Verifying SDN Data Path Requests
Software Defined Networking (SDN) is a pillar technology for network virtualization, which currently attracts a lot of attention due to the provided capabilities. In recent years, different works have been devoted to testing / verifying the (correct) configurations of SDN data planes. In general, SDN forwarding devices (e.g., switches) route (stir) traffic according to the configured flow rules; essentially, a flow rule decides which action to take (e.g., forward the received network packet to a set of ports) if the received network packet matches some predefined values. In this paper, we showcase misconfigurations which can occur due to the inherent working principles of flow rules. Namely, we discuss how, when synthesizing a set of data-paths, other data paths (including loops) may be unintentionally configured. Furthermore, we show that for some cases the original set of data paths cannot be implemented (only a superset of it). Additionally, we present a method for detecting such issues and estimate its complexity. The obtained results may be interesting for practical use due to their impact and low (polynomial) time complexity.
READ FULL TEXT