To eliminate the threat of a Single Point of Failure in the SDN by using the Multiple Controllers

The Software Defined Network (SDN) provides an innovative paradigm for networking, which improve the programmability and flexibility of the network. Due to the separation between the control and data plane, all the control logic transfer to the controller. In SDN, the controller, which provides a global view of the whole network. That is why it acts as the “Network Brain” of the network. Because the controller has the capability to configure or reconfigure the forwarding devices by customizing their policies in a dynamic manner. Thus, the controller provides a centralized logical view of the entire network. Therefore, all manipulation and implementation in the network are control by the single controller in the SDN, which increases the maximum chance of a single point of failure (SPOF) in the network. As a consequence, it collapses the entire network. Therefore, a fault tolerance mechanism is required which reduce single point of failure in the network by using multiple controllers. As a significance, this mechanism also increases the scalability, reliability, and high availability of services in the network. The three different roles of multiple controllers are equal, master and slave exist in the SDN. In the simulation, the Ryu SDN controller and Mininet tool are utilized. During the simulation to analysis, what is happen when a single point of failure (SPOF) occur in the network and how to use the different roles of the multiple controllers (such as equal, master and slave) which reduces the threat of single point of failure in SDN network.

Download Full-text

High Availability Performance on OpenDayLight SDN Controller Platform (OSCP) Clustering and OpenDayLight with Heartbeat-Distributed Replicated Block Device (DRBD)

JURNAL INFOTEL ◽

10.20895/infotel.v10i3.389 ◽

2018 ◽

Vol 10 (3) ◽

pp. 149

Author(s):

Andre Rizki Dewo Nugraha ◽

Ridha Muldina Negara ◽

Danu Dwi Sanjoyo

Keyword(s):

High Availability ◽

Software Defined Network ◽

Network Development ◽

Clustering Method ◽

Master Controller ◽

Qos Parameters ◽

Connected Cluster ◽

Sdn Controller ◽

Centralized Controller

In this day people are asking for a reliable network when technology at its limit. Software-Defined Network (SDN) is an answer to that problem of network development where all the control over the network becomes centralized. However, all services controlled by a centralized controller have a big disadvantage if the controller dies. The High Availability (HA) is the solution. HA controller is divided into master and slave, when master controller is down then slave controller will respond to replace the function of master controller. In this research the system will be made by using two methods namely OpenDayLight SDN Controller Platform (OSCP) clustering and Heartbeat-DRBD (Distributed Replicated Block Device). OSCP clustering is a feature on OpenDayLight controller that is ready to be used and only need to be configured, with OSCP the main and backup controller clustering will be on connected cluster. Heartbeat-DRBD is an application commonly used to create High Availability systems on a server, but in this study will be used for the controller, Heartbeat will monitoring the main controller and if indicated to be down will move the resources to the backup controller with the DRBD application. From the simulation result shows that OSCP Clustering Failover and Failback average Time is 17 seconds while Heartbeat-DRBD is 23-45 seconds depends on how many switch and host are.While QoS parameters on both method have simillar value.it can be concluded that the High Availability system with OSCP Clustering method is more stable and good rather than Heartbeat-DRBD method to apply in a network.

Download Full-text

Improving Resiliency in SDN using Routing Tree Algorithms

International Journal of Knowledge Discovery in Bioinformatics ◽

10.4018/ijkdb.2017010104 ◽

2017 ◽

Vol 7 (1) ◽

pp. 42-57

Author(s):

Kshira Sagar Sahoo ◽

Bibhudatta Sahoo ◽

Ratnakar Dash ◽

Brojo Kishore Mishra

Keyword(s):

Time Window ◽

Graph Model ◽

Closeness Centrality ◽

Software Defined Network ◽

Greedy Routing ◽

Control Logic ◽

Random Graph Model ◽

Tree Algorithms ◽

Single Controller ◽

Routing Tree

The ability to recover the control logic after a failure is detected in specific time window is called resiliency. The Software Defined Network (SDN) is an emerged and powerful architecture which allow to separate the control plane from forwarding. This decoupling architecture brings new difficulties to the network resiliency because link failure between switch and controller could defunct the forwarding plane. It has been identified that the resiliency of the network can be improved by choosing the correct place for the controller and by choosing proper routing tree once the controller location is known. In this work, we have analysed the performance of various Routing Tree algorithms on different network topology generated by Bernoulli Random Graph model and found that Greedy Routing Tree (GRT) provides the maximum resiliency. The Closeness Centrality Theorem has proposed to find the best controller position and later analysed the performance of various single controller placement algorithms on GRT for finding the overall improvement of the resiliency of the network.

Download Full-text

A Novel DDoS Attack-aware Smart Backup Controller Placement in SDN Design

Annals of Emerging Technologies in Computing ◽

10.33166/aetic.2020.05.005 ◽

2020 ◽

Vol 4 (5) ◽

pp. 75-92

Author(s):

Muhammad Reazul Haque ◽

Saw Chin Tan ◽

Zulfadzli Yusoff ◽

Kashif Nisar ◽

Ching Kwang Lee ◽

...

