BPFabric: Data Plane Programmability for Software Defined Networks

In its current form, OpenFlow, the de facto implementation of SDN, separates the network’s control and data planes allowing a central controller to alter the matchaction pipeline using a limited set of fields and actions. To support new protocols, forwarding logic, telemetry, monitoring or even middlebox-like functions the currently available programmability in SDN is insufficient. In this paper, we introduce BPFabric, a platform, protocol, and language-independent architecture to centrally program and monitor the data plane. BPFabric leverages eBPF, a platform and protocol independent instruction set to define the packet processing and forwarding functionality of the data plane. We introduce a control plane API that allows data plane functions to be deployed onthe-fly, reporting events of interest and exposing network internal state. We present a raw socket and DPDK implementation of the design, the former for large-scale experimentation using environment such as Mininet and the latter for high-performance low-latency deployments. We show through examples that functions unrealisable in OpenFlow can leverage this flexibility while achieving similar or better performance to today’s static design

Software-Defined Networking for Smart Grid Resilience: Opportunities and Challenges

Software-defined networking (SDN) is an emerging networking paradigm that provides unprecedented flexibility in dynamically reconfiguring an IP network. It enables various applications, such as network management, quality of service (QoS) optimization, and system resilience enhancement. Pilot studies have investigated the possibilities of applying SDN on smart grid communications, while the specific benefits and risks that SDN may bring to the resilience of smart grids against accidental failures and malicious attacks remain largely unexplored. Without a systematic understanding of these issues and convincing validations of proposed solutions, the power industry will be unlikely to embrace SDN, since resilience is always a key consideration for critical infrastructures like power grids. In this position paper, we aim to provide an initial understanding of these issues, by investigating (1) how SDN can enhance the resilience of typical smart grids to malicious attacks, (2) additional risks introduced by SDN and how to manage them, and (3) how to validate and evaluate SDN-based resilience solutions. Our goal is also to trigger more profound discussions on applying SDN to smart grids and inspire innovative SDN-based solutions for enhancing smart grid resilience.Agency for Science, Technology and Research; National Science Foundation (OCI-1032889); Department of Energy (DE-OE0000097)Ope

Will SDN be part of 5G?

For many, this is no longer a valid question and the case is considered settled with SDN/NFV (Software Defined Networking/Network Function Virtualization) providing the inevitable innovation enablers solving many outstanding management issues regarding 5G. However, given the monumental task of softwarization of radio access network (RAN) while 5G is just around the corner and some companies have started unveiling their 5G equipment already, the concern is very realistic that we may only see some point solutions involving SDN technology instead of a fully SDN-enabled RAN. This survey paper identifies all important obstacles in the way and looks at the state of the art of the relevant solutions. This survey is different from the previous surveys on SDN-based RAN as it focuses on the salient problems and discusses solutions proposed within and outside SDN literature. Our main focus is on fronthaul, backward compatibility, supposedly disruptive nature of SDN deployment, business cases and monetization of SDN related upgrades, latency of general purpose processors (GPP), and additional security vulnerabilities, softwarization brings along to the RAN. We have also provided a summary of the architectural developments in SDN-based RAN landscape as not all work can be covered under the focused issues. This paper provides a comprehensive survey on the state of the art of SDN-based RAN and clearly points out the gaps in the technology.Comment: 33 pages, 10 figure

Analysis of Topology Poisoning Attacks in Software-Defined Networking

Software-defined networking (SDN) is an emerging architecture with a great potential to foster the development of modern networks. By separating the control plane from the network devices and centralizing it at a software-based controller, SDN provides network-wide visibility and flexible programmability to network administrators. However, the security aspects of SDN are not yet fully understood. For example, while SDN is resistant to some topology poisoning attacks in which the attacker misleads the routing algorithm about the network structure, similar attacks by compromised hosts and switches are still known to be possible. The goal of this thesis is to thoroughly analyze the topology poisoning attacks initiated by compromised switches and to identify whether they are a threat to SDN. We identify three base cases of the topology poisoning attack, in which the attack that requires a single compromised switch is a new variant of topology poisoning. We develop proof-of-concept implementations for these attacks in emulated networks based on OpenFlow, the most popular framework for SDN. We also evaluate the attacks in simulated networks by measuring how much additional traffic the attacker can divert to the compromised switches. A wide range of network topologies and routing algorithms are used in the simulations. The simulation results show that the discovered attacks are severe in many cases. Furthermore, the seriousness of the attacks increases according to the number of tunnels that the attacker can fabricate and also depends on the distance between the tunnel endpoints. The simulations indicate that network design can help to mitigate the attacks by, for example, shortening the paths between switches in the network, randomizing regular network structure, or increasing the load-balancing capability of the routing strategy