Modern controllers for software‐defined networks (SDN) enable the execution of arbitrary SDN applications (eg, Network Address Translation (NAT), traffic monitors) that may be exploited by an overarching set of services (eg, application‐layer orchestrators) to build even richer services. To this purpose, the above overarching services require a mechanism that allows reading the run‐time state and writing the configuration of arbitrary SDN applications, possibly through a uniform API. Unfortunately, most SDN applications are not designed/implemented by taking into account the possibility to be used as part of higher level service workflows (eg, a complex intrusion prevention system that leverages multiple elementary services as individual components), hence they may not provide an adequate interface that would allow overarching services to exploit their features. This paper addresses this problem by proposing an approach to represent the run‐time state of arbitrary applications, where data are exported according to high‐level model‐based structures. Furthermore, the mapping from the high‐level data model to the actual data representation within the SDN application is enabled by a suite of algorithms that are generic enough to operate independently of the actual source code of the application, thus avoiding undesired and invasive modifications to existing applications. The paper also presents a software framework and a prototype implementing the proposed approach, characterizes the resulting performance, and discusses pros and cons of the proposed approach.
A model‐based abstraction layer for heterogeneous SDN applications
Martini B;
2019-01-01
Abstract
Modern controllers for software‐defined networks (SDN) enable the execution of arbitrary SDN applications (eg, Network Address Translation (NAT), traffic monitors) that may be exploited by an overarching set of services (eg, application‐layer orchestrators) to build even richer services. To this purpose, the above overarching services require a mechanism that allows reading the run‐time state and writing the configuration of arbitrary SDN applications, possibly through a uniform API. Unfortunately, most SDN applications are not designed/implemented by taking into account the possibility to be used as part of higher level service workflows (eg, a complex intrusion prevention system that leverages multiple elementary services as individual components), hence they may not provide an adequate interface that would allow overarching services to exploit their features. This paper addresses this problem by proposing an approach to represent the run‐time state of arbitrary applications, where data are exported according to high‐level model‐based structures. Furthermore, the mapping from the high‐level data model to the actual data representation within the SDN application is enabled by a suite of algorithms that are generic enough to operate independently of the actual source code of the application, thus avoiding undesired and invasive modifications to existing applications. The paper also presents a software framework and a prototype implementing the proposed approach, characterizes the resulting performance, and discusses pros and cons of the proposed approach.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.