Keyword(s):

Single Point ◽

Denial Of Service ◽

Security Issue ◽

Fundamental Factor ◽

Security Issues ◽

Ddos Attack ◽

Controller Placement ◽

Single Controller ◽

The Cost ◽

Entire Network

Security issues like Distributed Denial of Service (DDoS) attacks are becoming the main threat for Software-Defined Networking (SDN). Controller placement is a fundamental factor in the design and planning of SDN infrastructure. The controller could be seen as a single dot of failure for the whole SDN and it's the alluring point for DDoS attack. Single controller placement implies a single point of SDN control. So, there is a very high chance to fail the entire network topology as the controller associated with all switches. As a result, legitimate clients won't have the capacity to use SDN services. This is the reason why the controller is the suitable center dot of attack for the aggressor. To protect SDN from this type of single purpose of failure, it is essential to place multiple smart backup controllers to guarantee the SDN operation. In this paper, we propose a novel Integer Linear Programming (ILP) model to optimize the security issue by placing powerful smart backup controller. Result obtained from the simulation shows that our proposed novel ILP model can suggest single or multiple smart backup controller placement to support several ordinary victim controllers which has the capacity to save the cost of multiple ordinary controllers by sharing link, maximum new flows per second of controller and port, etc.

Download Full-text

Design and Implementation of Distributed Controller Clustering for Solving the Issue of Single Failure in SDN Networks

Webology ◽

10.14704/web/v18i2/web18395 ◽

2021 ◽

Vol 18 (2) ◽

pp. 1365-1378

Author(s):

Wed Kadhim Oleiwi ◽

Alharith A. Abdullah

Keyword(s):

Loss Rate ◽

Control Structure ◽

Single Point ◽

Packet Loss Rate ◽

Centralized Control ◽

Distributed Controller ◽

Distributed Controllers ◽

The One ◽

Entire Network ◽

Sdn Controller

Abstract Software-Defined Networks (SDN) It is a centralized control structure in the network that opens up new possibilities that did not exist before. The significant characteristic of this innovative approach is the focus on the capability of proposing networks of high dynamicity and programmability to transform the intelligence of underlying systems to the networks via controllers. The main issue of the SDN approach is found in its security, mainly due to its central-controlling architecture since the entire network is controlled from a central point. This makes it very vulnerable to single-point failure. In this paper, a fully Distributed SDN controller is proposed for solving the one point failure which exists within the single SDN controller. In general, the concept involves forming cluster of distributed controllers whereby each controller controls its domain and can thereby share the load within the network. The experimental results of the proposed system show an increase and enhancement in the performance of the network. The single-point failure issues have been overcome. The throughput of the proposed system increased with 20% while the packet loss rate was minimize with 33%.

Download Full-text

Feature Based Comparison and Selection of SDN Controller

International Journal of Innovation and Technology Management ◽

10.1142/s0219877019500299 ◽

2019 ◽

Vol 16 (05) ◽

pp. 1950029

Author(s):

Mohammed Abdul Rahman AlShehri ◽

Shailendra Mishra

Keyword(s):

Network Performance ◽

Campus Network ◽

Analytic Hierarchy ◽

Decision Logic ◽

Feature Based ◽

Efficient Processing ◽

Hierarchy Process ◽

Entire Network ◽

Sdn Controller ◽

Selection Of

Software defined network (SDN) controller selection in SDN is a key challenge to the network administrator. In SDN, control plane is an isolated process and operate on control layer. The controller provides a universal view of the entire network and support applications and services. The three focused parameters for controller selection are productivity, campus network and open source. In SDN, it is vital to have a good device for the efficient processing of all requests made by the switch and for good behavior of the network. For selecting best controller for the specified parameters, decision logic has to be developed that allow us to do comparison of the available controllers. Therefore, in this research we have suggested a methodology that uses analytic-hierarchy-process (AHP) to find a best controller. The approach has been studied and verified for a big organization network setup of Al-Majmaah University, Saudi Arabia. The approach is found to be more effective and increase the network performance significantly.

Download Full-text

Securing SDN-Enabled Smart Power Grids

Cyber-Physical Systems for Next-Generation Networks - Advances in Computer and Electrical Engineering ◽

10.4018/978-1-5225-5510-0.ch004 ◽

2018 ◽

pp. 79-98

Author(s):

Uttam Ghosh ◽

Pushpita Chatterjee ◽

Sachin Shetty

Keyword(s):

Smart Grid ◽

Smart Grids ◽

Single Point ◽

Performance Comparison ◽

Power Grids ◽

Smart Power ◽

Control Center ◽

Grid Networks ◽

Result Show ◽

Sdn Controller

Software-defined networking (SDN) provides flexibility in controlling, managing, and dynamically reconfiguring the distributed heterogeneous smart grid networks. Considerably less attention has been received to provide security in SDN-enabled smart grids. Centralized SDN controller protects smart grid networks against outside attacks only. Furthermore, centralized SDN controller suffers from a single point of compromise and failure which is detrimental to security and reliability. This chapter presents a framework with multiple SDN controllers and security controllers that provides a secure and robust smart grid architecture. The proposed framework deploys a local IDS to provide security in a substation. Whereas a global IDS is deployed to provide security in control center and overall smart grid network, it further verifies the consequences of control-commands issued by SDN controller and SCADA master. Performance comparison and simulation result show that the proposed framework is efficient as compared to existing security frameworks for SDN-enabled smart grids.

