Packet classification on multiple fields
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Approximation algorithms
Packet classification using multidimensional cutting
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Compressing rectilinear pictures and minimizing access control lists
SODA '07 Proceedings of the eighteenth annual ACM-SIAM symposium on Discrete algorithms
OpenFlow: enabling innovation in campus networks
ACM SIGCOMM Computer Communication Review
NOX: towards an operating system for networks
ACM SIGCOMM Computer Communication Review
Computational Complexity: A Modern Approach
Computational Complexity: A Modern Approach
Rethinking enterprise network control
IEEE/ACM Transactions on Networking (TON)
TCAM Razor: a systematic approach towards minimizing packet classifiers in TCAMs
IEEE/ACM Transactions on Networking (TON)
EffiCuts: optimizing packet classification for memory and throughput
Proceedings of the ACM SIGCOMM 2010 conference
Scalable flow-based networking with DIFANE
Proceedings of the ACM SIGCOMM 2010 conference
Virtualizing the network forwarding plane
Proceedings of the Workshop on Programmable Routers for Extensible Services of Tomorrow
OpenFlow-based server load balancing gone wild
Hot-ICE'11 Proceedings of the 11th USENIX conference on Hot topics in management of internet, cloud, and enterprise networks and services
Frenetic: a network programming language
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
IEEE Communications Magazine
Bit weaving: a non-prefix approach to compressing packet classifiers in TCAMs
IEEE/ACM Transactions on Networking (TON)
Abstractions for network update
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
PAST: scalable ethernet for data centers
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Composing software-defined networks
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
The beacon openflow controller
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Minimizing network complexity through integrated top-down design
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
Hi-index | 0.00 |
Software Defined Networks (SDNs) support diverse network policies by offering direct, network-wide control over how switches handle traffic. Unfortunately, many controller platforms force applications to grapple simultaneously with end-to-end connectivity constraints, routing policy, switch memory limits, and the hop-by-hop interactions between forwarding rules. We believe solutions to this complex problem should be factored in to three distinct parts: (1) high-level SDN applications should define their end-point connectivity policy on top of a "one big switch" abstraction; (2) a mid-level SDN infrastructure layer should decide on the hop-by-hop routing policy; and (3) a compiler should synthesize an effective set of forwarding rules that obey the user-defined policies and adhere to the resource constraints of the underlying hardware. In this paper, we define and implement our proposed architecture, present efficient rule-placement algorithms that distribute forwarding policies across general SDN networks while managing rule-space constraints, and show how to support dynamic, incremental update of policies. We evaluate the effectiveness of our algorithms analytically by providing complexity bounds on their running time and rule space, as well as empirically, using both synthetic benchmarks, and real-world firewall and routing policies.