Practical flow table aggregation in SDN

In OpenFlow-driven SDN, flow tables are TCAM-hungry; commodity switches suffer from limited concrete flow table size. One method for coping with the limitations is to use aggregation schemes to reduce the number of flow entries required to express the same forwarding semantics. Unfortunately, the aggregation of rules would retard table updates and lengthen the updating duration, during which, the data plane is inconsistent with the control plane. Forwarding errors such as Reachability Failures, Forwarding Loops, Traffic Isolation and Leakage are prone to occur. Since network updates take place frequently in practice, the aggregation scheme must be efficient and effective. In this paper, we proposed FFTA (Fast Flow Table Aggregation) and its online companion, iFFTA (incremental FFTA), to make practical flow table aggregation. FFTA is an offline solution performing snapshot aggregation of non-prefix rules by 1) splitting them into prefix-permutable partitions in an aggregation-aware manner, and 2) applying optimal prefix-based aggregation techniques, respectively. When some original rules are updated, iFFTA is triggered to incorporate the update immediately by leveraging the order-independence relationship and structure information of rules. To the best of our knowledge, iFFTA is the first online aggregation scheme for non-prefix rules. We employed public available prefix rules as well as synthetic non-prefix rules generated with real parameters to evaluate their performances. Extensive experiments demonstrated that FFTA significantly outperforms prior art on both efficiency and effectiveness, while iFFTA greatly simplifies the update of aggregated rules with an acceptable loss of compression ratio. Accordingly, users could make a combination use of FFTA and iFFTA in practice: call iFFTA usually and recall FFTA once the switch is running out of concrete flow table space.