Mise en oeuvre des aspects de gestion des réseaux définis par logiciels (réseaux SDN)

摘要

SDN is a new paradigm that reduces network management to defining control programs and deploying them on one or many entities known as controllers. Controllers communicate with the rest of SDN compatible equipments in order to install configurations that implement policies within the network. Recent advances enable the specification of networking management aspects through high level requirements regardless of the network details such as physical topology and deployed equipments. These requirements can be processed in the controllers to generate network details wise configurations that implement the requirements within the network. The purpose of this thesis is to define a set of methods that implement networking aspects within software-defined networks. We mainly consider three aspects, namely bandwidth guarantee and limitation, middleboxes composition and placement of wildcarded rules. Bandwidth management ensures performances of applications deployed within networks. Middleboxes consist in networking equipments (firewalls, IDS, load balancers...) that enable policies, going beyond simple forwarding, such as access control and intrusion detection. Wider policies may be specified by composing many middleboxes which implies traversing them in a specific order. On the other hand, network-wide policies may be described using wildcarded rules. Such rules associate actions to packets within a specific domain that can be formulated as a combination of wildcarded conditions on headers fields. The considered aspects may be used to specify a wide range of policies. We generate configurations implementing middleboxes composition and bandwidth management using an Integer Linear Program. This program considers network topology and available resources such as SDN compatible equipments capacity. Wildcarded rules placement is done in three methods. We improve execution time from one method to another as we need to fit dynamically changing policies quickly. First, we defined a multiobjective integer linear program (MOILP) that places rules while considering routing policy and available capacities within SDN compatible equipments. The second placement method is based on the computation of Minimum Cost Maximum Flow. This method allows improving significantly the execution time with a slight performances loss in comparison to the first method. Finally, we defined a greedy placement algorithm that reduces tremendously execution time and keeps nearly the same performances in comparison to the second method. Just as the MOILP based method, the two other methods consider equipments capacities and routing policy. They also tend to place rules near sources of packets within their domains. All three placement methods maximize the number of placed rules in case the available capacity is not sufficient to satisfy all the rules. We created a tool that implements all our methods and can be integrated easily to most of the existing controllers.