See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/357975333

An intelligent method for reducing the overhead of analysing big data flows in
Openflow switch

Article in IET Communications · January 2022

DOI: 10.1049/cmu2.12328

CITATIONS READS

5 858

5 authors, including:

Mahdi Abbasi Shima Maleki

CNRS Buali Sina University
62 PUBLICATIONS 869 CITATIONS 1 PUBLICATION 5 CITATIONS

SEE PROFILE SEE PROFILE

Hatam Abdoli
Buali Sina University
13 PUBLICATIONS 24 CITATIONS

SEE PROFILE

All content following this page was uploaded by Mohamadreza Khosravi on 20 January 2022.

The user has requested enhancement of the downloaded file.

Received: 3 September 2021 Revised: 18 November 2021 Accepted: 5 January 2022 IET Communications
DOI: 10.1049/cmu2.12328

ORIGINAL RESEARCH PAPER

An intelligent method for reducing the overhead of analysing big

data flows in Openflow switch

Mahdi Abbasi1 Shima Maleki1 Gwanggil Jeon2 Mohammad R. Khosravi3

Hatam Abdoli1

1
Department of Computer Engineering, Faculty of Abstract
Engineering, Bu-Ali Sina University, Hamedan, Iran
Software-defined networks have been developed to allow the entire network to be managed
2
Department of Embedded Systems Engineering, as a programmable entity. As a well-known protocol in this field, OpenFlow installs new
College of Information Technology, Incheon
National University, Yeonsu-gu, Incheon, Korea
packet forwarding rules of the distinct packets of Big Data flows (known as flow entries) in
3
the flow tables of network switches in order to implement the desired management policies.
Computer Engineering Department, Persian Gulf
University, Bushehr, Iran Despite the high speed, flow tables have limited capacity to store the information of Big
Data flows. As a result of inefficient policy for replacing the entries of the flow table, lack
Correspondence of flow entries corresponding to the incoming packets in the flow table of the switch will
Mahdi Abbasi, Department of Computer increase the references to the controller for forwarding this packet as well as the amount of
Engineering, Shahid Ahmadi Roushan BLVD,
Bu-Ali Sina University, Hamedan, Iran, P.O. Box
delay in packet forwarding. The underlying idea of the proposed method is to make use of
65178-38695. the popularity of traffic flows in the table to select the intended flow for the replacement.
Email: abbasi@basu.ac.ir For replacement of flow table entries, a novel and intelligent method is proposed in this
research which uses a reference history of flows to assign an importance degree to each
table entry. Comparison of the simulation results confirms the superiority of the method
for reducing the controller’s overflow.

1 INTRODUCTION request further processing at the edge to eliminate the network

bottleneck [1, 2].
SDN has recently become popular among researchers and Overall, Big Data is branded by 5Vs including volume, verac-
industrial practitioners. Figure 1 illustrates the general structure ity, variety, velocity, and value. The excellent properties of SDN
of SDN. The main advantage of this network is its flexibility make it much easier to collect, send, store, and process Big Data.
which is due to the separation of the control plane and data SDN demonstrates that it can also benefit from big data such
plane. Using software-defined networks, the entire network as traffic engineering [3], cross-layer design, defence against
along with elements can be regarded as a single virtual network. security attacks, and SDN-based intra-datacentre and inter-
Regarding this brilliant feature, the SDN is not specifically datacentre networks [4]. It is shown that OpenFlow-enabled
recommended for edge computing, but in practice, it can SDNs improve system performance for Hadoop-based Big
lower the complexity barriers associated with it and act as a Data applications by fully taking advantage of cloud infrastruc-
pioneer in unleashing the true potential of edge computing. ture opportunities and challenges and using OpenFlow’s net-
This technology helps bridge the gap between edge computing work control capabilities to resolve network congestion [5].
and traditional cloud combinations. For example, SDN can act These networks are controlled using certain designed soft-
as a decision-maker on whether to upload a task to the cloud ware and APIs. Therefore, such networks require a communica-
or upload it at the edge for processing. The SDN controller tion protocol between software and hardware which could apply
has built-in AI that can determine when a particular link control software codes to all tools developed by various manu-
will experience high network traffic. The controller can then facturers [6].

This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is
properly cited.
© 2022 The Authors. IET Communications published by John Wiley & Sons Ltd on behalf of The Institution of Engineering and Technology

IET Commun. 2022;1–12. wileyonlinelibrary.com/iet-com 1

2 ABBASI ET AL.

FIGURE 1 Architecture of a software-defined network

This task can be done by OpenFlow protocol. In the archi- the size of flow tables is costly and is likely to increase power
tecture of this protocol, that is, depicted in Figure 2, each consumption [9–11]. In a flow table, the information of each
OpenFlow switch which is responsible for forwarding network incoming flow packet is compared with the entries in the table.
packets consists of one or more tables as well as an abstract If it matches a table entry, the policy specified in that entry
layer. This abstract layer uses OpenFlow protocol for secure will be applied to the packet. If there is no matching entry,
communication with the controller [7]. a message called Packet_in is issued to be processed by the
The most important components of each OpenFlow switch controller. In this case, the processing time of the packet will
are its flow tables. Flow tables contain flow entries each of increase. As a result, with increasing delay in the processing
which determines how the packets belonging to a flow should of packets, the packets of the incoming flow will accumulate
be processed and sent. Flow entries are defined by the controller in the switch’s buffer and the buffer will ultimately overflow.
in flow tables [8]. These tables have limited capacity. Therefore, This inefficient behaviour causes the incoming packets to be
the number of flow entries used for storage is pre-determined discarded at the outset. As multiple switches are connected to
and limited. Flow tables are composed of TCAMs (Ternary the controller, transmitting these messages to the controller
Content Addressable Memory). TCAMs are expensive and have will increase communication overload between the controller
a very high level of power consumption. This is why increasing and the switch. Given this, one of the most important criteria
for replacement of flow entries is to reduce the controller’s
overload. This is the main motivation behind the present
research. As the controller is in charge of updating and replac-
ing entries in a flow table, inefficient replacement policies will
make the flow table unstable and increase the controller’s com-
putation overload. Given this important issue, the approach
adopted in this study is to update the entries of the flow
table based on the statistical features of their corresponding
flows.
In what follows, Section 2 will review the literature and
focus on the major studies which have addressed the reduction
of controller’s overload using algorithms for replacing the
entries of the flow table. Next, we shall describe the proposed
algorithm for the replacement of flow table entries to reduce
the overload. Section 4 explains in detail the implementation
environment of our method as well as the other methods to be
compared, evaluation criteria, and comparison results. Finally,
Section 5 concludes the discussion and makes suggestions for
further development of the current work.
FIGURE 2 The structure of OpenFlow switch
ABBASI ET AL. 3

