4.1. Timeout and Eviction Mechanisms
To overcome the limitation of the switch flow table storage (TCAM), OpenFlow allowed the use of a timeout mechanism to determine the life span of forwarding entry in the switch flow table [
52]. When no packet matches an entry within its timeout period, it will cause an entry to be evicted from the flow table to free space for new incoming packets. Currently, there are two major methods for the OpenFlow controller to install the timeout mechanism, idle and hard timeout. OpenFlow controller usually configures flow entry with fixed idle timeout value in the scale of seconds across flows [
56]. However, such timeout value could give better performance when it is close to packet inter-arrival time and the flow table has sufficient space to accommodate all flows. Moreover, this method could be straightforwardly implemented without much computational overhead, especially in a fixed network environment. However, setting fixed value across all flow may adapt to dynamic traffic flows especially in a large-scale network setting because of the variability exhibited by flow as illustrated in
Figure 8. This has recently gained research interest to devise a scheme that will improve the flow lifespan, as shown in
Table 2.
In
Figure 8, suppose a number of packets that have been transmitted until time t1, t2 are vt1 and vt2, respectively. F1 represents short flow with a small number of packets at both t1 and t2. While F2 shows long flow with a small number of packets and F3 illustrates short flow with a large number of packets. Finally, F4 has a long flow with large packets. Therefore, it is required to investigate the feasibility of adopting a flow timeout strategy that can incorporate fixed and dynamic timeout values based on observed natures of intra-flow packet inter-arrival time in
Figure 8 [
46]. Applying fixed timeout value across the flow, which used to be the conventional method, makes it difficult to cope with the current traffic pattern, given that flows extreme exhibit variabilities in statistics such as duration and volume. Moreover, [
47] reports the impact of timeout value on flow statistics and found there is a performance trade-off. While large timeout value may unnecessarily preserve a large number of flows with no packet expected. As for small timeout may lead to premature eviction of flows, which increase flow set up request and teardown long live flow into a smaller flow. Consequence flows may be evicted more often, which causes the generation of a more packet-in message to the controller, such a situation increases communication overhead between switch to controller.
Lu et al. [
47] noted the factors that influence setting a proper timeout such as packet inter-arrival time (PIAT) according to flow state, controller capacity, and current flowable utilization. Importantly, setting proper idle timeout should be based on the packet inter-arrival time and can effectively improve the efficiency of the system. In this way, the work of Lu et al. [
47] set a TF-idle timeout scheme that dynamically set the flow entry lifecycle according to real-time network traffic. This is achieved by estimating traffic feature via packet arrival distribution and interval in a logarithmic normal distribution. Since it is observed that general networks change over time with variability in flow size. The method required collecting statistical distribution of packet arrival time. Consequently, the cost of memory in the controller is huge. Similarly, flow removal should follow a certain procedure to prevent evicting important flows. TF-idle only focuses on setting timeout without considering flow eviction. It is important to also consider the flow eviction together with the timeout method. This is necessary to avoid removing an entry that may be needed in the near future. Alternatively, instead of relying entirely on the flow expiry period, Challa et al. [
48] proposed to efficiently manage the flow entries in the flow table through intelligent eviction mechanism based on data logging using multiple bloom filters (MBF) data structure to decide flow entry removal. Although the approach made a step further to remove the unused entries. However, the processing of encoding some important value of flows in SRAM incurred an extra processing delay to the system and the worst case is that flow traffic pattern variability may impair the stability of the system.
The work in [
49] proposed an adaptive flow table adjustment by combining flow table and controller cost according to the proportion of active flow entries. The algorithm monitors traffic in real-time. Hence, the algorithm dynamically sets the value of idle timeout based on different flow. Interestingly, the algorithm could set the different timeout values to flows. However, the process of calculating the cost of flow table entries in switch and controller computing cost, add an extra computational overhead on the controller. Consequently, it may limit the number of switches that could be handled by the controller [
55]. Moreover, obtaining the real-time flow entries through (
of.ofp_stats_request) message to the switch before the flow finish is impractical [
46,
58].
