Checking Multi-domain Policies in SDN

  • Ferney A. Maldonado-Lopez Systems and Computing Engineering Department Universidad de los Andes, Bogotá, Colombia
  • Eusebi Calle BCDS, Broadband Communication and Distributed Systems Universitat de Girona, Spain
  • Yezid Donoso Systems and Computing Engineering Department Universidad de los Andes, Bogotá, Colombia


Programmable Network like SDN allows administrators to program network nfrastructure according to service demand and custom-defined policies. Network olicies are interpreted by the centralized controller to define actions and rules to rocess the network traffic on devices that belong to a single domain. However, actual etworks are multi-domain where several domains are interconnected. Then, because DN controllers in a domain cannot define nor monitor policies in other domains, etwork administrators cannot ensure that their own policies, origin policies are being nforced by the domains not directly managed by them (i.e. foreign domains). e present AudiT, a multi-domain SDN policy verifier that identifies whether an rigin policy is enforced by foreign domains. AudiT comprises (1) model for network opology, policies, and flows, (2) an Audit protocol to gather information about the ctions performed by network devices to carry the flows of interest, and (3) a validation ngine that takes that information and detects security policy violations, and (4) an extension to the OpenFlow protocol to enable external auditing. This paper resents our approach and illustrates its application using an example considering ultiple SDN networks.


[1] Al-Shaer, E.; Marrero, W.; El-Atawy, A.; Elbadawi, K. (2009); Network configuration in box: towards end-to-end verification of network reachability and security, 17th IEEE nternational Conference on Network Protocols, ICNP 2009, 123-132.

[2] Canini, M.; Venzano, D.; Perešíni, P.; Kostić, D.; Rexford, J. (2012); A NICE way to test penFlow applications, Proceedings of the 9th USENIX conference on Networked Systems esign and Implementation, USENIX Association, 10-10.

[3] Gude, N.; Koponen, T.; Pettit, J.; Pfaff, B.; Casado, M.; McKeown, N.; Shenker, S. (2008) NOX: towards an operating system for networks, SIGCOMM Comput. Commun. ev., ACM, 38: 105-110.

[4] Hinrichs, T. L.; Gude, N. S.; Casado, M.; Mitchell, J. C.; Shenker, S. (2009); Expressing and nforcing Flow-Based Network Security Policies, University of Chicago, Technical report, -20.

[5] Hinrichs, T. L.; Gude, N. S., Casado, M.; Mitchell, J. C.; Shenker, S. (2009); Practical eclarative Network Management, 1st ACM Workshop on Research on Enterprise Networking, 009, 1-10.

[6] Jackson, D. (2002); Alloy: A Lightweight Object Modelling Notation, ACM Trans. Softw. ng. Methodol.; April 2002.

[7] Jackson, D. (2006); Software Abstractions: Logic, Language, and Analysis, The MIT Press, 006.

[8] Harel, D. and Rumpe, B. (2004); Meaningful Modeling: What's the Semantics of "Semantics"?, omputer, IEEE Computer Society Press, 37: 64-72.

[9] Kazemanian, P.; Chang, M.; Zheng, H.; Varghese, G.; McKeown, N. (2013); Real time Network olicy Checking Using Header Space Analysis, Proceeding on Network System Design nd Implementation (NSDI), USENIX, 99-112.

[10] Khurshid, A.; Zou, X.; Zhou, W.; Caesar, M.; Godfrey, P. B. (2013);

VeriFlow: Verifying etwork-Wide Invariants in Real Time, 10th USENIX Symposium on Networked Systems esign and Implementation (NSDI), Proceeding HotSDN '12 Proceedings of the first workshop n Hot topics in software defined networks, 49-54 .

[11] Mai, H.; Khurshid, A.; Agarwal, R.; Caesar, M.; Godfrey, P. B.; King, S. T.(2011); Debugging he data plane with Anteater, SIGCOMM Comput. Commun. Rev., ACM, 41: 290-301.

[12] Maldonado-Lopez, F.; Chavarriaga, J. and Donoso,Y. (2014); Detecting Network Policy onflicts Using Alloy, Abstract State Machines, Alloy, B, TLA, VDM, and Z, Springer erlin Heidelberg, 8477: 314-317.

[13] Maldonado-Lopez, F. A.; Calle, E. and Donoso, Y.; (2015);Detection and prevention of irewall-rule conflicts on software-defined networking, Reliable Networks Design and Modeling (RNDM), 2015 7th International Workshop on, 259-265.

[14] McKeown, N.; Anderson, T.; Balakrishnan, H.; Parulkar, G.; Peterson, L.; Rexford, J.; henker, S.; Turner, J. (2008); OpenFlow: enabling innovation in campus networks, SIGCOMM omput. Commun. Rev., ACM, 38: 69-74.

[15] Mirzaei, S., Bahargam, S. and Skowyra, R. (2013); Using Alloy to Formally odel and Reason About an OpenFlow Network Switch, Technical Report, ttp://

[16] Monsanto, C.; Foster, N.; Harrison, R.; Walker, D. (2012); A Compiler and Run-time System or Network Programming Languages, SIGPLAN, ACM, 47: 217-230

[17] Open Networking Foundation OpenFlow Switch Specification, v.1.3.1, ONF Open Networking oundation, 2012

[18] Porras, P.; Shin, S.; Yegneswaran, V.; Fong, M.; Tyson, M.; Gu, G. (2012) A security nforcement kernel for OpenFlow networks Proceedings of the first workshop on Hot topics n software defined networks, ACM, 121-126.

[19] Reitblatt, M.; Canini, M.; Guha, A.; Foster, N.(2013); FatTire: declarative fault tolerance or software-defined networks, Proceedings of the second ACM SIGCOMM workshop on Hot opics in software defined networking, ACM, 109-114.

[20] Sethi, D.; Narayana, S. and Malik, S. (2013); Abstractions for model checking SDN controllers, ormal Methods in Computer-Aided Design (FMCAD), 2013, 145-148.

[21] Soulé, R.; Basu, S.; Kleinberg, R.; Sirer, E. G.; Foster, N. (2013); Managing the Network ith Merlin, 12th workshop on Hot Topics in Networks, HotNets'13, Nov. 2013, 1-8.

[22] Stone, G.; Lundy, B. and Xie, G. (2001);

Network Policy Languages: A survey and a new pproach, IEEE Network, 15: 10-21.
How to Cite
MALDONADO-LOPEZ, Ferney A.; CALLE, Eusebi; DONOSO, Yezid. Checking Multi-domain Policies in SDN. INTERNATIONAL JOURNAL OF COMPUTERS COMMUNICATIONS & CONTROL, [S.l.], v. 11, n. 3, p. 428-440, mar. 2016. ISSN 1841-9844. Available at: <>. Date accessed: 04 july 2020. doi:


Network Operating Systems, Software-Defined Networking, Network management, Policy Verification