scholarly journals A Review of the Control Plane Scalability Approaches in Software Defined Networking

2020 ◽  
Vol 12 (3) ◽  
pp. 49
Author(s):  
Abdelrahman Abuarqoub
Keyword(s):  
Network Management ◽  
Software Defined Networking ◽  
Research Trends ◽  
Control Plane ◽  
Recent Advances ◽  
Data Plane ◽  
Significant Research ◽  
Flexible Networks ◽  
Sdn Controller

Recent advances in information and communications cloud-based services hold the potential to overcome the scalability and complex maintenance limitations of traditional networks. Software Defined Networking (SDN) surfaced as a promising paradigm to mitigate such limitations while offering flexible networks management. Particularly, SDN separates the control plane from the data plane to achieve abstraction of lower-level functionality, hence, allowing more efficient network management and utilization. However, SDN suffers from various performance and scalability problems leading to significant research efforts on maximizing the scalability of the control plane. This paper aims at reviewing different SDN controller scalability, topology-based and mechanism-based approaches, as well as discussing and analyzing how they attempt to solve the scalability challenge. Furthermore, this paper elaborates on the promising research trends and challenges. Our insights are also discussed to stimulate further research efforts addressing the control plane scalability in SDN.

Software-Defined Networking (SDN)

2021 ◽  
pp. 242-250
Author(s):  
L. Naga Durgaprasad Reddy
Keyword(s):  
Resource Allocation ◽  
Network Management ◽  
Software Defined Networking ◽  
Dynamic Resource Allocation ◽  
Control Plane ◽  
Application Layer ◽  
Physical Network ◽  
Data Plane ◽  
Dynamic Resource ◽  
Virtual Services

This chapter researches in the area of software-defined networking. Software-defined networking was developed in an attempt to simplify networking and make it more secure. By separating the control plane (the controller)—which decides where packets are sent—from the data plane (the physical network)—which forwards traffic to its destination—the creators of SDN hoped to achieve scalability and agility in network management. The application layer (virtual services) is also separate. SDN increasingly uses elastic cloud architectures and dynamic resource allocation to achieve its infrastructure goals.

An intelligent flow-based and signature-based IDS for SDNs using ensemble feature selection and a multi-layer machine learning-based classifier

2020 ◽  
pp. 1-20
Author(s):  
K. Muthamil Sudar ◽  
P. Deepalakshmi
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Network Architecture ◽  
Detection System ◽  
Software Defined Networking ◽  
Control Plane ◽  
Control Logic ◽  
Data Plane

Software-defined networking is a new paradigm that overcomes problems associated with traditional network architecture by separating the control logic from data plane devices. It also enhances performance by providing a highly-programmable interface that adapts to dynamic changes in network policies. As software-defined networking controllers are prone to single-point failures, providing security is one of the biggest challenges in this framework. This paper intends to provide an intrusion detection mechanism in both the control plane and data plane to secure the controller and forwarding devices respectively. In the control plane, we imposed a flow-based intrusion detection system that inspects every new incoming flow towards the controller. In the data plane, we assigned a signature-based intrusion detection system to inspect traffic between Open Flow switches using port mirroring to analyse and detect malicious activity. Our flow-based system works with the help of trained, multi-layer machine learning-based classifier, while our signature-based system works with rule-based classifiers using the Snort intrusion detection system. The ensemble feature selection technique we adopted in the flow-based system helps to identify the prominent features and hasten the classification process. Our proposed work ensures a high level of security in the Software-defined networking environment by working simultaneously in both control plane and data plane.

scholarly journals Load Balancing in Software-Defined Networking using Controller Placement

2020 ◽  
Author(s):  
Hamid Nejadnik ◽  
Rasool Sadeghi ◽  
Sayed Mahdi Faghih Imani
Keyword(s):  
Load Balancing ◽  
Software Defined Networking ◽  
Network Simulator ◽  
Control Plane ◽  
Placement Problem ◽  
Data Plane ◽  
Controller Placement ◽  
Controller Placement Problem ◽  
Load Balancer