2 REVIEW OF LITERATURE by several switches. When flow entries are removed from the
flow table, they are inserted into this memory. The memory
As mentioned above, one of the challenges ahead of software- contains buckets that are separately specified for small and
defined networks is the limited capacity of flow tables. Given large flows. When a flow arrives in a switch, it is first compared
the increasing variety of applications, currently, there are more with the flow table. If there is no matching entry, the memory
than a thousand types of flow per second in data centres. The will be consulted, and if the appropriate entry is not found in
limited capacity of flow tables in OpenFlow switches leads to the memory, the controller will be engaged. This requires extra
increased overload in the controller because all the entries to hardware. As the size of this memory is limited, replacement
be matched against the flows cannot be stored in it and lack of algorithms will be used if the memory is full. The algorithm
a matching entry is reported to the controller. As these tables used in this work is LRU. When a new entry is installed in the
are made up of TCAM, any increase in size will lead to higher memory, it will be replaced using LRU if the memory is full.
cost and power consumption. Several solutions have been pro- Entries in large flows will be replaced with entries from large
posed by researchers [12, 13], for example, eviction techniques flows and entries in small flows with those in small flows. In
for removing entries from the flow table before installing 2014, Eun-Do Kim et al. developed a solution to reduce the
new entries, compression-based techniques which decrease the overload of the controller of software-defined networks which
accumulation of information among the flow entries of the is due to table miss during incoming flows. They used the LRU
tables as much as possible, and split-and-distribution tech- algorithm to manage the flow table during the replacement
niques in which switches create a general distributed system of flow entries. In this method, the entries are not removed
whose components are dependent on each other. Eviction- when they are expired, rather they are maintained in the table
based methods include replacement algorithms and mecha- as long as possible along with their age. When a flow entry is
nisms based on timeout [13]. Replacement algorithms that have deactivated, the switch sets its counter to 0 and increments the
so far been used in different studies and have proved to be counter of the remaining inactive entries by 1. Thus, the entry
applicable to software-based networks are FIFO, Random, and with the greatest counter is the entry recently used least. If one
LRU. of the inactive entries matches the incoming packets, its timeout
In a 2012 study, Adam Zarek from Toronto University com- and counter values are reset to default and it is put among active
pared replacement algorithms (Random, FIFO, and LRU). In flows. When the table size exceeds a threshold, LRU removes
these algorithms, the flow table is taken merely as a cache and some of the expired entries from the table. By doing this, the hit
the entries are removed only when the table is full. Based on the rate of the flow table entries is relatively increased, but this will
mentioned replacement policies, the intended entry is selected increase the number of entries in the table. The study makes
and deleted. Zarek’s study showed that FIFO is better than use of the concept of vacancy which was added to OpenFlow
Random, although with a relatively slight difference. The prob- switch v1.4. Thus, the switch can limit the number of inactive
lem with Random is that it may select those table entries for the flow entries by vacancy-up and vacancy-down parameters and,
replacement that have numerous references. LRU is better than as inactive entries remain in the table, prevent the table from
the other two algorithms and its hit rate is higher. However, it overflowing. In the proposed method of this paper, the max-
cannot be implemented in software-defined networks. Finally, imum number of inactive entries can be equal to vacancyUp
the study also examined the performance of the combination of - vacancyDown. The results have shown that this algorithm
different timeouts using the LRU algorithm. The results show performs better than FIFO and Random [16, 17]. However, this
that, when the length of the table is shorter than the number of method was implemented in OpenFlow switch while control-
active entries, the timeout size does not have a remarkable effect ling tasks in software-defined networks should be implemented
and any enhancement in performance depends on the replace- in the controller. Implementation of the LRU algorithm in the
ment algorithm. The larger the size of the table, the more varied controller requires that the controller be informed about the
the miss rate is for different timeouts (lower miss rates for last entry that matched the incoming flows, but this will impose
greater timeouts); after a certain point, however, the increase a huge load on the controller. As this study evaluates algorithms
in table size will not affect performance [14]. In 2013, Bu-Sung that can be implemented in the controller and are based on
Lee et al. [15] proposed a solution to reduce miss rate in flow software-defined networks, this algorithm will not be discussed
tables and establish fairness between small and large flows in the here. Another issue to be considered is that OpenFlow con-
data centre of software-defined networks. One of the features of trollers install flow entries with a fixed timeout in the flow table.
traffic usually observed in data centres is that large flows have a There are some disadvantages to this. For example, in the flows
very big size but are smaller in number in comparison with small with short packet intervals, if the timeout is large, the flow entry
flows. Therefore, large flows are more likely to be excluded will remain in the flow table for a long time and occupy space.
due to the limited capacity of the flow table. The flooding of Conversely, if packet intervals in a flow are long and the timeout
small flows permanently results in the exclusion of large flows of the corresponding flow entry is small, the intended entry
from the table. As a result, when large flows arrive, the hit rate will be removed before the arrival of each packet of the flow,
will decrease, and references to the controller increase. Thus, which will lead to the generation of too many packet-ins and
to overcome these issues, a cache layer is inserted between the increase the controller’s overload. For this reason, Anilkumar
switches and the controller. These memories can be shared Vishnoi et al. [18] proposed an OpenFlow controller called
4 ABBASI ET AL.