In a similar effort, [
50] modeled flow as ON or OFF to analyze the packet length and packet interval length was used to assign suitable idle timeout. This required a switch to perform some calculation upon arrival of a packet. Similarly, the controller maintains a history of flows to adjust the idle timeout value dynamically. Even though the approach may be stable with a proper idle timeout when the flow arrival is in a uniform distribution; however, change of flow shape to exponential distribution may significantly introduce overhead to the switch. This is due to the process of switch calculating the flow table resource overhead upon arrival of a packet that may not be feasible in real-time [
46]. In addition, it may reduce the number of flows to be processed by switch at sampling time. Moreover, a packet may incur an extra processing delay. Their work overlooks incorporating flow eviction methods.
The work in [
51] introduced forward a dynamic adaptive timeout algorithm to install different timeout values at the sampling time period. This is achieved by estimating the number of flow entries that may appear at the next sampling time in probability. Thereafter, an idle timeout is chosen according to the estimation. To cope with the dynamic nature of traffic, the controller used to change the timeout value at every sampling time. Although the algorithm may be efficient with low flow arrival as the number of flows increases, this method fails to give a good performance, because it significantly imposes heavier pressure on the controller with a high cost of computing power [
59]. In addition, the approach uses random policy to remove the unused entry when the timeout expired. Randomly evicting flows may cause an active flow to be removed, which can severely degrade the performance of the network with extra processing load on the controller [
52].
The work of [
52] designed a module operated at the switches to enable effective flow table entry management to remove entries using LRU and timeout to ease the impact of flow table overflowed. A counter is set at the switch to count the number of active entries, but it is noted that the method may lead to miscounting when there are duplicate in SYN/FIN packets. As such, to avoid miscounting, every entry is associated with a binary flag to determine the states of entry, 0 and 1, which indicate inactive and active states, respectively. Therefore, the method may evict unused entries intelligently when needed to accommodate new flows; however, it requires modification of the OpenFlow switch flow table data structure, which makes it a computationally prohibitive solution. In addition, when the timeout of entry elapsed, LRU is used to evict an entry and the use of an LRU in a flow-based network is not appropriate. Because this algorithm is based on single rule replacement for each switch, whereas proper control policies should be bases on a global view of multiple rules in all switches [
60].
Similarly to preserved useful entries in the flow table, the proposal in [
53] designed a flow cache architecture with a two-stage timeout mechanism to better identify and keep important flow entries. Initially, flow entries are stored in the primary table with timeout calculated by the controller using knowledge of flow entry. Thereafter, an inactive time with no packet expected, instead of completely removing entries, but are moved to a secondary table for a second chance. It is noted that the approach preserved the active flows, thereby evicting short-lived flows to avoid waste of flowtable resources. However, it required knowledge of flow before deciding on a suitable timeout. Hence, it is not feasible to obtain old flow installation, evict, install, and packet-in in real-time [
46]. In addition, moving an entry to secondary storage for the second chance, the process may cause a packet to incur additional processing delay, which may not be good for delay-sensitive application [
55]. Therefore, setting proper idle timeout is significant to efficiently manage the precious flow table space. Additionally, it is also important to consider the deterministic life span of the flow entry (hard timeout) to preserve long-duration flows with a large number of packets within a short inter-arrival.
In contrast to the idle timeout features, Panda et al. in [
57] consider a dynamic allocation of hard timeout for predictable and unpredictable flows to maximize the utilization of flowtable. The aim is to keep an unpredictable flow for a short time while preserving predictable flows. This is achieved by analyzing packet trace to study the nature of packet arrival for each, thereafter adjusting hard timeout accordingly. When flow table utilization reaches a certain capacity, LRU is used to evict an entry with a max timeout. Even though the scheme has achieved in preserving predictable flows, still inherent is the problem of poor entry eviction scheme. LRU is not an appropriate eviction algorithm in SDN because it is a packet driven algorithm, which can only be implemented in theory, but in practice it may not be compatible with OpenFlow, and worse, it violates one of the SDN principles that deleted all control functions to the controller [
33].
IHTA in [
54] considers the dynamic idle value to short live flows and adjusts hard timeout value to long live flows with short packet inter-arrival time. This has significantly reduced the issuance of the packet-in event to the controller, which improves the communication overhead. The shortcoming of LRU is overcome by leveraging on OpenFlow built-in data collection. Flows with a small number of packet count are considered to be victims and therefore, removing such flows improved the efficiency of the limited storage. It is effective to conclude that to some extent IHTA has reduced communication overhead and improved the limited flowtable usage without changing the architecture of SDN.
