Checking Multi-domain Policies in SDN

Programmable Network like SDN allows administrators to program network nfrastructure according to service demand and custom-defined policies. Network olicies are interpreted by the centralized controller to define actions and rules to rocess the network traffic on devices that belong to a single dom...

Descripción completa

Detalles Bibliográficos
Autores: Maldonado López, Ferney A., Calle Ortega, Eusebi, Donoso Meisel, Yezid
Tipo de recurso: artículo
Estado:Versión publicada
Fecha de publicación:2016
País:España
Institución:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)
Repositorio:Recercat. Dipósit de la Recerca de Catalunya
OAI Identifier:oai:recercat.cat:10256/17250
Acceso en línea:http://hdl.handle.net/10256/17250
Access Level:acceso abierto
Palabra clave:Ordinadors, Xarxes d'
Computer networks
Xarxes definides per programari (Tecnologia de xarxes d'ordinadors)
Software-defined networks (Computer network technology)
Descripción
Sumario:Programmable Network like SDN allows administrators to program network nfrastructure according to service demand and custom-defined policies. Network olicies are interpreted by the centralized controller to define actions and rules to rocess the network traffic on devices that belong to a single domain. However, actual etworks are multi-domain where several domains are interconnected. Then, because DN controllers in a domain cannot define nor monitor policies in other domains, etwork administrators cannot ensure that their own policies, origin policies are being nforced by the domains not directly managed by them (i.e. foreign domains). e present AudiT, a multi-domain SDN policy verifier that identifies whether an rigin policy is enforced by foreign domains. AudiT comprises (1) model for network opology, policies, and flows, (2) an Audit protocol to gather information about the ctions performed by network devices to carry the flows of interest, and (3) a validation ngine that takes that information and detects security policy violations, and (4) an extension to the OpenFlow protocol to enable external auditing. This paper resents our approach and illustrates its application using an example considering ultiple SDN networks