Smart Time in 2014 which combined appropriate idle timeout the flow entry fi , with an estimated time for the next hit with
calculation with active eviction of flow entries. They aimed to this entry. When an entry replacement takes place in a switch,
use TCAM efficiently. This was the first real implementation of the entry with the maximum timer value will be selected in the
a smart flow management strategy in an OpenFlow controller. switch. Whenever the timer ti is to be set, two types of flow
Its design was based on the analysis of authentic data (retrieved are considered: predictable flows (i.e. flows coming from net-
from data centres) and certain clues observed in the data. For work disconnection services) and unpredictable flows (i.e. Auto-
example, some flows will never repeat, or some flows have only matic flows). For the former, the timer is simply set to the arrival
1–2 packets and 1 s (idle timeout in OpenFlow switches) is time of the next packet. For unpredictable flows, when the esti-
too much for these flows. In general, since traffic is constantly mated arrival time of the next packet is earlier than expected,
changing and the parameters of flows are different, idle timeout the timer is updated with the interval of the arrival of the next
must be allocated according to the traffic pattern. For this packet; otherwise, the timer must be re-set with a doubled value
purpose, on installing a flow entry for the first time, a low idle (but not exceeding t-max). The evaluation criteria included the
timeout is allocated to it (100 ms which has been obtained comparison of hit rate in FIFO and LRU with that in the pro-
during experiments). This value ensures that short flows, as posed algorithm. The results suggest that the hit rate of the
well as non-repeating flows, will not remain in TCAM for a proposed algorithm was more than the mentioned replacement
long time. For the next repetitions of flow installation, the algorithms.
value of idle timeout will be calculated based on the number of Zehua Guo et al. [22] proposed a method called STAR
repetitions: which was a routing method for software-defined networks.
This method can determine the productivity of flow tables
Idle Timeout = MinIdle Timeout ∗ 2Flow Repeat Count (1) in real-time and evict the expired flows when a new flow is
required. This method, too, makes use of LRU replacement and
For repetitive flows, this value rises until a certain MaxIdle- the dynamic setting of the idle timeout. Each flow entry has a
Timeout (10 s in this study) is achieved because it is rising expo- tag that specifies whether it is active or inactive. When the con-
nentially and too big a rise occupies the space of TCAM. Also, troller installs a new flow, this tag is set to ‘active’ and when
the value of timeout is subtracted for short flows which repeat the last packet of the flow arrives, it is set to ‘inactive’. There-
over long intervals. Finally, when TCAM exceeds a threshold, a fore, the controller can estimate the productivity of the flow
flow entry will be removed from the table by use of the FIFO based on active entries and remove inactive flows even before
or the Random algorithm. In this paper, Random was selected being expired. In line with this, Linlian Zhang et al. [23] pro-
and used. In the same year, Liang Xie et al. [19] presented a posed a method called TimeoutX that sets the idle timeout of
solution based on the setting of the timeout of flow entries. a flow based on three parameters: the estimated duration of the
In their study, an adaptive control mechanism was proposed flow, the type of flow, and the productivity rate of the flow table.
with the aim of readjusting the idle timeout using flow tables Then, in a 2019 study, Qing Li et al. [24] developed a mecha-
and cooperation of controller and switch. Instead of conven- nism called HQ-Timer which is based on machine learning. This
tional methods which re-set the idle timeout of a flow entry that method assigns different timeout values to different flows based
is activated and used, this mechanism (called Accflow) which on the dynamicity of the traffic. It uses the Q-learning method
has been used for management of the flow tables of Open- for allocating the proper idle timeout to flows during their instal-
Flow switches adds the remaining idle timeout with the time- lation and issuing necessary commands for their eviction to
out which is allocated to an entry upon activation and takes it as improve the productivity rate of TCAM. However, the method
the new timeout. Thus, active flows could have higher chances needs a big learning dataset which requires a huge memory. In
of remaining in the table and the mismatch rate of the table addition, the switch has limited resources and the controller’s
will decrease. (Idle timeout refers to the time during which a processing unit. In the same year, Abinas Panda et al. [25] pro-
flow can remain idle and if this time ends, the flow will be posed a method that emphasized the management of the hard
removed.) timeout of flow table entries. This method dynamically assigns
In a 2015 study, Huikang Zhu et al. [20] proposed their Intelli- different hard timeouts to both predictable and unpredictable
gent Timeout Master which was aimed at calculating the suitable flows. For this purpose, it uses average inter-arrival time and,
timeout for flows according to their features. Based on the occu- for eviction and replacement, it uses the LRU algorithm. One
pation of the flow table, this model also calculates the maximum year later, Babngida Isyaku et al. [26] proposed a similar method
timeout to prevent overflow in the flow table. This task requires called IHTA in which, in addition to hard timeout, the idle time-
the storage of the previous information of flow entries. In 2015, out was also set according to the traffic pattern. This too was
He Li et al. [21] developed a storage algorithm with low com- done through inter-arrival time. The flow entry is removed from
plexity to achieve a higher rate of the flow table. It used prefetch the table when there is no packet matching it at a certain time.
and replacement techniques for predictable and unpredictable This and other similar methods lack a mechanism for remov-
flows, respectively. The underlying idea of the algorithm is as ing invalid and finished flows from the table to maintain more
follows: (1) When a rule is required to be installed on the switch active networks.
for each flow fi , it must be stored on all switches on the path of Heming yang et al. [27] proposed a method (stereos) using
the flow (prefetching the rule); (2) the timer ti is associated with machine learning to classify flow entries into two active and
ABBASI ET AL. 5

