Research On Detection And Solution Of Policy Conflicts In SDN

Software defined network(SDN)is a new network architecture controlled by SDN controller.By separating data plane and control plane and using Open Flow protocol,network administrators can manage and control it better and simplify the deployment of new network functions.Network availability,security,and Qo S determine the accurate execution of network policies,and network operators implement these policies by writing SDN applications.Although SDN is simple and flexible,application designers may not understand existing policies and security requirements in existing networks deploying these applications.Therefore,user custom writing network policies will have conflicts with existing security policies,and multiple different applications may control and operate at the same time at the same time.The above data packets are called Policy conflicts.This thesis studies around the policy conflict in the SDN,and the detailed analysis of the discovered issues is carried out,the following two solutions are proposed.(1)Propose Graphical Representative Policy Conflicts Detection and Solution(GPVC).The purpose is to resolve the policy conflicts in the SDN which may cause expensive data leaks,policy violations,and invasive network security threats.Firstly,GPVC describes the modification of the modification when it is amended for each policy to build a simple but intuitive policy diagram,and use an integer linear programming to describe the modification of the minimization repair policy violation.Then,the GPVC uses an heuristic algorithm,automatic and scalablely performing the best policy layout to avoid the case of the rule number of rules due to endpoint policies.Finally,Based on the open source Ryu controller,the prototype of GPVC system is realized.The purpose of this scheme is to detect the policy conflict automatically.The experimental results show that the scheme achieves good policy conflict resolution effect with low resource consumption.(2)Propose a Policy Conflict Detection based on Reg Ex Matching(RCDR).The purpose is to avoid the transition consumption of resources and the space state explosion caused by XFA in large-scale SDN networks.In this thesis,a compressed finite automaton is proposed for regex matching of TCAM based on space efficiency.In order to reduce TCAM space,RCDR proposes three compression techniques on transition,character and state.Finally,the simulated Reg Ex schema set is tested.The results show that this scheme can effectively reduce TCAM space consumption,achieve faster regex matching speed and lower CPU consumption of controller.