Creating and sharing knowledge for telecommunications

The controller placement problem for robust SDNs against malicious node attacks considering the control plane with and without split-brain

Santos, D. ; Sousa, A. F. ; Mas Machuca, C.

Annales des Telecommunications Vol. 74, Nº 9-10, pp. 575 - 591, October, 2019.

ISSN (print): 0003-4347
ISSN (online):

Journal Impact Factor: 0,333 (in 2008)

Digital Object Identifier: 10.1007/s12243-019-00725-7

Abstract
In software-defined networking (SDN), the control plane is separated from the data plane. For scalability and robustness reasons, the logically centralized control plane is implemented by physically distributing different controllers throughout the network. The determination of the number and location of the SDN controllers is known as the controller placement problem (CPP). For given maximum switch-controller (SC) and controller-controller (CC) delays in the regular (failure-free) state, we aim to find a CPP solution that maximizes the control plane robustness against a given number of malicious node attacks. We describe an ILP-based method aiming to enumerate all CPP solutions that guarantee the existence of a data plane path from every switch to any controller if all other controller nodes are shut down (worst-case scenario). Then, for different malicious node attacks, based on node centrality metrics and corresponding to different attacker’s strategies, we evaluate the previous solutions to determine the ones that maximize the network robustness, considering the SDN control plane operating with or without split-brain. In the computational results, we compare the robustness and the average SC and CC delays of the best CPP solutions. Since a control plane with split-brain requires more controllers, the average SC and CC delays in the regular state of its CPP solutions are significantly better, on average. Concerning robustness, split-brain does not always provide the best robust CPP solutions due to its feature of requiring a minimum number of connected controllers (which must be over half of the total number of them) to be operational.