inactive classes to form an intelligent eviction strategy. In [28], introduced. If this feature is activated by the controller, during
D Wu et al. presented a scheme based on the LRU algorithm the installation of a new entry in a full table, one of the existing
which can use flow table space to increase the matching rate of entries will be selected to be replaced based on its degree of
table entries and also raise active flow priority to reduce match- importance. The entry with the least importance will be selected
ing time in flow tables. In this method, when the table is full for replacement. The proposed method makes use of this fea-
and a new entry is received, the oldest flow entry which is not ture. Thus, the importance attribute is assigned using a certain
matched with incoming flows for a while, will be removed. Yi algorithm that considers the statistical features of the flow. As
shen et al. [29], proposed another management scheme (FATM) can be seen in Figure 3, when a flow entry is removed from
on controllers which combines the dynamic timeout and proac- the flow table for any reason and the flow_removed event is
tive eviction to manage the flow table resources. The timeout sent to the controller, the information about this flow is stored
is set by a timeout assignment module according to the flow in the controller. On the other hand, when a packet enters the
characteristics. So, the entries of short-lived flows are removed switch and matches none of the flow table entries, a Packet_in
sooner than flow entries with larger packet intervals. When the message containing the necessary information for forwarding
space of the table is not sufficient, the proactive eviction mod- the packet and installing its corresponding flow is sent to the
ule eliminates flow entries to prevent the table overflow. In controller. When installing the entry corresponding to this flow,
this design, the eviction thresholds and the other parameters it is first specified whether or not the entry has already been
in both modules are set and adjusted according to the network installed in the table. This fast search has been implemented
load. using a hash table. If it is revealed that the flow has already been
Leo Mendibourne et al. [30] developed a method for manag- installed in the switch’s flow table, its importance is calculated
ing flow tables in software-defined vehicle access networks. This based on one of the proposed algorithms; otherwise, it is
method allocates the hard timeout value based on the prediction initialized with 1. Table 2 shows the parameters in the proposed
of vehicle mobility as well as the load level of network devices. method.
Given the relatively new emergence of the field of software-
defined networks and in light of the literature reviewed above, it
can be seen that none of the discussed methods were compre- 3.1 The first proposed replacement method
hensive. The techniques used in the related work are summa-
rized in Table 1. In this method, three attributes are considered in determining
Only a few studies have attempted to use the attributes of the importance of the flows. The first attribute is Fi which is
flows for removing and replacing entries. In addition, only the average number of packets matching a flow in the previous
simple algorithms such as FIFO and Random have been imple- time it was in the flow table. This attribute denotes the number
mented for replacement and no study has utilized dynamic of references to a certain flow. Its value has a direct relation-
methods to manage flow tables that could remarkably optimize ship with the degree of importance such that a greater num-
the management of flow table entries. Therefore, our aim here ber of references means that it should remain for longer in the
is to optimize the management of flow tables by using the table and assume higher importance. The next attribute (Bi ) is
information obtained from the flows. In the next section, the the average number of bytes matching the flow which, like the
proposed solution is explained in detail. The results of the previous attribute, is directly related to the importance of the
proposed method will be compared with those of FIFO and flow. The third attribute is the time between removing and rein-
Random algorithms. stalling a flow in the table. This attribute is inversely related to
the degree of importance. The reason is that if a flow does not
have any reference for a long time, it is useless and should be
3 THE PROPOSED METHOD removed to free the space of the table. This attribute is denoted
by ∆Ti .
The method proposed in this study is a novel dynamic method
for the replacement of flow table entries which uses the his- ∙ Fi is the ratio of the number of packets (packet_count)
tory of reference to flows for determining the degree of impor- matching the i-th flow to the duration in which the entry
tance of entries. Our method is dynamic because it is based on remains in the flow table (tactive ).
flow’s features. It assigns a degree of importance to each flow ∙ Bi is the ratio of the number of bytes (Byte_count) matching
entry according to the reference history of flows. The impor- the i-th flow to the duration in which the entry remains in the
tance degrees are dynamically changed and updated. They are flow table (tactive ).
used to determine the most appropriate entry to be removed ∙ ∆Ti is calculated as following:
from the table. Hence, more important entries with more refer-
ences in their history will remain in the table. ΔTi = Teviction − Tnew_install (2)
On installing a new entry in the flow table by the controller
in the versions prior to OpenFlow 1.4, if the table is full, the
switch will send a message to the controller to inform the In Equation (2), Teviction is the time in which the flow
controller about the entry not being installed due to the fullness entry is removed from the table and Flow_Removed mes-
of the table. In OpenFlow 1.4, the concept of eviction was sage is sent to the controller. Tnew_install is the time in that
6 ABBASI ET AL.

TABLE 1 Taxonomy table describing the related trends

Author Proposed scheme Used technique

Adam Zarek The replacement algorithms (Random, FIFO, and LRU) are compared. In these Replacement (LRU, FIFO,
algorithms, the flow table is taken merely as a cache and the entries are Random)
removed only when the table is full.
Bu-Sung Lee et al Their solution tries to reduce miss rate in flow tables and establish fairness Replacement (LRU)
between small and large flows in the data center of software-defined networks.
Eun-Do Kim et al They used the LRU algorithm to manage the flow table during the replacement of Replacement (LRU)
flow entries.
Anilkumar Vishnoi et al They exploited an Adaptive Idle_timeout method in combination with Random Idle_timeout and replacement
replacement to manage the flow table entries. (Random)
Liang Xie et al Their mechanism, called Accflow, has been used for the management of the flow Idle_timeout
tables of OpenFlow switches. It adds the remaining idle timeout with the
timeout which is allocated to an entry upon activation and takes it as the new
timeout.
Huikang Zhu et al Their method, Intelligent Timeout Master, aims at calculating the suitable timeout Idle_timeout
for flows according to their features.
He Li et al They developed a low complexity algorithm to achieve a higher rate in managing Replacement (LRU, FIFO)
the flow table. It uses prefetch and replacement techniques for predictable and
unpredictable flows, respectively.
Zehua Guo et al This method can determine the productivity of flow tables in real-time and evict Idle_timeout, Replacement (LRU)
the expired flows when a new flow is specified. This method uses the LRU
replacement and dynamic tuning of the idle timeout.
Linlian Zhang et al They proposed a method called TimeoutX that sets the idle timeout of a flow Idle_timeout
based on three parameters: the estimated duration of the flow, the type of flow,
and the productivity rate of the flow table.
Qing Li et al They developed a mechanism called HQ-Timer which is based on machine Idle_timeout
learning. This method assigns different timeout values to different flows based
on the dynamicity of their traffic.
Abinas Panda et al This method dynamically assigns different hard timeouts to both predictable and Hard_timeout, replacement (LRU)
unpredictable flows. For this purpose, it uses average inter-arrival time and, for
eviction and replacement, it uses the LRU algorithm.
Babngida Isyaku et al In their method, in addition to hard timeout, the idle timeout was also used Hard_timeout, Idle_timeout
according to the traffic pattern.
Leo Mendibourne et al Their method manages flow tables in software-defined vehicle access networks. It Hard_timeout
allocates the hard timeout value based on the prediction of vehicle mobility as
well as the traffic load level of the network devices.
D Wu et al Their LRU-based algorithm uses the space of the flow table to increase the Replacement (LRU)
matching rate of the flow entries and to raise the active flow priorities which in
turn decreases the matching time in the flow table.
Yi shen et al Their management method, naming FATM, runs on the controller and combines Hard_timeout
the dynamic timeout and the proactive eviction to manage the flow table
resources.

