Essay: SDN - A New Networking Approach, Shortening Length To 70 Characters.

The purpose of this assignment is to develop skills to independently think of innovation. In this assignment students will first learn how to develop knowledge based on current state of the art of an emerging knowledge domain. Then they will learn how to identify plausible security issues in this emerging technology and finally learn the skill of adding knowledge to existing domain by theoretically developing the corresponding protection mechanism for a particular issue.

Software Defined Networking (SDN) is a rising concept in computer networking. It is possible to centralize software logically in order to control the behaviour of the network. In contrast to conventional network, in SDN, a network’s control logic is separated from the underlying physical routers and switches. This phenomenon allows network operators to write high-level control programs to specifying the behaviour of the whole network.

his assignment includes four parts

1. Literature review on Software Defined Networking (SDN)
   You need to write literature on SDN. Your literature should be supported by at least three (3) academic (Journal/Conference) papers chosen from the current state of the art.
   
   
2. Identify three current or future security issues in SDN
   In this section you will identify three security issues. These issues can be taken from current state of the art or could be evolved from your own independent innovative thinking. This section again must have to be supported by at least two (2) references.
   
   
3. Propose a possible solution for one of the threats identified in section(2).
   In this part you need to add knowledge to the existing knowledge domain of SDN. You need to choose one of the issues identified in previous section and propose a possible solution to this particular security issue.

The Concept of Software Defined Networking

Unlike its commonly perceived software defined networking does not outline a new technology in itself. In fact, it does not outline new concepts of technology but it defines a revolution or transformation of networking technologies where old operational concepts are combined with new mechanisms to yield better networking solutions. In the conventional methods, networking technologies are dependent on the hardware components as control and configuration are done on individual devices. SDN re-invents a new approach that transforms the existing systems to have more functionalities as a result of a wide range of diversification. In essence, the resources found in networks are separated into convenient components based on functionalities which in itself increases the roles of networking infrastructure making them dynamic and flexible [1]. Moreover, with the segmentation of roles, a centralised control is achieved where all functionalities and configurations are done from a central component known as an SDN controller. In light of this outcome, this paper analyses SDN as a new networking approach where its concepts and challenges are outlined.

When it comes to networking technologies, the desire to have a centralised control has always been in existence since the early days of the inception of networks themselves. Therefore, the principles outlined by SDN are a refinement of the approaches conceived back in the day to facilitate dynamic structures of networking. Moreover, its recent popularity is made by the industrial demands, where as stated above, has been facilitated by mobile technologies and other smart technologies that require on the on the go and on-demand services [2]. For instance, cloud computing has increased the availability and accessibility of ICT resources by providing them through online platforms i.e. the internet. Although the existing networking facilities are able to support cloud computing, the technology is forced to adapt to these rigid infrastructures that always lowers their functionalities and benefits. Furthermore, like other modern technologies, the demands of cloud computing are always fluctuating which forces administrators and engineers to make extensive changes through manual allocation. Finally, there is the issue of vendor lock-in as consumers are forced to stick with certain networking resources as they are made using specific protocols based on a particular manufacturer [3].

SDN meets these challenges by first introducing the concepts of OpenFlow technology where using open standards, algorithms of deploying and managing networks are outlined. OF will dictate all specifications of communication between the networking resources e.g. devices with the centralised controller. Now, to achieve this outcome, SDN also introduces new devices that are completely different from the traditional devices which use specific standards and have controlling information. Instead, OF devices are made using basic resources where they lack the control information and only have the traffic forwarding parameters [3]. Therefore, the control information is transferred to the central SDN controller which now dictate all the controls and even configurations of the connected devices. Furthermore, the SDN controller can be thought of as an application or a program that essentially coordinates the functions of the underlying networking infrastructure. This definition sees it take a role similar to that of an operating system thus is sometimes known as the Networking Operating System (NOS). It is through the functionalities of the NOS that facilities such as the programmability of networking resources and components are introduced which enables the customization of networks [4].

The Benefits of Software Defined Networking

In essence, SDN will separate the control and data information which diversifies their roles based on the functionalities they perform. Moreover, it introduces a third element, that of programming these resources which facilitate the centralised control. Therefore, an abstraction of the underlying networking infrastructure which is achieved using three major elements of SDN architecture, i.e.; data, control and application. These elements designated as networking layers are explicitly outlined having clear boundaries and roles. Furthermore, applications based on the outlined boundaries (northbound and southbound) facilitate the communication between the layers [4].

1.  Data Layer– This layer is made up of the resources that facilitate the transfer and forwarding of data traffic. Therefore, the physical devices such as routers and switches are located in this plane together with other items such as firewalls and virtualization tool [5]. However, the layer does not work on its own and will depend on the instructions and configurations of the supporting control layer to forward the traffic. Therefore, with the guidance of the control layer, the existing intelligent tools and configurations that isolate networking devices are eliminated.

