FAS: Federated Auditing for Software-defined exchanges

The Software-defined exchange (SDX) allows multiple independent administrative domains to share computing, storage, and networking resources. One variation on the SDX applies software-defined networking (SDN) technologies to the fabric of an Internet exchange point (IXP) to support rich policy expression among participants. Similarly, Research and Education (R&E) networks are introducing SDN at exchange points to enable network operators to provision network policies over multiple independent administrative domains. The federated nature of R&E exchange points is based on a chain of trust between participant domains. However, trust and verifiability go hand in hand, an old adage says “trust, but verify”, so a responsible network operator would like to verify that his or her policies are honored by the SDN domains participating at an SDX. Moreover, some SDX participants do not want to reveal internal topology information while proving they correctly deployed the requested policies. For these reasons, we propose Federated Auditing for SDX (FAS), a federated auditing framework for SDX configuration verification, which reveals the minimal necessary information to an SDX central controller. We also show our initial proof-of-concept and preliminary evaluation.