|
|
|
| A secure and high-performance multi-controller architecture for software-defined networking |
| Huan-zhao Wang, Peng Zhang, Lei Xiong, Xin Liu, Cheng-chen Hu |
| Department of Computer Science and Technology, Xi'an Jiaotong University, Xi'an 710049, China; Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, Shijiazhuang 050081, China; MOE Key Laboratory for Intelligent Networks and Network Security, Xi'an Jiaotong University, Xi'an 710049, China |
|
|
|
Abstract Controllers play a critical role in software-defined networking (SDN). However, existing single-controller SDN architectures are vulnerable to single-point failures, where a controller’s capacity can be saturated by flooded flow requests. In addition, due to the complicated interactions between applications and controllers, the flow setup latency is relatively large. To address the above security and performance issues of current SDN controllers, we propose distributed rule store (DRS), a new multi-controller architecture for SDNs. In DRS, the controller caches the flow rules calculated by applications, and distributes these rules to multiple controller instances. Each controller instance holds only a subset of all rules, and periodically checks the consistency of flow rules with each other. Requests from switches are distributed among multiple controllers, in order to mitigate controller capacity saturation attack. At the same time, when rules at one controller are maliciously modified, they can be detected and recovered in time. We implement DRS based on Floodlight and evaluate it with extensive emulation. The results show that DRS can effectively maintain a consistently distributed rule store, and at the same time can achieve a shorter flow setup time and a higher processing throughput, compared with ONOS and Floodlight.
|
|
Received: 07 October 2015
Published: 05 July 2016
|
|
|
一种安全、高性能的软件定义网络多控制器体系结构
目的:控制器在软件定义网络(software-defined networking,SDN)中扮演着至关重要的角色。然而现有的SDN控制器体系结构存在单点失效、响应时延较大等问题。本文提出一种名为分布式数据存储(distributed rule store,DRS)的SDN多控制器体系结构,预先计算流表规则,并分布式缓存在不同控制器实例上。如此,每个控制器仅存储其中的一部分规则,且来自交换机的请求被分配到不同的控制器进行并行处理,从而达到减小响应时延,解决单点失效的目的。
创新点:提出一种名为DRS的软件定义网络多控制器体系结构;通过实验证明该控制器体系结果对于已有的ONOS和Floodlight控制器,数据流建立的时间更短、吞吐量更大。
方法:在控制器中预先计算网络中的流表规则,利用分布式哈希表将这些规则存储在不同的控制器实例上。每个控制器周期性地检查其他控制器中规则的完整性,防止单个控制器上规则的失效和篡改。当交换机请求流表时,系统根据控制器当前负载,将请求分配到相应控制器进行处理。
结论:本文提出的多控制体系结构可以有效保证分布式规则存储的一致性(图5);相对于已有的ONOS和Floodlight控制器,数据流建立的时间更短(图6、7),吞吐量更大(图8);多个控制器实例的负载相对均衡(图9、10)。
关键词:
软件定义网络,
安全,
多控制器,
分布式规则存储
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
| |
Shared |
|
|
|
|
| |
Discussed |
|
|
|
|
