Abstract
In Software Defined Networks (SDNs), the control plane of a network is decoupled from its data plane. For scalability and robustness, the logically centralized control plane is implemented by physically placing different controllers throughout the network. The determination of the number and placement of controllers is known as the Controller Placement Problem (CPP). In the regular (i.e., failure-free) state, the control plane must guarantee a given maximum delay between every switch and its primary controller and a given maximum delay between every pair of controllers. In general, these delay bounds allow multiple solutions and, so, other goals can be used to determine the best CPP solution. In this paper, we assess the connectivity-based resilience to malicious attacks against multiple network nodes of the CPP solutions obtained with three different aims: the regular state delay optimization without any concern about attacks, the regular state delay optimization taking into consideration the worst-case attacks and the resilience optimization to attacks against multiple nodes. We assess the CPP solutions considering attacks of targeted nature (when the attacker has complete knowledge of the data plane) and attacks of non-targeted nature (i.e., random and epidemic attacks). We present computational results providing an analysis of the CPP solutions to the different types of attacks. The main conclusion is that the connectivity-based resilience between the different CPP solutions strongly depends on the network topology, the regular state delay bounds and the type of attacks. Finally, we provide insights on how SDN operators can consider the conducted assessment when deciding the controller placements in their networks.
Highlights
In Software Defined Networks (SDNs), the control plane is decoupled from the data plane, allowing a more efficient centralized management of the network resources [1]
The results show that the resilience is much higher to non-targeted attacks (RAs and Epidemic Attacks (EAs)) than to attacks of targeted nature (CTAs and Targeted Attacks (TAs)) as, typically, the former ones do not split the network into many components and, in most cases, all components include a controller node
Since in general these delay bounds allow multiple solutions, we have investigated the connectivity-based resilience to attacks against multiple network nodes of the Controller Placement Problem (CPP) solutions obtained with three different aims: the regular state delay optimization without any concern about attacks, the regular state delay imposing the robustness property and the resilience optimization to attacks against multiple nodes
Summary
In Software Defined Networks (SDNs), the control plane is decoupled from the data plane, allowing a more efficient centralized management of the network resources [1]. The other is the pre-disaster (i.e., proactive) problem which deals with how to set up the network in advance aiming to minimize the impact of different possible multiple failure events before the failures are detected, which is, in our case, before any measure being triggered by the operator (for example, the replacement of the shutdown nodes) besides the SDN restoration mechanism of the surviving switches being reassigned to the surviving controllers in the surviving network. We address the pre-disaster problem considering that, as already mentioned, the multiple failures are caused by malicious attacks against multiple nodes In this case, the dominant impact of the attacks is the connectivity disruption between switches (at the data plane) and between switches and primary controllers (at the control plane).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
