Day 4: Addressing Security of Distributed Controller

As we have established in the previous post, we shall now be focusing on security threats that the controllers in an SDN architecture face. The most common type of attack the SDN controller is subject to, is malicious packets sent through the network. Among these, the most common attacks are DoS and DDoS attacks.

DoS and DDoS attacks generate unnecessary traffic on the network by creating illegitimate clients that access the server resources. Thus the consequence of these attacks involve reduced availability, scalability and hence low performance. Many research papers have tried to address these security issues in an SDN architecture keeping in mind only one controller. This is as good as saying "I want to secure my server, the only difference is that it contains information about the network". The only difference between DoS attack on a server and a controller is the type of data it stores. The technology used to address these issues could be same. 

The complexity of the problem comes into light only when we try to think of a larger SDN network. By larger SDN network, I mean to say that there is more than one controller, various data plane switches that may interact with one or more controller and a highly scalable network w.r.t additional switches and controllers. We need to start addressing the security concerns of these networks since they guarantee a more effective and scalable architecture. Securing these networks poses a challenge since we have to take care of various issues as sited below:
  • more than one controller and securing all of them together instead of each of them individually
  •  address single point failures and make sure that the network doesn't behave differently even when one controller stops working (this would involve distribution of tasks to other controllers)
  • manage controller to controller communication for handling attacks, mitigating them and ensuring overall efficient performance.
How to Secure Distributed Controllers then?

Now that we have had a look at the various issues we need to address in a distributed controller environment, let us look at few ways in which it has been achieved. I found this article extremely good for understanding the technologies used to address our problem statement.

Let us look briefly into what the article is all about. The various components they use in their distributed controller architecture is as follows:
  • A backup controller for every primary controller - this controller is the one that will take-over if the primary controller gets attacked. Thus back up controller keeps track of one or more controller through a mapping algorithm to keep track
  • Heart-beat messages - These are sent from the primary controller to their designated back up controller to state that they are functioning properly
  • Synchronization messages - These messages ensure that the flows and information about the network that is present in the primary controller is also shared with the back up controller.
  • Take-over mechanism - This is the place where the detection algorithm running on the network detects a potential malicious attack and activates the back up controller to take over once it is established that the primary controller is down.
  • Protective mode - This is the mode in which the back up controller now operates because the threat of the malicious attack still persists in the distributed network.
This is how the distributed SDN controller network looks.


A Distributed Controller Network

The above is the simplest example of the architecture of a distributed controller network. There are various other configurations that this could be done. Few configurations are costlier than few others. Following are just few examples of distributed SDN controller architecture that researchers have looked into thus far:

  • cluster based distributed openflow controller framework - this adopts a master slave configuration where the master and the slave vary dynamically
  • elastic controller that is not associated with a set of switches statically, instead it keeps changing based on the load taken on by each switch and controller pair
There are many variations to the kind of distributed SDN controller architecture we can see and thus how to increase security in each of them would be something we shall be looking in the upcoming posts.

Comments

  1. Ram P RustagiJanuary 30, 2019 at 3:51 AM

    For disaster recovery purposes (may be applicable to security), the master and slave controllers would be in a different geographical location. How much bandwidth would be required to keep in sync and switch over issues and underlying network is going to remain the same.

    ReplyDelete

Post a Comment

Popular posts from this blog

Day 12: Master Slave SDN Controller Architecture

In the previous post, I was struggling to figure out why all controllers can install flows in all switches irrespective of the code. Well, today the mystery is getting resolved. I found this book that explains beautifully the various roles that a controller can play. The three roles are: Equal : this happens by default all the equal controllers in a network that are connected to the switch can add and delete flows from it Slave: it has a read-only limitation to the switch openflow tables Master: very similar to the switch, but only 1 master can be connected to the switch at that point of time, and no other flows can intercept the communication between switch and master. I highly recommend you go through the above link to get a better picture. Since the default role of any controller is "Equal", we couldn't really differentiate between the three controller flows yesterday. But one good news from this is that we don't really need extensive coding to assi...
Read more

Day 1: Understanding Ransomware and how to detect them?

Image
To start this journey, let’s begin at the basics and learn about what ransomwares are, what is the meaning of a ransomware attack, how have other people detected it so far? By learning the above, we will be in a position to analyze any ransomware attack and devise methods to detect, mitigate and prevent them. Definition: Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. To continue understanding and addressing the threats posed by ransomware, let us dig a little deeper. As the definition specifies, ransomware is a type of malicious software. Now, what is a malicious software? Definition: Malware (= Malicious + Software) is a software which is specifically designed to disrupt, damage, or gain authorized access to a computer system. These malwares (or simply dangerous content that can corrupt your system), can enter your system from various s...
Read more

Day 50: Tcpreplay and tcpliveplay approach

Today we shall be exploring how to copy and redirect the OpenFlow packets to more than one controller from the load balancer. The load balancer is anyway sending the OpenFlow packets to one of the slave controllers - c1 or c2. The packets sent to these two controllers needs to be sent to master controller so the master controller can update the new flows added by c1 or c2 on the switches. This ensures synchronization between controllers. There are two implementation methods to achieve the same: Copy all packets generated from the load balancer to the controller side. Only the packets having destination IP address of c1 and c2 can be redirected to the master controller. Thus we can prevent the packets which already are reaching the master controller to be sent as duplicates Copy and redirect packets from the slave controllers - c1 and c2. We need not take care of duplicate packets reaching master controller. This will reduce the time taken to redirect packets. Since the second a...
Read more