1,012 research outputs found
Time4: Time for SDN
With the rise of Software Defined Networks (SDN), there is growing interest
in dynamic and centralized traffic engineering, where decisions about
forwarding paths are taken dynamically from a network-wide perspective.
Frequent path reconfiguration can significantly improve the network
performance, but should be handled with care, so as to minimize disruptions
that may occur during network updates.
In this paper we introduce Time4, an approach that uses accurate time to
coordinate network updates. Time4 is a powerful tool in softwarized
environments, that can be used for various network update scenarios.
Specifically, we characterize a set of update scenarios called flow swaps, for
which Time4 is the optimal update approach, yielding less packet loss than
existing update approaches. We define the lossless flow allocation problem, and
formally show that in environments with frequent path allocation, scenarios
that require simultaneous changes at multiple network devices are inevitable.
We present the design, implementation, and evaluation of a Time4-enabled
OpenFlow prototype. The prototype is publicly available as open source. Our
work includes an extension to the OpenFlow protocol that has been adopted by
the Open Networking Foundation (ONF), and is now included in OpenFlow 1.5. Our
experimental results show the significant advantages of Time4 compared to other
network update approaches, and demonstrate an SDN use case that is infeasible
without Time4.Comment: This report is an extended version of "Software Defined Networks:
It's About Time", which was accepted to IEEE INFOCOM 2016. A preliminary
version of this report was published in arXiv in May, 201
Know Your Enemy: Stealth Configuration-Information Gathering in SDN
Software Defined Networking (SDN) is a network architecture that aims at
providing high flexibility through the separation of the network logic from the
forwarding functions. The industry has already widely adopted SDN and
researchers thoroughly analyzed its vulnerabilities, proposing solutions to
improve its security. However, we believe important security aspects of SDN are
still left uninvestigated. In this paper, we raise the concern of the
possibility for an attacker to obtain knowledge about an SDN network. In
particular, we introduce a novel attack, named Know Your Enemy (KYE), by means
of which an attacker can gather vital information about the configuration of
the network. This information ranges from the configuration of security tools,
such as attack detection thresholds for network scanning, to general network
policies like QoS and network virtualization. Additionally, we show that an
attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk
of being detected. We underline that the vulnerability exploited by the KYE
attack is proper of SDN and is not present in legacy networks. To address the
KYE attack, we also propose an active defense countermeasure based on network
flows obfuscation, which considerably increases the complexity for a successful
attack. Our solution offers provable security guarantees that can be tailored
to the needs of the specific network under consideratio
- …