Security in Software Defined Networks (SDNs) has been a major concern for its deployment. Byzantine threats in SDNs are more sophisticated to defend since control messages issued by a compromised controller look legitimate. Applying traditional Byzantine Fault Tolerance approach to SDNs requires each switch to be mapped to 3f + 1 controllers to defend against f simultaneous controller failures. This approach, on one hand, overloads the controllers due to multiple requests from switches. On the other hand, it raises new challenges concerning the switch-controller mapping and determining minimum number of controllers required in the network. In this paper, we present a novel primary-backup controller mapping approach in which a switch is mapped to only f + 1 primary and f backup controllers to defend against simultaneous Byzantine attacks on f controllers. We develop an optimization programming formulation that provides the switch-controller mapping solution and minimizes the total number of controllers required. We consider the controller processing capacity and communication delay between switches and controllers as problem constraints. Our approach also facilitates capacity sharing of backup controllers when two switches use the same backup controller but do not need it simultaneously. We demonstrate the effectiveness of the proposed approach through numerical analysis. The results show that the proposed approach significantly reduces the total number of controllers required by up to 50% compared to an existing scheme while guaranteeing better load balancing among controllers with a fairness index of up to 0.92.
[1]
Leslie Lamport,et al.
Reaching Agreement in the Presence of Faults
,
1980,
JACM.
[2]
Yashar Ganjali,et al.
On scalability of software-defined networking
,
2013,
IEEE Communications Magazine.
[3]
Sujata Banerjee,et al.
DevoFlow: cost-effective flow management for high performance enterprise networks
,
2010,
Hotnets-IX.
[4]
Karim M. El Defrawy,et al.
Byzantine Fault Tolerant Software-Defined Networking (SDN) Controllers
,
2016,
2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).
[5]
Roberto Bifulco,et al.
Towards Scalable SDN Switches: Enabling Faster Flow Table Entries Installation
,
2015,
Comput. Commun. Rev..
[6]
Leslie Lamport,et al.
The Byzantine Generals Problem
,
1982,
TOPL.
[7]
Song Guo,et al.
Byzantine-Resilient Secure Software-Defined Networks with Multiple Controllers in Cloud
,
2014,
IEEE Transactions on Cloud Computing.
[8]
Miguel Castro,et al.
Practical byzantine fault tolerance and proactive recovery
,
2002,
TOCS.
[9]
Miguel Correia,et al.
Efficient Byzantine Fault-Tolerance
,
2013,
IEEE Transactions on Computers.