Enhancing Security and Robustness for SDN-Enabled Cloud Networks

Long Tan Le, Tran Ngoc Thinh


Software-Defined Networking is an emerging network architecture which promises to solve the limitations associated with current cloud computing systems based on traditional network. The main idea behind SDN is to separate control plane from networking devices, thereby providing a centralized control layer integrable to cloud-based infrastructure. The integration of SDN and Cloud Computing brings an immense benefits to network deployment and management, however, this model still faces many critical challenges with regards to availability, scalability and security. In this study, we present a security and robustness SDN-Enabled Cloud model using OpenStack and OpenDaylight. In particular, we design and implement a security clustering-based SDN Controller for monitoring and managing cloud networking, and a hardware platform to accelerate packet processing in virtual switches. We evaluate our proposed model on a practical cloud testbed consisting of several physical and virtual nodes. The experiment results show that the SDN controller cluster significantly improve robustness for the network even in case of being attacked by abnormal network traffic; while the hardware-accelerated switches can be operated in highperformance and well-adapted to the cloud environment.

Full Text:



P. M. Mell and T. Grance, “Sp 800-145. the nist definition of cloud computing,” Gaithersburg, MD, USA, Tech. Rep., 2011.

D. Kreutz, F. M. V. Ramos, P. E. Ver´ıssimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig, “Software-defined networking: A comprehensive survey,” Proceedings of the IEEE, vol. 103, no. 1, pp. 14–76, 2015.

J. Son and R. Buyya, “A taxonomy of software-defined networking (sdn)-enabled cloud computing,” ACM Comput. Surv., vol. 51, no. 3, May 2018. [Online]. Available: https://doi.org/10.1145/3190617

J. Son and R. Buyya, “Sdcon: Integrated control platform for softwaredefined clouds,” IEEE Transactions on Parallel and Distributed Systems, vol. 30, no. 1, pp. 230–244, Jan 2019.

P. Krishnan and K. Achuthan, “Cloudsdn: Enabling sdn framework for security and threat analytics in cloud networks,” in Ubiquitous Communications and Network Computing, N. Kumar and R. Venkatesha Prasad, Eds. Cham: Springer International Publishing, 2019, pp. 151–172.

A. Mayoral, R. Vilalta, R. Munoz, R. Casellas, and R. Martinez, “Sdn orchestration architectures and their integration with cloud computing

applications,” Optical Switching and Networking, vol. 26, pp. 2 – 13, 2017, advances on Path Computation Element. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S1573427716000047

OpenStack, “OpenStack,” https://www.openstack.org/

M. Azure, “Microsoft Azure,” https://azure.microsoft.com/en-us/

VMWare, “VMWare,” https://www.vmware.com/

O. N. Foundation, SDN Architecture. [Online] Available: https://www.opennetworking.org/images/stories/downloads/


B. Pfaff, J. Pettit, T. Koponen, E. Jackson, A. Zhou, J. Rajahalme, J. Gross, A. Wang, J. Stringer, P. Shelar, K. Amidon, and M. Casado,

“The design and implementation of open vswitch,” in 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15). Oakland, CA: USENIX Association, May 2015, pp. 117– 130. [Online]. Available: https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/pfaff

J. Medved, R. Varga, A. Tkacik, and K. Gray, “OpenDaylight: Towards a Model-Driven SDN Controller architecture,” in Proceeding of IEEE

International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014, June 2014, pp. 1–6.

R. Buyya and J. Son, “Software-defined multi-cloud computing: A vision, architectural elements, and future directions,” 2018.

A. A. Abbasi, A. Abbasi, S. Shamshirband, A. T. Chronopoulos, V. Persico, and A. Pescape, “Software-defined cloud computing: A systematic review on latest trends and developments,” IEEE Access, vol. 7, pp. 93 294–93 314, 2019.

Q. Yan, F. R. Yu, Q. Gong, and J. Li, “Software-defined networking (sdn) and distributed denial of service (ddos) attacks in cloud computing environments: A survey, some research issues, and challenges,” IEEE Communications Surveys Tutorials, vol. 18, no. 1, pp. 602–622, Firstquarter 2016.

