Skip to main content

A General Approach to Conflict Detection in Software-Defined Networks


Software-defined networks (SDN) replacing the network appliances of traditional networks with logically centrally deployed applications, which are able to introduce the network function they implement into any element in the network. This flexibility renders SDN prone to conflict. We demonstrate conflict between applications in a laboratory setting to emphasize the importance of conflict detection in production networks. The evaluation of an analytical approach shows substantial obstacles in the general case. Our experimental approach produces conflict classes and detection patterns by means of studying network behaviour in the presence of multiple applications and traffic profiles being applied to different topologies. Based on such experiments, we illustrate the extraction of conflict patterns and their application to conflict detection in new situations.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9





  1. Bosshart P, Daly D, Gibb G, Izzard M, McKeown N, Rexford J, Schlesinger C, Talayco D, Vahdat A, Varghese G, et al. P4: programming protocol-independent packet processors. ACM SIGCOMM Comput Commun Rev. 2014;44(3):87–95.

    Article  Google Scholar 

  2. Cui J, Zhou S, Zhong H, Xu Y, Sha K. Transaction-based flow rule conflict detection and resolution in SDN. In: 2018 27th international conference on computer communication and networks (ICCCN). IEEE; 2018. pp. 1–9.

  3. Durante L, Seno L, Valenza F, Valenzano A. A model for the analysis of security policies in service function chains. In: Network Softwarization (NetSoft), 2017 IEEE conference on. IEEE; 2017. pp. 1–6.

  4. Ferguson AD, Guha A, Liang C, Fonseca R, Krishnamurthi S. Hierarchical policies for software defined networks. In: Proceedings of the first workshop on Hot topics in software defined networks. ACM; 2012. pp. 37–42.

  5. Gude N, Koponen T, Pettit J, Pfaff B, Casado M, McKeown N, Shenker S. Nox: towards an operating system for networks. ACM SIGCOMM Comput Commun Rev. 2008;38(3):105–10.

    Article  Google Scholar 

  6. Haleplidis E, Pentikousis K, Denazis S, Hadi SJ, Meyer D, Koufopavlou O. Software-defined networking (SDN): layers and architecture terminology. RFC 7426 (Informational); 2015.

  7. Hamed H, Al-Shaer E. Taxonomy of conflicts in network security policies. IEEE Commun Mag. 2006;44(3):134–41.

    Article  Google Scholar 

  8. Kazemian P, Chan M, Zeng H, Varghese G, McKeown N, Whyte S. Real time network policy checking using header space analysis. In: NSDI. 2013. pp. 99–111.

  9. Kazemian P, Varghese G, McKeown N. Header space analysis: static checking for networks. In: NSDI. vol. 12. 2012. pp. 113–126.

  10. Khurshid A, Zhou W, Caesar M, Godfrey P. Veriflow: verifying network-wide invariants in real time. In: Proceedings of the first workshop on Hot topics in software defined networks. ACM; 2012. pp. 49–54.

  11. Kletzander R. A testbed for researching conflicts in SDN, 2017. Bachelor’s thesis.

  12. Lantz B, Heller B, McKeown N. A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the 9th ACM SIGCOMM workshop on hot topics in networks. ACM; 2010. p. 19.

  13. Li J, Gu Z, Ren Y, Wu H, Shi S. A software-defined address resolution proxy. In: 2017 IEEE symposium on computers and communications (ISCC). IEEE; 2017. pp. 404–410.

  14. Li Shengru, Hu Daoyun, Fang Wenjian, Ma Shoujiang, Chen Cen, Huang Huibai, Zhu Zuqing. Protocol oblivious forwarding (pof): software-defined networking with enhanced programmability. IEEE Netw. 2017;31(2):58–66.

    Article  Google Scholar 

  15. Moffett Jonathan D, Sloman Morris S. Policy conflict analysis in distributed system management. J Organ Comput Electron Commer. 1994;4(1):1–22.

    Google Scholar 

  16. Pisharody S. Policy conflict management in distributed SDN environments. PhD thesis, Arizona State University, 2017.

  17. Pisharody S, Natarajan J, Chowdhary A, Alshalan A, Huang D. Brew: a security policy analysis framework for distributed SDN-based cloud environments. In: IEEE transactions on dependable and secure computing, 2017.

  18. Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, Gu G. A security enforcement kernel for openflow networks. In: Proceedings of the first workshop on Hot topics in software defined networks. ACM; 2012. pp. 121–126.

  19. Shin S, Porras PA, Yegneswaran V, Fong MW, Gu G, Tyson M. Fresco: modular composable security services for software-defined networks. In: NDSS. 2013.

  20. Song H. Protocol-oblivious forwarding: Unleash the power of SDN through a future-proof forwarding plane. In: Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM; 2013. pp. 127–132.

  21. Sun Peng, Mahajan Ratul, Rexford Jennifer, Yuan Lihua, Zhang Ming, Arefin Ahsan. A network-state management service. ACM SIGCOMM Comput Commun Rev. 2015;44(4):563–74.

    Article  Google Scholar 

  22. Tran CN, Danciu V. On conflict handling in software-defined networks. In: Proceedings of 2018 international conference on advanced computing and applications. CPS; 2018. pp. 50–57.

  23. Wang A, Mei X, Croft J, Caesar M, Godfrey B. Ravel: a database-defined network. In: Proceedings of the symposium on SDN research. ACM; 2016. p. 5.

Download references


The authors wish to thank the members of the Munich Network Management Team (, directed by Prof. Dr. Dieter Kranzlmüller, for valuable comments on previous versions of this paper.

Author information

Authors and Affiliations


Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the topical collection “Future Data and Security Engineering” guest edited by Tran Khanh Dang.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Tran, C.N., Danciu, V. A General Approach to Conflict Detection in Software-Defined Networks. SN COMPUT. SCI. 1, 9 (2020).

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI:


  • Conflict detection
  • Conflict handling
  • Software-defined networks
  • Experimental approach