RoSCo: Robust Updates for Software-Defined Networks

2020 
In many Software-Defined Networking (SDN) deployments the control plane ends up being actually centralized, yielding a single point of failure and attack. This paper models the interaction between the data plane and a distributed control plane consisting of a set of failure-prone and potentially malicious (compromised) control devices, and implements a secure and robust controller platform that allows network administrators to integrate new network functionality as with a centralized approach. Concretely, the network administrator may program the data plane from the perspective of a centralized controller without worrying about distribution, asynchrony, failures, attacks, or coordination problems that any of these could cause. We introduce a formal SDN computation model for applying network policies and show that it is impossible to implement asynchronous non-blocking and strongly consistent SDN controller platforms in that model. We then present a ro bust S DN co ntroller protocol (RoSCo) which implements (i) a protocol with provably linearizable semantics for applying network policies that is resilient against faulty/malicious control devices as long as a correct majority exists, and (ii) a modification to the protocol that improves performance by relaxing the guarantees of linearizability to exploit commutativity among updates. Extensive experiments conducted with a functional prototype of RoSCo over a large networked infrastructure supporting Open vSwitch (OVS)-compatible Agilio CX™ SmartNIC hardware show that RoSCo induces bearable overhead. In fact, RoSCo achieves higher throughput in most cases investigated than the seminal Ravana platform which addresses only benign (crash) failures.
    • Correction
    • Source
    • Cite
    • Save
    • Machine Reading By IdeaReader
    43
    References
    3
    Citations
    NaN
    KQI
    []