MapReduce-Based network property verification technique for openFlow network

被引：0

作者：

Liu Y. ^{[1
,2
]}

Lei C. ^{[1
,2
]}

Zhang H. ^{[1
,2
]}

Yang Y. ^{[1
,2
]}

机构：

[1] PLA Information Engineering University, Zhengzhou

[2] Henan Key Laboratory of Information Security, PLA Information Engineering University, Zhengzhou

来源：

| 1600年 / Science Press卷 / 53期

关键词：

Flow table configuration; MapReduce model; Network property verification; Network reachability analysis; OpenFlow network;

D O I：

10.7544/issn1000-1239.2016.20150521

中图分类号：

学科分类号：

摘要：

Aimed at the problem of configuration errors of flow tables resulting from automatic change of data-plane state by software in OpenFlow network, a MapReduce-based network property verification technique is proposed. Firstly, by exploiting the separation of logic control from data forwarding in OpenFlow network, a novel technical framework providing non-real-time and real-time verification is designed. Further, on the basis of the advantage of parallel computing in MapReduce, a non-real-time verification algorithm is presented, which can verify network properties in parallel in two phases. In Map phase, it slices network into equivalence classes. In Reduce phase, it builds network forwarding graph with switch port predicates and conducts network reachability analysis. Meanwhile, with the help of atomic predicates, it can not only eliminate the redundancy of the set of switch port predicates, but also convert highly computation-intensive operations on predicates to those on sets of integers, speeding up computation of network reachability further. Based on it, a real-time verification algorithm is proposed. According to different network update events, it applies different changes to the results of non-real-time verification in order to incrementally verify properties. Finally, theoretical analysis and experimental results show the low time and storage overhead of the proposed technique. Additionally, its effect on the time of building TCP connection is also analyzed. © 2016, Science Press. All right reserved.

引用

页码：2500 / 2511

页数：11

共 18 条

[1] McKeown N., Software-defined networking, Proc of the 28th IEEE INFOCOM, pp. 30-32, (2009)
[2] McKeown N., Anderson T., Balakrishnan H., Et al., OpenFlow: Enabling innovation in campus networks, ACM SIGCOMM Computer Communication Review, 38, 2, pp. 69-74, (2008)
[3] Zuo Q., Chen M., Zhao G., Et al., Research on OpenFlow-Based SDN technologies, Journal of Software, 24, 5, pp. 1078-1097, (2013)
[4] Zhang S., Malik S., McGeer R., Verification of Computer Switching Networks: An Overview, pp. 1-16, (2012)
[5] Canini M., Venzano D., Peresini P., Et al., A NICE way to test OpenFlow applications, Proc of the 9th USENIX Symp on Networked System Design and Implementation, pp. 127-140, (2012)
[6] Sherwood R., Gibb G., Yap K.K., Et al., Can the production network be the testbed?, Proc of the 9th USENIX Symp on Operating Systems Design and Implementation, pp. 1-6, (2010)
[7] McGeer R., Verification of switching network properties using satisfiability, Proc of IEEE ICC'12, pp. 6638-6644, (2012)
[8] Al-Shaer E., Al-Haj S., FlowChecker: Configuration analysis and verification of federated OpenFlow infrastructures, Proc of the 3rd ACM Workshop on Assurable and Usable Security Configuration, pp. 37-44, (2010)
[9] Mai H., Khurshid A., Agarwal R., Et al., Debugging the data plane with anteater, ACM SIGCOMM Computer Communication Review, 41, 4, pp. 290-301, (2011)
[10] Kazemian P., Varghese G., McKeown N., Header space analysis: Static checking for networks, Proc of the 9th USENIX Symp on Networked System Design and Implementation, pp. 113-126, (2012)

← 1 2 →