自动放置网络内ACL规则

2023 IEEE 9th International Conference on Network Softwarization (NetSoft) Pub Date : 2023-06-19 DOI:10.1109/NetSoft57336.2023.10175436

Wafik Zahwa, Abdelkader Lahmadi, M. Rusinowitch, Mondher Ayadi

{"title":"自动放置网络内ACL规则","authors":"Wafik Zahwa, Abdelkader Lahmadi, M. Rusinowitch, Mondher Ayadi","doi":"10.1109/NetSoft57336.2023.10175436","DOIUrl":null,"url":null,"abstract":"Automatically deploying distributed Access Control Lists (ACLs) in a software-defined network can ensure their internal services and hosts connectivity, security and reliability. ACLs are often deployed in a switch using Ternary ContentAddressable Memory (TCAM). Since TCAM memory is often too limited to store a large ACL, one has to split the lists and distribute the parts on several switches in such a way that every packet travelling from a source to a destination undergoes the required match-action rules. In this paper, we develop and compare three algorithms based on graph theory and Reinforcement Learning (RL) techniques to automatically distribute ACLs across networks switches, while minimizing their TCAM memory occupancy. We compare the three algorithms on several network topologies to evaluate their efficiency in terms of memory occupancy.","PeriodicalId":223208,"journal":{"name":"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Automated Placement of In-Network ACL Rules\",\"authors\":\"Wafik Zahwa, Abdelkader Lahmadi, M. Rusinowitch, Mondher Ayadi\",\"doi\":\"10.1109/NetSoft57336.2023.10175436\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Automatically deploying distributed Access Control Lists (ACLs) in a software-defined network can ensure their internal services and hosts connectivity, security and reliability. ACLs are often deployed in a switch using Ternary ContentAddressable Memory (TCAM). Since TCAM memory is often too limited to store a large ACL, one has to split the lists and distribute the parts on several switches in such a way that every packet travelling from a source to a destination undergoes the required match-action rules. In this paper, we develop and compare three algorithms based on graph theory and Reinforcement Learning (RL) techniques to automatically distribute ACLs across networks switches, while minimizing their TCAM memory occupancy. We compare the three algorithms on several network topologies to evaluate their efficiency in terms of memory occupancy.\",\"PeriodicalId\":223208,\"journal\":{\"name\":\"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-06-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NetSoft57336.2023.10175436\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NetSoft57336.2023.10175436","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

在软件定义网络中自动部署分布式访问控制列表(acl)，可以保证网络内部业务和主机的连通性、安全性和可靠性。acl通常部署在使用三元内容可寻址内存(TCAM)的交换机中。由于TCAM内存通常太有限，无法存储大的ACL，因此必须分割列表并将部分分布在几个交换机上，这样从源到目的地的每个数据包都要经历所需的匹配操作规则。在本文中，我们开发并比较了三种基于图论和强化学习(RL)技术的算法，以在网络交换机之间自动分配acl，同时最大限度地减少它们的TCAM内存占用。我们在几种网络拓扑上比较了这三种算法，以评估它们在内存占用方面的效率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Automated Placement of In-Network ACL Rules

Automatically deploying distributed Access Control Lists (ACLs) in a software-defined network can ensure their internal services and hosts connectivity, security and reliability. ACLs are often deployed in a switch using Ternary ContentAddressable Memory (TCAM). Since TCAM memory is often too limited to store a large ACL, one has to split the lists and distribute the parts on several switches in such a way that every packet travelling from a source to a destination undergoes the required match-action rules. In this paper, we develop and compare three algorithms based on graph theory and Reinforcement Learning (RL) techniques to automatically distribute ACLs across networks switches, while minimizing their TCAM memory occupancy. We compare the three algorithms on several network topologies to evaluate their efficiency in terms of memory occupancy.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2023 IEEE 9th International Conference on Network Softwarization (NetSoft)

自引率

0.00%

发文量

期刊最新文献

Autonomous Network Management in Multi-Domain 6G Networks based on Graph Neural Networks Showcasing In-Switch Machine Learning Inference Latency-Aware Kubernetes Scheduling for Microservices Orchestration at the Edge DRL-based Service Migration for MEC Cloud-Native 5G and beyond Networks Hierarchical Control Plane Framework for Multi-Domain TSN Orchestration