Day 5 Part 1: Distributed controller architectures


From whatever we know of security through the past few posts, we can be sure of one thing - 'The security demands of each and every architecture is different'. Thus the kind of distributed controller architecture highly influences the kinds of security concerns we need to address in it. Since we are heading in the direction of securing distributed controller network, our first task would be to decide what architecture we would be looking at.

There are many distributed controller architectures that exist out there. Many are designed in a very efficient and optimized fashion that the security threat could be handled very easily. The purpose of this post would be go through various such architectures and devise an architecture that best suits our purpose. To restate our purpose - 'Building a controller network that has high availability, scalability and performance'.

In yesterday's post, I had mentioned few words 'cluster based architecture', 'elastic architecture' and so on. Today's post will describe these architectures and highlight the pros and cons of each.

Distributed Controller in Cloud running BFT Protocol

This article proposes an architecture that involves controller on cloud with BFT protocol running. The following are its properties;

  • BFT provides a powerful state machine like approach for high reliability and consistency 
  • each switch is connected to n controllers 
  • the network can sustain upto f faulty controllers. here n and f are related through the following equations:
    n >= 3f + 1 (PBFT protocol running on controllers)
    n >= 2f + 1 (MinZyzzyva protocol)
  • there is one primary controller for each switch. whenever the switch contacts the controller for flows, the primary controller forwards the request to all the other instances including faulty controllers. The switch waits for f+1 replies. The majority of the controllers would reply with correct flows. Thus the switch considers the majority as the correct flow. 


Why the architecture is not suitable for our problem statement

  • too much redundancy
  • deployed in a cloud environment and thus security is not a primary concern
  • instances of the controller running and hence could be treated as a single controller and would not be a true reflection of a distributed controller architecture
  • faulty controllers are let to operate and share their flows - possibility of contamination of other network components

Comments

  1. Ram P RustagiFebruary 2, 2019 at 12:54 AM

    Cloud does not guarantee security. Can you depend upon cloud's provider security support e.g. amazon, GCP, etc.

    ReplyDelete
    Replies
    1. ShravanyaFebruary 2, 2019 at 7:40 AM

      At the time of writing this article I failed to realise that cloud does not guarentee security but only provides it as a service, which when utilized will provide security. Now, I am aware that AWS provides it as a service. Have not checked out GCP. Will do so if we shall be using it at a later time.

      Delete
  2. Ram P RustagiFebruary 2, 2019 at 12:55 AM

    Is it possible to have a link to next or prev or a menu drive where one can just the date and read the blog for the day. Currently, it is bit painful to go to a particular day.

    ReplyDelete
    Replies
    1. ShravanyaFebruary 2, 2019 at 7:41 AM

      Sure sir. From the next article, we shall take care of this.

      Delete

Post a Comment

Popular posts from this blog

Day 12: Master Slave SDN Controller Architecture

In the previous post, I was struggling to figure out why all controllers can install flows in all switches irrespective of the code. Well, today the mystery is getting resolved. I found this book that explains beautifully the various roles that a controller can play. The three roles are: Equal : this happens by default all the equal controllers in a network that are connected to the switch can add and delete flows from it Slave: it has a read-only limitation to the switch openflow tables Master: very similar to the switch, but only 1 master can be connected to the switch at that point of time, and no other flows can intercept the communication between switch and master. I highly recommend you go through the above link to get a better picture. Since the default role of any controller is "Equal", we couldn't really differentiate between the three controller flows yesterday. But one good news from this is that we don't really need extensive coding to assi...
Read more

Day 1: Understanding Ransomware and how to detect them?

Image
To start this journey, let’s begin at the basics and learn about what ransomwares are, what is the meaning of a ransomware attack, how have other people detected it so far? By learning the above, we will be in a position to analyze any ransomware attack and devise methods to detect, mitigate and prevent them. Definition: Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. To continue understanding and addressing the threats posed by ransomware, let us dig a little deeper. As the definition specifies, ransomware is a type of malicious software. Now, what is a malicious software? Definition: Malware (= Malicious + Software) is a software which is specifically designed to disrupt, damage, or gain authorized access to a computer system. These malwares (or simply dangerous content that can corrupt your system), can enter your system from various s...
Read more

Day 50: Tcpreplay and tcpliveplay approach

Today we shall be exploring how to copy and redirect the OpenFlow packets to more than one controller from the load balancer. The load balancer is anyway sending the OpenFlow packets to one of the slave controllers - c1 or c2. The packets sent to these two controllers needs to be sent to master controller so the master controller can update the new flows added by c1 or c2 on the switches. This ensures synchronization between controllers. There are two implementation methods to achieve the same: Copy all packets generated from the load balancer to the controller side. Only the packets having destination IP address of c1 and c2 can be redirected to the master controller. Thus we can prevent the packets which already are reaching the master controller to be sent as duplicates Copy and redirect packets from the slave controllers - c1 and c2. We need not take care of duplicate packets reaching master controller. This will reduce the time taken to redirect packets. Since the second a...
Read more