Abstract
1- Introduction
2- Background and related work
3- The SLDP protocol
4- Simulation results and discussions
5- Conclusion and future work
References
Abstract
In Software Defined Networks (SDNs), the global view of the underlying network topology is created and maintained at the logically centralized controller. SDN achieves it by decoupling the data plane from the control plane. The up-to-date global view at SDN controller enables the applications (running on top of it) to innovate through dynamic network programmability. To establish a global view, a controller needs to discover a physical topology of the underlying SDN network infrastructure, which is challenging due to various reasons such as the lack of SDN protocols standardization and authentication mechanisms, use of sub-optimal link discovery protocols (e.g., OFDP and LLDP), dynamic topology due to movement of virtualized data centers, switches, and multi-tenant cloud networks, and lack of integration of security schemes for the topology discovery. In this paper, we propose a SDN Link Discovery Protocol (SLDP) for efficient discovery and extraction of topology information in SDN networks. The design of SLDP is motivated from the need of a secure, lightweight, and efficient link discovery protocol in SDN. SLDP aims to prevent, detect, and mitigate various security threats such as poison, replay, and flooding attacks, which are due to lack of source authentication, lack of packet integrity checks, and reuse of static packets. SLDP creates and maintains the global network topology at SDN controller by using smaller size and lower number of SLDP packets during the topology discovery process. Thus, it significantly minimizes the topology discovery overhead in the network. We implemented SLDP on Mininet emulator, and the results show the effectiveness and correctness of SLDP concerning topology discovery time, CPU computational time, and bandwidth overheads, when compared with the traditional OpenFlow Link Discovery Protocol (OFDP). Additionally, SLDP successfully prevent, detect, and mitigate various attacks (e.g., poison, replay, and flooding) in different SDN scenarios.
Introduction
For any data center, the essential requirements are robustness and manageability. Software Defined Network (SDN) offers programmability, flexibility, and openness to ensure these requirements [1,2]. Due to the separation of data plane and control plane, the SDN controller exhibits a global view of the underlying network topology, which enables it to make the optimal decisions for various applications that runs on top of the controller. For instance, applications such as load-balancing and shortest pathfinder, uses the global view to function efficiently. The view construction and maintenance require the discovery of underlying network topology, which consists of switches and links. The existing SDN controllers use OpenFlow Discovery Protocol (OFDP) with Link Layer Discovery Protocol (LLDP) packets for link discovery, which is prone to various security threats. In SDN, the global view is generated by performing the switch discovery, the link discovery, and sometimes the host discovery. Once an OpenFlow-enabled switch connects to the network, it performs a TCP three-way handshake with a pre-stored remote socket residing at the SDN controller. After successful handshaking, both negotiate on the OpenFlow version. Subsequently, the switch is asked for its capabilities and ports status. These steps help controller to discover the switch with available ports. To perform various topology-aware activity, link discovery is mandatory. Most of the SDN controllers use OpenFlow Link Discovery Protocol (OFDP) and Link Layer Discovery Protocol (LLDP) for the discovery process.