Literature Review
SDN (Software defined networking) is one of the emerging networking architecture that has soared to the highest point of the network administration technology since its development and first commercial use in the year 2008. One of the crucial characteristics of the SDN networking paradigm is changing the focus from hardware to the software components while separating the control plane from hardware’s like routers, switches to the software components.
The decoupling of the control and data plane helps in the centralization of the routing decisions opposed to the decentralized routing decisions in the traditional networking paradigm. Using the SDN networking paradigm, the network administrator can operate their organizational network more effectively as they can arrange and set priority to the specific data packets in real-time utilizing the SDN controller. This helps in optimized data flow in that network and thus is helpful in exploitation of the flexibility of SDN in order to utilize the other available paths for different data traffic in the network.
In the journal “The Road to SDN: An Intellectual History of Programmable Networks”, the authors Feamster, Rexford and Zegura described the development of the SDN as a programmable network and the key concepts used in the development of the SDN. The paper also discusses the separation of the control and data plane which enables the network administrator to have control over the multiple data planes using an API (Application Programing Interface) such as OpenFlow.
In their paper the authors discusses about the Active Networks as the predecessor technology developed in 1990’s. This was the first programmable network approach that helped the network administrators to control the network activities using the network API. The authors opined that much of the development of SDN technology concentrated on control-plane programmability, on the other hand the active networks focused on data-plane programmability for better perfuming and programmable networks. After the development and modifications of the data-plane programmability the researchers and developers persistently worked on the control-plane programmability.
This journal also discussed the change of the control functionality from the network equipment’s (such as switches and routers) and to the separate servers which are programmable. This step in the virtualized network configuration is important as network management is, by classification, a network-wide controlling activity. Use of the open-source routing software in the centralized data packet routing controllers lowered the obstruction in controlling the network traffic by different programming implementations.
In different sections of this report, the use of the OpenFlow and different Network OS for managing and engineering the data traffic is also discussed.
The OpenFlow is a data traffic management protocol which is used to depict interaction among the control servers with OpenFlow-protocol compliant switches. Any OpenFlow controller introduces data packet flow tables in the compatible switches, so that these switches can forward the data traffic as indicated by the specific table entries [3]. In this manner, OpenFlow switches rely on the automated configuration of the controllers. Any data packet flow is grouped or classified by matching fields that are same to the ACLs (Access Control Lists). This may also include special cases or the wild cards.
Data Plane Programmability and OpenFlow
In another article titled “A Survey on Software-Defined Networking”, the authors discussed about different aspects of the SDN in brief. As opined by the authors of this journal the with the ability to secure prompt network status, SDN helps the network administrator to have centralized real time control of the network in light of both user defined policies for the network and real time status of the network. This mechanism further prompts benefits in improving network performance and related network configuration. The potential advantage of SDN is additionally evidenced by the fact that, this programmable network architecture offers a platform for experimentations of new procedures in the concerned network and empowers new system designs.
In the traditional network architecture the data layer/plane is mainly responsible for the transmission of the data packets in a network utilizing the routes/paths determined by control plane of the network [6]. This control plane utilizes the intelligence of any network. At the point when the control plane is designed and implemented in any hardware device (e.g. a switch) data packet forwarding choices depending on the matching parameters and entries in a routing table are stored in the memory of the hardware device.
The routing table entries are dependent on the network topology. The routing of the data packets using the static routes are done by explicitly programmed switches to utilize a specific route to reach a specific destination inside or outside of the network.
Moreover, the challenges related to implementation and use of the SDN is also discussed by the authors in this paper. Some of the common challenges incorporate SDN interoperability along with the legacy networking devices (routers and switches). In addition to that, the privacy and performance management issues in the centralized control and lack of technical experts in case any adverse situations acts as the obstacles in the adoption and implementation of SDN [1]. Existing deployment of the SDN architecture are restricted to test bed for research models. Models for inquire about reason stay untimely to offer certainty for real world deployment of this architecture.
