Repoxy: Replication Proxy for Trustworthy SDN Controller Operation

Software Defined Networks (SDN) is envisaged as a future model for large-scale, elastic, and adaptive networks. However, such flexibility comes with a major cost. Relying heavily on software across the entire architecture and the centralized nature of the most important component, the controller, gave the attackers asymmetric advantage. for decades, we used to build security tools to secure the network traffic, but network components security was always protected by physical perimeters behind doors. In this paper, we present REPlication prOXY(Repoxy), a smart gateway isolating the north and southbound to enhance controller resilience, availability, and reliability in presence of attacks and also discuss our first version of the implementation. Repoxy presents a novel SDN-controller intrusion detection system to detect any malicious manipulations to the controller software. Further, Repoxy enables elasticity and high-availability for SDN controllers by facilitating southbound-oblivious seamless multi-controller replication, and handover for same network traffic. Additionally, Repoxy helps forensic analysts to easily find attack traces by exploiting Repoxy's information-rich database logging all the switch controller interactions. Results and evaluations showed the enhanced trustworthiness in the SDN network with a reasonable overhead when Repoxy is used.