Congestion control using openflow in software defined data. In this paper, we have addressed the issue of topology discovery in openflow based software defined networks. Lldp based link latency monitoring in software defined. The openflow protocol, the main sdn enabler, doesnt specify how to proceed with the topology discovery. Analysis of topology poisoning attacks in softwaredefined. Current trends of topology discovery in openflowbased. By the use of received information from switches, the. Openflow does not specify the content of the metadata field. Lldp message is 0x88cc, this information is vital to. Quickly create your virtual test environment for complex network configurations. Limitations of openflow topology discovery protocol arxiv. This paper extends our previous work on ofdp limitations 3 by detailing the design of a secure and ef. Decouple topology, traffic and interlayer dependencies dynamic multilayer networking. Software defined networking sdn architecture and role.
Topology discovery, which provides the sdn controller with the network graph, is vulnerable to the link fabrication attack, where the attacker can easily inject a spoofed lldp packet to poison. Limitations of openflow topology discovery protocol. Openflow switchs bootup time total topology discovery time of 200 switches by nec controller time difference between the above. The controller then uses a separate open flow packet. All these lldp packets have their chassis id and port idtlvs initialized accordingly. One caveat is that the vlan swtich quanta in the figure drops some l2 control packet including 802. However, hosts do not understand lldp or openflow, and will simply ignore any lldp packet they receive as part of the topology discovery process. Final report multidomain openflow topology exchange mote open call deliverable ocqds3. Openflow lldp example 1 the topology discovery is done by the openflow controller. Most of the current sdn controller platforms perform topology discovery using openflow discovery protocol ofdp mechanism, which leverages lldp the link layer discovery protocol. Pdf limitations of openflow topology discovery protocol. Pdf the explosion of internet services such as video on demand, big data, server.
Therefore, the xnc controller use cases such as topology independent forwarding and latency optimized forwarding may not be work correctly on the cisco nexus 5500 and cisco nexus 6000 switches. Topology creation component this component aims to discover, storing link status to make network current topology. About brent salisbury brent salisbury works as a network architect with over 15 years of networking experience in large enterprise, healthcare and regional provider networks. If we go to nodes, make this a bit bigger, we can see that there are four openflow switches, open for switch one, two, three. C2, which many openflow controllers use to discover the network topology. Application demand is pushing it to meet service and scale levels beyond what is possible with traditional networks. Openflow, is used to communicate data between flow tables. Software defined networking, openflow protocol and its. In this example, you configure support for openflow on an ex9200 switch. Openflow discovery protocol ofdp is the defacto protocol used by openflow controllers to discover the underlying topology.
Dealing with lldp topology discovery in exogeni slices. The cisco nexus 5500 and cisco nexus 6000 switches do not support the openflow action to rewrite the layer2 destination mac address. Pdf current trends of topology discovery in openflowbased. A scalable architecture for openflow sdn controllers filipe fernandes azevedo thesis to obtain the master of science degree in information systems and computer engineering supervisors. Efficient topology discovery in software defined networks. Cisco open sdn controller platform as an open source based software, the open sdn controller continuously advances through ongoing cisco innovation and the support of the opendaylight community. Next stages of the pipeline need to know the contents and format of the information in the metadata field. Pdf the insecurity of topology discovery in openflowbased. The defacto openflow topology discovery protocol ofdp adapts the link layer discovery protocol lldp with certain modifications, but performs topology discovery in fixed sdn environments. Using link layer discovery protocol lldp, this component sends lldp packet on all ports for link detection. Controller determines the topology from lldp packets lldp is a oneway protocol to advertise the capabilities at fixed intervals. It helped us to clearly identify the issues with lldp topology discovery and we described how to address some of them. Greg has been researching and discussing openflow since early 2011 and belives that sdnopenflow is the future of networking no matter what the vendors say.