4.2. Flow Rule Aggregation
SDN has been designed to support a wide range of network applications that are flow-based with more complex matching patterns compared to destination base using traditional IP routers [
56]. The complexity comes as a result of forwarding rules stored in TCAM, which is a constraint in size, and represents an important concern in deploying OpenFlow technology. One of the alternative solutions in reducing the demands of TCAM is flow entries aggregation, a technique that reduces the number of required entries by merging multiple flow entries into one aiming to preserve the original forwarding semantic through wildcard rules.
Table 3 summarize the related works.
Intuitively, the technique compresses fine-grained forwarding entries into fewer coarse-grained with slightly larger matching range, thus a reduced number of entries to be stored. Interestingly, it is a software solution that is easy to implement as an optional plug-in on the OpenFlow controller with no modification to OpenFlow switches or protocol [
61]. There exists aggregation techniques for traditional prefix IP routing table or non-prefix TCAM forwarding rules or farewell rules (ACL) [
59,
62,
63]. However, the aggregation technique poses some challenges when updating forwarding entries or querying traffic statistical counter by the controller, because of the failure in preserving the original semantics of the rule in most cases. In addition, because of the diversity of switch vendor implementation, some OpenFlow switches may not fully support wildcard values matching fields [
59]. Moreover, a lot of events such as node failure, QoS provisioning may cause frequent flowtable rule updates in practice. As such, an aggregation scheme must be efficient enough to adapt to the nature of frequent rule updates with less computation and fast update time. To this end, Tsai et al. in [
64] and Luo et al. [
65] used bit and subset weaving and fast flow table aggregation (FFTA), respectively, to shrink the flow table size and provide practical fast updates time. The FFTA construct optimal routing table constructor (ORTC)—based aggregation with binary search tree (BST) to optimally aggregate rules with bit merging on the tree. The scheme leverages on bit weaving and removes bit swapping to construct BST of non-prefix flow entries to improve the execution time. It was observed that some rules are unaggregatable, therefore FFTA misses the potential opportunity of aggregating such flow entries [
66]. Moreover, as the size of the network increase, it will be computationally expensive.
FTRS [
61] is another flow table reduction scheme. FTRS preserves the existence of each entry at the edge of the flow path and aggregates the flow entries that have the same action that is destined to the same destination address. To achieve this, FTRS identified core switches that are more likely to encounter flow table congestion than edge switches. In this way, less important flow entries are aggregated in the middle of the flow path while preserving the existence of entries at edge switch to maintain fine-grained management. Binary tree (prefix tree) is used to traverse a selected matching attribute from each flow entry such as IP address into node, thereafter, flow entries are reduced by replacing the non-empty trees with coarse-grained nodes. To some extent, FTRS has reduced flowtable consumption, but it fails to aggregate some types of flows.
To address the shortcoming of FTRS, Chao et al. [
66] proposed an in-switch dynamic flow aggregation (IDFA) mechanism as a switch application to avoid the link between the switch to the controller. IDFA adds redundant flow entries insertion and verification to dynamically adjust and aggregate entries based on a threshold value. IDFA claimed to have better aggregation convergence time with a lower chance of overflow compared to FTRS. However, its performance may be acceptable in a fixed network, but it may introduce extra overhead, especially in large-scale networks with heavy-hitting flows. Besides, IDFA and FTRS are more applicable to only a small local area network (LAN) environment [
67].
Alternatively, OpenFlow’s 1.3 support multiple flow tables (MFT) pipelining stage to offer entries matching flexibility. As such, the work of Cheng et al. [
67] put the Agg-ExTable approach to efficiently manage entries in MFT. The approach periodically aggregates flow entries using pruning and Quine-Mccluskey algorithm. Hidden Markov model (HMM) is used to determine the most popular entries with heavy matching in probability, such entries are placed in the front-end ExTable, while others are placed in the subsequent table. Experimentally, the scheme saves about 45% memory space and reduces the flow processing time. However, the weakness of Agg-Extable relies in its inherent architecture, as this solution required large number of entries in the front-end table, which may significantly pressurize the ExTable and can lead to overflow problem. In addition, it may be challenging to adopt such solutions in large scale networks, especially with the variability exhibited by flows.
