SDN and its Importance in Network Management

Software defined networks (SDN) generally empowers various kinds of network operators with various kinds of flexibility for the Network. With the help of SDN, management of network moves for analyzing functionality in various kinds of low level device configuration which is used for building and creating software which will help in management of network and debugging [1]. According to SDN provides proper way which can be easily used for solving various kinds of problems in networking like routing. On the other hand, it allows use of security and various kinds of techniques like access control and multipath. SDN application are nothing but certain number of programs which helps in communication of behaviors and need various kinds of resources within the SDN controller through the help of Application Programming Interference (API) [2].

In the coming pages of the report various of the important terms like manipulation of network, diversion of traffic and denial of service attack has been discussed with respect to software defined networks. Manipulation of network can be done only with the help of control plane. Diversion of traffic is nothing but a kind of network plane which is based or depended on data plane. Denial of service is a well-known type of attack which can be used for affecting the various types or kinds of SDN. Various kinds of application can easily build abstracted view of the network and this generally works by creating an abstract view of document which can easily work by proper collection of information from the controller which is used for various kinds of process related to decision making. This kind of application is generally inclusive of various kinds of task which is inclusive of management, analytics and various kinds of business application which can be used for running large data centers [3].   

The controller layer of SDN can be considered to be a kind of logical entity which generally receives various kinds of instruction or requirements from the application layer of SDN which is generally depends on various kinds of network. The controller mainly helps in extraction of SDN which generally comes up with an abstract view of the various kinds of networks which is inclusive of statistics and various kinds of events [1]. The networking of SDN device and control has forwarding and processing of capabilities for various kinds of networks. This is generally inclusive of processing and proper forwarding of path of data.

Benefits of SDN – Centralized Provisioning, Security, and Cost Savings

Overflow is generally considered to be first type of SDN (Software defining Networking) standard or type [5]. It mainly focusses on the communication protocol in the environment of SDN which provides the SDN controller so that it can directly interact with the various kinds of network devices like router and switches. It can both in physical environment which can easily work as per the need of evolving requirement of business.  An SDN controller is generally considered to be brain of SDN network which provides information to various kinds of switches and routers [6]. 

Traditional configuration is time consuming and more prone to various kinds of error. Various kinds of steps are generally needed when an IT administrator needs to add or eliminate device which is present in a traditional kind or type of network [7]. The next procedure is nothing management at device level tool for updating of various kinds of configuration based setting which is inclusive of various kinds of parameters like ACL, VLAN and other kind of Quality of service. The multi-vendor generally requires a high value of expertise. An average organization generally owns variety of equipment at large number of vendors. For successful completion of a configuration an administrator generally needs or require extensive type of knowledge which is generally based on various kinds of devices. Traditional architecture generally complicates the segmentation of network [8]. In the upcoming years various gadgets like PC and smartphone, alarm system will be connected to the cloud through internet. Various types of traditional network have many kinds of device working in same zone. By the help of this platform hackers can easily get various kinds of network components.

On the contrary there are many kinds of benefits associated with SDN that are accuracy, consistency and benefits. Traditional networking needs configuration which is generally executed on basis of device by device. A key function of SDN approach is automatic approach which can be easily used for proper management of network [9]. Apart from upgrading the efficiency and accuracy of configuration this method or process can be used for improvisation of responsiveness of a network. The second benefit which is associated with SDN is optimization of flow of data. In spite of having single path which is for flow of communication to the addressed to destination. The main task of SDN controller is mainly help in identification of multiple path for flow of data. This particular method or technique of approach allow the flow of traffic across into various kinds of nodes [10]. Performance of network and scalability is improvised by proper optimization of the path of network which is generally used flow of data between source and nodes at the destination. 

Key Security Challenges in SDN – Network Manipulation, Diversion of Traffic, and DoS Attacks

There are large number of advantage of SDN (Software Defined Network):

Provisioning of Network in a centralized way: SDN (Software Defined Network) provides the view in a centralized way so that overview of the network is possible which helps in centralized management and its provisioning [11]. By making use of control and data planes, SDN can easily accelerate delivery of various kinds of services and also provides provisioning in both types of virtual and physical type of networks devices from a particular central based location.

 Better Security:   One of best advantage of SDN that is attractive to various kinds of IT managers is the security which is provided by it. With development of virtualization network management has become more complex and challenging in nature [12]. When complexity such as securing of various kinds of BYOD device the security problem is checked or analyzed. The controller at SDN provides a point which can be used for distribution of security and policies of information through various enterprises.

 Lower Operating Cost:  Efficiency of administrative, improvisation of utilization of server, controlling of virtualization and other kinds of benefits generally result in operational kind of savings. SDN should result in administrative kind of saving.