Packet_in message is re-sent to the controller for installing for a longer time. Less important entries will be replaced by new
the new flow. ones. This method is known as importance prediction replace-
Given these three factors, the degree of importance is ment (IPR) and its pseudocode is shown in Algorithm 1.
obtained as following:
q r
Importancei = (Fi ) × (Bi ) × (ΔTi )s (3) 3.2 The second proposed replacement
method
In Equation (3), q, r, and s are the powers of the parame-
ters and their value depends on the importance of each of these The second proposed algorithm is an optimized version of
parameters. r and q are positive while s is negative. In this study, the first one. The same parameters are also used in the sec-
q and r equal +1, and s equals -1. According to this algorithm, ond method. However, a history of the information about
therefore, the importance of flows with more references and flows is maintained and the degree of importance is assigned
repetition is higher and these flows will remain in the flow table based on this history as well as a weight function called
ABBASI ET AL. 7

FIGURE 3 Flowchart of the proposed method

gi (x) which is based on exponential weighting moving average This function predicts the identity of future references to the
(EWMA). flow and the importance of each flow is dynamically measured
EWMA is the simplest forecasting method that determines according to the statistical information previously recorded
the amount of data at a new time point based on the average of about the attributes of the flow. Therefore, in accordance with
a time interval. In this method, the data are regularly updated by Fang [31], we have assumed a weighting function like gi (x)
replacing previous items with new ones. The number of refer- which could adapt itself to changes in traffic pattern:
ences to previous installations of flows plays a role in calculating
this value. Therefore, whenever a flow is removed from the table ⎧ (1−𝛽 ) j −x
⎪ ci ( x ) , j − t ≤ x ≤ j − 1
and Flow_Removed message is sent to the controller, the infor- ( j −x )𝜆
gi ( x ) = ⎨ (5)
mation about the flow is stored. i is the ID of the flow and x
⎪ Ci (x ) , x = j
is the number of references to the controller for installing the ⎩
flow. The degree of importance of the flow i in the n-th time is
calculated as follows: In this equation, the closer we get to the present time (the
n-th time), the greater the weight assigned to it, and vice versa.
t
∑ Thus, the effect of more recent values on the calculation of the
IMPi(n) = gi ( j − k), j = n − 1 (4) degree of importance is more than the effect of more distant
k=0
values.
λ is a positive number which is the power of the denominator.
Here, t denotes the sample window size. For example, if t = 3, 2
only the information of the last three times where the flow has β ranges between 0 and 1 and equals to [31–33]. Ci (x) is the
t +1
been installed in the flow table is considered in the calculation product of the average number of packets matching the flow i
of the degree of importance. The weighting function gi (x) is in the unit of time in the x-th time and the average number of
a non-incremental function that increases the importance of bytes matching the flow i in the x-th time. That is:
flows that have been referred to more times and whose number
of matching bytes is greater. If j is less than k, gi (j−k) is 0. Ci (x ) = Fi (x ) Bi (x ) (6)
8 ABBASI ET AL.

TABLE 2 The parameters used in the proposed method ALGORITHM 2 Algorithm of the second proposed method

Fi The average number of packets matching a flow in the

previous time it was in the flow table
Bi The average number of bytes that match the flow
∆Ti The time between removing and reinstalling a flow in the table
T eviction The time in which the flow entry is removed from the table
and Flow_Removed message is sent to the controller
T new_install The time in which Packet_in message is re-sent to the
controller for installing the new flow
q, r, s The parameters that show the importance of each of above
timing parameters
i The ID of the flow
x The number of requests received by the controller for
installing a new flow
Ci (x) Fi (x) × Bi (x)
t This parameter denotes the sample window size
λ A positive number which is the power of the denominator of
weighing function
β A Positive number between 0 and 1
IM pi (n) The degree of importance of the flowi in the n-th time slot
flows are evicted and replaced earlier. This method is known
as flow history-based replacement (FHR) and its pseudocode is
ALGORITHM 1 Algorithm of the first proposed method shown in Algorithm 2.
Not that all components and steps of the work have been
expounded, we briefly explain the method using the flowchart
of the proposed method. As can be seen in Figure 3, when a
flow entry is removed from the table for any reason and the
flow_removed event is sent to the controller, the information
about the flow (including the attributes described in the third
step) is stored in the controller. On the other hand, when a
packet enters the switch and matches none of the flow table
entries, a Packet_in message containing the necessary informa-
tion for forwarding the packet and installing its corresponding
flow is sent to the controller. When installing the entry corre-
sponding to this flow, it is first specified whether or not the
entry has already been installed in the table. This fast search
has been implemented using a hash table. If it is revealed that
the flow has already been installed in the switch’s flow table,
its importance will be calculated based on one of the algo-
If x is less than 0, this value will be 0. Therefore, using Equa- rithms described in step 4 above; otherwise, it will be initialized
tions (4) and (5), we obtain the below equation: with 1.

( 1 − 𝛽 ) 2 ci ( j − 2 )
IM pi (n ) = ci ( j ) + (1 − 𝛽 ) ci ( j − 1 ) + 4 IMPLEMENTATION AND
2𝜆
EVALUATION
(1 − 𝛽 )t ci ( j − t )
+⋯ + (7)
t𝜆 As can be seen in Table 3, implementation was performed using
Mininet [34] which is and an emulator for software-defined net-
Among the flows that enter the switch, there may be flows works. As with the switch, OpenVswitch [35] was used which
that repeat frequently in long intervals. Therefore, the equations supports OpenFlow 1.4 [8, 36]. The controller used was Ryu
should finally be combined with ∆Ti : [37] which has been written in Python and supports all versions
of OpenFlow. To produce the traffic that resembles real-world
Importancei = IM pi (n)∕ΔTi (8) traffic, we used real traffic and forwarded it on the network
using TcpReplay [29].
The degree of importance of a flow can be calculated in this To evaluate the method, we used two datasets called
way. During eviction or replacement, therefore, less important Trace_file1 and Trace_file2 for generating traffic. The sample
ABBASI ET AL. 9

TABLE 3 Implementation environment

Operating system Ubuntu 15.04

Processor Core i3
Emulator Mininet
Switch OpenV Switch
Controller RYU
Traffic forwarding TCP Replay
tool

FIGURE 4 The effect of λ on the performance (miss rate of flow table)