Kanan et al. in [
68] compact TCAM entries aimed to reduce the size of the flow entries in the flow table by inserting short tags in the packet header to identify the original number of bits used to store entries for OpenFlow switches. This is achieved by leveraging the dynamic programming capability of SDN to route the packets using those short tags. The approaches have optimized the TCAM storage space with a significant reduction in TCAM power consumption for a given number of flows. However, the solution required a change in the packet header and method to populate the flow table. Moreover, adding an identifier to each incoming packet in ASIC-based storage is hard, because it is not the standard operation, thus, causing the packet to be processed slowly with the performance penalty [
56]. Rifai et al. in [
56] proposed Minnie, which composed of two modules; compression and routing module. The flow table is configured with 1000 rules as the size when the number of rules exceeds the 1000 limit, Minnie triggers the compression module, this way rules are compressed by source, destination, and default, an optimal rule is chosen as the best rule. Thereafter, the shortest path is used to route the flow without overloading the flowtable on the topology where the number of nodes increases. Minnie focuses on achieving better compression ratio and computation time; however, with the variability exhibit by flows, some flow tends to live for a short or long period. Minnie overlooks incorporating flexible timeout and eviction mechanism to remove useless entries to free space for a new flow. Besides, the different compression methods employed may introduce another overhead with system instability.
4.3. Flow Rule Split and Distribute
Endpoint policies like firewall, load balancer rules are enforced at edge switches. These policies always generate many forwarding rules. Due to insufficient flow table space (TCAM), a set of rules are usually split into small sub-tables and distributed over the network in a way that satisfies policies. The common objective of distributing schemes is to minimize the number of entry rules for realizing policies in each switch. This way, optimization models are presented to decides which rules to be placed on which switch while respecting memory constraint and rule dependency. Palette in [
70] is an example of such a scheme, Palette designed a scheme to share rules to individual ingress switch, thereafter, distribute across the network, such switches in the network have smaller sub-tables. They formulate two greedy approaches using a rainbow path coloring problem to optimize the entries in the sub-table. However, balancing the size of each sub-table and reduce rule redundancy concern is noted as the shortcoming of the solution [
72]. To address such challenges, Shue et al. [
72] present a sub-table allocation algorithm (SA) and size-balancing sub-table partition (SSP) algorithm. This way, the idea of coloring is extended to maximize the number of sub-tables (i.e., number of colors). SA algorithm can partition a large number of sub-tables to reduce table size. Experimentally optimal result were achieved in small network topology, although, compared to Palette [
70], SSP can balance all the sub-table sizes with low rule overhead. Moreover, SA plus SSP may occupy little TCAM space to store rules regardless of the topology size. However, the arrival of massive flows in a dynamic large-scale network may impair the stability of the system.
Kang et al. [
73] formalize a split model as decomposition on overlapping rectangles with linear programming (LP) to assign sub rectangles to switches. However, it introduces unwanted traffic because policy enforcement is executed at several hosts after packets entered the network [
74], moreover, it may not be possible for distribution to ensure feasible space allocation for each switch in the network. In a similar effort, one big switch (OBS) in [
69] considered rule distribution problem under heterogeneous flow rule policy. The author introduces the LP base rule partition approach with two heuristics for rule allocation to calculate suitable rule space allocations for each flow path in each switch and therefore only the rules that affect packets traversing are installed. However, OBS represents endpoint policy rules by five dimensions, the computation cost of table decomposition is impractical [
72]. The work of Lin et al. [
74] presents table decomposition and sub table allocation for heterogeneous flow table with efficient rule distribution method to balance the number of rules stored along with a path. However, the method may cause incorrect packet forwarding due to the rule dependency problem [
72].
Conversely, Nguyen et al. [
71] proposed OFFICER as a linear optimization model for sub-table allocation under memory and link capacity constraint aimed to calculate and implement efficient forwarding rules in switch memory. OFFICER treats the network as Blackbox, which must satisfy the endpoint policy imposed by the operator, thereby obtaining the maximum from available resources through the adaptation of routes. Therefore, in general, splitting and distributing entries among data forwarding elements can maximize entries. However, it introduces more traffic overhead in the switches to maintain the distribution of forwarding entries, especially when the network topology dynamically changes over time. Moreover, the distribution scheme may be a bottleneck in large scale-network with massive flow arrivals.