In the journal “Security in Software-Defined Networking: Threats and Countermeasures”, the authors explained some of the security issues related to the SDN architecture and the countermeasures to confront the threats. According to the authors the centralized control feature of the SDN helps in providing global view of the concerned network. This provides sufficient information for network administrator to optimally use the network resources and utilities in order to improve performance of the network. Therefore, SDN architecture helps in bridging the defects and pitfalls of traditional networks and its configuration. In addition to that, this architecture also helps in meeting multi-tenant network requirements in cloud environment efficiently and effectively [4]. The authors discussed some of the data link layer security threats which includes the DoS attacks to overflow buffer table and Flow buffer, man in the middle attack.
In case of the control layer, it includes threats like DoS attacks on the controller, attacks on the multi controllers and threats from the applications running in the nodes of the network.
Network Control with SDN
In addition to that, there are several threats to the application layer of SDN, this incudes breach in the security rules, illegal access and configuration conflicts.
Along with this security threats to the SDN architectures the authors provided several countermeasures to prevent the exploitation of this threats by the attackers.
Reactive rule of OpenFlow protocol and DoS attack: This rule enables the SDN architecture to add a new rule in the flow table whenever a new data packet arrives in the network the flow table of the network devices inserts a new rule in the switch for the better performance of the network. This mechanism makes the switches vulnerable to the Denial of Service (DoS) attacks. As the data packets with unknown destination address will make another rule to be embedded in the switch, an attacker can send a lot of data packets to the targeted SDN in a brief timeframe, in this way rapidly filling up a switch’s Flow Table storage. At the point when the Flow Table is immersed by irregular traffic the legal traffic would not be processed and forwarded correctly.
Illegal access to the network: As per the specification of OpenFlow protocol, applications running on the controller are extremely extensible and adaptable. In addition to that they have privileges to access the network resources by which they can control network behavior. In most of the cases it is observed that majority of these applications are developed by third party development organizations and not by the controller vendors [5]. In this manner, the absence of a standard security mechanism for SDN applications causes security threats to the applications running inside the network.
Configuration and security conflict: As the SDN architecture is mainly helpful in providing different services thus requires several security applications that will access security interfaces of different controllers. Thus large number of security applications may introduce conflicts between the different security rules of different applications.
In order to mitigate the security issues related to the illegal access to the network can be mitigated by using permission systems like PermOF. This provides privilege control if the OpenFlow controllers. It enforces a set of 18 permissions for the controllers API’s in addition to that the VeriCon and Verificare are the tools that can be used for implementing formal verification techniques before accessing the SDN implemented network architecture.
References
N. Feamster, J. Rexford and E. Zegura, “The road to SDN”, ACM SIGCOMM Computer Communication Review, vol. 44, no. 2, pp. 87-98, 2014.
Z. Shu, J. Wan, D. Li, J. Lin, A. Vasilakos and M. Imran, “Security in Software-Defined Networking: Threats and Countermeasures”, Mobile Networks and Applications, vol. 21, no. 5, pp. 764-776, 2016.
M. Dabbagh, B. Hamdaoui, M. Guizani and A. Rayes, “Software-defined networking security: pros and cons”, IEEE Communications Magazine, vol. 53, no. 6, pp. 73-79, 2015.
J. Spooner and D. Shao, “A Review of Solutions for SDN-Exclusive Security Issues“, International Journal of Advanced Computer Science and Applications, vol. 7, no. 8, 2016.
S. Scott-Hayward, S. Natarajan and S. Sezer, “A Survey of Security in Software Defined Networks”, IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 623-654, 2016.
W. Xia, Y. Wen, ,. Foh, D. Niyato and H. Xie, “A Survey on Software-Defined Networking”, IEEE Communication Surveys & Tutorials, vol. 17, no. 1, pp. 27-51, 2015.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