Generally, SDN is considered to be beneficial for various kinds of IT solution and providers of cloud. There are many kinds of challenges which are encountered in SDN that are control placement, scalability, performance and reliability [5]. The controller of SDN must be configured wisely for prevention against various manual errors and increase the availability of network. In a centralized architecture of SDN, a controller is generally in charge of various kinds of networks and if there is failure in this network then the whole network will collapse.

The second issue which can be encountered is the issue of scalability, because of this kind of approach works as long as API is connected to it [7]. The centralized view of network generally accelerates the change which is seen in a control panel. 

The upgradation or evolution of Networks has ultimately resulted in creation of new kinds of attacks which have various kinds of unidentified types of risk which is associated with it [9]. There are mainly nine types of SDN attacks:   

• Manipulation of networks
• Diversion of traffic
• DOS (Denial of service) attack

Manipulation of Network: This can be done only with the help of control plane and in this technique an attacker compromises with the SDN controller and generally produces data of network and produces or initiates various kinds of attack on then network [3]. In other words, Network manipulation can be easily defined as any kind of attempt which is needed for web graph and social network which can easily manipulate various kinds of tools in a much beneficial way to the manipulators. The modification in a network can be easily defined as a term which is used for altering the structure and its contents [5]. Each of the network manipulation technique is generally implemented by making use of structure of various kinds of network components.

Protection:  To overcome this attack, SDN controller should have an entity based on redundancy and channel used for communication should be protected by making use of strong encryption techniques or methods.

Diversion of traffic: This type of attack generally occurs to the network element which is present at data plane. This type of attack generally consists of redirecting of traffic flow and it also allows eavesdropping [3]. Radar system can be easily used for real-time traffic diversion. Radar technology is generally used for detection and diversification of various kinds of malicious traffic for ensuring safety of a location.  Radar system is generally inclusive of network monitoring and diversion of traffic with detection of threat [7].

Protection: This can be only achieved with help of elements in a secure network and its communication channel which comprises of strong kind of encryption.

Denial of service attack:  This is a well-known type of attack which generally affect the various parts of an SDN. By making use of DOS attacker can easily reduce or provide complete denial of a service which is provide various kinds of SDN services [3]. A denial of service attack is a kind of attack which generally takes place when an attacker takes some kinds of action which prevents the user from accessing a particular system. There are some guidelines which can be used for determining DOS attack [1]. There are generally two methods of DOS attack that is flooding service or crashing service. Flood attacks generally occur when the system receiver have too much of traffic for server to buffer which ultimately results in slowing down of it [10].  Some popular type of flood attack is butter flow attack, ICMP flood and lastly SYN flood.  Buffer overflow attack is the most well-known type of DOS attack.

• Degradation of performance especially when it comes to open of files which are generally stored on networks or accessing various kinds of website.
• Unable to reach a particular website
• A much higher number of emails than usual email.

Protection: The issue can be easily overcome by using rate of limitation and techniques of packet of packet dropping at the control plane. 

References 

[1]T. Muciaccia and V. Passaro, “Future Scenarios for Software-Defined Metro and Access Networks and Software-Defined Photonics“, Photonics, vol. 4, no. 1, p. 1, 2017.

[2]K. Benzekki, A. El Fergougui and A. Elbelrhiti Elalaoui, “Software-defined networking (SDN): a survey”, Security and Communication Networks, vol. 9, no. 18, pp. 5803-5833, 2016.

[3]P. Bory?o, J. Dom?a? and R. Wójcik, “Survivable Automatic Hidden Bypasses in Software-Defined Networks“, Computer Networks, 2018.

[4]A. Leon-Garcia, P. Ashwood-Smith and Y. Ganjali, “Software Defined Networks”, Computer Networks, vol. 92, pp. 209-210, 2015.

[5]P. Murali Mohan, T. Truong-Huu and M. Gurusamy, “Fault tolerance in TCAM-limited software defined networks”, Computer Networks, vol. 116, pp. 47-62, 2017.

[6]S. Lin, P. Wang and M. Luo, “Control traffic balancing in software defined networks”, Computer Networks, vol. 106, pp. 260-271, 2016.

[7]M. Channegowda, R. Nejabati and D. Simeonidou, “Software-Defined Optical Networks Technology and Infrastructure: Enabling Software-Defined Optical Network Operations [Invited]”, Journal of Optical Communications and Networking, vol. 5, no. 10, p. A274, 2013.

[8]”Special Issue on Software-Defined Wireless Networks”, The Computer Journal, vol. 60, no. 10, pp. 1415-1416, 2017.

[9]H. Farhady, H. Lee and A. Nakao, “Software-Defined Networking: A survey”, Computer Networks, vol. 81, pp. 79-95, 2015.

[10]B. Xiong, X. Peng and J. Zhao, “A Concise Queuing Model for Controller Performance in Software-Defined Networks”, Journal of Computers, vol. 11, no. 3, pp. 232-237, 2016.