Farzaneh Pakzad

Efficient topology discovery in software defined networks

Software Defined Networking (SDN) is a new networking paradigm, with a great potential to increase network efficiency, ease the complexity of network control and management, and accelerate the rate of technology innovation. One of the core concepts of SDN is the separation of the networks control and data plane. The intelligence and the control of the network operation and management, such as routing, is removed from the forwarding elements (switches) and is concentrated in a logically centralised component, i.e. the SDN controller. In order for the controller to configure and manage the network, it needs to have up-to-date information about the state of the network, in particular its topology. Consequently, topology discovery is a critical component of any Software Defined Network architecture. In this paper, we evaluate the cost and overhead of the de facto standard approach to topology discovery currently implemented by the major SDN controller frameworks, and propose simple and practical modifications which achieve a significantly improved efficiency and reduced control overhead. We have implemented our new topology discovery approach on the widely used POX controller platform, and have evaluated it for a range of network topologies via experiments using the Mininet network emulator. Our results show that our proposed modifications achieve an up to 45% reduction in controller load compared to the current state-of-the-art approach, while delivering identical discovery functionality.

Efficient topology discovery in OpenFlow-based Software Defined Networks

Software Defined Networking (SDN) is a new networking paradigm, with a great potential to increase network efficiency, ease the complexity of network control and management, and accelerate the rate of technology innovation. One of the core concepts of SDN is the separation of the networks control and data plane. The intelligence and the control of the network operation and management, such as routing, are removed from the forwarding elements (switches) and are concentrated in a logically centralised component, i.e. the SDN controller. In order for the controller to configure and manage the network, it needs to have up-to-date information about the state of the network, in particular its topology. Consequently, topology discovery is a critical component of any Software Defined Network architecture. In this paper, we evaluate the efficiency of the de facto standard approach to topology discovery currently implemented by the major SDN controller frameworks, and propose simple and practical modifications, which achieve a significantly improved efficiency and reduced control overhead. We have implemented our new topology discovery approach on the widely used POX controller platform, and have evaluated it for a range of network topologies via experiments using the Mininet network emulator as well as a specific topology in the OFELIA SDN testbed. Our results show that our proposed modifications achieve an up to 40% reduction in controller load compared to the current state-of-the-art approach, while delivering identical discovery functionality.

The (in)security of Topology Discovery in Software Defined Networks

Topology Discovery is an essential service in Software Defined Networks (SDN). Most SDN controllers use a de-facto standard topology discovery mechanism based on Open-Flow to identify active links in the network. This paper discusses the security, or rather lack thereof, of the current SDN topology discovery mechanism, and its vulnerability to link spoofing attacks. The feasibility and impact of the attacks are verified and demonstrated via experiments. The paper presents and evaluates a countermeasure based on HMAC authentication.

Link capacity estimation in wireless software defined networks

SDN is a new approach to manage networks with a centralised, global view and control of the network, and a more fine grained and flexible approach to routing and forwarding of data packets. This has shown to achieve significantly increased network efficiency in a range of wired networks. SDN also has a great potential for wireless networks. One of the unique challenges of applying the SDN approach to wireless networks, in contrast to wired networks, is the dynamic nature of wireless links and the uncertainty about their capacity. In order to be able to do optimal routing and traffic engineering with SDN in a wireless network, it is critical to know the capacity of the available wireless links. This paper presents a link capacity estimation mechanism that can be implemented on any OpenFlow SDN controller. For this, we adapted the well-known technique of packet pair/train probing, and developed a method that allows the correction of estimation errors induced by cross traffic. We have implemented a prototype for the Ryu SDN controller, and our emulation-based experimental results show a promising accuracy of our proposed approach.

Securing ARP in Software Defined Networks

The mapping of Layer 3 (IP) to Layer 2 (MAC) addresses is a key service in IP networks, and is achieved via the ARP protocol in IPv4, and the NDP protocol in IPv6. Due to their stateless nature and lack of authentication, both ARP and NDP are vulnerable to spoofing attacks, which can enable Denial of Service (DoS) or man-in-the-middle (MITM) attacks. In this paper, we discuss the problem of ARP spoofing in the context of Software Defined Networks (SDNs), and present a new mitigation approach which leverages the centralised network control of SDN.

Link capacity estimation in SDN-based end-hosts

Software Defined Networking (SDN) is a new paradigm that facilitates network management and control. In our work, we explore the use of SDN for the control of network traffic on end-hosts. In particular, we use an OpenFlow software switch (OVS) to load balance application traffic across the multiple available network interfaces. A typical example is the simultaneous use of Wifi and 4G interfaces on a mobile device. In order to achieve optimal load balancing, it is critical to know the capacity of the last-hop links associated with the different interfaces. In this paper, we explore and adapt active packet probing mechanisms to the scenario of SDN-based end-host traffic control, in order to estimate the link capacity. In particular, we investigate the use of Variable Packet Size (VPS) probing, and demonstrate its viability via experiments.

Evaluation of Mininet-WiFi integration via ns-3

Mininet is a Linux-based network emulator that is particularly widely used for Software Defined Network experiments, due to its in-built support for OpenFlow switches. However, Mininet currently lacks support for wireless links. A recent work has addressed this limitation by using the real-time feature of ns-3 to integrate the IEEE 802.11 channel emulation feature with Mininet, which we refer to as Mininet-ns3-WiFi. While this approach has great potential to serve as an experimental platform, in particular for Software Defined Wireless Networks, it has not been extensively evaluated in terms of experiment result accuracy and fidelity. This is critical for any system that integrates simulation with real-time components. In this paper, we present a detailed evaluation of the fidelity of experimental results of Mininet-ns3-WiFi. We further present a reliable and low cost method that gives an experimenter an indicator about the fidelity and trustworthiness of the results.

SCOR: Constraint Programming-based Northbound Interface for SDN

In this paper, we introduce SCOR (Software-defined Constrained Optimal Routing), a new SDN Northbound Interface for QoS routing and traffic engineering. SCOR is based on constraint programming techniques and is implemented in the MiniZinc modelling language. It provides a powerful, high level abstraction, consisting of 9 basic constraint programming predicates. A key feature of SCOR is that it is declarative, where only the constraints and utility function of the routing problem need to be expressed, and the complexity of solving the problem is hidden from the user, and handled by a powerful generic solver. We show that the interface (set of predicates) of SCOR is sufficiently expressive to handle all the known and relevant QoS routing problems. We further demonstrate the practicality and scalability of the approach via a number of example scenarios, with varying network topologies, network sizes and number of flows.