering in Software Defined Network

Jiugen SHI; Ji WANG; Jing ZHANG; Hao XU

doi:10.11999/JEIT180223

Volume 41 Issue 1

Jan. 2019

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2019 > 41(1): 91-98

Jiugen SHI, Ji WANG, Jing ZHANG, Hao XU. Distributed Firewall Policy Based on Traffic Engineering in Software Defined Network[J]. Journal of Electronics & Information Technology, 2019, 41(1): 91-98. doi: 10.11999/JEIT180223

Citation:

Jiugen SHI, Ji WANG, Jing ZHANG, Hao XU. Distributed Firewall Policy Based on Traffic Engineering in Software Defined Network[J]. Journal of Electronics & Information Technology, 2019, 41(1): 91-98. doi: 10.11999/JEIT180223

Citation:

PDF( 1500 KB)

Distributed Firewall Policy Based on Traffic Engineering in Software Defined Network

doi: 10.11999/JEIT180223

School of Computer and Information, Hefei University of Technology, Hefei 230009, China

Funds: The National Major Scientific Instruments Development Project (2013YQ030595)

Received Date: 2018-03-09
Rev Recd Date: 2018-07-26

Available Online: 2018-08-06

Publish Date: 2019-01-01

Abstract

Abstract

Firewall policy is defined as access control rules in Software Definition Network (SDN), and distributing these ACL (Access Control List) rules across the networks, it can improve the quality of service. In order to reduce the number of rules placed in the network, the Heuristic Algorithm of Rules Allocation (HARA) of rule multiplexing and merging is proposed in this paper. Considering TCAM storage space of commodity switches and connected link traffic load of endpoint switches, a mixed integer linear programming model which minimize the number of rules placed in the network is established, and the algorithm solves the rules placement problem of multiple routing unicast sessions of different throughputs. Compared with the nonRM-CP algorithms, simulations show that HARA can save 18% TCAM at most and reduce the bandwidth utilization rate of 13.1% at average.
- Software Defined Network (SDN),
- Distributed firewall policy,
- Rules allocation,
- Ternary Content Addressable Memory (TCAM),
- Traffic load

FullText(HTML)

References(17)

References

MCKEOWN N, ANDERSON T, BALAKRISHNAN H, et al. OpenFlow: Enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2): 69–74. doi: 10.1145/1355734.1355746

NGUYEN X N, SAUCEZ D, BARAKAT C, et al. Rules placement problem in openflow networks: A survey[J]. IEEE Communications Survey & Tutorials, 2016, 18(2): 1273–1286. doi: 10.1109/COMST.2015.2506984

KANG Nanxi, LIU Zhenming, REXFORD Jennifer, et al. Optimizing the " one big switch” abstraction in software-defined networks[C]. Proceedings of the Ninth ACM Conference on Emerging Networking Experiments and Technologies, Santa Barbara, California, USA, 2013: 13–24.

KANIZO Y, HAY D, and KESLASSY I. Palette: distributing tables in software-defined networks[C]. 2013 Proceedings IEEE INFOCOM, Turin, Italy, 2013: 545–549.

HUANG Jenfeng, CHANG Gueyyun, WANG Chunfeng, et al. Heterogeneous flow table distribution in software-defined networks[J]. IEEE Transactions on Emerging Topics in Computing, 2016, 4(2): 252–261. doi: 10.1109/TETC.2015.2457333

NGUYEN X, SAUCEZ D, BARAKAT C, et al. OFFICER: A general optimization framework for openflow rule allocation and endpoint policy enforcement[C]. 2015 IEEE Conference on Computer Communications (INFCOM), Kowloon, China, 2015: 478–486.

HUANG Huawei, GUO Song, LI Peng, et al. Joint optimization of rule placement and traffic engineering for QoS provisioning in Software Defined Network[J]. IEEE Transactions on Computers, 2015, 64(12): 3488–3499. doi: 10.1109/TC.2015.2401031

ASHRAF U. Rule minimization for traffic evolution in software-defined networks[J]. IEEE Communications Letters, 2017, 21(4): 793–796. doi: 10.1109/LCOMM.2016.2636212

GIROIRE F, MOULIERAC J, and PHAN T K. Optimizing rule placement in software-defined networks for energy-aware routing[C]. 2014 IEEE Global Communications Conference, Austin, USA, 2014: 2523–2529.

ZHANG Shuyuan, IVANCIC F, LUMEZANU C, et al. An adaptable rule placement for software-defined networks[C]. 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Atlanta, USA, 2014: 88–99.

NGUYEN X, SAUCEZ D, BARAKAT C, et al. Optimizing rules placement in openflow networks: Trading routing for better efficiency[C]. Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, 2014: 127–132.

GARG N and KONEMANN J. Faster and simpler algorithms for multicommodity flow and other fractional packing problems[C]. Proceedings 39th Annual Symposium on Foundations of Computer Science, Palo Alto, USA, 2007: 630–652.

OPTIMIZATION G. Gurobi Optimizer Reference Manual[M]. 2013.

Sndlib: Library of test instance for survivable fixed telecommunication network design[OL]. http://sndlib.zib.de/home.action, 2006.

史久根, 许辉亮, 陆立鹏. 软件定义网络中数据中心虚拟机迁移序列问题的研究[J]. 电子与信息学报, 2017, 39(5): 1193–1199. doi: 10.11999/JEIT160792

SHI Jiugen, XU Huiliang, and LU Lipeng. Research on the migration queue of data center’s virtual machine in software defined networks[J]. Journal of Electronics &Information Technology, 2017, 39(5): 1193–1199. doi: 10.11999/JEIT160792

伊鹏, 刘洪, 胡宇翔. 一种可扩展的软件定义数据中心网络流调度策略[J]. 电子与信息学报, 2017, 39(4): 825–831. doi: 10.11999/JEIT160623

YI Peng, LIU Hong, and HU Yuxiang. A scalable traffic scheduling policy for software defined data center network[J]. Journal of Electronics &Information Technology, 2017, 39(4): 825–831. doi: 10.11999/JEIT160623

KATTA N, ALIPOURFARD O, REXFORD J, et al. CacheFlow: Dependency-aware rule-caching for software-defined networks[C]. Proceedings of the Symposium on SDN Research, Santa Clara, USA 2016: 1–12.

Relative Articles

Supplements(0)

Cited By

Proportional views