Abstract
Software Defined Networking (SDN) decouples the forwarding data plane from the network control plane to provide centralized control and programmability of the data plane elements like switches and routers. Traditionally, this commu-nication between control plane and the data plane (southbound communication) for e.g., using OpenFlow were based on the non-secure protocol like transmission control protocol (TCP), which over-the-years resulted in several security incidents. In order to facilitate secure data communication, the adoption of transport layer security (TLS) has become unavoidable. To this extent, we first present the key qualitative aspects and suitability of using TLS 1.2 and the newer TLS 1.3 for southbound communication. Further, we present extensive quantitative evaluation on Mininet emulator testbed to assess the performance impact of using the TLS 1.2 and TLS 1.3 (for most widely used cipher suites) over TCP to secure the controller-switch communication. Our work shows that the adoption of secure communication channel TLS incurs significant overheads (2 - 6 ×) when compared to baseline TCP (unsecure channel), while TLS 1.3 adds marginal overheads in terms of latency and throughput (≈ 5 %) in comparison to TLS 1.2. Also, we observed that the memory and processing (computational cost) overheads with TLS 1.2 and TLS 1.3 to be negligible, even when supporting a large number of flows. Further, we also discuss the potential adoption of QUIC protocol as an alternative to provide high performance secure communication for the southbound interface.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.