Abstract Software Defined Networking (SDN) is a novel architecture that separates the data plane from the control plane using an external controller. Similar to traditional networks, load balancing has a great impact on the performance and availability of SDN. Therefore, the Controller Placement Problem (CPP) in SDN influences on the load balancing solutions. In this paper, various topologies of CPP including different load balancer controllers are simulated and evaluated in the SDN using the OFSwitch13 module of ns-3 network simulator. The results provide a solid comparison of the proposed topologies in different network situations.

scholarly journals Software Defined Networking Flow Table Management of OpenFlow Switches Performance and Security Challenges: A Survey

2020 ◽  
Vol 12 (9) ◽  
pp. 147 ◽  
Author(s):  
Babangida Isyaku ◽  
Mohd Soperi Mohd Zahid ◽  
Maznah Bte Kamat ◽  
Kamalrulnizam Abu Bakar ◽  
Fuad A. Ghaleb
Keyword(s):  
Large Scale ◽  
Network Performance ◽  
Software Defined Networking ◽  
Cloud Services ◽  
Future Research ◽  
Control Plane ◽  
Processing Load ◽  
Flow Table ◽  
Data Plane ◽  
Large Scale Networks

Software defined networking (SDN) is an emerging network paradigm that decouples the control plane from the data plane. The data plane is composed of forwarding elements called switches and the control plane is composed of controllers. SDN is gaining popularity from industry and academics due to its advantages such as centralized, flexible, and programmable network management. The increasing number of traffics due to the proliferation of the Internet of Thing (IoT) devices may result in two problems: (1) increased processing load of the controller, and (2) insufficient space in the switches’ flow table to accommodate the flow entries. These problems may cause undesired network behavior and unstable network performance, especially in large-scale networks. Many solutions have been proposed to improve the management of the flow table, reducing controller processing load, and mitigating security threats and vulnerabilities on the controllers and switches. This paper provides comprehensive surveys of existing schemes to ensure SDN meets the quality of service (QoS) demands of various applications and cloud services. Finally, potential future research directions are identified and discussed such as management of flow table using machine learning.

scholarly journals Mitigation of DDoS attack instigated by compromised switches on SDN controller by analyzing the flow rule request traffic

2018 ◽  
Vol 7 (2.6) ◽  
pp. 46 ◽  
Author(s):  
Sanjeetha R ◽  
Shikhar Srivastava ◽  
Rishab Pokharna ◽  
Syed Shafiq ◽  
Dr Anita Kanavalli
Keyword(s):  
Network Architecture ◽  
Flow Rule ◽  
Software Defined Network ◽  
Ddos Attacks ◽  
Control Plane ◽  
Ddos Attack ◽  
Flow Table ◽  
Data Plane ◽  
Ddos Detection ◽  
Sdn Controller

Software Defined Network (SDN) is a new network architecture which separates the data plane from the control plane. The SDN controller implements the control plane and switches implement the data plane. Many papers discuss about DDoS attacks on primary servers present in SDN and how they can be mitigated with the help of controller. In our paper we show how DDoS attack can be instigated on the SDN controller by manipulating the flow table entries of switches, such that they send continuous requests to the controller and exhaust its resources. This is a new, but one of the possible way in which a DDoS attack can be performed on controller. We show the vulnerability of SDN for this kind of attack. We further propose a solution for mitigating it, by running a DDoS Detection module which uses variation of flow entry request traffic from all switches in the network to identify compromised switches and blocks them completely.

scholarly journals Artificial Intelligence Enabled Routing in Software Defined Networking

