查看文章

Software Defined Networking (SDN) as an innovative network paradigm that separates the management and control planes from the data plane of forwarding devices by implementing both the management and control planes at a logically centralized entity, called controller. Therefore, it ensures simple network management and control. However, due to several reasons (e.g., deployment cost, fear of downtime) organizations are very reluctant to adopt SDN in practice. Therefore, a viable solution is to replace the legacy devices by SDN devices incrementally. This results in a new network architecture called hybrid SDN. In hybrid SDN, both SDN and legacy devices operate in such a way to achieve the maximum benefit of SDN. The legacy devices are running a traditional protocol and SDN devices are operating using Open-flow protocols. Network policies play an essential role to secure the entire network from several types of attacks like unauthorized access and port/protocol control. In a hybrid SDN, policy implementation is a tedious task that requires extreme care and attention due to the hybrid nature of network traffic. Network policies may be implemented at various positions in hybrid SDN, e.g., near the destination or source node, and at the egress or ingress ports of a router. Each of these schemes has some trade-offs. For example, if policies are implemented near the source nodes then each packet generated from the source must pass through the filter and, thus, requires more processing power, time, resources, etc. Similarly, if policies are installed near the destination nodes, then a lot of unwanted traffic generated causing network …