Abstract
Controllers play a critical role in software-defined networking (SDN). However, existing single-controller SDN architectures are vulnerable to single-point failures, where a controller’s capacity can be saturated by flooded flow requests. In addition, due to the complicated interactions between applications and controllers, the flow setup latency is relatively large. To address the above security and performance issues of current SDN controllers, we propose distributed rule store (DRS), a new multi-controller architecture for SDNs. In DRS, the controller caches the flow rules calculated by applications, and distributes these rules to multiple controller instances. Each controller instance holds only a subset of all rules, and periodically checks the consistency of flow rules with each other. Requests from switches are distributed among multiple controllers, in order to mitigate controller capacity saturation attack. At the same time, when rules at one controller are maliciously modified, they can be detected and recovered in time. We implement DRS based on Floodlight and evaluate it with extensive emulation. The results show that DRS can effectively maintain a consistently distributed rule store, and at the same time can achieve a shorter flow setup time and a higher processing throughput, compared with ONOS and Floodlight.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Berde, P., Gerola, M., Hart, J., et al., 2014. ONOS: towards an open, distributed SDN OS. Proc. 3rd Workshop on Hot Topics in Software Defined Networking, p.1–6. http://dx.doi.org/10.1145/2620728.2620744
Dittrich, D., 1999. The DoS Project’s ‘Trinoo’ Distributed Denial of Service Attack Tool. University of Washington, USA. Available from http://staff.washington. edu/dittrich/misc/trinoo.analysis.txt.
Dixit, A., Hao, F., Mukherjee, S., et al., 2013. Towards an elastic distributed SDN controller. ACM SIGCOMM Comput. Commun. Rev., 43(4): 7–12. http://dx.doi.org/10.1145/2534169.2491193
Floodlight Project, 2016). Floodlight Controller. Available from http://www.projectfloodlight.org/floodlight/.
Gude, N., Koponen, T., Pettit, J., et al., 2008. NOX: towards an operating system for networks. ACM SIGCOMM Comput. Commun. Rev., 38(3): 105–110. http://dx.doi.org/10.1145/1384609.1384625
Karger, D., Lehman, E., Leighton, T., et al., 1997. Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the World Wide Web. Proc. 29th Annual ACM Symp. on Theory of Computing, p.654–663. http://dx.doi.org/10.1145/258533.258660
Katta, N.P., Rexford, J., Walker, D., 2013. Incremental consistent updates. Proc. 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, p.49–54. http://dx.doi.org/10.1145/2491185.2491191
Koponen, T., Casado, M., Gude, N., et al., 2010. Onix: a distributed control platform for large-scale production networks. Proc. 9th USENIX Symp. on Operating Systems Design and Implementation, p.1–6.
Krishnamurthy, A., Chandrabose, S.P., Gember-Jacobson, A., 2014. Pratyaastha: an efficient elastic distributed SDN control plane. Proc. 3rd Workshop on Hot Topics in Software Defined Networking, p.133–138. http://dx.doi.org/10.1145/2620728.2620748
Lakshman, A., Malik, P., 2010. Cassandra: a decentralized structured storage system. ACM SIGOPS Oper. Syst. Rev., 44(2): 35–40. http://dx.doi.org/10.1145/1773912.1773922
Lantz, B., Heller, B., McKeown, N., 2010). A network in a laptop: rapid prototyping for software-defined networks. Proc. 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Article 19. http://dx.doi.org/10.1145/1868447.1868466
Mahajan, R., Wattenhofer, R., 2013). On consistent updates in software defined networks. Proc. 12th ACM Workshop on Hot Topics in Networks, Article 20. http://dx.doi.org/10.1145/2535771.2535791
McGeer, R., 2012. A safe, efficient update protocol for OpenFlow networks. Proc. 1st Workshop on Hot Topics in Software Defined Networks, p.61–66. http://dx.doi.org/10.1145/2342441.2342454
McKeown, N., Anderson, T., Balakrishnan, H., et al., 2008. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev., 38(2): 69–74. http://dx.doi.org/10.1145/1355734.1355746
Merkle, R.C., 1988. A digital signature based on a conventional encryption function. In: Pomerance, C. (Ed.), Advances in Cryptology, p.369–378. http://dx.doi.org/10.1007/3-540-48184-2_32
NOXRepo, 2016. The POX Controller. Available from http://www.noxrepo.org/.
OpenDaylight Project, 2016. The OpenDaylight Controller. Available from https://www.opendaylight.org/.
Ousterhout, J., Agrawal, P., Erickson, D., et al., 2010. The case for RAMClouds: scalable high-performance storage entirely in DRAM. ACM SIGOPS Oper. Syst. Rev., 43(4): 92–105. http://dx.doi.org/10.1145/1713254.1713276
Paul, S., 2014. Software Defined Application Delivery Networking. PhD Thesis, School of Engineering & Applied Science, Washington University in St. Louis, USA. http://dx.doi.org/10.7936/K7CJ8BJH
Perešíni, P., Kuzniar, M., Vasic, N., et al., 2013. OF.CPP: consistent packet processing for OpenFlow. Proc. 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, p.97–102. http://dx.doi.org/10.1145/2491185.2491205
Pfaff, B., Pettit, J., Amidon, K., et al., 2009. Extending Networking into the Virtualization Layer. Available from http://openvswitch.github.io/papers/hotnets2009.pdf.
Reitblatt, M., Foster, N., Rexford, J., et al., 2012. Abstractions for network update. Proc. ACM SIGCOMM Conf. on Applications, Technologies, Architectures, and Protocals for Computer Communication, p.323–334. http://dx.doi.org/10.1145/2342356.2342427
Ryu SDN Framework Community, 2014). The Ryu Controller. Available from http://osrg.github.io/ryu/.
Shin, S., Yegneswaran, V., Porras, P., et al., 2013. AVANTGUARD: scalable and vigilant switch flow management in software-defined networks. Proc. ACM SIGSAC Conf. on Computer & Communications Security, p.413–424. http://dx.doi.org/10.1145/2508859.2516684
Stoica, I., Morris, R., Karger, D., et al., 2001. Chord: a scalable peer-to-peer lookup service for Internet applications. ACM SIGCOMM Comput. Commun. Rev., 31(4): 149–160. http://dx.doi.org/10.1145/964723.383071
Tootoonchian, A., Ganjali, Y., 2010. HyperFlow: a distributed control plane for OpenFlow. Proc. Internet Network Management Conf. on Research on Enterprise Networking, p.1–6.
Yeganeh, S.H., Ganjali, Y., 2012. Kandoo: a framework for efficient and scalable offloading of control applications. Proc. 1st Workshop on Hot Topics in Software Defined Networks, p.19–24. http://dx.doi.org/10.1145/2342441.2342446
Author information
Authors and Affiliations
Corresponding author
Additional information
Project supported by the National Natural Science Foundation of China (Nos. 61402357, 61272459, and 61402357), the China Postdoctoral Science Foundation (No. 2015M570835), the Fundamental Research Funds for the Central Universities, China, the Program for New Century Excellent Talents in University, and the CETC 54 Project (No. ITD-U14001/KX142600008)
ORCID: Peng ZHANG, http://orcid.org/0000-0001-7721-2675
Rights and permissions
About this article
Cite this article
Wang, Hz., Zhang, P., Xiong, L. et al. A secure and high-performance multi-controller architecture for software-defined networking. Frontiers Inf Technol Electronic Eng 17, 634–646 (2016). https://doi.org/10.1631/FITEE.1500321
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1631/FITEE.1500321