2020 ◽  
Vol 10 (18) ◽  
pp. 6564 ◽  
Author(s):  
Yan-Jing Wu ◽  
Po-Chun Hwang ◽  
Wen-Shyang Hwang ◽  
Ming-Hua Cheng
Keyword(s):  
Artificial Intelligence ◽  
Performance Metrics ◽  
Packet Delay ◽  
Software Defined Networking ◽  
Dynamic Routing ◽  
Learning Ability ◽  
Control Plane ◽  
Monitoring Period ◽  
Data Plane ◽  
The Impact

Software defined networking (SDN) is an emerging networking architecture that separates the control plane from the data plane and moves network management to a central point, called the controller. The controller is responsible for preparing the flow tables of each switch in the data plane. Although dynamic routing can perform rerouting in case of congestion by periodically monitoring the status of each data flow, problems concerning a suitable monitoring period duration and lack of learning ability from past experiences to avoid similar but ineffective route decisions remain unsolved. This paper presents an artificial intelligence enabled routing (AIER) mechanism with congestion avoidance in SDN, which can not only alleviate the impact of monitoring periods with dynamic routing, but also provide learning ability and superior route decisions by introducing artificial intelligence (AI) technology. We evaluate the performance of the proposed AIER mechanism on the Mininet simulator by installing three additional modules, namely, topology discovery, monitoring period, and an artificial neural network, in the control plane. The effectiveness and superiority of our proposed AIER mechanism are demonstrated by performance metrics, including average throughput, packet loss ratio, and packet delay versus data rate for different monitoring periods in the system.

On generality of the data plane and scalability of the control plane in software-defined networking

2014 ◽  
Vol 11 (2) ◽  
pp. 55-64 ◽  
Author(s):  
Qingyun Zuo ◽  
Ming Chen ◽  
Ke Ding ◽  
Bo Xu
Keyword(s):  
Software Defined Networking ◽  
Control Plane ◽  
Data Plane

scholarly journals ADAPTIVE ENTROPY-BASED DETECTION AND MITIGATION OF DDOS ATTACKS IN SOFTWARE DEFINED NETWORKS

2020 ◽  
pp. 399-410
Author(s):  
Jawad Dalou' ◽  
Basheer Al-Duwairi ◽  
Mohammad Al-Jarrah
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Point Of View ◽  
Software Defined Networks ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Control Plane ◽  
Data Plane ◽  
And Control ◽  
Sdn Controller

Software Defined Networking (SDN) has emerged as a new networking paradigm that is based on the decoupling between data plane and control plane providing several benefits that include flexible, manageable, and centrally controlled networks. From a security point of view, SDNs suffer from several vulnerabilities that are associated with the nature of communication between control plane and data plane. In this context, software defined networks are vulnerable to distributed denial of service attacks. In particular, the centralization of the SDN controller makes it an attractive target for these attacks because overloading the controller with huge packet volume would result in bringing the whole network down or degrade its performance. Moreover, DDoS attacks may have the objective of flooding a network segment with huge traffic volume targeting single or multiple end systems. In this paper, we propose an entropy-based mechanism for Distributed Denial of Service (DDoS) attack detection and mitigation in SDN networks. The proposed mechanism is based on the entropy values of source and destination IP addresses of flows observed by the SDN controller which are compared to a preset entropy threshold values that change in adaptive manner based on network dynamics. The proposed mechanism has been evaluated through extensive simulation experiments.

scholarly journals MÔ PHỎNG MẠNG SOFTWARE-DEFINED NETWORKING SỬ DỤNG MININET

2021 ◽  
Vol 11 (1) ◽  
pp. 80
Author(s):  
Do Van Khoa ◽  
Tran Ngo Nhu Khanh
Keyword(s):  
Software Defined Networking ◽  
Control Plane ◽  
Data Plane

