Combined control and data plane robustness of SDN networks against malicious node attacks

In the context of software-defined networking (SDN), we address a variant of the controller placement problem (CPP), which takes into account the network robustness at both control and data plane layers. For given maximum values of switch-controller and controller-controller delays at the regular state (i.e., when the network is fully operational), the aim is to maximize the network robustness against a set of failure states, each state defined as a possible malicious attack to multiple network nodes. We assume that the attacker knows the data plane topology and, therefore, can adopt either one of three commonly considered node centrality attacks (based on the node degree, closeness or betweenness centralities), or an attack to the nodes which are the optimal solution of the critical node detection (CND) problem. We propose a set of robustness metrics which are used to obtain the optimal solutions for the robust CPP variant. We present a set of computational results comparing the average delays and robustness values of the robust CPP solutions against those minimizing only the average switch-controller and controller-controller delays. Moreover, the impact of using the CND based attack in the robustness evaluation of CPP solutions is also assessed in the computational results.publishe

The minimum cost D-geodiverse anycast routing with optimal selection of anycast nodes

Consider a geographical network with associated link costs. In anycast routing, network nodes are partitioned into two sets - the source nodes and the anycast (destination) nodes - and the traffic of each source node is routed towards the anycast node providing the minimum routing cost path. By considering a given geographical distance parameter D, we define an anycast routing solution as D-geodiverse when for each source node there are two routing paths, each one towards a different anycast node, such that the geographical distance between the two paths is at least D. Such a solution has the property that any disaster with a coverage diameter below D affecting one routing path (but without involving neither the source node nor its entire set of outgoing links) cannot affect the other path, enhancing in this way the network robustness to natural disasters. The selection of the anycast nodes has an impact both on the feasibility and cost of a D- geodiverse anycast routing solution. Therefore, for a desired number of anycast nodes R, we define the minimum cost D- geodiverse anycast problem (MCD-GAP) aiming to identify a set of R anycast nodes that obtain a minimum cost routing solution. The problem is defined based on integer linear programming and is extended to consider the existence of vulnerability regions in the network, i.e., by imposing the geographical distance D only between network elements belonging to the same region. We present computational results showing the tradeoff between D and R in the optimal solutions obtained with and without vulnerability regions.This paper is based upon work from COST Action CA15127 ("Resilient communication services protecting end user applications from disaster-based failures ‒ RECODIS") supported by COST Association. The work was financially supported by FCT, Portugal, under the projects CENTRO- 01-0145-FEDER-029312 and UID/EEA/50008/2013 and through the postdoc grant SFRH/BPD/ 111503/2015.publishe