Computer Science

Dependable policy enforcement in traditional non-SDN networks

Document Type

Conference Paper

Abstract

Middleboxes are widely used in modern net-works for a variety of network functions in cybersecurity, performance enhancement, and monitoring. Middlebox policy enforcement is however complex and tedious with unreliable manual re-configuration of legacy routers. The existing solution on automated policy enforcement relies on software-defined networking and does not apply to the traditional non-SDN net-works, which remain popular today in enterprise deployment and core networks. This paper proposes a new architecture based entirely on software-defined middleboxes (instead of using software-defined switches in the prior art) to enable dependable and automated policy enforcement in non-SDN networks whose routers forward packets based on traditional routing protocols that are not policy-sensitive. We present a hot-potato enforcement strategy, which is then enhanced with two optimizations for load-balanced policy enforcement. Further enhancements are made to relieve middlebox processing overhead and avoid packet fragmentation due to policy enforcement.

Publication Title

Proceedings - International Conference on Distributed Computing Systems

Publication Date

2019

Volume

2019-July

First Page

545

Last Page

554

ISBN

9781728125190

DOI

10.1109/ICDCS.2019.00061

Keywords

network policy enforcement, software-defined middleboxes, software-defined networks

APA Citation

Odegbile, O., Chen, S., & Wang, Y. (2019, July). Dependable policy enforcement in traditional non-sdn networks. In 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS) (pp. 545-554). IEEE.

Link to Full Text

Share

COinS