ICONA: Inter Cluster ONOS Network Application

Several Network Operating Systems (NOS) have been proposed in the last few years for Software Defined Networks; however, a few of them are currently offering the resiliency, scalability and high availability required for production environments. Open Networking Operating System (ONOS) is an open source NOS, designed to be reliable and to scale up to thousands of managed devices. It supports multiple concurrent instances (a cluster of controllers) with distributed data stores. A tight requirement of ONOS is that all instances must be close enough to have negligible communication delays, which means they are typically installed within a single datacenter or a LAN network. However in certain wide area network scenarios, this constraint may limit the speed of responsiveness of the controller toward network events like failures or congested links, an important requirement from the point of view of a Service Provider. This paper presents ICONA, a tool developed on top of ONOS and designed in order to extend ONOS capability in network scenarios where there are stringent requirements in term of control plane responsiveness. In particular the paper describes the architecture behind ICONA and provides some initial evaluation obtained on a preliminary version of the tool.Comment: Paper submitted to a conferenc

The Role of Inter-Controller Traffic for Placement of Distributed SDN Controllers

We consider a distributed Software Defined Networking (SDN) architecture adopting a cluster of multiple controllers to improve network performance and reliability. Besides the Openflow control traffic exchanged between controllers and switches, we focus on the control traffic exchanged among the controllers in the cluster, needed to run coordination and consensus algorithms to keep the controllers synchronized. We estimate the effect of the inter-controller communications on the reaction time perceived by the switches depending on the data-ownership model adopted in the cluster. The model is accurately validated in an operational Software Defined WAN (SDWAN). We advocate a careful placement of the controllers, that should take into account both the above kinds of control traffic. We evaluate, for some real ISP network topologies, the delay tradeoffs for the controllers placement problem and we propose a novel evolutionary algorithm to find the corresponding Pareto frontier. Our work provides novel quantitative tools to optimize the planning and the design of the network supporting the control plane of SDN networks, especially when the network is very large and in-band control plane is adopted. We also show that for operational distributed controllers (e.g. OpenDaylight and ONOS), the location of the controller which acts as a leader in the consensus algorithm has a strong impact on the reactivity perceived by switches.Comment: 14 page

ICONA: a peer-to-peer approach for Software Defined Wide Area Networks using ONOS

Several Internet Service Providers (ISP) are plan- ning to innovate their infrastructures through a process of network softwarisation and programmability. The Software- Defined-Network (SDN) paradigm aims at improving the design, configuration, maintenance and service provisioning agility of the network through a centralised software control plane which is in charge of managing the entire system. This is easily achievable for local area networks, typical of data centres, where the benefits of having programmable access to the entire network is not restricted by latency. However, in Wide Area Networks, a centralised control plane limits the speed of responsiveness in reaction to time-constrained network events due to unavoidable latencies caused by physical distances. A logical step towards robustness in SDN is to distribute the load of the control plane between entities, each taking care of a portion of the entire geographical network and each providing an east-west communication interface to enable programmability of the entire network. Moreover, a key objective of an SDN control plane targeting an ISP networks is the east-west interface with external domains under the control of other providers. In this article we present ICONA (Inter Cluster Onos Network Application), a tool that has the objective of enabling programmable networks to span multiple clusters of controllers within either a single or multiple administrative domains. In particular, the paper describes the architecture behind ICONA and provides an initial evaluation obtained on a preliminary version of the tool, built on top of the cutting-edge network controller ONOS, Hummingbird release