Software defined networking sdn architecture and role of openflow in our previous article, we had a good overview of sdn as a technology, why its needed, and how it industry is adopting it. Secure and efficient topology discovery protocol for sdn arxiv. The triangle topology configuration with three switches. Weve got one pc, four openflow switches, and theres our topology. In addition, attention is focused on layer 2 discovery protocols lldp and bddp and major limitations of these procedures are discussed. Efficient topology discovery in openflowbased software. In this test, the following three performances are measured. In this article, courtesy of rajesh gopidi, we are going to introduce you to a way of dealing with lldpbased topology discovery in openflow slices, i. Also the procedure of topology discovery in a network composed by nonopenflow and openflow switches are presented. This document is the final deliverable of the multidomain openflow topology exchange mote. Effective topology tampering attacks and defenses in softwarede. A generic and configurable topology discovery service for. Ixia ixnetwork emulates up to 200 openflow switches in fattree topology and nec pfc initiates lldpbased topology discovery.
This download provides a readytouse mininet datacenter configuration examples. Openflow is like an x86 instruction set for the network. Softwaredefined networking and openflow sciencedirect. Review sdn and openflow architectures using physical, logical, and reserved ports and physical, virtual, and hybrid switches, such as raspberry pi and mininet. Now, lets get a layer deeper, and understand sdns architecture and the role of the openflow protocol in the implementation of the technology.
Classes of topology tampering attacks, topoguard, and sphinx are discussed in section iii. Controller learns topology packetout lldp devices and other participating of switches discovered and mapped. Openflow in a day the research arm of indiana center for. The datapath id id is the unique key identifier made up of the switch mac and an id assigned by the controller. Odl beryllium sr4 is working as expected with just restconf, l2switchswitch, mdsalapidocs and dluxall. Since all switches in the controllers network have a rule to send lldp packets to the controller, the. Link between sdn control and infrastructure layers ofenabled infrastructure communicates with an of controllervia the of protocol. Lldp link layer discovery protocol is an ieee institute of electrical and electronics engineers standard protocol ieee 802. We develop proofofconcept implementations for these attacks in emulated networks based on openflow, the most popular framework for sdn. Each lldp frame is composed of a header and a payload lldp data unit called lldpdu as shown in fig. Pdf the insecurity of topology discovery in software.
An introduction to software defined networking and openflow. Observing that existing openflow controllers often insert link layer discovery protocol lldp 6 packets to the data plane to discover the global network topology, we therefore propose a novel link latency monitoring approach based on lldp in sdns to address the above issues a link represents a route with only two adjacent switches in this. Forge an lldp packet for every combination of switch, port 2. Using nonstandard lldp destination can avoid this issue. The lldp packets content and frequency is different from one controller to another, which allows fingerprinting attacks on sdn controllers. Opendaylight openflow tutorial networkstatic brent. Final report multidomain openflow topology exchange. In this paper, we show that ofdp has some serious security, efficiency. Effective topology tampering attacks and defenses in. Pdf efficient topology discovery in software defined. Pdf the insecurity of topology discovery in openflow. Maturing of openflow and softwaredefined networking. Send the lldp packet as payload of an openflow message to the switch via the control channel the procedure is executed every e. The switch has three interfaces that are dedicated to handling openflow traffic.
For instructions on how to use this download, please view this article. Sdn and openflow a tutorial ip infusion proprietary and confidential. Discovering a unidirectional link in ofdp figure 1 shows how ofdp works. After a while the rst transmissions have ended and now it simply stucks at openflow feature request, becoming a loop. Software defined networking, openflow protocol and its controllers isaku yamahata valinux systems japan k. We identify three base cases of the topology poisoning attack, in which the attack that requires a single compromised switch is a new variant of topology poisoning. Since all switches in the controllers network have a rule to send lldp packets to the controller, the controller is able to determine the topology. Current sdn controllers such as ryu1, opendaylight2 etc.
1529 86 1018 965 812 846 979 530 1382 1329 1494 91 910 677 539 207 954 856 131 707 236 870 183 682 1222 564 152 939 320 281 893 235 1247 219 1344 712 1213 140 398 1393 477 210 191 1246 434 697 1127 1107