Abstract

Disruption-free updates are a key primitive to ef- fectively operate SDN networks and maximize the benefits of their programmability. In this paper, we study how to implement this primitive safely (with respect to forwarding correctness and policies), efficiently (in terms of consumed network resources) and robustly to unpredictable factors like delayed message delivery and processing. First, we analyze the fundamental limitations of prior proposals, which either (i) progressively replace initial flow rules with new ones, or (ii) instruct switches to maintain both initial and final rules. Second, we show that safe, efficient and robust updates can be achieved by leveraging a more general approach. We indeed unveil a dualism between rule replacements and additions, that opens new degrees of freedom for supporting SDN updates. Third, we demonstrate how to build upon this du- alism. We propose FLIP, an algorithm that computes operational sequences combining the efficiency of rule replacements with the applicability of rule additions. FLIP identifies constraints on rule replacements and additions that independently prevent safety violations from occurring during the update. Then, it explores the solution space by swapping constraints that prevent the same safety violations, until it reaches a satisfiable set of constraints. Fourth, we perform extensive simulations, showing that FLIP can significantly outperform prior work: In the average case, it guarantees a much higher success rate than algorithms only based on rule replacements, and massively reduces the memory overhead needed by techniques solely using rule additions.