Publication Details

High Level Policies in SDN

POLČÁK Libor, CALDAROLA Leo, CUDA Davide, DONDERO Marco, FICARA Domenico, FRANKOVÁ Barbora, HOLKOVIČ Martin, CHOUKIR Amine, MUCCIFORA Roberto and TRIFILO Antonio. High Level Policies in SDN. In: Communications in Computer and Information Science. Berlin: Springer International Publishing, 2016, pp. 39-57. ISBN 978-3-319-30221-8. ISSN 1865-0929. Available from: http://link.springer.com/chapter/10.1007%2F978-3-319-30222-5_2
Czech title
Vysokoúrovňové politiky v SDN
Type
conference paper
Language
english
Authors
Polčák Libor, Ing., Ph.D. (DIFS FIT BUT)
Caldarola Leo (CISCO-CH)
Cuda Davide (CISCO-CH)
Dondero Marco (CISCO-CH)
Ficara Domenico (CISCO-CH)
Franková Barbora, Ing. (DIFS FIT BUT)
Holkovič Martin, Ing. (DIFS FIT BUT)
Choukir Amine (CISCO-CH)
Muccifora Roberto (CISCO-CH)
Trifilo Antonio (CISCO-CH)
URL
Keywords

Application-aware network; Data planes; High level policies; IP addresss; Network traffic; Packet routes; Port numbers; Security threats

Abstract

Policies for network traffic handling define packet routes through networks, enforce required quality of service, and protect networks from security threats. When expressing a policy, one needs to characterise the traffic to which the policy applies by traffic identifiers. Low level traffic identifiers, such as IP addresses and port numbers, are available in each packet. Indeed, low level traffic identifiers are perfect for data plane routing and switching. However, high level traffic identifiers, such as user name and application name, are better for the readability and clarity of a policy. In this paper, we extend software defined networks with high level traffic identifiers. We propose to add additional interface to SDN controllers for collecting traffic meta data and high level traffic identifiers. The controller maintains a database that maps high level traffic identifiers to a set of flows defined by low level traffic identifiers. SDN applications can apply policies based on both high level and low level traffic identifiers. We leave the southbound protocols intact. This paper provides two examples of High Level SDN paradigms - Application-Aware Networks and Identity-Aware Networks. The first paradigm enables policies depending on application names and characteristics. The latter allows policies based on user names and their roles.

Published
2016
Pages
39-57
Journal
Communications in Computer and Information Science, vol. 585, no. 1, ISSN 1865-0929
Proceedings
Communications in Computer and Information Science
Conference
6th International Conference on Data Communication Networking, Colmar, FR
ISBN
978-3-319-30221-8
Publisher
Springer International Publishing
Place
Berlin, DE
DOI
UT WoS
000378740100002
EID Scopus
BibTeX
@INPROCEEDINGS{FITPUB10959,
   author = "Libor Pol\v{c}\'{a}k and Leo Caldarola and Davide Cuda and Marco Dondero and Domenico Ficara and Barbora Frankov\'{a} and Martin Holkovi\v{c} and Amine Choukir and Roberto Muccifora and Antonio Trifilo",
   title = "High Level Policies in SDN",
   pages = "39--57",
   booktitle = "Communications in Computer and Information Science",
   journal = "Communications in Computer and Information Science",
   volume = 585,
   number = 1,
   year = 2016,
   location = "Berlin, DE",
   publisher = "Springer International Publishing",
   ISBN = "978-3-319-30221-8",
   ISSN = "1865-0929",
   doi = "10.1007/978-3-319-30222-5\_2",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/10959"
}
Back to top