Affiliation:
1. Information Engineering University, Zhengzhou, Henan 450001, China
2. Zhengzhou University of Technology, Zhengzhou, Henan 450001, China
3. Zhengzhou University, Zhengzhou, Henan 450001, China
Abstract
Policy-oriented forwarding control has been widely recognized in a software-defined network (SDN). However, in the multidomain SDN scenario, policy-oriented forwarding control confronts the challenges that the lack of a higher-level abstraction policy paradigm, cross-domain policy unknowability and policy conflict, a distributed and untrusted communication environment, and latency sensitivity. To tackle these challenges, this article proposes BPFC-SDNs, a blockchain-based and policy-oriented forwarding control for the SDN interdomain. As the basis of BPFC-SDNs, we define an attribute-based interdomain forwarding control policy paradigm and implement secure and trusted cross-domain information and policy sharing based on blockchain. The main idea of BPFC-SDNs is to achieve cross-domain dataflow forwarding control based on the global collaborative policy. Specifically, we propose a physically centralized and logically isolated architecture to ensure efficient and secure information exchange between the SDN and blockchain. Moreover, we design a combined on-chain and off-chain functional model to separate forwarding control from the blockchain, which enables forwarding control based on trusted data while avoiding the introduction of high latency and computational overhead of the blockchain. Finally, we implement a prototype for BPFC-SDNs, and the experimental results indicate that BPFC-SDNs can provide effective forwarding control for the SDN interdomain with acceptable latency and good scalability.
Funder
National Natural Science Foundation of China
Subject
Computer Networks and Communications,Information Systems
Reference48 articles.
1. Keynote talk: software-defined networking[C];N. McKeown
2. {EPIC}: every packet is checked in the data plane of a {Path-Aware} Internet;M. Legner
3. Ethane
4. OpenSec: Policy-Based Security Using Software-Defined Networking
5. A Policy-Based Security Architecture for Software-Defined Networks