Home > Research > Publications & Outputs > Towards smarter SDN switches

Electronic data

  • 2019WeekesPhD

    Final published version, 2 MB, PDF document

    Available under license: CC BY-NC-ND: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License

Text available via DOI:

View graph of relations

Towards smarter SDN switches: revisiting the balance of intelligence in SDN networks

Research output: ThesisDoctoral Thesis

Published
  • Jonathan Weekes
Close
Publication date30/09/2019
Number of pages216
QualificationPhD
Awarding Institution
  • Lancaster University
Supervisors/Advisors
Award date30/09/2019
Publisher
  • Lancaster University
Original languageEnglish

Abstract

Software Defined Networks (SDNs) represent a new model for building networks,
in which the control plane is separated from the forwarding plane, allowing for centralised, fine grained control of traffic in the network. The benefits of SDN range widely from reducing operational costs of networks to providing better Quality of Service guarantees to its users. Its application has been shown to increase the efficiency of large networks such as data centers and improve security through Denial of Service mitigation systems and other traffic monitoring efforts.

While SDN has been shown to be highly beneficial, some of its core features (e.g
separation of control and data planes and limited memory) allow malicious users to carry out Denial of Service (DoS) attacks against the network, reducing its availability and performance. Denial of Service attacks are explicit attempts to prevent legitimate users from accessing a service or resource. Such attacks can take many forms but are almost always costly to its victims, both financially and reputationally. SDN applications have been developed to mitigate some forms of DoS attacks aimed at traditional networks however, its intrinsic properties facilitate new attacks.

We investigate in this thesis, the opportunity for such Denial of Service attacks
in more recent versions of SDN and extensively evaluate its effect on a legitimate
user’s throughput. In light of the potential for such DoS attacks which specifically
target the SDN infrastructure (controller, switch flow table etc), we propose that
increasing the intelligence of SDN switches can increase the resilience of the SDN
network by preventing attack traffic from entering the network at its source. To
demonstrate this, we put forward in this thesis, designs for an intelligent SDN Switch and implement two additional functionalities towards realising this design into a software version of the SDN switch. These modules allow the switch to efficiently handle high control plane loads, both malicious and legitimate, to ensure the network continues to provide good service even under such circumstances. Evaluation of these modules indicate they effectively preserve the performance of the network under under high control plane loads far better than unmodified switches, with no notable drawbacks.