Research On Strategy Conflict Detection Under SDN

Software Defined Network(SDN)is a new type of network architecture.It is characterized by the idea of separating control and forwarding to extract the control logic of the network equipment,which facilitates network management and improves network flexibility.With the expansion of the SDN network,when multiple users update their routing and security policies,these policies from different sources are likely to conflict with each other.Even when the network scheduling is more complicated,conflicts among routing strategies,security strategies,routing strategies and security strategies formulated by the same user will cause conflicts in the forwarding ring and firewall in the network,which will not reach the user For the corresponding network scheduling requirements,the network may even be paralyzed.Therefore,this paper analyzes the process and mechanism of conflicts by comparing existing policy conflict problems and corresponding solutions under SDN,and divides conflicts under SDN into two types: single-switch flow table conflict and policy conflict.Aiming at the conflict of the flow table of a single switch,a formal rule model and a rule relationship model are established,and a conflict detection algorithm based on EnhanceTree is designed.Compared with other solutions,the collision detection algorithm based on EnhanceTree is more suitable for the situation where the flow table is larger,and the detection time is reduced by nearly 17%.Aiming at the problem of policy conflict under SDN,the detection validity problem brought by "Set" action is considered,and a policy conflict detection algorithm based on forwarding graph is proposed.In the case of processing large-scale flow tables,the strategy conflict detection algorithm based on the forwarding graph is only 19% more time-consuming than the native Floodlight processing;while under complex network conditions,the strategy conflict detection algorithm based on the forwarding graph is only better than that in the simple network The average processing delay is 1ms longer.It shows that the policy conflict detection algorithm based on forwarding graph has good performance and can be applied to more complicated network conditions.Based on the above theoretical research,this paper designs and implements a policy conflict detection system,and tests the system,which proves the effectiveness of the proposed policy conflict detection method.