Software Defined Network (SDN) empowers network operators with more flexibility to program their networks. In SDN, dummy switches on the data plane dynamically forward packets based on the rules which are managed by a centralized controller. To apply the rules, switches need to write the rules in its flow table. However, because the size of the flow table is limited, a scalability problem can be an issue. Also, this scalability problem becomes a security issue related to Distributed Denial of Service (DDoS) attacks, especially the resource attack which consumes all flow tables of switches. In this paper, we explore the impact of the resource attack to a SDN network. The resource attack is emulated on the SDN with mininet and OpenDaylight, and the effect of resource attack to the SDN is deeply analyzed in the aspects of delay and bandwidth. Through the evaluation, we highlight the importance of managing the flow tables with the awareness of their size limitation. Also, we discuss solutions which can address the resource attack and their challenges.
[1]
W. Marsden.
I and J
,
2012
.
[2]
Guofei Gu,et al.
Attacking software-defined networks: a first feasibility study
,
2013,
HotSDN '13.
[3]
Nick McKeown,et al.
OpenFlow: enabling innovation in campus networks
,
2008,
CCRV.
[4]
David Walker,et al.
Incremental consistent updates
,
2013,
HotSDN '13.
[5]
Dawei Li,et al.
Evaluation of Security Vulnerabilities by Using ProtoGENI as a Launchpad
,
2011,
2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.
[6]
Sujata Banerjee,et al.
DevoFlow: scaling flow management for high-performance networks
,
2011,
SIGCOMM.
[7]
Sujata Banerjee,et al.
DevoFlow: scaling flow management for high-performance networks
,
2011,
SIGCOMM 2011.
[8]
Fernando M. V. Ramos,et al.
Towards secure and dependable software-defined networks
,
2013,
HotSDN '13.
[9]
Kevin Benton,et al.
OpenFlow vulnerability assessment
,
2013,
HotSDN '13.