Software-defined networking (SDN) has provided a new paradigm for network management by allowing a central controller to program the underlying switches directly. However, OpenFlow, the de facto standard API for communicating with the switches, has limited visibility into the network headers, hindering innovations in the data plane and overloading the controller when a more sophisticated network application is needed. In this work, we leverage existing capabilities of modern switches to increase the abstraction power of OpenFlow and enrich the functionalities performed on the data plane of a network. We present an architecture that extends OpenFlow to support matching rules with domain names and provides data-plane operations that are only supported by the controller in existing approaches. Our architecture provides a better abstraction for programming the network and enables more concise policy specifications by requiring fewer rules in the switch flow table. To realize our architecture, we developed a prototype of a switch and a controller to handle the domain name extensions. We presented an application use case for blocking unwanted traffic required for Telecom companies. Our experimental results show that our solution reduces latency, number of rules in the switch, and number of packets sent to the controller. We also show that the new abstraction we provide can significantly reduce the code size of a network application.

软件定义网络（SDN）通过允许中央控制器直接对基础交换机进行编程，为网络管理提供了新的范例。但是，事实上，OpenFlow用于与交换机通信的标准API，对网络头的可见性有限，从而阻碍了数据平面的创新，并在需要更复杂的网络应用程序时使控制器过载。在这项工作中，我们利用现代交换机的现有功能来增加OpenFlow的抽象能力，并丰富在网络数据平面上执行的功能。我们提出了一种架构，该架构扩展了OpenFlow以支持与域名匹配的规则，并提供仅在现有方法中控制器支持的数据平面操作。我们的体系结构为网络编程提供了更好的抽象，并通过在交换机流表中要求更少的规则来实现更简洁的策略规范。为了实现我们的架构，我们开发了用于处理域名扩展的交换机和控制器的原型。我们提出了一个应用程序用例，用于阻止电信公司所需的不必要的流量。我们的实验结果表明，我们的解决方案减少了延迟，交换机中的规则数量以及发送到控制器的数据包数量。我们还表明，我们提供的新抽象可以显着减少网络应用程序的代码大小。