Protection of centralized SDN control plane from high-rate Packet-In messages.

The logically centralized network control in Software Defined Networks (SDN) facilitates global network vision, flexible and automatic network control. Protection of this centralized network control is a primary concern in next-generation networks. One important issue considered in this manuscript is the protection of SDN control plane from high-rate Packet-In messages. A simple solution to this problem can be to offload certain control functions onto the data plane devices; however, it takes away the flexibility offered by the OpenFlow-based networks. Therefore, a more comprehensive approach is required to protect SDN controllers from high-rate Packet-In messages. In this paper, we propose a Packet-In filtering mechanism which categorizes the Packet-In messages and forwards only the necessary Packet-In messages to other core controller modules. We have implemented the proposed mechanism in Floodlight SDN controller by extending the core controller module and introduced another Packet-In listener module which exposes the REST APIs to retrieve various types of Packet-In messages from the controller core. The proposed mechanism enhances the performance of Floodlight SDN controller as it reduces the CPU and memory load by dispatching only the necessary Packet-In message updates to the other Packet-In listener modules. [ABSTRACT FROM AUTHOR]