| As an emerging paradigm that promises flexible programmability and simplified management of networks, Software-Defined Networks (SDN) gain considerable momentum in both academia and industry. The programmability brought by SDN enables the research on many aspects of networking systems across the network stack that were previously impossible to build, such as network programming (e.g., Frenetic [35] and NetKAT [23]), network verification (e.g., VeriFlow [53], HSA [50] and Software Dataplane Verification [29]) and network update (e.g., incremental consistent update [48] and zUpdate [60]). The centralized management paradigm allows large scale networks to be consistently and accurately managed and reconfigured by network administrators, leading to revolutionary new network applications, such as large scale network virtualization (e.g., OpenNF [36], SIMPLE [74] and FlowTags [31]) and fine-grained traffic engineering (e.g., B4 [42] and SWAN [40]). However, despite the recent advances in SDN researches, it remains fundamentally challenging to design a management system for SDN that 1) allows network applications to securely generate network policies, 2) efficiently conducts network policy updates, and 3) reliably deploys network policies to the data plane. The three challenges for SDN research form the basis of this Ph.D. dissertation work.;Our research focuses on designing an efficient, secure and reliable SDN management system from both the architectural perspective and operational perspective. This dissertation is mainly composed of three key components called RuleTris, SDNShield and RuleScope. Specifically, RuleTris is a novel SDN policy update optimization framework that minimizes rule update latency for TCAM-based physical SDN switches. At its core, RuleTris efficiently analyzes the input policy updates and generates provably minimum size TCAM update sequence to update the data plane. RuleTris enables the SDN management system to deliver prompt policy updates to the data plane. SDNShield is a novel permission control system for SDN applications. SDNShield achieves security in control plane by enforcing minimum privileges to controller applications. Finally, RuleScope is a comprehensive solution for inspecting SDN forwarding faults. RuleScope can consistently and incrementally inspect data plane fault using customized probe packets to exercise data-plane rules, hence ensuring SDN policies to by reliably deployed on the data plane.;The three components cooperate with and reinforce each other, altogether forming the kernel of the SDN management system, which is compatible with existing SDN controller architectures. Our designs have been implemented as prototypes on mainstream SDN controller systems. We evaluate the feasibility and performance of our designs with extensive numerical simulations and testbed experiments. |