TABLE 4 Specifications of the traffics of the proposed method (with a table size of 500) to selecting the best λ.
Datasets are trace_file1 and trace_file2
Number of Size of
Dataset packets dataset Time

Trace_file1 M11 8787 MB 1146 s

Trace_file2 3041K 1749 MB 858 s
methods. Missing means that packets that enter the switch do
not match any entry and are therefore sent to the controller for
forwarding. As a result, the higher the miss rate, the greater the
controller’s overload, and vice versa.
traffics belonged to the data centres of universities [38], and are Miss_ByteRate (miss rate in bytes): Another parameter for
described in Table 4. evaluation of the performance of replacement algorithms is
The proposed method is compared with FIFO and Random Miss_ByteRate. In the OpenFlow switch, when the packets do
replacement methods because this method is network-based not match flow entries and the switch’s buffer does not have
and has been implemented in the controller. Only FIFO and enough space, the packet header along with the controller is sent
Random algorithms can be implemented in the controller. to the controller. Therefore, higher Miss_ByteRate means more
The reasons why we have not compared it with LRU are as overload in the controller and lower Miss_ByteRate means less
following: (1) If LRU is within the switch, it will problema- overload.
tize the notion of separation between the controller and the Calculation of the best value of λ in FHR
data in software-defined networks because in these networks all By doing several experiments with FHR on both datasets
the control tasks should take place in the controller; and (2) if (trace_file1, trace_file2) and with a table size of 500, we exam-
LRU is to be implemented in the controller, it needs to be con- ined the effect of λ on the performance of the proposed algo-
stantly informed by the switch about the latest accesses to flow rithm and selected the best λ value.
entries. This will lead to overload in the controller and the com- As can be seen in Figure 4, the miss rate of the flow table with
munication channel. Therefore, it is not correct to implement λ = 2 is lower for both datasets. As a result, the value of λ was
LRU in the controller [18]. Our evaluations with two tables with determined to be 2 for the following experiments
500 and 750 flows and both our datasets indicate that even
if the table size becomes smaller, the proposed method will
still have a high performance. The maximum size of the flow 4.1 The effect of the proposed method on
table in OpenFlow switches is 2000, but here we have consid- the performance for the proposed method in
ered smaller sizes so that the dataset could fill the table and the terms of Miss_Rate
results of the proposed method could be observed. The values
of Hard_timeout and Idle_timeout in these experiments should The miss rate of the flow table is the most important parame-
be in a way that they do not affect the performance of replace- ter for observing the reduction of the controller’s overload and
ment methods. (These parameters denote the maximum time the performance of the proposed algorithm. Experiments 1 and
an entry can remain in the table and the maximum time an entry 2 measure this rate for both datasets as well as the different
can remain inactive in a table.) The only operator of flow table replacement methods in comparison with IIR and FHR meth-
management must be the replacement method and no other ods which were described in Section 3. The size of the flow table
element must interfere. Therefore, Idle_timeout is assumed as is 750 in the first experiment, and 500 in the second experiment.
0, and Hard_timeout is assumed as greater than the simulation As can be seen in Figures 5 and 6, the performance of the
time. Hard_timeout can be set to zero, but when both values are proposed method is better for both datasets. In the second
0, both flows are permanent and will be never removed from the experiment, the proposed method still shows a better perfor-
table unless the controller commands to do so. The sample win- mance after reducing the size of the flow table. On the other
dow size (t) is set at 5. The evaluated parameters in this paper hand, the Random method has a better performance than
are as follows: FIFO in the first experiment and worse performance in the
Miss_Rate: Miss_rate in the table is the most impor- second experiment. The reason is that replacement in these
tant parameter to evaluate the performance of replacement methods is not based on solid logic. However, the proposed
10 ABBASI ET AL.

FIGURE 7 Comparison of the performance (Miss Rate% of flow table)

FIGURE 5 The effect of common replacement methods (Random, of the proposed method with the Idle_timeout management methods,
FIFO) in comparison with the proposed methods (IRR, FHR) on the Random and FIFO (with a table size of 750). The dataset in this experiment is
performance (Miss Rate%) of the flow table (with a table size of 750)- this trace_file1
experiment done on both data sets (tarce_file1, trace_file2)

FIGURE 6 The effect of common replacement methods (Random,

FIFO) in comparison with the proposed methods (IRR, FHR) on the FIGURE 8 The effect of replacement algorithms on MissByte_Rate (%)
performance (Miss Rate%) of flow table (with a table size of 500)- this in the flow table (with a table size of 750) in proposed methods (IRR, FHR)
experiment done on both data sets (tarce_file1, trace_file2) compared with FIFO and Random. This experiment done on both data sets
(tarce_file1, trace_file2)

method had a higher performance under different conditions.

FHR was better than IIR because it considers the history of more than the methods of dynamic setting of Idle_timeout
references in calculating the degree of importance. and Hard_timeout presented in [23, 25] (called TimeoutX and
DHTA, respectively) which have been compared with FIFO
and Random. The reason is that although setting the value
4.2 Comparison of the proposed method of timeout can be compatible with network traffic, it cannot
with Idle_timeout management method act adaptively and the invalid and finished flows could not be
removed from the flow table in time.
The next experiment was intended to compare the effect of flow
table management using the proposed replacement method and
using the allocation of Idle_timeout to the flows. The least 4.3 The effect of the proposed replacement
Idle_timeout value that OpenFlow switches accept is 1 s and algorithms on MissByte_Rate
the maximum value according to research findings [18] is 10 s.
As can be seen in Figure 7, the proposed FHR method was The next experiment deals with the last evaluation parameter
compared with the Idle_timeout management method only for called Miss_ByteRate which is the miss rate of packets in bytes.
the Trace_file1 dataset. It is clear that the proposed method When the packet information that misses the flow table is sent
performs better than the best Idle_timeout (i.e. 10 s) in this to the controller, if the switch’s buffer has no more capacity,
experiment and could reduce the miss rate of the flow table. the entire data of the packet are also sent to the controller and
This can be compared with the results of [14, 39] which con- create overload in the controller as well as in the communication
sidered the values of 5 and 2–3 s, respectively, as the best value channel between the switch and the controller. The results are
for the experimental datasets. Our proposed method, however, shown in Figures 8 and 9 which represent a table size of 750 and
performed better than these two studies. The reason is that 500, respectively. It can be seen that the proposed algorithms
the entire space of the flow table is used in replacement meth- have still better performance and reduce MissByte_Rate more
ods and the flows are replaced according to attributes obtained than other methods. The reason for reducing Miss_ByteRate in
through their history in the table. IRR and FHR is that they take into account the average of bytes
Therefore, those flows that have been referred to most, matching the flow in calculating the degree of importance.
remain in the table. Also, Figure 6 shows that, with a table To select the suitable entry and replace the entries to
size of 500, the proposed method has reduced Miss_Rate update the flow table, the proposed methods make use of the
ABBASI ET AL. 11

