Home > Research > Publications & Outputs > Towards smarter SDN switches

Electronic data

  • 2019WeekesPhD

    Final published version, 2.32 MB, PDF document

    Available under license: CC BY-NC-ND: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License

Text available via DOI:

View graph of relations

Towards smarter SDN switches: revisiting the balance of intelligence in SDN networks

Research output: ThesisDoctoral Thesis

Published

Standard

Towards smarter SDN switches : revisiting the balance of intelligence in SDN networks. / Weekes, Jonathan.

Lancaster University, 2019. 216 p.

Research output: ThesisDoctoral Thesis

Harvard

APA

Vancouver

Author

Bibtex

@phdthesis{bb87948a4d3947b3b8c14dcca7d27411,
title = "Towards smarter SDN switches: revisiting the balance of intelligence in SDN networks",
abstract = "Software Defined Networks (SDNs) represent a new model for building networks,in which the control plane is separated from the forwarding plane, allowing for centralised, fine grained control of traffic in the network. The benefits of SDN range widely from reducing operational costs of networks to providing better Quality of Service guarantees to its users. Its application has been shown to increase the efficiency of large networks such as data centers and improve security through Denial of Service mitigation systems and other traffic monitoring efforts.While SDN has been shown to be highly beneficial, some of its core features (e.gseparation of control and data planes and limited memory) allow malicious users to carry out Denial of Service (DoS) attacks against the network, reducing its availability and performance. Denial of Service attacks are explicit attempts to prevent legitimate users from accessing a service or resource. Such attacks can take many forms but are almost always costly to its victims, both financially and reputationally. SDN applications have been developed to mitigate some forms of DoS attacks aimed at traditional networks however, its intrinsic properties facilitate new attacks.We investigate in this thesis, the opportunity for such Denial of Service attacksin more recent versions of SDN and extensively evaluate its effect on a legitimateuser{\textquoteright}s throughput. In light of the potential for such DoS attacks which specificallytarget the SDN infrastructure (controller, switch flow table etc), we propose thatincreasing the intelligence of SDN switches can increase the resilience of the SDNnetwork by preventing attack traffic from entering the network at its source. Todemonstrate this, we put forward in this thesis, designs for an intelligent SDN Switch and implement two additional functionalities towards realising this design into a software version of the SDN switch. These modules allow the switch to efficiently handle high control plane loads, both malicious and legitimate, to ensure the network continues to provide good service even under such circumstances. Evaluation of these modules indicate they effectively preserve the performance of the network under under high control plane loads far better than unmodified switches, with no notable drawbacks.",
keywords = "SDN, Software Defined Networking (S, Denial of Service",
author = "Jonathan Weekes",
year = "2019",
month = sep,
day = "30",
doi = "10.17635/lancaster/thesis/727",
language = "English",
publisher = "Lancaster University",
school = "Lancaster University",

}

RIS

TY - THES

T1 - Towards smarter SDN switches

T2 - revisiting the balance of intelligence in SDN networks

AU - Weekes, Jonathan

PY - 2019/9/30

Y1 - 2019/9/30

N2 - Software Defined Networks (SDNs) represent a new model for building networks,in which the control plane is separated from the forwarding plane, allowing for centralised, fine grained control of traffic in the network. The benefits of SDN range widely from reducing operational costs of networks to providing better Quality of Service guarantees to its users. Its application has been shown to increase the efficiency of large networks such as data centers and improve security through Denial of Service mitigation systems and other traffic monitoring efforts.While SDN has been shown to be highly beneficial, some of its core features (e.gseparation of control and data planes and limited memory) allow malicious users to carry out Denial of Service (DoS) attacks against the network, reducing its availability and performance. Denial of Service attacks are explicit attempts to prevent legitimate users from accessing a service or resource. Such attacks can take many forms but are almost always costly to its victims, both financially and reputationally. SDN applications have been developed to mitigate some forms of DoS attacks aimed at traditional networks however, its intrinsic properties facilitate new attacks.We investigate in this thesis, the opportunity for such Denial of Service attacksin more recent versions of SDN and extensively evaluate its effect on a legitimateuser’s throughput. In light of the potential for such DoS attacks which specificallytarget the SDN infrastructure (controller, switch flow table etc), we propose thatincreasing the intelligence of SDN switches can increase the resilience of the SDNnetwork by preventing attack traffic from entering the network at its source. Todemonstrate this, we put forward in this thesis, designs for an intelligent SDN Switch and implement two additional functionalities towards realising this design into a software version of the SDN switch. These modules allow the switch to efficiently handle high control plane loads, both malicious and legitimate, to ensure the network continues to provide good service even under such circumstances. Evaluation of these modules indicate they effectively preserve the performance of the network under under high control plane loads far better than unmodified switches, with no notable drawbacks.

AB - Software Defined Networks (SDNs) represent a new model for building networks,in which the control plane is separated from the forwarding plane, allowing for centralised, fine grained control of traffic in the network. The benefits of SDN range widely from reducing operational costs of networks to providing better Quality of Service guarantees to its users. Its application has been shown to increase the efficiency of large networks such as data centers and improve security through Denial of Service mitigation systems and other traffic monitoring efforts.While SDN has been shown to be highly beneficial, some of its core features (e.gseparation of control and data planes and limited memory) allow malicious users to carry out Denial of Service (DoS) attacks against the network, reducing its availability and performance. Denial of Service attacks are explicit attempts to prevent legitimate users from accessing a service or resource. Such attacks can take many forms but are almost always costly to its victims, both financially and reputationally. SDN applications have been developed to mitigate some forms of DoS attacks aimed at traditional networks however, its intrinsic properties facilitate new attacks.We investigate in this thesis, the opportunity for such Denial of Service attacksin more recent versions of SDN and extensively evaluate its effect on a legitimateuser’s throughput. In light of the potential for such DoS attacks which specificallytarget the SDN infrastructure (controller, switch flow table etc), we propose thatincreasing the intelligence of SDN switches can increase the resilience of the SDNnetwork by preventing attack traffic from entering the network at its source. Todemonstrate this, we put forward in this thesis, designs for an intelligent SDN Switch and implement two additional functionalities towards realising this design into a software version of the SDN switch. These modules allow the switch to efficiently handle high control plane loads, both malicious and legitimate, to ensure the network continues to provide good service even under such circumstances. Evaluation of these modules indicate they effectively preserve the performance of the network under under high control plane loads far better than unmodified switches, with no notable drawbacks.

KW - SDN

KW - Software Defined Networking (S

KW - Denial of Service

U2 - 10.17635/lancaster/thesis/727

DO - 10.17635/lancaster/thesis/727

M3 - Doctoral Thesis

PB - Lancaster University

ER -