Next Article in Journal
Picking Robot Visual Servo Control Based on Modified Fuzzy Neural Network Sliding Mode Algorithms
Previous Article in Journal
Photovoltaic Module Array Global Maximum Power Tracking Combined with Artificial Bee Colony and Particle Swarm Optimization Algorithm
Open AccessArticle

Enforcing Optimal ACL Policies Using K-Partite Graph in Hybrid SDN

Department of Computer Science, Comsats University Islamabad, Wah Campus, Wah Cantt 47040, Pakistan
Department of Computer Science, University of Engineering and Technology, Taxila 47050, Pakistan
Author to whom correspondence should be addressed.
Electronics 2019, 8(6), 604;
Received: 1 April 2019 / Revised: 6 May 2019 / Accepted: 20 May 2019 / Published: 29 May 2019
(This article belongs to the Section Networks)
Software Defined Networking (SDN) as an innovative network paradigm that separates the management and control planes from the data plane of forwarding devices by implementing both the management and control planes at a logically centralized entity, called controller. Therefore, it ensures simple network management and control. However, due to several reasons (e.g., deployment cost, fear of downtime) organizations are very reluctant to adopt SDN in practice. Therefore, a viable solution is to replace the legacy devices by SDN devices incrementally. This results in a new network architecture called hybrid SDN. In hybrid SDN, both SDN and legacy devices operate in such a way to achieve the maximum benefit of SDN. The legacy devices are running a traditional protocol and SDN devices are operating using Open-flow protocols. Network policies play an essential role to secure the entire network from several types of attacks like unauthorized access and port/protocol control. In a hybrid SDN, policy implementation is a tedious task that requires extreme care and attention due to the hybrid nature of network traffic. Network policies may be implemented at various positions in hybrid SDN, e.g., near the destination or source node, and at the egress or ingress ports of a router. Each of these schemes has some trade-offs. For example, if policies are implemented near the source nodes then each packet generated from the source must pass through the filter and, thus, requires more processing power, time, resources, etc. Similarly, if policies are installed near the destination nodes, then a lot of unwanted traffic generated causing network congestion. This is an NP-hard problem. To address these challenges, we propose a systematic design approach to implement network policies optimally by using decision tree and K-partite graph. By traversing all the policies, we built up the decision tree that identifies which source nodes can communicate with which destination. Then, we traverse the decision tree and constructs K-partite graph to find possible places (interfaces of the routers) where ACL policies are to be implemented based on the different criteria (i.e., the minimum number of ACL rules and the minimum number of transmissions for unwanted traffic). The edge weight represents the cost per criteria. Then, we traverse the K-partite graph to find the optimal place for ACL rules implementation according to the given criteria. The simulation results indicate that the proposed technique outperforms existing approaches in terms of computation time, traffic optimization and successful packet delivery, etc. The results also indicate that the proposed method improves network performance and efficiency by decreasing network congestion and providing ease of policy implementation. View Full-Text
Keywords: Hybrid SDN; Policy Implementation; Graph Computation; Traffic Optimization Hybrid SDN; Policy Implementation; Graph Computation; Traffic Optimization
Show Figures

Figure 1

MDPI and ACS Style

Amin, R.; Shah, N.; Mehmood, W. Enforcing Optimal ACL Policies Using K-Partite Graph in Hybrid SDN. Electronics 2019, 8, 604.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

Back to TopTop