Efficient topology discovery in OpenFlow-based Software Defined Networks

Pakzad, Farzaneh; Portmann, Marius; Tan, Wee Lum; Indulska, Jadwiga

doi:10.1016/j.comcom.2015.09.013

Cited by 89 publications

(51 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As no study shows the OFDP operation for several SDNCs, we assume the switch distribution among SDNCs obtained from SHTD protocol. In contrast with [3], [4], in SHTD protocol each SDNC has to send and receive only one packet from each of its active interfaces which decrease the burden on SDNCs.…”

Section: Simulation and Resultsmentioning

confidence: 99%

“…3(c) the reduction in the average number of packets managed by SDNCs considering two existing approaches as baseline, namely OpenFlow Discovery Protocol (OFDP) [3] and OFDPv2 [4], derived from equation (NumPkt baseline − NumPkt SHT D )/NumPkt baseline . As no study shows the OFDP operation for several SDNCs, we assume the switch distribution among SDNCs obtained from SHTD protocol.…”

Section: Simulation and Resultsmentioning

confidence: 99%

“…Unlike conventional mechanisms [4], [3], the proposed protocol uses layer 2 messages to create a control tree rooted at SDNCs and it discovers the network topology before the establishment of the initial control connection. Once the control tree is created, each network device can establish a secure control channel to the SDNCs.…”

Section: Self-healing Topology Discovery Protocolmentioning

confidence: 99%

“…Given their topological nature, if the parent ports of leaf and v-leaf nodes fail, they cannot provide an alternative control path to the SDNCs. Hence, a one-bit field is used in the topoReply message in order to prune their neighbouring Send echoRepl y to node u association bit set 4:…”

Section: A Layer 2 Topology Discovery Mechanismmentioning

confidence: 99%

“…Otherwise, SDNCs will not be able to discover the OpenFlow switches in the network. Additionally, these mechanisms also require a previous knowledge of network devices' characteristics such as number of active ports and MAC addresses [4]. This information is requested by SDNCs after the establishment of an initial control connection with each device.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Self-Healing Topology Discovery Protocol for Software-Defined Networks

2018

View full text Add to dashboard Cite

Abstract-This letter presents the design of a self-healing protocol for automatic discovery and maintenance of the network topology in Software Defined Networks (SDN). The proposed protocol integrates two enhanced features (i.e. layer 2 topology discovery and autonomic fault recovery) in a unified mechanism. This novel approach is validated through simulation experiments using OMNET++. Obtained results show that our protocol discovers and recovers the control topology efficiently in terms of time and message load over a wide range of generated networks.

show abstract

Section: Simulation and Resultsmentioning

confidence: 99%

Section: Simulation and Resultsmentioning

confidence: 99%

Section: Self-healing Topology Discovery Protocolmentioning

confidence: 99%

Section: A Layer 2 Topology Discovery Mechanismmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Self-Healing Topology Discovery Protocol for Software-Defined Networks

2018

View full text Add to dashboard Cite

show abstract

ESLD: An efficient and secure link discovery scheme for software‐defined networking

Zhao

Yao

2018

Int J Communication

View full text Add to dashboard Cite

Summary Software‐defined networking simplifies network management by decoupling the control plane from the data plane and centralizing it to the controller. As the brain of the network, the controller gains up‐to‐date holistic network visibility via topology discovery. However, as a key service of topology discovery, the link discovery service opens problems on efficiency and security. On the one hand, sending link discovery packets to all ports wastes not only the limited controller resources (such as CPU and memory) but also control channel bandwidth. On the other hand, attackers may use these packets to create fake links and perform link fabrication attack. Because of the centralized control paradigm, wasting controller resources may degrade network performance, and all the fake links may severely poison the network topology, even causing the denial of service or man‐in‐the‐middle attack. In this paper, we propose an efficient and secure link discovery scheme to improve link discovery performance and resist link fabrication attack caused by the software‐defined networking link discovery service. By adopting port classification technique and directionally transmitting packets to appropriate ports, our approach can reduce or eliminate redundant packets and improve link discovery performance. Meanwhile, we adopt the directional packet transmitting approach and the time‐marked hash‐based message authentication code authenticate scheme to resist the link fabrication attack. A prototype system is implemented on the basis of POX controller and Mininet simulator to evaluate our scheme. Simulation results demonstrate that our scheme can solve the link fabrication problems with less overload of both the control plane and the data plane.

show abstract

TILAK: A token‐based prevention approach for topology discovery threats in SDN

Nehra

Tripathi

Gaur

et al. 2018

Int J Communication

View full text Add to dashboard Cite

Software-defined networks (SDNs) decouple the data plane from the control plane. Thus, it provides logically centralized visibility of the entire networking infrastructure to the controller. It enables the applications running on top of the control plane to innovate through network management and programmability. To envision the centralized control and visibility, the controller needs to discover the networking topology of the entire SDN infrastructure. However, discovering and maintaining a global view of the underlying network topology is a challenging task because of (i) frequently changing network topology caused by migration of the virtual machines in the data centers, mobile, end hosts and change in the number of data plane switches because of technical faults or network upgrade; (ii) lack of authentication mechanisms and scarcity in SDN standards; and (iii) availability of security solutions during topology discovery process. To this end, the aim of this paper is threefold. First, we investigate the working methodologies used to achieve global view by different SDN controllers, specifically, POX, Ryu, OpenDaylight, Floodlight, Beacon, ONOS, and HPEVAN. Second, we identify vulnerabilities that affect the topology discovery process in the above controller implementation. In particular, we provide a detailed analysis of the threats namely link layer discovery protocol (LLDP) poisoning, LLDP flooding, and LLDP replay attack concerning these controllers. Finally, to countermeasure the identified risks, we propose a novel mechanism called TILAK which generates random MAC destination addresses for LLDP packets and use this randomness to create a flow entry for the LLDP packets. It is a periodic process to prevent LLDP packet-based attacks that are caused only because of lack of verification of source authentication and integrity of LLDP packets. The implementation results for TILAK confirm that it covers targeted threats with lower resource penalty. KEYWORDSflooding, link layer discovery protocol (LLDP), replay attack, route poisoning, software-defined networking (SDN), topology discovery

show abstract

Efficient topology discovery in OpenFlow-based Software Defined Networks

Cited by 89 publications

References 19 publications

Self-Healing Topology Discovery Protocol for Software-Defined Networks

Self-Healing Topology Discovery Protocol for Software-Defined Networks

ESLD: An efficient and secure link discovery scheme for software‐defined networking

TILAK: A token‐based prevention approach for topology discovery threats in SDN

Contact Info

Product

Resources

About