Transaction-Based Flow Rule Conflict Detection and Resolution in SDN

Software-defined Networking (SDN) brings new vitality to traditional network technology as its nice property of network programmability makes our network more open and flexible. By using interfaces of SDN controllers, different applications with diverse network functions can deploy their needed flow rules into SDN switches. However, some of these flow rules would probably produce conflicts that result in invalidation of network functions and cause security issues. To address this issue, we design a novel approach, Transaction-based flow rule Conflict Detection and Resolution (TCDR), which can isolate the flow rules of different network functions to avoid interference between different network functions. Meanwhile, our proposed method introduces a transaction-based authentication to guarantee the legality of flow rules. Finally, we implement a prototype of our solution, and evaluate its effectiveness and efficiency. The performance evaluation shows that TCDR can reject illegal flow rules and avoid many flow rule conflicts with a small overhead.