Final published version, 2.32 MB, PDF document
Available under license: CC BY-NC-ND: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
Research output: Thesis › Doctoral Thesis
Research output: Thesis › Doctoral Thesis
}
TY - BOOK
T1 - Towards smarter SDN switches
T2 - revisiting the balance of intelligence in SDN networks
AU - Weekes, Jonathan
PY - 2019/9/30
Y1 - 2019/9/30
N2 - Software Defined Networks (SDNs) represent a new model for building networks,in which the control plane is separated from the forwarding plane, allowing for centralised, fine grained control of traffic in the network. The benefits of SDN range widely from reducing operational costs of networks to providing better Quality of Service guarantees to its users. Its application has been shown to increase the efficiency of large networks such as data centers and improve security through Denial of Service mitigation systems and other traffic monitoring efforts.While SDN has been shown to be highly beneficial, some of its core features (e.gseparation of control and data planes and limited memory) allow malicious users to carry out Denial of Service (DoS) attacks against the network, reducing its availability and performance. Denial of Service attacks are explicit attempts to prevent legitimate users from accessing a service or resource. Such attacks can take many forms but are almost always costly to its victims, both financially and reputationally. SDN applications have been developed to mitigate some forms of DoS attacks aimed at traditional networks however, its intrinsic properties facilitate new attacks.We investigate in this thesis, the opportunity for such Denial of Service attacksin more recent versions of SDN and extensively evaluate its effect on a legitimateuser’s throughput. In light of the potential for such DoS attacks which specificallytarget the SDN infrastructure (controller, switch flow table etc), we propose thatincreasing the intelligence of SDN switches can increase the resilience of the SDNnetwork by preventing attack traffic from entering the network at its source. Todemonstrate this, we put forward in this thesis, designs for an intelligent SDN Switch and implement two additional functionalities towards realising this design into a software version of the SDN switch. These modules allow the switch to efficiently handle high control plane loads, both malicious and legitimate, to ensure the network continues to provide good service even under such circumstances. Evaluation of these modules indicate they effectively preserve the performance of the network under under high control plane loads far better than unmodified switches, with no notable drawbacks.
AB - Software Defined Networks (SDNs) represent a new model for building networks,in which the control plane is separated from the forwarding plane, allowing for centralised, fine grained control of traffic in the network. The benefits of SDN range widely from reducing operational costs of networks to providing better Quality of Service guarantees to its users. Its application has been shown to increase the efficiency of large networks such as data centers and improve security through Denial of Service mitigation systems and other traffic monitoring efforts.While SDN has been shown to be highly beneficial, some of its core features (e.gseparation of control and data planes and limited memory) allow malicious users to carry out Denial of Service (DoS) attacks against the network, reducing its availability and performance. Denial of Service attacks are explicit attempts to prevent legitimate users from accessing a service or resource. Such attacks can take many forms but are almost always costly to its victims, both financially and reputationally. SDN applications have been developed to mitigate some forms of DoS attacks aimed at traditional networks however, its intrinsic properties facilitate new attacks.We investigate in this thesis, the opportunity for such Denial of Service attacksin more recent versions of SDN and extensively evaluate its effect on a legitimateuser’s throughput. In light of the potential for such DoS attacks which specificallytarget the SDN infrastructure (controller, switch flow table etc), we propose thatincreasing the intelligence of SDN switches can increase the resilience of the SDNnetwork by preventing attack traffic from entering the network at its source. Todemonstrate this, we put forward in this thesis, designs for an intelligent SDN Switch and implement two additional functionalities towards realising this design into a software version of the SDN switch. These modules allow the switch to efficiently handle high control plane loads, both malicious and legitimate, to ensure the network continues to provide good service even under such circumstances. Evaluation of these modules indicate they effectively preserve the performance of the network under under high control plane loads far better than unmodified switches, with no notable drawbacks.
KW - SDN
KW - Software Defined Networking (S
KW - Denial of Service
U2 - 10.17635/lancaster/thesis/727
DO - 10.17635/lancaster/thesis/727
M3 - Doctoral Thesis
PB - Lancaster University
ER -