摘要 |
A method of providing access control for a software defined network (SDN) controller, wherein said controller (4), upon receiving a trigger event from the data plane (1) of said software defined network, triggers one or more applications (6) that are installed to run at the control plane (2) of said software defined network atop said controller (4) to react to said trigger event, is characterized in that said controller (4), before triggering applications (6) due to a trigger event, applies a conflict resolution scheme comprising the steps of defining flow spaces on the basis of packet headers and assigning each flow space a priority, determining all flow spaces that are affected by said trigger event and selecting from these flow spaces a single flow space having assigned a priority that complies with a predetermined policy, and determining, from the applications related to said selected flow space, a single application – master application – according to predefined criteria and triggering, in addition to said master application, only those applications whose reactions to said trigger event do not conflict with said master application. Furthermore, a corresponding software defined network (SDN) with access control and a corresponding SDN controller are disclosed. |