SDN Overview of Network

Question: Discuss about the SDN Overview of Network. Answer: Introduction Software Defined Networking makes the network administrator job to be easier, flexible to manage the high demanded traffic of today. The huge network traffic congestion issues can be well mitigated with the new architectural components. Every new technology brings huge benefits, along with potential challenges that need to be addressed, at higher priority level. Software Defined Networking Software Defined Networking (SDN) is a new networking approach that gives great flexibility to the network administrators to control and manage the services of the network, through high level functionality abstract. It provides emerging architecture that can be ideal for dynamic nature, higher bandwidth that suits the applications of today, by being manageable, adaptable, dynamic and cost-effective. ONF (Open Networking Foundation) group is associated with the standardization and development of the Social Defined Networking. So, SDN is, Directly Programmable Network control can be programmable directly, because of its decoupling from the forwarding functions. Centrally Managed In the SDN controllers, that are software based, Network intelligence is well centralized logically and network global view is maintained that could appear to the policy engines and applications as a logical and single switch. Agile The control can be abstracted, so that it lets the administrator able to adjust the traffic flow that is network wide, so that the dynamically changing needs could be met. Open standards-based and vendor-neutral SDN can simplify the design and operation of the network, as the instructions are proposed and given by the controller of the SDN, rather than vendor specific, multiple protocols and devices. Programmatically Configured SDN allows the managers of the network to configure, secure, optimize, manage the resources of the network very quickly through automated and dynamic programs of SDN, which can be easily written by the managers and these instructions are not dependent over the proprietary software. Architecture Figure: SDN System Architecture (Source, ONF) Key Concepts in SDN Architecture Business Applications Business applciations are the applications that are consumable by the customers, directly. These possibilities are supply chain managmenet, video conferencing and customer relationship management. Network and Security Services It is a functionality, through which the business applciations are enabled for perform securely and efficiently. Pure SDN Switch When a pure SDN switch is considered, traditional switch control functions are executed in the central controller. the switch functionality is entirely restricted to the data plane. Hybrid Switch When hybrid switch is considered, both the traditional switching protocols and SDN technologies can be operated and run simultaneously. The network manager can statistically configure the controller of the SDN so that the certain traffic flows can be identified, discovered and controlled, whereas the traditional and distributed networking protocols direct the remaining traffic is left directly. Hybrid Network Northbound API establishes the communication in between the business application layer and control layer. Southbound API The southbound API establishes communication in between infrastructure and control layer, through the OpenFlow, XMPP (eXtensible Messaging and Presence Protocol). Seurity Issues The security risks in implementing the SDN technology stand still in the state of infancy. Vectors for Attach There can be a security issue in the separation of forwarding plane and control plane. Usually, the archicture of SDN is divided into 3 different layers, called application, controller and infrastructure layers, while the last layer consists of the services and applciations that can configure and request the infrastructure of the SDN. These three are possible vectors fo attack and in addition to that, the security issue is further complex with the technology. Figure: SDN Security Attack Vectors The major issue with the SDN technology is that it relies over new encapsulation and overlay technique, for which many of the present tools of security cannot inspect and understand the traffic of the SDN. Data Layer, SouthBound There are many of the Southbound protocols and APIs, used by the SDN controller for communication over the network and each of them employs own securing communications, however, they are not developed with full security taken into consideration. The increased user-friendliness interface of the API created increased network surface attack of the network infrastructure. The network elements can be targeted and attacked right within the network itself. The attack can be by gaining unauthorized access, either virtually or physically to the network or even try to compromise the host to attack and the network elements and destabilize the networks. Controller Layer The SDN controller can be targeted for various intentions and purposes. The attack can be to instantiate new network flows by spoofing messages of either northbound or southbound messages towards better access to the network devices. When it is successful, then the traffic can be allowed to attack the SDN and can bypass the pre-defined policies for security. SDN Layer It is likely that the northbound protocol can be attacked. If the attack is possibly leveraged for the northbound APIs that are vulnerable, then SDN network will be in control of the attacker through the controller. the attacker can even create new and convenient policies for SDN to gain and access the environment of the SDN. Security Framework Securing Controller Layer Since the controller is considered as a key target attack, so it should be well hardened. Hardening the controller security posture, needs hardening of the host operating system. The best practices to harden the Linux servers public facing are made applicable. SDN systems should allow secure configuration and access that is authenticated by the administrator to controller. RBAC (Role-Based Access Control) policies are needed for administrators of the controllers. Audit trials and logging can be the best used to check for any possible unauthorized changes, performed by the administrators. In case, the controller is attacked for DoS, then High-Availability (HA) controller architecture can be beneficial. Redundant controllers of the SDN, though suffer from the loss, they still continue to function. It would definitely raise the expert level bar for the attacker, who tries to attack all of these controllers for DoS. In addition to that, the attacker wont be particularly stealthy and further aims of the attacker will remain undetected. Conclusion Software Defined Networks are as beneficial as security vulnerable. The technology of not only development of the SDN should be developed, but also make the security levels to be confident and hardened, otherwise the number of threats will be more than the benefits, yielding from the SDN. References B. McGillicuddy, "SDN security issues: How secure is the SDN stack?," SearchSDN, 2014. [Online]. Available: https://searchsdn.techtarget.com/news/2240214438/SDN-security-issues-How-secure-is-the-SDN-stack. Accessed: May 26, 2016. Benton, Kevin and Camp, L Jean and Small, Chris "Openflow vulnerability assessment".Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. 2013 Braga, Rodrigo and Mota, Edjard and Passito, Alexandre "Lightweight DDoS flooding attack detection using NOX/OpenFlow".Local Computer Networks (LCN), 2010 IEEE 35th Conference, 2010. Jin, Ruofan and Wang, Bing "Malware detection for mobile devices using software-defined networking".Research and Educational Experiment Workshop (GREE), 2013 Second GEN, 2013 Kreutz, Diego and Ramos, Fernando and Verissimo, Paulo "Towards secure and dependable software-defined networks".Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. 2013 R. Millman, "How to secure the SDN infrastructure," ComputerWeekly, 2015. [Online]. Available: https://www.computerweekly.com/feature/How-to-secure-the-SDN-infrastructure. Accessed: May 26, 2016. S. Hogg, "SDN security attack vectors and SDN hardening," Network World, 2014. [Online]. Available: https://www.networkworld.com/article/2840273/sdn/sdn-security-attack-vectors-and-sdn-hardening.html. Accessed: May 26, 2016. Scott-Hayward, Sandra and O'Callaghan, Gemma and Sezer, Sakir (2013). "SDN security: A survey".Future Networks and Services (SDN4FNS), IEEE SDN, 2013