and the switch. The main criterion for the replacement of the
entries is the reduction of overload. The reason behind select-
ing this criterion is that the controller is responsible for updat-
ing flow table entries and, if entries become unstable, the con-
troller’s computation overload will increase. Lack of an entry in
the table corresponding to the incoming packet will lead to ref-
erence to the controller and increase its overload.
To this end, the present paper proposed an intelligent method
for replacing flow table entries to reduce the controller’s over-
FIGURE 9 The effect of replacement algorithms on MissByte_Rate (%)
in the flow table (with a table size of 500) in the proposed method (IRR, FHR) load. The focus of this study is on developing a dynamic replace-
compared with FIFO and Random. This experiment done on both data sets ment method. This intelligent method utilizes the statistical fea-
(tarce_file1, trace_file2) tures of the traffic flows in the table to select a table for replace-
ment and makes use of the popularity of flows in the flow table
for replacing entries and updating the flow table. The method
popularity of flows when they are in the table as well as the aims to evaluate the existing entries according to the history of
time distance between installation and removal of the flow. the activities of the flow, which was neglected in previous stud-
The implementation of the proposed method indicated that, ies. For this purpose, we used the ‘importance’ feature which
along with FIFO and Random, it could increase hit rate and has been introduced in OpenFlow 1.4.
reduce the controller’s overload significantly more than the Finally, we implemented the proposed mechanism in an emu-
other existing methods. lator for software-defined networks and evaluated its perfor-
Therefore, to enhance the performance of the OpenFlow mance in terms of several criteria. The results of the proposed
switch it is required to implement the proposed algorithm in method along with FIFO and Random methods show that
the controller. On installing a new entry by the controller, our method could increase the hit rate and reduce the con-
the importance degree of the new flow entry is calculated troller’s overload significantly more than the existing methods.
and updated using the proposed algorithm. Since in the SDN Also, this method performs better than flow management based
networks, the controller is responsible for running all of the on Idle_timeout. As mentioned in the evaluation section, this
required operations, the switch settings remain unchanged. replacement method alone has a better performance than the
In addition, the proposed method will increase the scalabil- methods of dynamic setting of timeout and will certainly bring
ity in SDN networks. Scalability is considered a subject with about more successful results if combined with timeout setting.
multiple aspects in SDN. One of its aspects is the through- In addition, this is the first dynamic replacement method that
put. When the load of a controller decreases and the hit- has been implemented in the controller.
rate increases, more flows can be handled in any time slot. In this work, all the statistical features of flows are not used in
Another aspect of scalability is reducing the delay in installing the proposed algorithm. Hence, using all of them seems to lead
new flow entries. When the entries of flows with higher impor- to better results. For future research, this method can be imple-
tance are included in the table, repetitive installations are not mented in real-world software-defined networks. Also, other
reduced. Hence, this scheme reduces the controller overhead, statistical features which are obtained from the flow (for exam-
and increases the importance degree of highly referenced flows. ple, protocol type, flow capacity, QoS level etc.) may be used
Accordingly, keeping the selected flows in the table will increase alone or in combination for developing new replacement algo-
the network capability for scalability. rithms and suitable setting of Idle_time in the flow table. Since
more details of flow information will be considered, the accu-
racy and quality would be improved and the flows with higher
5 CONCLUSION hit probability would remain in the table. All these techniques
can be combined to obtain better results.
As mentioned earlier, flow tables contain flow entries each of
which determines how the packets belonging to a flow of Big CONFLICT OF INTEREST
Data streams should be analysed and sent. Flow entries are No
defined by the controller in flow tables. These tables have lim-
ited capacity. They are made of TCAM memories. TCAM has a FUNDING
high-power consumption. Therefore, large tables are costly and None
have high power consumption. The incoming flows are com-
pared with table entries and if there is no match, a message is DATA AVAILABILITY STATEMENT
sent to the controller for processing the flow. Thus, more time is Data available on request due to privacy/ethical restrictions
needed for processing such a flow. If the incoming flows remain
in the switch’s buffer, the buffer will be filled and new packets REFERENCES
will be discarded on arrival. As multiple switches are connected 1. Dinh, P.T., Park, M.: BDF-SDN: A big data framework for DDOS attack
to the controller, transmitting these messages to the controller detection in large-scale SDN-based cloud. In: 2021 IEEE Conference on
will increase communication overload between the controller Dependable and Secure Computing (DSC), Fukushima, Japan (2021)
12 ABBASI ET AL.

