A hybrid-timeout mechanism to handle rule dependencies in software defined networks

Abstract

Software Defined Networks (SDN) enables flexible flow control by installing policy rules into switches. However, one of the challenges is the dependencies between rules, which is generated due to the rules overlapping in filed space with different priorities. To keep the forwarding correctness and avoid complicated scenarios caused by the asynchronous removal, controllers usually adopt a hard timeout mechanism. However, such mechanism is inflexible for evolving and dynamic network flows. A large timeout may waste the switch memory, while a short timeout may cause multiple requests (Packet-in events) to occur for the same flow. To handle such rule dependencies flexibly, we propose a hybrid timeout mechanism. When a table miss occurs, we adaptively assign an idle timeout to the table-miss flow rule, and dependent rules are assigned with no timeout, which allow them to be removed using a proactive eviction strategy. We conduct extensive experiments using real packet traces from data centers. The experimental results show that our hybrid mechanism significantly reduces the number of table misses and the flow table occupation, while adapting quickly to changes of network flows.