ESLD: An efficient and secure link discovery scheme for software‐defined networking

Abstract

SummarySoftware‐defined networking simplifies network management by decoupling the control plane from the data plane and centralizing it to the controller. As the brain of the network, the controller gains up‐to‐date holistic network visibility via topology discovery. However, as a key service of topology discovery, the link discovery service opens problems on efficiency and security. On the one hand, sending link discovery packets to all ports wastes not only the limited controller resources (such as CPU and memory) but also control channel bandwidth. On the other hand, attackers may use these packets to create fake links and perform link fabrication attack. Because of the centralized control paradigm, wasting controller resources may degrade network performance, and all the fake links may severely poison the network topology, even causing the denial of service or man‐in‐the‐middle attack. In this paper, we propose an efficient and secure link discovery scheme to improve link discovery performance and resist link fabrication attack caused by the software‐defined networking link discovery service. By adopting port classification technique and directionally transmitting packets to appropriate ports, our approach can reduce or eliminate redundant packets and improve link discovery performance. Meanwhile, we adopt the directional packet transmitting approach and the time‐marked hash‐based message authentication code authenticate scheme to resist the link fabrication attack. A prototype system is implemented on the basis of POX controller and Mininet simulator to evaluate our scheme. Simulation results demonstrate that our scheme can solve the link fabrication problems with less overload of both the control plane and the data plane.