sOFTDP: Secure and efficient OpenFlow topology discovery protocol

Topology discovery is one of the most critical tasks of Software-Defined Network (SDN) controllers. Current SDN controllers use the OpenFlow Discovery Protocol (OFDP) as the de-facto protocol for discovering the underlying network topology. In a previous work, we have shown the functional, performance and security limitations of OFDP. In this paper, we introduce and detail a novel protocol called secure and efficient OpenFlow Discovery Protocol sOTDP. sOFTDP requires minimal changes to OpenFlow switch design, eliminates major vulnerabilities in the topology discovery process and improves its performance. We have implemented sOFTDP as a topology discovery module in Floodlight for evaluation. The results show that our implementation is more secure than OFDP and previous security workarounds. Also, sOFTDP reduces the topology dis­covery time several orders of magnitude compared to the original OFDP and existing OFDP improvements.

[1]  Spyros G. Denazis,et al.  SDN and ForCES based optimal network topology discovery , 2015, Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft).

[2]  Guy Pujolle,et al.  Fingerprinting OpenFlow Controllers: The First Step to Attack an SDN Control Plane , 2016, 2016 IEEE Global Communications Conference (GLOBECOM).

[3]  Paul Congdon Link Layer Discovery Protocol and MIB , 2002 .

[4]  Marius Portmann,et al.  The (in)security of Topology Discovery in Software Defined Networks , 2015, 2015 IEEE 40th Conference on Local Computer Networks (LCN).

[5]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[6]  Jadwiga Indulska,et al.  Efficient topology discovery in software defined networks , 2014, 2014 8th International Conference on Signal Processing and Communication Systems (ICSPCS).

[7]  Guy Pujolle,et al.  Limitations of openflow topology discovery protocol , 2017, 2017 16th Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net).

[8]  Ruslan L. Smelyanskiy,et al.  Global network modelling based on mininet approach. , 2013, HotSDN '13.

[9]  Pavlin Radoslavov,et al.  ONOS: towards an open, distributed SDN OS , 2014, HotSDN.

[10]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[11]  Lei Xu,et al.  Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures , 2015, NDSS.

[12]  David Erickson,et al.  The beacon openflow controller , 2013, HotSDN '13.

[13]  Ram Dantu,et al.  Forwarding and Control Element Separation (ForCES) Framework , 2004, RFC.