Control Plane in Software Defined Networks and Stateful Data Planes

L'abstract è presente nell'allegato / the abstract is in the attachmen

Network Infrastructures for Highly Distributed Cloud-Computing

Software-Defined-Network (SDN) is emerging as a solid opportunity for the Network Service Providers (NSP) to reduce costs while at the same time providing better and/or new services. The possibility to flexibly manage and configure highly-available and scalable network services through data model abstractions and easy-to-consume APIs is attractive and the adoption of such technologies is gaining momentum. At the same time, NSPs are planning to innovate their infrastructures through a process of network softwarisation and programmability. The SDN paradigm aims at improving the design, configuration, maintenance and service provisioning agility of the network through a centralised software control. This can be easily achievable in local area networks, typical of data-centers, where the benefits of having programmable access to the entire network is not restricted by latency between the network devices and the SDN controller which is reasonably located in the same LAN of the data path nodes. In Wide Area Networks (WAN), instead, a centralised control plane limits the speed of responsiveness in reaction to time-constrained network events due to unavoidable latencies caused by physical distances. Moreover, an end-to-end control shall involve the participation of multiple, domain-specific, controllers: access devices, data-center fabrics and backbone networks have very different characteristics and their control-plane could hardly coexist in a single centralised entity, unless of very complex solutions which inevitably lead to software bugs, inconsistent states and performance issues. In recent years, the idea to exploit SDN for WAN infrastructures to connect multiple sites together has spread in both the scientific community and the industry. The former has produced interesting results in terms of framework proposals, complexity and performance analysis for network resource allocation schemes and open-source proof of concept prototypes targeting SDN architectures spanning multiple technological and administrative domains. On the other hand, much of the work still remains confined to the academy mainly because based on pure Openflow prototype implementation, networks emulated on a single general-purpose machine or on simulations proving algorithms effectiveness. The industry has made SDN a reality via closed-source systems, running on single administrative domain networks with little if no diversification of access and backbone devices. In this dissertation we present our contributions to the design and the implementation of SDN architectures for the control plane of WAN infrastructures. In particular, we studied and prototyped two SDN platforms to build a programmable, intent-based, control-plane suitable for the today highly distributed cloud infrastructures. Our main contributions are: (i) an holistic and architectural description of a distributed SDN control-plane for end-end QoS provisioning; we compare the legacy IntServ RSVP protocol with a novel approach for prioritising application-sensitive flows via centralised vantage points. It is based on a peer-to-peer architecture and could so be suitable for the inter-authoritative domains scenario. (ii) An open-source platform based on a two-layer hierarchy of network controllers designed to provision end-to-end connectivity in real networks composed by heterogeneous devices and links within a single authoritative domain. This platform has been integrated in CORD, an open-source project whose goal is to bring data-center economics and cloud agility to the NSP central office infrastructures, combining NFV (Network Function Virtualization), SDN and the elasticity of commodity clouds. Our platform enables the provisioning of connectivity services between multiple CORD sites, up to the customer premises. Thus our system and software contributions in SDN has been combined with a NFV infrastructure for network service automation and orchestration

Securing the software-defined networking control plane by using control and data dependency techniques

Software-defined networking (SDN) fundamentally changes how network and security practitioners design, implement, and manage their networks. SDN decouples the decision-making about traffic forwarding (i.e., the control plane) from the traffic being forwarded (i.e., the data plane). SDN also allows for network applications, or apps, to programmatically control network forwarding behavior and policy through a logically centralized control plane orchestrated by a set of SDN controllers. As a result of logical centralization, SDN controllers act as network operating systems in the coordination of shared data plane resources and comprehensive security policy implementation. SDN can support network security through the provision of security services and the assurances of policy enforcement. However, SDN’s programmability means that a network’s security considerations are different from those of traditional networks. For instance, an adversary who manipulates the programmable control plane can leverage significant control over the data plane’s behavior. In this dissertation, we demonstrate that the security posture of SDN can be enhanced using control and data dependency techniques that track information flow and enable understanding of application composability, control and data plane decoupling, and control plane insight. We support that statement through investigation of the various ways in which an attacker can use control flow and data flow dependencies to influence the SDN control plane under different threat models. We systematically explore and evaluate the SDN security posture through a combination of runtime, pre-runtime, and post-runtime contributions in both attack development and defense designs. We begin with the development a conceptual accountability framework for SDN. We analyze the extent to which various entities within SDN are accountable to each other, what they are accountable for, mechanisms for assurance about accountability, standards by which accountability is judged, and the consequences of breaching accountability. We discover significant research gaps in SDN’s accountability that impact SDN’s security posture. In particular, the results of applying the accountability framework showed that more control plane attribution is necessary at different layers of abstraction, and that insight motivated the remaining work in this dissertation. Next, we explore the influence of apps in the SDN control plane’s secure operation. We find that existing access control protections that limit what apps can do, such as role-based access controls, prove to be insufficient for preventing malicious apps from damaging control plane operations. The reason is SDN’s reliance on shared network state. We analyze SDN’s shared state model to discover that benign apps can be tricked into acting as “confused deputies”; malicious apps can poison the state used by benign apps, and that leads the benign apps to make decisions that negatively affect the network. That violates an implicit (but unenforced) integrity policy that governs the network’s security. Because of the strong interdependencies among apps that result from SDN’s shared state model, we show that apps can be easily co-opted as “gadgets,” and that allows an attacker who minimally controls one app to make changes to the network state beyond his or her originally granted permissions. We use a data provenance approach to track the lineage of the network state objects by assigning attribution to the set of processes and agents responsible for each control plane object. We design the ProvSDN tool to track API requests from apps as they access the shared network state’s objects, and to check requests against a predefined integrity policy to ensure that low-integrity apps cannot poison high-integrity apps. ProvSDN acts as both a reference monitor and an information flow control enforcement mechanism. Motivated by the strong inter-app dependencies, we investigate whether implicit data plane dependencies affect the control plane’s secure operation too. We find that data plane hosts typically have an outsized effect on the generation of the network state in reactive-based control plane designs. We also find that SDN’s event-based design, and the apps that subscribe to events, can induce dependencies that originate in the data plane and that eventually change forwarding behaviors. That combination gives attackers that are residing on data plane hosts significant opportunities to influence control plane decisions without having to compromise the SDN controller or apps. We design the EventScope tool to automatically identify where such vulnerabilities occur. EventScope clusters apps’ event usage to decide in which cases unhandled events should be handled, statically analyzes controller and app code to understand how events affect control plane execution, and identifies valid control flow paths in which a data plane attacker can reach vulnerable code to cause unintended data plane changes. We use EventScope to discover 14 new vulnerabilities, and we develop exploits that show how such vulnerabilities could allow an attacker to bypass an intended network (i.e., data plane) access control policy. This research direction is critical for SDN security evaluation because such vulnerabilities could be induced by host-based malware campaigns. Finally, although there are classes of vulnerabilities that can be removed prior to deployment, it is inevitable that other classes of attacks will occur that cannot be accounted for ahead of time. In those cases, a network or security practitioner would need to have the right amount of after-the-fact insight to diagnose the root causes of such attacks without being inundated with too much informa- tion. Challenges remain in 1) the modeling of apps and objects, which can lead to overestimation or underestimation of causal dependencies; and 2) the omission of a data plane model that causally links control and data plane activities. We design the PicoSDN tool to mitigate causal dependency modeling challenges, to account for a data plane model through the use of the data plane topology to link activities in the provenance graph, and to account for network semantics to appropriately query and summarize the control plane’s history. We show how prior work can hinder investigations and analysis in SDN-based attacks and demonstrate how PicoSDN can track SDN control plane attacks.Ope