4.4. Flow Rule Caching
The use of wildcard rule caching makes multiple flows aggregately, thereby reusing entries among different flows, communication overhead can be drastically reduced. In addition, the cost of policy enforcement and update can be reduced. However, wildcard rules are usually stored with different priorities assigned to resolve conflict between two or more overlapped packets. For example, let
p represents a set of rules R (R1, R2, R3 … RN) N-dimensional rules with the following priority order (R1 > R2 > R3 > … RN). There exists rule dependency if the match field of rule R
1 overlap at the intersection field of rule R
2, and rule R
2 priority is higher than R
1. Therefore, caching R2 only due to its high matching frequency without caching R1 may result in incorrect packet forwarding. Hence, it is not enough to simply cache the requested rule when there is no available correspondent rule, all other rules with higher priority must be installed to guarantee correct packet forwarding. In such a situation, an extra storage overhead is required, which increases flow table overflow [
75]. This has widely gained researchers’ interest, as summarize in
Table 4.
Alternatively, it is to rely on additional data paths to process the remaining traffic flow. The recent advancement of technology introduced software switching as part of the same commodity switch, which provides an alternative by storing a large number of rules. To some extent software switch has reduced the storage limitation problem; however, it does not support wildcard rules that match many headers fields. In this situation, the switch must resort to slow processing in user space to handle the first packet of each flow. This causes significant packet processing delay, which may not be suitable for some applications. Thus, based on the nature of the amount of traffic matching switch rule, Katta et al. [
11] suggest another option to combine hardware and software (hybrid) switching to get the benefit of both without having to pay for their drawback. But this requires careful distribution of single rule table into multiple tables spanning across heterogeneous data paths to ensure that semantic of single-switch rule table are preserved in the distributed implementation. To some extent, this can offer large storage space to accommodate more traffic. However, the process of forwarding packet to software switch thereby copying it back to TCAMs flow table incurred additional packet processing delay. Such an additional delay is high, which amounts to at least 20 ms, Mohan et al. [
76]. Subsequently, as the data flow request increases over time, the time augments.
In contrast to hybrid switch, other solutions were proposed using commodity switches with no additional resources to use TCAM only to store rules. Rules are partitioned into two; heavy-hitting rules and others. the first partition stored heavy-hitting rules while the remaining rules are placed in the other partition [
77]. Therefore, partition in TCAM only nullifies the additional packet processing delays experienced in the hybrid switch, however, the potential rule dependencies caused by wildcards to complicate the installation and removal of the rule. It is very common for higher priority rules to overlap at the intersection field with lower priority rules. When packet matched with multiple overlap rules, the higher priority would be the final match. As a result, a problem of rule dependencies issues arises [
31]. Therefore, simply caching the requested rule could potentially lead to incorrect packet forwarding. In such a situation, an extra storage overhead is required, which increases flow table overflow [
78]. Moreover, this will block the chance of other new incoming rule and cache miss will increase as well. Consequently, this situation will further increase the packet-in generation and update cost operation. An alternative method is to convert wildcard rules into new micro/exact rules without overlapping [
75]. However, each rule has tens of overlapping rules, slicing the long dependencies chain into non-overlap rules generates a large number of flow entries [
78]. This would eventually overwhelm the switch flow table (TCAM) memory. In this way, the extra processing load on the controller to store and update rules is inevitable. Therefore, it is necessary to carefully handle dependency in order to avoid overwhelming the switch flow table memory and avert incorrect packet forwarding.
Rule caching algorithms cannot blindly choose and cache the most frequently used rules. Hence, a scheme must be properly designed to choose the most frequently used rule and cache them in the TCAM flow table. Toward this goal, cover-set (CS) was proposed, and it is built based on the hybrid switch. CacheFlow in [
11,
73] was the state of art work to design CS, it leveraged on direct acyclic graph (DAG) to represent the wildcard rule dependencies problem by splicing a long dependency chain. CS algorithm creates a small number of new rules that cover many low priority rules that overlapped with other higher priority rules. Rule weight is used to indicate how frequent the rule is being matched. Rules with higher weights are considered as heavy-hitting rules, therefore, such rules are cached in the TCAM flow table while the remaining sets of lower priority rules are forwarded to software switch. Sheu [
73] noted that CacheFlow only considered a contribution value of each un-cached rule to select the heaviest hitting rules.
