Verification of Flow Matching Functionality in the Forwarding Plane of OpenFlow Networks


IEICE TRANSACTIONS on Communications   Vol.E98-B   No.11   pp.2190-2201
Publication Date: 2015/11/01
Online ISSN: 1745-1345
DOI: 10.1587/transcom.E98.B.2190
Type of Manuscript: Special Section PAPER (Special Section on Network Systems for Virtualized Environment)
OpenFlow,  in-band,  out-of-band,  verification,  

Full Text: PDF(3.1MB)>>
Buy this Article

In OpenFlow, data and control plane are decoupled from switches or routers. While the data plane resides in the switches or routers, the control plane might be moved into one or more external servers (controllers). In this article, we propose verification mechanisms for the data plane functionality of switches. The latter consists of two parts: (1) Flow-Match Header part (to match a flow of incoming packets) and (2) action part (e.g., to forward incoming packets to an outgoing port). We propose a mechanism to verify the Flow-Match Header part of the data plane. The mechanism can be executed at the controller, or on an additional device or server (or virtual machines) attached to the network. Deploying a virtual machine (VM) or server for verification may decrease the load of the controller and/or consumed bandwidth between the controller and a switch. We propose a heuristic to place external verification devices or VMs in a network such that the verification time can be minimized. Verification time with respect to consumed resources are evaluated through emulation experiments. Results confirm that the verification time using the proposed heuristic is indeed shortened significantly, while requiring low bandwidth resources.