Back to Search
Start Over
Protection of centralized SDN control plane from high-rate Packet-In messages.
- Source :
-
International Journal of Information Security . Oct2023, Vol. 22 Issue 5, p1197-1206. 10p. - Publication Year :
- 2023
-
Abstract
- The logically centralized network control in Software Defined Networks (SDN) facilitates global network vision, flexible and automatic network control. Protection of this centralized network control is a primary concern in next-generation networks. One important issue considered in this manuscript is the protection of SDN control plane from high-rate Packet-In messages. A simple solution to this problem can be to offload certain control functions onto the data plane devices; however, it takes away the flexibility offered by the OpenFlow-based networks. Therefore, a more comprehensive approach is required to protect SDN controllers from high-rate Packet-In messages. In this paper, we propose a Packet-In filtering mechanism which categorizes the Packet-In messages and forwards only the necessary Packet-In messages to other core controller modules. We have implemented the proposed mechanism in Floodlight SDN controller by extending the core controller module and introduced another Packet-In listener module which exposes the REST APIs to retrieve various types of Packet-In messages from the controller core. The proposed mechanism enhances the performance of Floodlight SDN controller as it reduces the CPU and memory load by dispatching only the necessary Packet-In message updates to the other Packet-In listener modules. [ABSTRACT FROM AUTHOR]
Details
- Language :
- English
- ISSN :
- 16155262
- Volume :
- 22
- Issue :
- 5
- Database :
- Academic Search Index
- Journal :
- International Journal of Information Security
- Publication Type :
- Academic Journal
- Accession number :
- 172329077
- Full Text :
- https://doi.org/10.1007/s10207-023-00685-z