A Graph Based Formalism For Detecting Flow Conflicts In Software Defined Network

Software Defined Network (SDN) paradigm has revolutionized the way enterprise networks are designed by way of separating the control and data plane. It introduces a programmable network architecture which enables rapid and open innovation in different network functions that are allowed to install flow rules in forwarding elements via protocols like OpenFlow. Packet Processing also becomes easier and lucrative due to availability of packet information across different layers. But all these benefits may turn into great challenges because of the use of some features in OpenFlow itself. One of them, the set field feature is widely used by network functions like firewall, router, load balancer etc. to modify packet header while in transit. Un-monitored use of this feature may cause packets to loop through switches, adversely affecting the network performance. Also, different network functions may install flow rules that directly or indirectly may violate each other. In this paper, we introduce a graph based formalism to detect forwarding rules that cause forwarding loop, direct or indirect flow violation. This helps network administrators to avoid possible security breaches, network congestion or even complete network failure.