A new SDN-based approach which decouples the policy resolution layer from the policy enforcement layer in network service appliances.
Network services, such as security, load-balancing,
and monitoring, are an indisputable part of modern networking
infrastructure and are traditionally realized as specialized appli-
ances or middleboxes. Middleboxes complicate the management,
the deployment, and the operations of the entire network.
Moreover, they induce network performance issues and scalability
limitations by requiring huge amounts of trafﬁc to be, often
sub-optimally redirected, and sometimes redundantly processed.
Recent trends of server virtualization and Network Function Vir-
tualization (NFV) exacerbate these scalability and performance
issues. In this paper, we present EnforSDN - a new management
approach that exploits SDN principles to decouple the policy
resolution layer from the policy enforcement layer in network
service appliances. Our approach improves the enforcement
management, network utilization and communication latency,
without compromising the policy and the functionality of the
network. Using emulated SDN-based data center environment,
we demonstrate higher throughput and lower latency achieved
with EnforSDN, as compared to a baseline SDN network. In
addition, we show that EnforSDN reduces the overall network
appliances load, as well as the forwarding tables size.