In contrast, Sheu [
73] proposed accumulated contribution value (ACV) for a set of rules to further improve the selection of most frequently used rules. The set of related rules that have maximum ACV are cached in TCAM until full. The work in [
31] is another example of the CS algorithm. To some extent, CS can accommodate a large number of flow rules, but the merit comes with a cost. CS does not improve the efficiency of TCAM, instead it may increase the chance of flow table overflow as the number of long chain dependencies increase because of the large number of cover-set rules that must be stored in TCAM [
77]. In addition, the process of forwarding packet to software switch, thereby copying it back to TCAMs flow table, incurred additional packet processing delay. In general, the weakness of cover-set and similarly [
31,
72,
73] relies on their inherent architectures, as these solutions require the installation of software switch for every hardware switch [
56] that might need a reorganization of the network cabling and additional resources to host the software switches [
59]. In addition, it is difficult to determine the optimal number of needed software switches due to performance reasons. Moreover, forwarding rules that depend on the traffic characteristics must be kept in software switch kernel memory space, which is also limited. Furthermore, the process of software switches over a hardware switch increases packet processing delay to consult the controller and install the missing rules [
77]. To this end, a greater number of update operations will be triggered, which also affect the stability of the systems.
In contrast to cover-set, partition mechanism in the work of [
75,
77,
78], caches flow rules in TCAM without using additional resources. It divides large dependent rules into sub-set and places the most frequent rules in the first partition and less frequent one in the second partition. CAB is the state-of-the-art wildcard rule caching using a partition. Yan et al. [
78] used a two-stage flow table pipelining to address the rule dependency problem. The main idea is to divide the flow rule into many small logical storages (buckets) and use a decision tree to partition rules. The design tries to ensure one bucket never overlaps with other buckets, but it is possible for rules to overlap with multiple rules in different buckets. In the first stage, bucket is cached while in the second stage all associated rules are stored. CAB can reduce packet processing delay with a better cache hit ratio in the fixed network and suggest improving the scheme to cope with dynamic traffic patterns as future work. The work of Li et al. in [
77] extends the concept of CAB to introduced CRAFT. This scheme used two-stage pipelining to reduce the packet processing delay experienced in CacheFlow [
11]. Base on experimental results CRAFT outperforms CacheFlow in terms of hit ratio on average by 30%.
Similarly, [
81] uses a decision tree to partition rules as a chunk and reactively installed it at the switch flow table. When chunks become inactive, it is uninstalled with its associate. Therefore, wildcard rule caching using partition has improved the TCAM flow table efficiency compared to cover-set as observed in [
31,
77]. However, from the work of [
75,
77,
83], regularly partition rules led to many sub-rule creations, which will consume a lot of switch memory space. Conversely, maintaining rules in their original shape without splitting them to prevent fragmentation generates a large number of buckets [
31]. In this situation, a single rule may be duplicated in several buckets and therefore a lot of spaces would be wasted.
4.5. Machine Learning Techniques
Predicting flow traffic patterns is crucial to select the right flow to be installed in the switch storage to reduce the large flow entries, which lead to inefficient utilization of the network resource. The main idea is to provide a way to perform fine-grained network management by identifying different flow types due to variability exhibit by flows. Therefore, flow classification assists network operators to handle the better quality of service (QoS) provisioning and resource utilization in a more efficient way. Network QoS is simply the service level agreed upon to deliver network application to users. It is usually measured through end to end delay, bandwidth, jitter, and packet loss. There is a need to efficiently facilitate measuring and configuring such services to meet the users demand. OpenFlow has built-in data collection modules that can collect statistics of switches, ports, and flows, which are used to facilitate flow monitoring to maintain the global network knowledge [
84,
85]. However, other important metrics such as port utilization, delay, and jitters are not directly available [
86]. Port utilization can be measured by using some statistical method, whereas delay and jitter require an extra feature to be measured. Therefore, to efficiently preserve QoS provisioning, more intelligence is needed to be deployed. In this way, machine learning (ML) techniques are applied to extract knowledge from the statistical traffic flow data gathered by the controller. Thus, leveraging the global network state to apply ML algorithms in the realm of SDN from the perspective of routing optimization [
87], resource management [
83,
88], QoS quality of experiences, and traffic classification prediction [
82,
89] have gained a lot of researchers’ interest lately, refer
Table 5.
