Impact of network security on SDN controller performance

• Main Author: Kodzai, Carlton
• Other Authors: Mwangama, Joyce
• Format: Dissertation
• Language: English
• Published: University of Cape Town 2021
• Subjects: Network Architecture; Network Security
• Online Access: http://hdl.handle.net/11427/32514

Internet Protocol network architectures are gradually evolving from legacy flat networks to new modern software defined networking approaches. This evolution is crucial as it provides the ideal supporting network structure, architecture and framework that supports the technologies that are also evolving in software-based systems like Network Functions Virtualization (NFV). The connectivity requirements resulting from this paradigm shift in technology is being driven by new bandwidth requirements emanating from the huge number of new use cases from 5G networks and Internet of things (IoT) future technologies. Network security remains a key critical requirement of these new modern network architectures to deliver a highly available, reliable service and guaranteed quality of service. Unprotected networks will usually experience service interruptions and cases of system non-availability due to network attacks such as denial-of services and virus attacks which can render key network components unusable or totally unavailable. With the centralized approach of the Software Defined Networking architecture, the SDN controller becomes a key network point that is susceptible to internal and external attacks from hackers and many forms of network breaches. It being the heart of the SDN network makes it a single point of failure and it is crucial that the security of the controller is guaranteed to avoid unnecessary irrecoverable loss of valuable production time, data and money. The SDN controller design should be guided by a robust security policy framework with a very sound remedy and business continuity plan in the event of any form of a security attack. Security designs and research work in SDN controllers have been done with focus on achieving the most reliable and scalable platforms through self-healing and replication processes. In this dissertation the research that was done proposed a security solution for the SDN controller and evaluated the impact of the security solution on the overall SDN controller performance. As part of the research work literature review of the SDN controller and related technology carried out. The SDN controller interfaces were analyzed and the security threats that attack interfaces were explored. With link to a robust security framework a security solution was used in the experiments that analyzed the attacks from the external network sources which focused on securing the southbound interface by use of a netfilter with iptables firewall on the SDN controller. The SDN controller was subjected to denial service attack packets and the impact of the mitigation action observed on the SDN controller resources. Given that the network security layer introduced an additional overhead on the SDN controller's processors the security feature negatively affected the controller performance. The impact of the security overhead will inform on the future designs and possibly achieve a trade-off point between the level of security of the network and overall system performance due to security policies. The research analyzed and determined the performance impact of this crucial design aspect and how the additional loading due to network security affected the SDN controller normal operation.