Modern controllers for software-defined networks (SDN) enable the execution of arbitrary SDN applications (eg, Network Address Translation (NAT), traffic monitors) that may be exploited by an overarching set of services (eg, application-layer orchestrators) to build even richer services. To this purpose, the above overarching services require a mechanism that allows reading the run-time state and writing the configuration of arbitrary SDN applications, possibly through a uniform API. Unfortunately, most SDN applications are not designed/implemented by taking into account the possibility to be used as part of higher level service workflows (eg, a complex intrusion prevention system that leverages multiple elementary services as individual components), hence they may not provide an adequate interface that would allow overarching services to exploit their features. This paper addresses this problem by proposing an approach to represent the run-time state of arbitrary applications, where data are exported according to high-level model-based structures. Furthermore, the mapping from the high-level data model to the actual data representation within the SDN application is enabled by a suite of algorithms that are generic enough to operate independently of the actual source code of the application, thus avoiding undesired and invasive modifications to existing applications. The paper also presents a software framework and a prototype implementing the proposed approach, characterizes the resulting performance, and discusses pros and cons of the proposed approach.
A Model-Based Abstraction Layer for Heterogeneous SDN Applications / Castellano, Gabriele; Cerrato, Ivano; Gharbaoui, Molka; Fichera, Silvia; Martini, Barbara; Risso, FULVIO GIOVANNI OTTAVIO; Castoldi, Piero. - In: INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS. - ISSN 1074-5351. - STAMPA. - (2019). [10.1002/dac.3989]
A Model-Based Abstraction Layer for Heterogeneous SDN Applications
Gabriele Castellano;Ivano Cerrato;Fulvio Risso;
2019
Abstract
Modern controllers for software-defined networks (SDN) enable the execution of arbitrary SDN applications (eg, Network Address Translation (NAT), traffic monitors) that may be exploited by an overarching set of services (eg, application-layer orchestrators) to build even richer services. To this purpose, the above overarching services require a mechanism that allows reading the run-time state and writing the configuration of arbitrary SDN applications, possibly through a uniform API. Unfortunately, most SDN applications are not designed/implemented by taking into account the possibility to be used as part of higher level service workflows (eg, a complex intrusion prevention system that leverages multiple elementary services as individual components), hence they may not provide an adequate interface that would allow overarching services to exploit their features. This paper addresses this problem by proposing an approach to represent the run-time state of arbitrary applications, where data are exported according to high-level model-based structures. Furthermore, the mapping from the high-level data model to the actual data representation within the SDN application is enabled by a suite of algorithms that are generic enough to operate independently of the actual source code of the application, thus avoiding undesired and invasive modifications to existing applications. The paper also presents a software framework and a prototype implementing the proposed approach, characterizes the resulting performance, and discusses pros and cons of the proposed approach.File | Dimensione | Formato | |
---|---|---|---|
19IJCS-modelbased.pdf
Open Access dal 02/07/2020
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
1.18 MB
Formato
Adobe PDF
|
1.18 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2752481
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo