Maximizing SDN resilience to node-targeted attacks through joint optimization of the primary and backup controllers placements

IF 1.6 4区计算机科学 Q4 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Networks Pub Date : 2023-12-06 DOI:10.1002/net.22201

Michał Pióro, Mariusz Mycek, Artur Tomaszewski, Amaro de Sousa

{"title":"Maximizing SDN resilience to node-targeted attacks through joint optimization of the primary and backup controllers placements","authors":"Michał Pióro, Mariusz Mycek, Artur Tomaszewski, Amaro de Sousa","doi":"10.1002/net.22201","DOIUrl":null,"url":null,"abstract":"In software defined networks (SDN) packet data switches are configured by a limited number of SDN controllers, which respond to queries for packet forwarding decisions from the switches. To enable optimal control of switches in real time the placement of controllers at network nodes must guarantee that the controller-to-controller and switch-to-controller communications delays are bounded. Apart from the primary controllers that control the switches in the nominal state, separate backup controllers can be introduced that take over when the primary controllers are unavailable, and whose delay bounds are relaxed. In this paper, we present optimization models to jointly optimize the placement of primary and backup controllers in long-distance SDN networks, aimed at maximizing the network's resilience to node-targeted attacks. Applying the models to two well-known network topologies and running a broad numerical study we show that, when compared with the standard approach of using only primary controllers, the use of backup controllers provides significant resilience gains, in particular in case of tight delay bounds.","PeriodicalId":54734,"journal":{"name":"Networks","volume":"194 1","pages":""},"PeriodicalIF":1.6000,"publicationDate":"2023-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Networks","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1002/net.22201","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

In software defined networks (SDN) packet data switches are configured by a limited number of SDN controllers, which respond to queries for packet forwarding decisions from the switches. To enable optimal control of switches in real time the placement of controllers at network nodes must guarantee that the controller-to-controller and switch-to-controller communications delays are bounded. Apart from the primary controllers that control the switches in the nominal state, separate backup controllers can be introduced that take over when the primary controllers are unavailable, and whose delay bounds are relaxed. In this paper, we present optimization models to jointly optimize the placement of primary and backup controllers in long-distance SDN networks, aimed at maximizing the network's resilience to node-targeted attacks. Applying the models to two well-known network topologies and running a broad numerical study we show that, when compared with the standard approach of using only primary controllers, the use of backup controllers provides significant resilience gains, in particular in case of tight delay bounds.

查看原文本刊更多论文

通过联合优化主控制器和备份控制器的位置，最大限度地提高SDN对节点目标攻击的弹性

在软件定义网络(SDN)中，数据包数据交换机由有限数量的SDN控制器配置，这些控制器响应来自交换机的数据包转发决策查询。为了实现对交换机的实时最优控制，控制器在网络节点上的放置必须保证控制器到控制器和交换机到控制器的通信延迟是有界的。除了在标称状态下控制交换机的主控制器之外，还可以引入单独的备份控制器，当主控制器不可用时接管，并且其延迟界限是宽松的。在本文中，我们提出了优化模型，以共同优化远程SDN网络中主备控制器的位置，旨在最大限度地提高网络对节点目标攻击的弹性。将模型应用于两种知名的网络拓扑并进行广泛的数值研究，我们表明，与仅使用主控制器的标准方法相比，使用备份控制器提供了显着的弹性增益，特别是在延迟边界较紧的情况下。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Networks 工程技术-计算机：硬件

CiteScore

4.40

自引率

9.50%

发文量

审稿时长

12 months

期刊介绍： Network problems are pervasive in our modern technological society, as witnessed by our reliance on physical networks that provide power, communication, and transportation. As well, a number of processes can be modeled using logical networks, as in the scheduling of interdependent tasks, the dating of archaeological artifacts, or the compilation of subroutines comprising a large computer program. Networks provide a common framework for posing and studying problems that often have wider applicability than their originating context. The goal of this journal is to provide a central forum for the distribution of timely information about network problems, their design and mathematical analysis, as well as efficient algorithms for carrying out optimization on networks. The nonstandard modeling of diverse processes using networks and network concepts is also of interest. Consequently, the disciplines that are useful in studying networks are varied, including applied mathematics, operations research, computer science, discrete mathematics, and economics. Networks publishes material on the analytic modeling of problems using networks, the mathematical analysis of network problems, the design of computationally eﬃcient network algorithms, and innovative case studies of successful network applications. We do not typically publish works that fall in the realm of pure graph theory (without signiﬁcant algorithmic and modeling contributions) or papers that deal with engineering aspects of network design. Since the audience for this journal is then necessarily broad, articles that impact multiple application areas or that creatively use new or existing methodologies are especially appropriate. We seek to publish original, well-written research papers that make a substantive contribution to the knowledge base. In addition, tutorial and survey articles are welcomed. All manuscripts are carefully refereed.