Kiến trúc mạng thế hệ mới Software-defined networking (SDN) cho phép đơn giản hóa và cải tiến việc quản lý mạng bằng cách tách biệt hai thành phần điều khiển mạng (Control plane) với chức năng vận chuyển dữ liệu (Data plane). Tuy nhiên, do đang trong quá trình nghiên cứu, việc ứng dụng SDN vào thực tế còn chưa nhiều. Phần lớn các thiết bị chuyển mạch và định tuyến mạng hiện nay có hỗ trợ SDN có giá thành cao. Một giải pháp để nghiên cứu và thử nghiệm các tính năng của SDN là dùng các công cụ giả lập. Nghiên cứu thực hiện đánh giá triển khai SDN trên các môi trường khác nhau sử dụng công cụ mô phỏng Mininet. Kết quả cho thấy môi trường mô phỏng ảnh hưởng đến thời gian thực thi mô hình mạng

scholarly journals Υπηρεσίες διαχείρισης, ελέγχου και προώθησης δεδομένων σε περιβάλλοντα εικονικής δικτύωσης οριζόμενης από λογισμικό (SDN)

2014 ◽  
Author(s):  
Χρήστος Αργυρόπουλος
Keyword(s):  
Software Defined Networking ◽  
Control Plane ◽  
Data Plane ◽  
Management Plane

