By Nir Solomon, Yoav Francis and Liahav Eitan
One of greatest applicative benefits of SDN is enhancement of network security by making the network react to threats in real-time using data from all the switches in the network. For example, the OpenFlow Controller (OFC) can identify a DDoS attack on the network and divert or block traffic in an adaptive manner.
Unfortunately, OpenFlow also introduces a new threat to network security – attacks on the OFC itself, the “soft-belly” in regards to network security in SDN. The controller, by being responsible for multiple switches, is a `high-valued` target (a single point-of-failure), and we aim to understand better its vulnerability to DDoS attacks.
DDoS on the OFC can affect the entire network in several ways, depending on the OpenFlow Applications in the network and the level of dependency of the OF Switches on the OFC:
1. The entire network might be slowed down and suffer from packet-loss.
2. Some packets might be handled normally while others are mishandled by switches in the network, depending on the OpenFlow Applications that apply to these packets and whether they require communication with the OFC.
3. The entire network might stop functioning.
All of the above share a unique property that does not apply in ordinary DDoS attacks: even if only one or two switches are being flooded, the entire network can be affected.