Traffic flows can be classified into different QoS categories, whereas prediction techniques are used to forecast the next traffic expected. To flexibly ensure QoS as well as the quality of experience (QoE), deep packet inspection (DPI) is very effective and widely used for traffic flow classification due to its high classification accuracy [
3,
85]. However, DPI cannot recognize an application whose pattern is not available, besides it has high computation resources cost because of the need to check all traffics flows. Moreover, it cannot classify encrypted traffic on the internet [
90]. Applying such techniques in large scale networks with exponential traffic growth make pattern update difficult or even impractical [
85,
90]. Conversely, ML-based approaches are more effective in recognizing encrypted traffic with much lower CPU computation cost compared to a DPI-based approach [
3,
91]. Although ML has lower accuracy, it is still effective in SDN compared to the legacy network due to network global and intelligence present at the SDN controller [
3,
90]. Hence, researchers leverage the controller intelligence to implement the ML technique. Works have been conducted to classify traffic flows from a different perspective to adaptively provision QoS and efficiently manage the precious storage resource. Such classification includes application-aware and elephant-mice flow aware.
The former focuses on identifying different delay-sensitive and non-sensitive application traffic flows. Such an application required immediate detection and redistribution along the network to minimize declining SDN QoS policy. However, with the rapid increase of applications on the internet, it would be impractical to identify all the applications, especially in a large-scale network. The work of Amaral et al. in [
82] developed an OpenFlow-based SDN system to collect statistical data and classify network traffic flow in an enterprise network. Afterwards, classifier algorithms are applied to classify traffic flow into different application categories. Similarly, Rossi et al. [
89] aimed at devising a behavioral classification engine to give accurate application-aware traffic while focusing on user datagram protocol (UDP).
Concerning the latter, it focuses on identifying elephant flow, whose lived-long with high bandwidth consumption and mice flows that live-short, which are delay-nontolerant flows. Since elephant flows have high volume in nature, they have a high tendency to fill the flowtable storage. Such classification is necessary, which can be used by network operators to optimize the usage of the limited network resources according to their desired QoS. Glick et al. [
92] put an ML-based technique to study flows based on elephant flow-aware at the edge of the network. Thereafter, the controller utilizes the classification results to implement efficient traffic flow optimization algorithms. Xiao et al. [
93] focused on a cost-sensitive learning method to detect elephant flows. The proposed method comprised of two stages: In the former stage focus on head packet measurement to different mice and elephant flows, while the latter leverages on a decision tree to detect and analyze whether these flows are genuinely elephant flows or otherwise. Although, SDN approaches can efficiently allocate resources to different flows the overhead for storing a large volume of flow entries is significant, especially with the memory scarce.
Therefore, it is crucial to determine which flows between short and long live flows with a massive number of packets will be preserved in the flowtable and which flow entries should be processed by the controller. This is required to satisfy the goal of which flow between elephant and mice can reduce both storage and controller overhead while maintaining stable performance. Toward this goal, the work of Al-Fuqaha et al. [
83] proposed an ML-based system that leveraged on two variations of reinforcement learning (RL) with traditional RL-based algorithm and other deep RL to determine the right flow to preserve the flowtable between elephant (long-lived) and mice (short-lived) using deep learning neural network. Yang et al. [
94] proposed machine learning-based systmes to decide the right flow to be deleted. The approach learned from the historical data of flow entries afterward, it predicts how long entry can last, flow entry with the shortest duration will be the victim. In a similar effort, FlowMaster [
95] predicts when a flow entry becomes stale in order to delete such entry to free space for next incoming flow. However, FlowMaster assumed flow arrival follows poison distribution, which may not be truly necessary for practice [
88].
For more intelligent flow deletion strategy, the work of Yang et al. [
88] proposed smart table entry eviction for OpenFlow switches (STEREOS). The ML-based approach was used to classify flow entries as either active or inactive. On this basis, intelligence is used to decide the right flow to be evicted without having to pay for the storage overhead. Liet al. [
96] noted that due to high storage load, the flowtable is exploited, which in turn affects the performance of the data plane. Toward this goal, they proposed HQTimer, a Q-learning base for the selection of flow effective timeout values to improve the performance of the data plane. However, these approaches can offer better performance in a small–medium scale network, but a dynamic large-scale network may require a more sophisticated training set, which in turn needs more storage to accommodate more historical data. While switch storage is scarce, resources and controller CPU is also limited. Considering the built-in features in the OpenFlow network and the global networking knowledge of the controller. It is important to leverage the features and achieve better routing optimization, QoS provision, traffic flow classification, and network resource management. Therefore, more research work is required with features selections to predict flows and decide on the right flow to preserve in the switch flowtable in case of a large-scale network.