R. Jain and S. Paul, “Network virtualization and software defined networking for cloud computing: a survey,” IEEE Communications

Magazine, vol. 51, no. 11, pp. 24–31, November 2013.

Y. Jararweh, M. Al-Ayyoub, A. Darabseh, E. Benkhelifa, M. Vouk, and A. Rindos, “Software defined cloud: Survey, system and evaluation,”

Future Generation Computer Systems, vol. 58, pp. 56 – 74, 2016. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S0167739X15003283

R. Buyya and J. Son, “Software-defined multi-cloud computing: A vision, architectural elements, and future directions,” 2018.

J. Son, T. He, and R. Buyya, “Cloudsimsdn-nfv: Modeling and simulation of network function virtualization and service function chaining in edge computing environments,” Software: Practice and Experience, vol. 49, no. 12, pp. 1748–1764, 2019. [Online]. Available: https://onlinelibrary.wiley.com/doi/abs/10.1002/spe.2755

J. Son, A. V. Dastjerdi, R. N. Calheiros, X. Ji, Y. Yoon, and R. Buyya, “Cloudsimsdn: Modeling and simulation of software-defined cloud data

centers,” in 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, May 2015, pp. 475–484.

T. Hu, Z. Guo, P. Yi, T. Baker, and J. Lan, “Multi-controller based software-defined networking: A survey,” IEEE Access, vol. 6, pp. 15 980–15 996, 2018.

D. Suh, S. Jang, S. Han, S. Pack, T. Kim, and J. Kwak, “On performance of opendaylight clustering,” in 2016 IEEE NetSoft Conference and Workshops (NetSoft), June 2016, pp. 407–410.

F. Foresta, W. Cerroni, L. Foschini, G. Davoli, C. Contoli, A. Corradi, and F. Callegati, “Improving openstack networking: Advantages and

performance of native sdn integration,” in 2018 IEEE International Conference on Communications (ICC), May 2018, pp. 1–6.

T. V. Phan and M. Park, “Efficient distributed denial-of-service attack defense in sdn-based cloud,” IEEE Access, vol. 7, pp. 18 701–18 714,

K. Bhushan and B. B. Gupta, “Distributed denial of service (ddos) attack mitigation in software defined network (sdn)-based cloud computing environment,” Journal of Ambient Intelligence and Humanized Computing, vol. 10, 04 2018.

S. Pisharody, J. Natarajan, A. Chowdhary, A. Alshalan, and D. Huang, “Brew: A security policy analysis framework for distributed sdn-based

cloud environments,” IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 6, pp. 1011–1025, Nov 2019.

T. G. Nguyen, T. V. Phan, B. T. Nguyen, C. So-In, Z. A. Baig, and S. Sanguanpong, “Search: A collaborative and intelligent nids architecture for sdn-based cloud iot networks,” IEEE Access, vol. 7, pp. 107 678–107 694, 2019.

N. T. Tran, T. L. Le, and M. A. T. Tran, “Odl-antiflood: A comprehensive solution for securing opendaylight controller,” in 2018 International Conference on Advanced Computing and Applications (ACOMP), Nov 2018, pp. 14–21.

D.-M. Ngo, C. Pham-Quoc, T. Ngoc Thinh, and E. Kamioka, “An efficient high-throughput and low-latency syn flood defender for high-speed networks,” Sec. and Commun. Netw., vol. 2018, Jan. 2018. [Online]. Available: https://doi.org/10.1155/2018/9562801

NetFPGA10G, “Netfpga 10g,” http://netfpga.org/2014/

D. Ongaro and J. Ousterhout, “In search of an understandable consensus algorithm,” in Proceedings of the 2014 USENIX Conference on USENIX

Annual Technical Conference, ser. USENIX ATC’14. USA: USENIX Association, 2014, p. 305–320.

DOI: http://dx.doi.org/10.21553/rev-jec.294

Copyright (c) 2022 REV Journal on Electronics and Communications

ISSN: 1859-378X

Copyright © 2011-2024
Radio and Electronics Association of Vietnam
All rights reserved