Η παρούσα Διδακτορική Διατριβή πραγματεύεται το πρόβλημα διασύνδεσης ετερογενών υποδομών εικονικών υπολογιστικών πόρων στο επίπεδο προώθησης πακέτων και τον εμπλουτισμό των δομών του επιπέδου ελέγχου και του επιπέδου διαχείρισης σε περιβάλλοντα εικονικής δικτύωσης οριζόμενης από λογισμικό (Software Defined Networking – SDN) πολλαπλών χρηστών/ενοικιαστών.Το σύνολο της μελέτης επικεντρώνεται σε τρεις βασικούς άξονες με κριτήριο το επίπεδο λειτουργίας δικτύου:Επίπεδο προώθησης πακέτων (data-plane)Δημιουργία μηχανισμού διασύνδεσης (stitching) πολλαπλών εικονικών υπολογιστικών πόρων ετερογενών ομόσπονδων υποδομών με μικρή χρονική επιβάρυνση και μικρή μείωση του ρυθμού μετάδοσης των δεδομένων. Η δυναμική απόδοση των απαιτούμενων πόρων γίνεται με κριτήριο την κλιμακοθετησιμότητα (scalability).Επίπεδο διαχείρισης (management-plane)Μελέτη εγγενών δυνατοτήτων/αδυναμιών του OpenFlow για παθητική παρακολούθηση και δημιουργία μηχανισμού για την αποδοτική παρακολούθηση σε περιβάλλοντα SDN υψηλού ρυθμού ροής δεδομένων, βασιζόμενο στο OpenFlow και το sFlow. Γίνεται πειραματική μελέτη των επιπτώσεων των τεχνικών δειγματοληψίας του sFlow στον εντοπισμό δικτυακών ανωμαλιών καθώς και των επιδράσεων που έχουν οι τελευταίες στο επίπεδο κεντρικοποιημένου ελέγχου δικτύων OpenFlow.Επίπεδο ελέγχου (control-plane)Δημιουργία μηχανισμού ανάθεσης ροών ανά εικονικό δίκτυο χρήστη σε περιβάλλοντα δικτύων μεγάλης κλίμακας κεντρικοποιημένου ελέγχου που κάνουν χρήση του πρωτοκόλλου OpenFlow. Γίνεται πειραματική σύγκριση των προτεινόμενων πολιτικών διαμοιρασμού του επιπέδου ελέγχου και απομόνωσης των εικονικών δικτύων, με κριτήριο απόδοσης την αύξηση των αποδεκτών αιτημάτων χρηστών και την κατανάλωση πόρων. Το κριτήριο απομόνωσης εξασφαλίζεται από τις προτεινόμενες μεθόδους διαμοιρασμού και τις αντίστοιχες αρχιτεκτονικές διαμοιρασμού του επιπέδου ελέγχου που προτείνονται.Αρχικά μελετώνται τα επίπεδα λειτουργιών σε μοντέλα αναφοράς αρχιτεκτονικής δικτύου και δίνεται βάρος στο κεντρικοποιημένο επίπεδο ελέγχου, όπως αυτό έχει διαμορφωθεί με την χρήση του πρωτοκόλλου OpenFlow σε δίκτυα οριζόμενα από λογισμικό (SDN). Ακολουθεί αναφορά στην εικονικοποίηση δικτύων υπολογιστών και μελετώνται οι σχεδιαστικές ελλείψεις των πρώιμων υλοποιήσεων εικονικοποίησης καθώς και η εξέλιξή τους.Η μελέτη και η δημιουργία πρωτότυπου μηχανισμού διασύνδεσης (stitching) πολλαπλών εικονικών υπολογιστικών πόρων ετερογενών ομόσπονδων υποδομών περιγράφεται στη συνέχεια και αποτελεί το πρώτο μέρος της συνεισφοράς. Τα αποτελέσματα των πειραματικών μετρήσεων της πρωτότυπης υλοποίησης δείχνουν την επίτευξη μικρής χρονικής επιβάρυνσης και μικρής μείωσης του ρυθμού μετάδοσης των δεδομένων στα εικονικά δίκτυα των χρηστών. Στη συνέχεια, μελετάται η μέθοδος παθητικής παρακολούθησης με χρήση των εγγενών δυνατοτήτων του πρωτοκόλλου OpenFlow και των μειονεκτημάτων που παρουσιάζει η παρακολούθηση της δικτυακής κίνησης με την χρήση ενός πρωτοκόλλου κεντρικοποιημένου ελέγχου. Ακολουθεί η περιγραφή πλαισίου παθητικής παρακολούθησης υποδομών δικτυακής εικονικοποίησης που κάνει χρήση των πρωτοκόλλων OpenFlow και sFlow και έχει ως στόχο την ικανότητα χειρισμού μεγαλύτερου αριθμού ροών και ρυθμών μετάδοσης δεδομένων, σε σχέση με λύσεις που βασίζονται αποκλειστικά στο OpenFlow. Παρουσιάζονται πειραματικές μετρήσεις που προσφέρει ο μηχανισμός παθητικής παρακολούθησης δικτύων οριζόμενων από λογισμικό (προγραμματιζόμενα δίκτυα) με και χωρίς την συνδρομή του sFlow στον εντοπισμό και εξομάλυνση των δικτυακών ανωμαλιών. Βαρύτητα δίνεται στην αποτελεσματικότητα του sFlow (ευστοχία εντοπισμού δικτυακών ανωμαλιών, κατανάλωση πόρων του επιπέδου ελέγχου) και στην κλιμακοθετησιμότητα.Το τελευταίο μέρος της εργασίας αφορά μηχανισμό ανάθεσης ροών ανά εικονικό δίκτυο χρήστη σε περιβάλλοντα SDN κεντρικοποιημένου ελέγχου που κάνουν χρήση του πρωτοκόλλου OpenFlow. Ιδιαίτερη μελέτη, μέσω της υλοποίησης πρωτότυπης μηχανής διαμοιρασμού του πεδίου ορισμού των ροών (flowspace) και πειραματικών μετρήσεων, γίνεται για να διαπιστωθεί πως περιβάλλοντα SDN κεντρικοποιημένου ελέγχου μεγάλης κλίμακας μπορούν να κάνουν χρήση του πρωτοκόλλου OpenFlow για την παροχή προηγμένων υπηρεσιών εικονικής δικτύωσης.Εν κατακλείδι, αναφέρονται τα συμπεράσματα καθώς και οι επιστημονικές προεκτάσεις που αξιολογήθηκαν ως υψηλής ερευνητικής αξίας κατά τη συγγραφή της παρούσας Διδακτορικής Διατριβής

Sign in / Sign up

Export Citation Format

Share Document