Abstract

Multi-tenant cloud networks have various security and monitoring service functions (SFs) that constitute a service function chain (SFC) between two endpoints. SF rule ordering overlaps and policy conflicts can cause increased latency, service disruption and security breaches in cloud networks. Software Defined Network (SDN) based Network Function Virtualization (NFV) has emerged as a solution that allows dynamic SFC composition and traffic steering in a cloud network. We propose an SDN enabled Universal Policy Checking (SUPC) framework, to provide 1) Flow Composition and Ordering by translating various SF rules into the OpenFlow format. This ensures elimination of redundant rules and policy compliance in SFC. 2) Flow conflict analysis to identify conflicts in header space and actions between various SF rules. Our results show a significant reduction in SF rules on composition. Additionally, our conflict checking mechanism was able to identify several rule conflicts that pose security, efficiency, and service availability issues in the cloud network.

Original languageEnglish (US)
Title of host publication2019 International Conference on Computing, Networking and Communications, ICNC 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages572-576
Number of pages5
ISBN (Electronic)9781538692233
DOIs
StatePublished - Apr 8 2019
Event2019 International Conference on Computing, Networking and Communications, ICNC 2019 - Honolulu, United States
Duration: Feb 18 2019Feb 21 2019

Publication series

Name2019 International Conference on Computing, Networking and Communications, ICNC 2019

Conference

Conference2019 International Conference on Computing, Networking and Communications, ICNC 2019
CountryUnited States
CityHonolulu
Period2/18/192/21/19

Keywords

  • Network Function Virtualization (NFV)
  • Security Policy Conflicts
  • Service Function Chaining (SFC)
  • Software Defined Network (SDN)

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'SUPC: SDN enabled Universal Policy Checking in Cloud Network'. Together they form a unique fingerprint.

  • Cite this

    Chowdhary, A., Alshamrani, A., & Huang, D. (2019). SUPC: SDN enabled Universal Policy Checking in Cloud Network. In 2019 International Conference on Computing, Networking and Communications, ICNC 2019 (pp. 572-576). [8685550] (2019 International Conference on Computing, Networking and Communications, ICNC 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICCNC.2019.8685550