Download Full-text

Securing SDN-Enabled Smart Power Grids

10.4018/978-1-6684-3666-0.ch046 ◽

2022 ◽

pp. 1028-1046

Author(s):

Uttam Ghosh ◽

Pushpita Chatterjee ◽

Sachin Shetty

Keyword(s):

Smart Grid ◽

Smart Grids ◽

Single Point ◽

Performance Comparison ◽

Power Grids ◽

Smart Power ◽

Control Center ◽

Grid Networks ◽

Result Show ◽

Sdn Controller

Download Full-text

ROUTING IMPLEMENTATION BASED-ON SOFTWARE DEFINED NETWORK USING RYU CONTROLLER AND OPENVSWITCH

Jurnal Teknologi ◽

10.11113/jt.v78.8315 ◽

2016 ◽

Vol 78 (5) ◽

Author(s):

Yuli Sun Hariyani ◽

Indrarini Dyah Irawati ◽

Danu Dwi S. ◽

Mohammad Nuruzzamanirridha

Keyword(s):

Control Function ◽

Raspberry Pi ◽

Small Scale ◽

Software Defined Network ◽

Standard Protocol ◽

Open Flow ◽

Control Functions ◽

Forward Function ◽

And Control ◽

Sdn Controller

Open Flow is a standard protocol for differentiating forward function and control functions to facilitate the management of big network of SDN. The research have been carried out before using the emulator SDN Mininet. However Mininet has many shortcomings, such as the performance of which is less than the maximum due to simulation. Then some researchers also use the Net-FPGA as device. This device is less suitable for small scale because the prices are quite expensive and programming is quite complicated. In this study, SDN implementation carried out using OpenvSwitch as forwarding function mounted on TP-Link that has modificated using openwrt as firmware and Raspberry Pi with Ryu SDN Controller as control functions. The result shows that routing static can be implemented on SDN Network which use Raspberry Pi with Ryu Controller as control function with average bandwith 536.0909 Mbits/sec and average uptime network is 10.45 second.

Download Full-text

Mitigation of DDoS attack instigated by compromised switches on SDN controller by analyzing the flow rule request traffic

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.6.10065 ◽

2018 ◽

Vol 7 (2.6) ◽

pp. 46 ◽

Cited By ~ 2

Author(s):

Sanjeetha R ◽

Shikhar Srivastava ◽

Rishab Pokharna ◽

Syed Shafiq ◽

Dr Anita Kanavalli

Keyword(s):

Network Architecture ◽

Flow Rule ◽

Software Defined Network ◽

Ddos Attacks ◽

Control Plane ◽

Ddos Attack ◽

Flow Table ◽

Data Plane ◽

Ddos Detection ◽

Sdn Controller

Software Defined Network (SDN) is a new network architecture which separates the data plane from the control plane. The SDN controller implements the control plane and switches implement the data plane. Many papers discuss about DDoS attacks on primary servers present in SDN and how they can be mitigated with the help of controller. In our paper we show how DDoS attack can be instigated on the SDN controller by manipulating the flow table entries of switches, such that they send continuous requests to the controller and exhaust its resources. This is a new, but one of the possible way in which a DDoS attack can be performed on controller. We show the vulnerability of SDN for this kind of attack. We further propose a solution for mitigating it, by running a DDoS Detection module which uses variation of flow entry request traffic from all switches in the network to identify compromised switches and blocks them completely.

Download Full-text

Cloud Based Data Protection in Anonymously Controlled SDN

Security and Communication Networks ◽

10.1155/2018/9845426 ◽

2018 ◽

Vol 2018 ◽

pp. 1-8 ◽

Cited By ~ 1

Author(s):

Jian Shen ◽

Jun Shen ◽

Chin-Feng Lai ◽

Qi Liu ◽

Tianqi Zhou

Keyword(s):

Data Protection ◽

The Other ◽

Software Defined Network ◽

Storage Space ◽

Control Plane ◽

Conventional Model ◽

Novel Structure ◽

Data Plane ◽

Single Controller ◽

The One

Nowadays, Software Defined Network (SDN) develops rapidly for its novel structure which separates the control plane and the data plane of network devices. Many researchers devoted themselves to the study of such a special network. However, some limitations restrict the development of SDN. On the one hand, the single controller in the conventional model bears all threats, and the corruption of it will result in network paralysis. On the other hand, the data will be increasing more in SDN switches in the data plane, while the storage space of these switches is limited. In order to solve the mentioned issues, we propose two corresponding protocols in this paper. Specifically, one is an anonymous protocol in the control plane, and the other is a verifiable outsourcing protocol in the data plane. The evaluation indicates that our protocol is correct, secure, and efficient.

Download Full-text