OpenFlow driven ethernet traffic analysis

Software Defined Networking (SDN) is a new networking paradigm that permits to slice network infrastructures. An example of SDN is the OpenFlow framework, where the control plane runs on a separate device, called controller, that manages data forwarding switches. The OpenFlow protocol ensures communications between OpenFlow switches and the OpenFlow controller. Before widely deploying OpenFlow based networks, scalability and performance of such networks should be studied and better understood. In this paper, the scalability of NOX, one of the most popular OpenFlow controller, is analyzed through both simulation and lab measurements. We perform an Ethernet trace analysis on the controller by defining flow characteristics as would be seen by an OpenFlow controller. We study the potential trace impact on an OpenFlow controller, analyzing among others, the number of flows, flow inter arrival times, traffic volumes and flow size distribution. Our results permit to discuss the feasibility of running OpenFlow networks with a single commodity PC as the controller in a mid-size campus network

On Diagnosis of Forwarding Plane via Static Forwarding Rules in Software Defined Networks

Software Defined Networks (SDN) decouple the forwarding and control planes from each other. The control plane is assumed to have a global knowledge of the underlying physical and/or logical network topology so that it can monitor, abstract and control the forwarding plane. In our paper, we present solutions that install an optimal or near-optimal (i.e., within 14% of the optimal) number of static forwarding rules on switches/routers so that any controller can verify the topology connectivity and detect/locate link failures at data plane speeds without relying on state updates from other controllers. Our upper bounds on performance indicate that sub-second link failure localization is possible even at data-center scale networks. For networks with hundreds or few thousand links, tens of milliseconds of latency is achievable.Comment: Submitted to Infocom'14, 9 page

Detecting Suspicious Behavior of SDN Switches by Statistics Gathering with Time

In Software Defined Network (SDN), the networks are vulnerable to attacks by compromised switches, since it often used programmable software switches are vulnerable than traditional hardware switches. Although several countermeasures against compromised switches have been proposed, the accuracy of detecting malicious behavior depends on the performance of network statistics gathering by a controller. In this paper, we propose an approach to verify the consistency of forwarding state using simultaneously network statistics gathering from the switch by accurate time scheduling. Our method enables to detect attacks by compromised switches without being influenced by the performance of statistics gathering by the controller. Our method utilizes moving average thus our method mitigates the effect on the verification accuracy from the impact of switches performance such as the error of scheduling. In addition, we implemented the proposed method with Mininet, and we confirmed that our method is able to verify without depending on the performance of statistic-gathering by the controller

The Role of Inter-Controller Traffic for Placement of Distributed SDN Controllers

We consider a distributed Software Defined Networking (SDN) architecture adopting a cluster of multiple controllers to improve network performance and reliability. Besides the Openflow control traffic exchanged between controllers and switches, we focus on the control traffic exchanged among the controllers in the cluster, needed to run coordination and consensus algorithms to keep the controllers synchronized. We estimate the effect of the inter-controller communications on the reaction time perceived by the switches depending on the data-ownership model adopted in the cluster. The model is accurately validated in an operational Software Defined WAN (SDWAN). We advocate a careful placement of the controllers, that should take into account both the above kinds of control traffic. We evaluate, for some real ISP network topologies, the delay tradeoffs for the controllers placement problem and we propose a novel evolutionary algorithm to find the corresponding Pareto frontier. Our work provides novel quantitative tools to optimize the planning and the design of the network supporting the control plane of SDN networks, especially when the network is very large and in-band control plane is adopted. We also show that for operational distributed controllers (e.g. OpenDaylight and ONOS), the location of the controller which acts as a leader in the consensus algorithm has a strong impact on the reactivity perceived by switches.Comment: 14 page

Isolating SDN Control Traffic with Layer-2 Slicing in 6TiSCH Industrial IoT Networks

Recent standardization efforts in IEEE 802.15.4-2015 Time Scheduled Channel Hopping (TSCH) and the IETF 6TiSCH Working Group (WG), aim to provide deterministic communications and efficient allocation of resources across constrained Internet of Things (IoT) networks, particularly in Industrial IoT (IIoT) scenarios. Within 6TiSCH, Software Defined Networking (SDN) has been identified as means of providing centralized control in a number of key situations. However, implementing a centralized SDN architecture in a Low Power and Lossy Network (LLN) faces considerable challenges: not only is controller traffic subject to jitter due to unreliable links and network contention, but the overhead generated by SDN can severely affect the performance of other traffic. This paper proposes using 6TiSCH tracks, a Layer-2 slicing mechanism for creating dedicated forwarding paths across TSCH networks, in order to isolate the SDN control overhead. Not only does this prevent control traffic from affecting the performance of other data flows, but the properties of 6TiSCH tracks allows deterministic, low-latency SDN controller communication. Using our own lightweight SDN implementation for Contiki OS, we firstly demonstrate the effect of SDN control traffic on application data flows across a 6TiSCH network. We then show that by slicing the network through the allocation of dedicated resources along a SDN control path, tracks provide an effective means of mitigating the cost of SDN control overhead in IEEE 802.15.4-2015 TSCH networks