All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Efficient handling of ACL policy change in SDN using reactive and proactive flow rule installation

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F61989100%3A27240%2F24%3A10255125" target="_blank" >RIV/61989100:27240/24:10255125 - isvavai.cz</a>

  • Result on the web

    <a href="https://www.nature.com/articles/s41598-024-65721-x" target="_blank" >https://www.nature.com/articles/s41598-024-65721-x</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1038/s41598-024-65721-x" target="_blank" >10.1038/s41598-024-65721-x</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Efficient handling of ACL policy change in SDN using reactive and proactive flow rule installation

  • Original language description

    Software-defined networking (SDN) is a pioneering network paradigm that strategically decouples the control plane from the data and management planes, thereby streamlining network administration. SDN&apos;s centralized network management makes configuring access control list (ACL) policies easier, which is important as these policies frequently change due to network application needs and topology modifications. Consequently, this action may trigger modifications at the SDN controller. In response, the controller performs computational tasks to generate updated flow rules in accordance with modified ACL policies and installs flow rules at the data plane. Existing research has investigated reactive flow rules installation that changes in ACL policies result in packet violations and network inefficiencies. Network management becomes difficult due to deleting inconsistent flow rules and computing new flow rules per modified ACL policies. The proposed solution efficiently handles ACL policy change phenomena by automatically detecting ACL policy change and accordingly detecting and deleting inconsistent flow rules along with the caching at the controller and adding new flow rules at the data plane. A comprehensive analysis of both proactive and reactive mechanisms in SDN is carried out to achieve this. To facilitate the evaluation of these mechanisms, the ACL policies are modeled using a 5-tuple structure comprising Source, Destination, Protocol, Ports, and Action. The resulting policies are then translated into a policy implementation file and transmitted to the controller. Subsequently, the controller utilizes the network topology and the ACL policies to calculate the necessary flow rules and caches these flow rules in hash table in addition to installing them at the switches. The proposed solution is simulated in Mininet Emulator using a set of ACL policies, hosts, and switches. The results are presented by varying the ACL policy at different time instances, inter-packet delay and flow timeout value. The simulation results show that the reactive flow rule installation performs better than the proactive mechanism with respect to network throughput, packet violations, successful packet delivery, normalized overhead, policy change detection time and end-to-end delay. The proposed solution, designed to be directly used on SDN controllers that support the Pyretic language, provides a flexible and efficient approach for flow rule installation. The proposed mechanism can be employed to facilitate network administrators in implementing ACL policies. It may also be integrated with network monitoring and debugging tools to analyze the effectiveness of the policy change mechanism.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    20200 - Electrical engineering, Electronic engineering, Information engineering

Result continuities

  • Project

  • Continuities

    S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2024

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    Scientific Reports

  • ISSN

    2045-2322

  • e-ISSN

    2045-2322

  • Volume of the periodical

    14

  • Issue of the periodical within the volume

    1

  • Country of publishing house

    GB - UNITED KINGDOM

  • Number of pages

    19

  • Pages from-to

    14976

  • UT code for WoS article

    001259972600008

  • EID of the result in the Scopus database

    2-s2.0-85197218177

Similar results(10)

Augmenting Speech Quality Estimation in Software-Defined Networking using Machine Learning AlgorithmsSDN-tapHigh Level Policies in SDN