Similar articles

Abstract: Controllers play a critical role in software-defined networking (SDN). However, existing single-controller SDN architectures are vulnerable to single-point failures, where a controller’s capacity can be saturated by flooded flow requests. In addition, due to the complicated interactions between applications and controllers, the flow setup latency is relatively large. To address the above security and performance issues of current SDN controllers, we propose distributed rule store (DRS), a new multi-controller architecture for SDNs. In DRS, the controller caches the flow rules calculated by applications, and distributes these rules to multiple controller instances. Each controller instance holds only a subset of all rules, and periodically checks the consistency of flow rules with each other. Requests from switches are distributed among multiple controllers, in order to mitigate controller capacity saturation attack. At the same time, when rules at one controller are maliciously modified, they can be detected and recovered in time. We implement DRS based on Floodlight and evaluate it with extensive emulation. The results show that DRS can effectively maintain a consistently distributed rule store, and at the same time can achieve a shorter flow setup time and a higher processing throughput, compared with ONOS and Floodlight.

The paper presents a distributed controller architecture for SDN deployments. The key mechanism proposed is a distributed rule store that maintains a global view of the network state and allows each controller to make local decisions based on this global view. The DRS design tries to guarantee that this global view is consistent at all times. The paper is well written and well motivated.

一种安全、高性能的软件定义网络多控制器体系结构

[1]Berde, P., Gerola, M., Hart, J., et al., 2014. ONOS: towards an open, distributed SDN OS. Proc. 3rd Workshop on Hot Topics in Software Defined Networking, p.1-6.

[2]Dittrich, D., 1999. The DoS Project’s ‘Trinoo’ Distributed Denial of Service Attack Tool. University of Washington, USA. Available from http://staff.washington.edu/dittrich/misc/trinoo.analysis.txt.

[3]Dixit, A., Hao, F., Mukherjee, S., et al., 2013. Towards an elastic distributed SDN controller. ACM SIGCOMM Comput. Commun. Rev., 43(4):7-12.

[4]Floodlight Project, 2016. Floodlight Controller. Available from http://www.projectfloodlight.org/floodlight/.

[5]Gude, N., Koponen, T., Pettit, J., et al., 2008. NOX: towards an operating system for networks. ACM SIGCOMM Comput. Commun. Rev., 38(3):105-110.

[6]Karger, D., Lehman, E., Leighton, T., et al., 1997. Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the World Wide Web. Proc. 29th Annual ACM Symp. on Theory of Computing, p.654-663.

[7]Katta, N.P., Rexford, J., Walker, D., 2013. Incremental consistent updates. Proc. 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, p.49-54.

[8]Koponen, T., Casado, M., Gude, N., et al., 2010. Onix: a distributed control platform for large-scale production networks. Proc. 9th USENIX Symp. on Operating Systems Design and Implementation, p.1-6.

[9]Krishnamurthy, A., Chandrabose, S.P., Gember-Jacobson, A., 2014. Pratyaastha: an efficient elastic distributed SDN control plane. Proc. 3rd Workshop on Hot Topics in Software Defined Networking, p.133-138.

[10]Lakshman, A., Malik, P., 2010. Cassandra: a decentralized structured storage system. ACM SIGOPS Oper. Syst. Rev., 44(2):35-40.

[11]Lantz, B., Heller, B., McKeown, N., 2010. A network in a laptop: rapid prototyping for software-defined networks. Proc. 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Article 19.

[12]Mahajan, R., Wattenhofer, R., 2013. On consistent updates in software defined networks. Proc. 12th ACM Workshop on Hot Topics in Networks, Article 20.

[13]McGeer, R., 2012. A safe, efficient update protocol for OpenFlow networks. Proc. 1st Workshop on Hot Topics in Software Defined Networks, p.61-66.

[14]McKeown, N., Anderson, T., Balakrishnan, H., et al., 2008. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev., 38(2):69-74.

[15]Merkle, R.C., 1988. A digital signature based on a conventional encryption function. In: Pomerance, C. (Ed.), Advances in Cryptology, p.369-378.

[16]NOXRepo, 2016. The POX Controller. Available from http://www.noxrepo.org/.

[17]OpenDaylight Project, 2016. The OpenDaylight Controller. Available from https://www.opendaylight.org/.

[18]Ousterhout, J., Agrawal, P., Erickson, D., et al., 2010. The case for RAMClouds: scalable high-performance storage entirely in DRAM. ACM SIGOPS Oper. Syst. Rev., 43(4):92-105.

[19]Paul, S., 2014. Software Defined Application Delivery Networking. PhD Thesis, School of Engineering & Applied Science, Washington University in St. Louis, USA.

[20]Perešíni, P., Kuzniar, M., Vasić, N., et al., 2013. OF.CPP: consistent packet processing for OpenFlow. Proc. 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, p.97-102.

[21]Pfaff, B., Pettit, J., Amidon, K., et al., 2009. Extending Networking into the Virtualization Layer. Available from http://openvswitch.github.io/papers/hotnets2009.pdf.

[22]Reitblatt, M., Foster, N., Rexford, J., et al., 2012. Abstractions for network update. Proc. ACM SIGCOMM Conf. on Applications, Technologies, Architectures, and Protocals for Computer Communication, p.323-334.

[23]Ryu SDN Framework Community, 2014. The Ryu Controller. Available from http://osrg.github.io/ryu/.

[24]Shin, S., Yegneswaran, V., Porras, P., et al., 2013. AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks. Proc. ACM SIGSAC Conf. on Computer & Communications Security, p.413-424.

[25]Stoica, I., Morris, R., Karger, D., et al., 2001. Chord: a scalable peer-to-peer lookup service for Internet applications. ACM SIGCOMM Comput. Commun. Rev., 31(4):149-160.

[26]Tootoonchian, A., Ganjali, Y., 2010. HyperFlow: a distributed control plane for OpenFlow. Proc. Internet Network Management Conf. on Research on Enterprise Networking, p.1-6.

[27]Yeganeh, S.H., Ganjali, Y., 2012. Kandoo: a framework for efficient and scalable offloading of control applications. Proc. 1st Workshop on Hot Topics in Software Defined Networks, p.19-24.