Big Data Analysis-Based Secure Cluster Management for Optimized Control Plane in Software-Defined Networks

In software-defined networks (SDNs), the abstracted control plane is its symbolic characteristic, whose core component is the software-based controller. The control plane is logically centralized, but the controllers can be physically distributed and composed of multiple nodes. To meet the service management requirements of large-scale network scenarios, the control plane is usually implemented in the form of distributed controller clusters. Cluster management technology monitors all types of events and must maintain a consistent global network status, which usually leads to big data in SDNs. Simultaneously, the cluster security is an open issue because of the programmable and dynamic features of SDNs. To address the above challenges, this paper proposes a big data analysis-based secure cluster management architecture for the optimized control plane. A security authentication scheme is proposed for cluster management. Moreover, we propose an ant colony optimization approach that enables big data analysis scheme and the implementation system that optimizes the control plane. Simulations and comparisons show the feasibility and efficiency of the proposed scheme. The proposed scheme is significant in improving the security and efficiency SDN control plane

Towards a software defined network based multi-domain architecture for the internet of things

The current communication networks are heterogeneous, with a diversity of devices and services that challenge traditional networks, making it difficult to meet quality of service (QoS) requirements. With the advent of software-defined networks (SDN), new tools have emerged to design more flexible networks. SDN offers centralized management for data streams in distributed sensor networks. Thus, the main goal of this dissertation is to investigate a solution that meets the QoS requirements of traffic originating on Internet of Things (IoT) devices. This traffic is transmitted to the Internet in a distributed system with multiple SDN controllers. To achieve the goal, we designed a multi-controller network topology, each managed by its controller. Communication between the domains is done via an SDN traffic domain with the Open Network Operating System (ONOS) controller SDN-IP application. We also emulated a network to test QoS through OpenvSwitch queues. The goal is to create traffic priorities in a network with traditional and simulated IoT devices. According to our tests, we have been able to ensure the SDN inter-domain communication and have proven that our proposal is reactive to a topology failure. In the QoS scenario we have shown that through the insertion of OpenFlow rules, we are able to prioritize traffic and provide guarantees of quality of service. This proves that our proposal is promising for use in scenarios with multiple administrative domains.As redes atuais de comunicação são heterogéneas, com uma diversidade de dispositivos e serviços, que desafiam as redes tradicionais, dificultando a satisfação dos requisitos de qualidade de serviço (QoS). Com o advento das Redes Definidas por Software (SDN), novas ferramentas surgiram para projetar redes mais flexíveis. O SDN oferece uma gestão centralizada para os fluxos de dados em redes distribuídas de sensores. Assim, o principal objetivo desta dissertação é de investigar uma solução que cumpra os requisitos de QoS do tráfego originado em dispositivos de Internet das coisas (IoT). Este tráfego é transmitido para a Internet, num sistema distribuído com múltiplos controladores SDN. Para atingir o objetivo, projetamos uma topologia de rede com múltiplos domínios, cada um gerido pelo seu controlador. A comunicação entre os domínios, é feita através dum domínio de trânsito SDN com a aplicação SDN-IP do controlador Sistema Operativo de Rede Aberta (ONOS). Emulamos também uma rede para testar a QoS através de filas de espera do OpenvSwitch. O objetivo é criar prioridades de tráfego numa rede com dispositivos tradicionais e de IoT simulados. De acordo com os testes realizados, conseguimos garantir a comunicação entre domínios SDN e comprovamos que a nossa proposta é reativa a uma falha na topologia. No cenário do QoS demostramos que, através da inserção de regras OpenFlow, conseguimos priorizar o tráfego e oferecer garantias de qualidade de serviço. Desta forma comprovamos que a nossa proposta é promissora para ser utilizada em cenários com múltiplos domínios administrativos