A Prototype of Policy Defined Wireless Access Networks Hung X. Nguyen * , Thien Pham † , Khanh Hoang † , Duong D. Nguyen † , Eric Parsonage ‡ * Teletraffic Research Centre, † School of Electrical and Electronic Engineering, ‡ School of Mathematical Sciences The University of Adelaide, Adelaide, SA 5005, Australia Email: * hung.nguyen@adelaide.edu.au, † thien.pham@oasissystems.com.au, † buikhanh.hoang@student.adelaide.edu.au, † duong.nguyen@adelaide.edu.au, ‡ eric.parsonage@adelaide.edu.au Abstract—In the past few years, significant progress has been made in using software defined networking to increase automa- tion, improve network security, simplify network configuration and reduce human effort to establish and maintain the network. There are now a vast number of studies exploring how to utilise policies to achieve the above goals. In this paper, we apply policy defined networking to wireless access network functions. We describe the details of our prototype policy defined networking so- lution that automatically translates high-level policies into device level implementations. We develop a novel metagraph model that can be used for policy specification, verification and refinement. We show that sophisticated traffic engineering policies can be implemented automatically on commodity hardware using our framework. Index Terms—Software Defined Networking, Policy Defined Networking, Wireless Access Networks I. I NTRODUCTION Over the last few years, there has been significant research into the application of software defined networking (SDN) to improve wireless access networks [1]. These include numer- ous innovative approaches for access network selection [2]– [4], mobility management [5], dynamic QoS and traffic en- gineering [6], QoS management across wired and wireless networks [7], [8]. The ultimate goals of this research are to reduce costs, increase business agility, and accelerate the time to market of new access network services. Even though these solutions utilise SDN architecture, they still require manual configuration of networking devices, using either OpenFlow switching rules or traditional router/switch configurations. Furthermore, they do not have a built-in check- ing and debugging system for network policies. Using these solutions, network engineers need to check manually that the policies are implemented correctly and that a new policy does not conflict with existing policies on all network devices [9]. In this paper, we develop a prototype of a policy defined networking (PDN) solution for wireless access networks. Our solution automatically translates high-level policy specifica- tions to low-level device configurations and provides built-in debugging and verification of the policies. Our contribution is twofold. First, we develop an SDN solution for programmable wireless access networks using commercial off-the-shelf hard- ware. We show that by using SDN we can implement advanced networking functions including firewall, DHCP, malware de- tection, traffic engineering on generic hardware, instead of specialised middleboxes. We explain in detail our design choices and configurations in this paper. Second, we develop a policy defined model based on metagraphs [10] to auto- matically check and translate high-level policies to OpenFlow statements. Our rigorous algebraic framework guarantees a correct implementation of the policies, specified using a high- level graphical user interface. We show through our prototype that these networks can greatly benefit from the rigorous math- ematical policy framework provided by metagraphs. Thus, our prototype PDN solution holds great promise for enabling error- free, agile and secure network management and control for future wireless access networks. Our solution is still in an early development state and we plan to extend the work in multiple directions. Our code and data are publicly available. II. BACKGROUND A. Wireless Software Defined Networking SDN was developed in an attempt to simplify network- ing and make it more secure. This has been achieved by separating the control plane (the controller which decides where packets are sent) from the data plane (the physical network which forwards traffic to its destination) [9]. An SDN network can be defined by three fundamental abstractions: forwarding, distribution, and specification. The forwarding abstraction (OpenFlow [11] is a popular realisation) allows forwarding behaviour desired by the network application while hiding the details of the underlying hardware. The distribution abstraction shields the SDN applications from the vagaries of distributed state and is realised by a network operating system (NOS). The specification layer is most relevant to our work on policy defined networking. This layer allows a network application to express desired network behaviour without being responsible for implementing that behaviour itself. The interface between the network application and the network operating system is called North Bound Interface (NBI). Generally, NBI is implemented using a programming language such as NetKAT [12] or REST/JSON API [13]. Separation of control and data plane exists in the wireless domain, independent of SDN. Several years ago, the IETF standardised the Control And Provisioning of Wireless Access Points (CAPWAP) [14] protocol, which centralises the control plane in wireless networks. In principle, CAPWAP applies