A secure and high-performance multi-controller architecture for software-defined networking |
| |
| Authors: | Huan-zhao Wang Peng Zhang Lei Xiong Xin Liu Cheng-chen Hu |
| |
| Affiliation: | 1.1Department of Computer Science and Technology,Xi’an Jiaotong University,Xi’an,China;2.Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory,Shijiazhuang,China;3.MOE Key Laboratory for Intelligent Networks and Network Security,Xi’an Jiaotong University,Xi’an,China |
| |
| Abstract: | Controllers play a critical role in software-defined networking (SDN). However, existing single-controller SDN architectures are vulnerable to single-point failures, where a controller’s capacity can be saturated by flooded flow requests. In addition, due to the complicated interactions between applications and controllers, the flow setup latency is relatively large. To address the above security and performance issues of current SDN controllers, we propose distributed rule store (DRS), a new multi-controller architecture for SDNs. In DRS, the controller caches the flow rules calculated by applications, and distributes these rules to multiple controller instances. Each controller instance holds only a subset of all rules, and periodically checks the consistency of flow rules with each other. Requests from switches are distributed among multiple controllers, in order to mitigate controller capacity saturation attack. At the same time, when rules at one controller are maliciously modified, they can be detected and recovered in time. We implement DRS based on Floodlight and evaluate it with extensive emulation. The results show that DRS can effectively maintain a consistently distributed rule store, and at the same time can achieve a shorter flow setup time and a higher processing throughput, compared with ONOS and Floodlight. |
| |
| Keywords: | |
| 本文献已被 SpringerLink 等数据库收录! |
|
