1,488 research outputs found
LineSwitch: Efficiently Managing Switch Flow in Software-Defined Networking while Effectively Tackling DoS Attacks
Software Defined Networking (SDN) is a new networking architecture which aims
to provide better decoupling between network control (control plane) and data
forwarding functionalities (data plane). This separation introduces several
benefits, such as a directly programmable and (virtually) centralized network
control. However, researchers showed that the required communication channel
between the control and data plane of SDN creates a potential bottleneck in the
system, introducing new vulnerabilities. Indeed, this behavior could be
exploited to mount powerful attacks, such as the control plane saturation
attack, that can severely hinder the performance of the whole network.
In this paper we present LineSwitch, an efficient and effective solution
against control plane saturation attack. LineSwitch combines SYN proxy
techniques and probabilistic blacklisting of network traffic. We implemented
LineSwitch as an extension of OpenFlow, the current reference implementation of
SDN, and evaluate our solution considering different traffic scenarios (with
and without attack). The results of our preliminary experiments confirm that,
compared to the state-of-the-art, LineSwitch reduces the time overhead up to
30%, while ensuring the same level of protection.Comment: In Proceedings of the 10th ACM Symposium on Information, Computer and
Communications Security (ASIACCS 2015). To appea
Design of a Hybrid Modular Switch
Network Function Virtualization (NFV) shed new light for the design,
deployment, and management of cloud networks. Many network functions such as
firewalls, load balancers, and intrusion detection systems can be virtualized
by servers. However, network operators often have to sacrifice programmability
in order to achieve high throughput, especially at networks' edge where complex
network functions are required.
Here, we design, implement, and evaluate Hybrid Modular Switch (HyMoS). The
hybrid hardware/software switch is designed to meet requirements for modern-day
NFV applications in providing high-throughput, with a high degree of
programmability. HyMoS utilizes P4-compatible Network Interface Cards (NICs),
PCI Express interface and CPU to act as line cards, switch fabric, and fabric
controller respectively. In our implementation of HyMos, PCI Express interface
is turned into a non-blocking switch fabric with a throughput of hundreds of
Gigabits per second.
Compared to existing NFV infrastructure, HyMoS offers modularity in hardware
and software as well as a higher degree of programmability by supporting a
superset of P4 language
- …