Attacking distributed software-defined networks by leveraging network state consistency

Abstract

Distributed Software-Defined Networks (SDNs) aim to maintain a consistent network state across members of the distributed control plane. This paper introduces a novel variation to the packet-in flood designed to target distributed SDNs that synchronise the network state in a strongly consistent manner. The Event Flooding Attack (EFA) takes advantage of the characteristics of a strong consistency model to enable an attacker to distribute the adverse effect of a DoS attack across a cluster, as well as engineer inconsistency between the true network state and the control plane’s view of this state. The impact of the attack is evaluated through experiments using an OpenDaylight cluster. It has been demonstrated on the testbed used in this work that an attacker can increase CPU consumption on all cluster nodes and cause inconsistency for a period of ≈ 55 s when 500 events are flooded at a frequency of 1/ms, while the same can be achieved for a period of ≈ 770 s when 2000 events are flooded at the same frequency. The impact of the attack is further demonstrated through it’s collaboration with, and simplification of, an existing host impersonation attack.