Is every flow on the right track?: Inspect SDN forwarding with RuleScope

Citations Over TimeTop 10% of 2016 papers

Abstract

Software-Defined Networking (SDN) promises un-precedentedly flexible network management but it is susceptible to forwarding faults. Such faults originate from data-plane rules with missing faults and priority faults. Yet existing fault detection ignores priority faults because they are not discovered on commercial switches until recently. In this paper, we present RuleScope, a more comprehensive solution for inspecting SDN forwarding. RuleScope offers a series of accurate and efficient algorithms for detecting and troubleshooting rule faults. They inspect forwarding behavior using customized probe packets to exercise data-plane rules. The detection algorithm exposes not only missing faults but also priority faults. Beyond simply detecting rule faults, the troubleshooting algorithms uncover actual data-plane flow tables. They help track real-time forwarding status and benefit reliable network monitoring. We explore various techniques for enhancing algorithm efficiency without sacrificing inspection accuracy. Experiments with our prototype on the Ryu SDN controller and Pica8 P-3297 switch show that RuleScope achieves accurate and efficient forwarding inspection with limited bandwidth and packet-switching overhead.

Related Papers

• → WedgeTail(2017)49 cited
• → Timing-based reconnaissance and defense in software-defined networks(2016)48 cited
• → Enhancing Software-Defined Networks with Intelligent Controllers to Improve First Packet Processing Period(2023)9 cited
• → Implementing OpenFlow-based resilient network services(2012)16 cited
• → Status of address spoofing attack prevention techniques in software-defined networking (SDN)(2021)1 cited