Hybrid SDN Performance: Switching between Centralized and Distributed Modes under Unreliable Control Communication Channels

Software-defined networking generally assumes ideal control channels between controller and network nodes. This may not be the case in challenged environments that are becoming more common due to dense and reduced-coverage 5G deployments and use cases requiring cost-effective wireless transport networks. In this paper, we evaluate the impact on network performance of unreliable controller-to-node communication channels, propose a hybrid SDN (hSDN) solution that switches between centralized and distributed operational modes depending on network conditions, and evaluate this solution under a variety of network scenarios (e.g., link impairments or packet loss ratios) designed to assess its operational limits. The results show that the proposed solution substantially improved the aggregated throughput, particularly when control channel packet loss ratios increased, while only showing a slight increase in average latency (e.g., 28% throughput improvement for 20% control packet losses). This enables network operation in hard conditions under which a canonical centralized SDN control would result in a nonoperational network.

Hybrid SDN Networks: A multi-parameter server load balancing scheme

Software-defined networking (SDN) provides many benefits, including traffic programmability, agility, and network automation. However, budget constraints burdened with technical (e.g., scalability, fault tolerance, security issues) and, sometimes, business challenges (user acceptance and confidence of network operators) make providers indecisive for full SDN deployment. Therefore, incremental deployment of SDN functionality through the placement of a limited set of SDN devices among traditional devices represents a rational and efficient environment that can offer customers modern and more data-intensive services. However, while hybrid SDN provides many benefits, it also has specific challenges addressed in the literature. This paper answers one of these challenges by presenting the research and development of a new load balancing scheme in the hybrid SDN environment built with a minimal SDN device set (controller and one switch). We propose a novel load balancing scheme to monitor current server load indicators and apply multi-parameter metrics for scheduling connections to balance the load on the servers as efficiently as possible. The base of the new load balancing scheme is continuous monitoring of server load indicators and implementations of multi-parameter metrics (CPU load, I/O Read, I/O Write, Link Upload, Link Download) for scheduling connections. The testing performed on servers aims to balance the server's load as efficiently as possible. The obtained results have shown that this mechanism achieves better results than existing load balancing schemes in traditional and SDN networks. Moreover, a proposed load balancing scheme can be used with various services and applied in any client-server environment.

SD-BROV: An Enhanced BGP Hijacking Protection with Route Validation in Software-Defined eXchange

In global networks, Border Gateway Protocol (BGP) is widely used in exchanging routing information. While the original design of BGP did not focus on security protection against deliberate or accidental errors regarding to routing disruption, one of fundamental vulnerabilities in BGP is a lack of insurance in validating authority for announcing network layer reachability. Therefore, a distributed repository system known as Resource Public Key Infrastructure (RPKI) has been utilized to mitigate this issue. However, such a validation requires further deployment steps for Autonomous System (AS), and it might cause performance and compatibility problems in legacy network infrastructure. Nevertheless, with recent advancements in network innovation, some traditional networks are planning to be restructured with Software-Defined Networking (SDN) technology for gaining more benefits. By using SDN, Internet eXchange Point (IXP) is able to enhance its capability of management by applying softwarized control methods, acting as a Software-Defined eXchange (SDX) center to handle numerous advertisement adaptively. To use the SDN method to strengthen routing security of IXP, this paper proposed an alternative SDX development, SD-BROV, an SDX-based BGP Route Origin Validation mechanism that establishes a flexible route exchange scenario with RPKI validation. The validating application built in the SDN controller is capable of investigating received routing information. It aims to support hybrid SDN environments and help non-SDN BGP neighbors to get trusted routes and drop suspicious ones in transition. To verify proposed idea with emulated environment, the proof-of-concept development is deployed on an SDN testbed running over Research and Education Networks (RENs). During BGP hijacking experiment, the results show that developed SD-BROV is able to detect and stop legitimate traffic to be redirected by attacker, making approach to secure traffic forwarding on BGP routers.

Topology Poisoning Attacks and Prevention in Hybrid Software-Defined Networks

<p>The hybrid software-defined networks (SDN) architectures are beneficial for a smooth transition and less costly SDN deployment. However, legacy switches and SDN switches coexistence brings new challenges of deployment inconsistency management and security. Security is not well studied for hybrid SDN architecture. In this paper, we study the topology poisoning attacks in hybrid SDN for the first time. We propose new attack vectors for link fabrication in hybrid SDN. The new attack is named “multi-hop link fabrication”, in which an adversary successfully injects a fake multi-hop link (MHL) by exploiting the link discovery protocols. We presented the Hybrid-Shield, a link verification framework for hybrid SDN link discovery. Hybrid-Shield introduces a novel verification technique that includes: i) monitoring legacy switch and host generated traffic at MHL and ii) validating the existence of legacy switches contained in an MHL. This paper presents the prototype implementation of Hybrid-Shield over a real SDN controller. The experimental evaluation is performed with the mininet virtual network emulation. Our evaluation shows that Hybrid-Shield is capable of detecting MHL fabrication attacks in real-time with high accuracy. Hybrid-Shield’s performance evaluation shows that it is lightweight at the controller as it causes less overhead and requires no additional functionalities at the SDN controller for deployment.</p>

Topology Poisoning Attacks and Prevention in Hybrid Software-Defined Networks

<p>The hybrid software-defined networks (SDN) architectures are beneficial for a smooth transition and less costly SDN deployment. However, legacy switches and SDN switches coexistence brings new challenges of deployment inconsistency management and security. Security is not well studied for hybrid SDN architecture. In this paper, we study the topology poisoning attacks in hybrid SDN for the first time. We propose new attack vectors for link fabrication in hybrid SDN. The new attack is named “multi-hop link fabrication”, in which an adversary successfully injects a fake multi-hop link (MHL) by exploiting the link discovery protocols. We presented the Hybrid-Shield, a link verification framework for hybrid SDN link discovery. Hybrid-Shield introduces a novel verification technique that includes: i) monitoring legacy switch and host generated traffic at MHL and ii) validating the existence of legacy switches contained in an MHL. This paper presents the prototype implementation of Hybrid-Shield over a real SDN controller. The experimental evaluation is performed with the mininet virtual network emulation. Our evaluation shows that Hybrid-Shield is capable of detecting MHL fabrication attacks in real-time with high accuracy. Hybrid-Shield’s performance evaluation shows that it is lightweight at the controller as it causes less overhead and requires no additional functionalities at the SDN controller for deployment.</p>

Path computation enhancement in SDN networks

Path computation is always the core topic in networking. The target of the path computation is to choose an appropriate path for the traffic flow. With the emergence of Software-defined networking (SDN), path computation moves from the distributed network nodes to a centralized controller. In this thesis, we will present a load balancing algorithm in SDN framework for popular data center networks and a fault management approach for hybrid SDN networks. The proposed load balancing algorithm computes and selects appropriate paths based on characteristics of data center networks and congestion status. In addition, a solution that supports proper operations of a hybrid SDN network will also be proposed. The evaluation shows the proposed load balancing algorithm performs better than classic shortest path algorithms. We also demonstrated that the proposed solution for hybrid SDN networks can support proper operations in complicated hybrid SDN networks.