2. Chu, X., et al.: Big data and its V’s with IoT to develop sustainability. Sci. 23. Zhang, L., et al.: TimeoutX: An adaptive flow table management method in
Program. 2021 3780594 (2021) software defined networks. In: 2015 IEEE Global Communications Con-
3. Abbasi, M., et al.: Efficient flow processing in 5 G-envisioned SDN-based ference (GLOBECOM), San Diego, CA (2015)
Internet of Vehicles using GPUs. IEEE Trans. Intell. Transp. Syst. 22(8), 24. Li, Q., et al.: HQTimer: A Hybrid ${Q} $-Learning-Based Timeout Mech-
5283–5292 (2021) anism in Software-Defined Networks. IEEE Trans. Network Serv. Man-
4. Montaño, M.: IoT management analysis using SDN: Survey. Applied Tech- age. 16(1), 153–166 (2019)
nologies, Springer, Berlin (2021) 25. Panda, A., et al.: Dynamic Hard Timeout based Flow Table Management
5. Tarek, A., et al.: Software-defined networks towards Big Data: A sur- in Openflow enabled SDN. In: 2019 International Conference on Vision
vey. Advanced Machine Learning Technologies and Applications, Springer, Towards Emerging Trends in Communication and Networking (ViTE-
Berlin (2021) CoN), Vellore, India (2019)
6. Kreutz, D., et al.: Software-defined networking: A comprehensive survey. 26. Isyaku, B., et al.: IHTA: Dynamic idle-hard timeout allocation algorithm
Proc. IEEE 103(1), 14–76 (2015) based OpenFlow switch. In: 2020 IEEE 10th Symposium on Computer
7. McKeown, N., et al.: OpenFlow: Enabling innovation in campus net- Applications & Industrial Electronics (ISCAIE), Malaysia (2020)
works (OpenFlow White Paper). http://www.openflowswitch.org (2008). 27. Yang, H., Riley, G.F., Blough, D.M.: STEREOS: Smart table EntRy evic-
Accessed 15 November 2021 tion for OpenFlow switches. IEEE J. Sel. Areas Commun. 38(2), 377–388
8. <openflow-spec-v1.4.0.pdf> (2019)
9. Sezer, S., Scott-Hayward, S., Kaur Chouhan, P., Fraser, B., Lake, D., 28. Wu, D., Qiao, L., Chen, Q.: Research and implementation of LRU-based
Finnegan, J., Vilijoen, N., Miller, M., Rao, N.: Are we ready for SDN? flow table management for onboard switch. In: 2020 Prognostics and
Implementation challenges for software-defined networks. IEEE Commu- Health Management Conference (PHM-Besançon) (2020)
nications Magazine 51(7), 36–43 (2013) 29. Shen, Y., et al.: AFTM: An adaptive flow table management scheme for
10. Abbasi, M., et al.: Ingredients to enhance the performance of two-stage OpenFlow switches. In: 2020 IEEE 22nd International Conference on
TCAM-based packet classifiers in internet of things: Greedy layering, bit High Performance Computing and Communications; IEEE 18th Interna-
auctioning and range encoding. EURASIP J. Wireless Commun. Network- tional Conference on Smart City; IEEE 6th International Conference on
ing 2019(1), 1–15 (2019) Data Science and Systems (HPCC/SmartCity/DSS) (2020)
11. Vakilian, S., Abbasi, M., Fanian, A.: Increasing the efficiency of TCAM- 30. Mendiboure, L., Chalouf, M.A., Krief, F.: Load-aware and mobility-aware
based packet classifiers using dynamic cut technique in geometric space. J. flow rules management in software defined vehicular access networks.
Adv. Def. Sci. Technol. 6(1), 65–71 (2015) IEEE Access 8, 167411–167424 (2020)
12. Alsaeedi, M., Mohamad, M.M., Al-Roubaiey, A.A.: Toward adaptive and 31. Fang, C., Huang, T., Liu, J., Chen, J.-y., Liu, Y.-j.: Fast convergence caching
scalable OpenFlow-SDN flow control: A survey. IEEE Access 7, 107346– replacement algorithm based on dynamic classification for content-centric
107379 (2019) networks. J. China Univ. Posts Telecommun. 20(5), 45–50 (2013)
13. Nguyen, X.-N., et al.: Rules placement problem in OpenFlow networks: A 32. Montgomery, D.C., Johnson, L.A., Gardiner, J.S., Forecasting and Time
survey. IEEE Commun. Surv. Tutorials 18(2), 1273–1286 (2016) Series Analysis. McGraw-Hill Companies, New York (1990)
14. Zarek, A., Ganjali, Y., Lie, D.: Openflow timeouts demystified. Computer 33. Kachru, U., Production & Operations Management. New Delhi, Excel
Engineering Research Group: University of Toronto (2012) Books (2009)
15. Lee, B.-S., Kanagavelu, R., Aung, K.M.M.: An efficient flow cache algo- 34. Mininet: An instant virtual network on your laptop (or other PC). http:
rithm with improved fairness in software-defined data center networks. In: //mininet.org/. Accessed 20 January 2021
2013 IEEE 2nd International Conference on Cloud Networking (Cloud- 35. Open vSwitch: an open virtual switch: http://openvswitch.org/. Accessed
Net), San Francisco (2013) 20 January 2021
16. Kim, E.-D., et al.: Flow table management scheme applying an LRU 36. Specification-Version, O.S., 1.4. 0. Open Networking Foundation (2013).
caching algorithm. In: 2014 International Conference on Information and Accessed 20 January 2021
Communication Technology Convergence (ICTC), Busan, Korea (2014) 37. https://osrg.github.io/ryu/-ryu-controller. Accessed 20 January 2021
17. Kim, E.-D., et al.: A flow entry management scheme for reducing con- 38. Sekaran, R., et al.: Survival study on Blockchain based 6 G-enabled mobile
troller overhead. In: 16th International Conference on Advanced Commu- edge computation for IoT automation. IEEE Access 8, 143453–143463
nication Technology (ICACT), Pyeongchang, Korea (2014) (2020)
18. Vishnoi, A., et al.: Effective switch memory management in openflow net- 39. Metter, C., et al.: Analytical model for SDN signaling traffic and flow table
works. In: Proceedings of the 8th ACM International Conference on Dis- occupancy and its application for various types of traffic. IEEE Trans. Net-
tributed Event-Based Systems, Mumbai (2014) work Serv. Manage. 14(3), 603–615 (2017)
19. Xie, L., et al.: An adaptive scheme for data forwarding in software defined
network. In: Sixth International Conference on Wireless Communications
and Signal Processing (WCSP), Chennai (2014)
20. Zhu, H., et al.: Intelligent timeout master: Dynamic timeout for SDN-
How to cite this article: Abbasi M., Maleki, S., Jeon,
based data centers. In: 2015 IFIP/IEEE International Symposium on Inte-
grated Network Management (IM), Ottawa, Canada (2015) G., Khosravi, M.R., Abdoli, H.: An intelligent method
21. Li, H., et al.: FDRC: Flow-driven rule caching optimization in software for reducing the overhead of analysing big data flows in
defined networking. In: 2015 IEEE International Conference on Commu- openflow switch. IET Commun. 1–12 (2022).
nications (ICC), London (2015) https://doi.org/10.1049/cmu2.12328.
22. Guo, Z., et al.: STAR: Preventing flow-table overflow in software-defined
networks. Comput. Networks 125, 15–25 (2017)

View publication stats