Abstract
Software-Defined Network (SDN) separates the control plane and data plane to provide a more flexible network. In that case, switches only need to follow the flow rules that controllers send. However, when conflicts between policies in applications happen, the flow rules they send may conflict too, then the behavior of switches may not be as expected. Moreover, the process of pipeline with multiple tables has made the match of flow rules more flexible but complicated. Therefore, precisely and easily detecting flow rule conflicts in one table and among multiple tables is crucial. Nowadays, knowledge graph has become a hot spot, with a good representation on entities and complex network relations. Besides, it has a reasoning ability, which can discover new relations between entities. So, we construct an SDN flow rule conflicts detection knowledge graph to store the network information including flow rules, then set up production rules according to the definition of flow rule conflicts with conflicts in one table and conflicts among multiple tables. The production rules are easy to read and modify. The result shows that the conflicts can be detected correctly with a clear reasoning process by production rules.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yu, Y., Li, X., Leng, X., et al.: Fault management in software-defined networking: a survey. IEEE Commun. Surv.Tutorials 21(1), 349–392 (2019)
McKeown, N., Anderson, T., Balakrishnan, H., et al.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Pisharody, S., Natarajan, J., Chowdhary, A., et al.: Brew: a security policy analysis framework for distributed SDN-based cloud environments. IEEE Trans. Depend. Secure Comput. 16(6), 1011–1025 (2019)
Khurshid, A., Zhou, W., Caesar, M., et al.: Veriflow: verifying network-wide invariants in real time. ACM SIGCOMM Comput. Commun. Rev. 42(4), 467–472 (2012)
Maldonado-Lopez, F.A., Calle, E., Donosom, Y.: Detection and prevention of firewall-rule conflicts on software-defined networking. In: 2015 7th International Workshop on Reliable Networks Design and Modeling (RNDM), pp. 259–265. IEEE (2015)
Khairi, M.H.H., Afiffin, S.H.S., Latiff, N.M.A., et al.: Detection and classification of conflict flows in SDN using machine learning algorithms. IEEE Access 9, 76024–76037 (2021)
Amit, S.: Introducing the knowledge graph: things, not strings. America: official blog of google. http://googleblog.blogspot.com/2012/05/introducing-knowledge-graph-things-not.html 16 May 2012
Bodenreider, O.: The unified medical language system (UMLS): integrating biomedical terminology. Nucleic acids research 32(suppl_1), 267–270 (2004)
Zhang, W., Wong, C.M., Ye, G.: Billion-scale pre-trained e-commerce product knowledge graph model. In: 2021 IEEE 37th International Conference on Data Engineering (ICDE), pp. 2476–2487. IEEE (2021)
Shaoxiong, J., Shirui, P., Eric, C., et al.: A Survey on knowledge graphs: representation, acquisition, and applications. IEEETrans. Neural Netw. Learn. Syst. 33(2), 494–514 (2022)
Xu, G., Cao, Y., Ren, Y., et al.: Network security situation awareness based on semantic ontology and user-defined rules for internet of things. IEEE Access 5, 21046–21056 (2017)
Guang, C., Tonghai, J., Meng, W., et al.: Modeling and reasoning of IoT architecture in semantic ontology dimension. Comput. Commun. 153, 580–594 (2020)
De Souza, T. D. P. C., Rothenberg, C. E., Santos, M. A. S., et al: Towards semantic network models via graph databases for sdn applications. In: Fourth European Workshop on Software Defined Networks, pp. 49–54. IEEE (2015)
Li, Z., Zhao, Y., Li, Y., et al: Demonstration of Alarm Knowledge Graph Construction for Fault Localization on ONOS-based SDON Platform. In: 2020 Optical Fiber Communications Conference and Exhibition (OFC), pp. 1–3. IEEE (2020)
SPARQL Query Language for RDF. https://www.w3.org/TR/rdf-sparql-query/. Document Status Update 2013/03/26
Apache Jena Homepage. https://jena.apache.org/
ONOS WiKi. https://wiki.onosproject.org/. Accessed 16 Nov 2020
Acknowledgments
This work has been supported by National Key Research and Development Program of China (2020YFB1807700).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Liang, S., Su, J. (2023). Detection of SDN Flow Rule Conflicts Based on Knowledge Graph. In: Quan, W. (eds) Emerging Networking Architecture and Technologies. ICENAT 2022. Communications in Computer and Information Science, vol 1696. Springer, Singapore. https://doi.org/10.1007/978-981-19-9697-9_8
Download citation
DOI: https://doi.org/10.1007/978-981-19-9697-9_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-9696-2
Online ISBN: 978-981-19-9697-9
eBook Packages: Computer ScienceComputer Science (R0)