Fig: The SDN Architecture

1.    Control layer– the regulatory layer that manages and governs the operations of the data layer which essentially meets the functionalities of the networking infrastructure [6]. A huge part of this layer is made up of the SDN controller which links both the application and data layer by transforming users’ requirements into the networking configurations. Furthermore, through the SDN controller, the resources are automatically programmed to meet their functionalities.
2.    Application layer– As illustrated above it serves as an end users’ layer wherein conjunction with the northbound APIs facilitates the commands and instructions made by administrators and engineers. Now, the northbound APIs lie on the boundary of the application and control layer integrating with the SDN controller which directly manages networking resources e.g. the traffic, bandwidth and other controls [7].

Based on the description given above, SDN seems to hold many benefits that will extend the functionalities of networking technology. However, SDN has to contend with the existing architecture which presents the first challenge as the conventional systems are extensively applied. Secondly, there are the OpenFlow standards suggested by the stakeholders, these standards face a lot of problems owing to their operational structure which as the name suggests is open. This outcome also has its affiliated challenges more so, in security as outlined below. Nevertheless, SDN seems to hold one general concept that of unifying and consolidating the networking infrastructure through the separation of traffic control from the hardware resources [7].

The security issues identified in this section are as a result of the SDN architecture, as its design present considerable vulnerabilities as compared to the conventional architecture. Furthermore, these issues are based on existing conditions and those of the future.

1.    The separation of the data and control information

Through this approach, SDN enters a new paradigm which is unknown to the users as it has never been tested, therefore, its, vulnerabilities and threats will be identified later on. Furthermore, consider the fact that most of the existing security measures are designed with the conventional structure in mind. For instance, network-based intrusion detection (NIDS) systems that analyse network traffic to protect it from threats. In addition to this, new encryption and authentication methods are needed for these layers as their existence present an entry point for attacks and infections [8].

2.    The controller

Isolation has always worked in favour of security where mitigation procedures were facilitated by the fact that configuration and control were localised in individual devices. SDN eliminates this outlook and now employs a central controller that performs all the functionalities of the network. Therefore, if compromised, the entire network is exposed [9].

3.    OpenFlow standards

Another SDN factor that eliminates the much-needed isolation of networks. OF standards unify all devices by using common configurations and standards. This outcome places too much pressure on authentication and encryption standards as they are the only measures that prevent attacks or intrusions [10].

1.    Implement strong authentication procedures, particularly those that are specialised for the newly formed networking layers. Furthermore, since data is handled by a different layer than the control, encryption should be incorporated in case the forwarding layer is affected [11]. These security measures will also protect the controller from unauthorised access.
2.    Enhance security controls – existing controls such as firewalls and packet filtering should be introduced in all the layers of the architecture which may slow down the speed of operation but will provide the necessary security isolation [9, 12]
3.    Implement security policy – having a unified networking architecture facilitates communication but also serves as a threat in case a single resource is compromised. Thus the security measures should be uniform across the board [9, 11].

Challenges of Software Defined Networking

Conclusion

SDN will completely transform the networking technologies in existence today through the diversification of functionalities and resources it outlines. For one, it will simplify the duties of managing networks as now they will be centrally controlled by the SDN controller. Furthermore, the manual allocation and configurations done by network developers will be eliminated with the programmability feature. In addition to this, it will facilitate the functions of future technologies such as virtualization that require frequent resource adjustments which in the past have limited their advancements. However, it’s most notable contribution will be the increased performance of networks as a result of its simplified deployment and functionality factors.

References

[1] Maged. A. (2015). Introduction to Software Defined Networking. Menog. (Online). Available FTP: https://www.menog.org/presentations/menog-15/341-MENOG_SDN_April.pdf

[2] Kreutz. D, Ramos. F, Verissimo. P, Rothenberg. P, Azodolmolky. S & Uhlig.S. (2014). Software-Defined Networking: A Comprehensive Survey. (Online). Available FTP: https://arxiv.org/pdf/1406.0440.pdf

[3] Alsmadi. I, Alazzam. I & Akour. M. (2016). A Systematic Literature Review on Software-Defined Networking. Research gate. (Online). Available FTP: https://www.researchgate.net/publication/309371759_A_Systematic_Literature_Review_on_Software-Defined_Networking

[4] Soyaib. M & Eliazer. M. (2017). A Review on Software Defined Networking: Improving the Future of Network. Journal of Chemical and Pharmaceutical Sciences. (Online). Available FTP: https://jchps.com/specialissues/2017%20Special%20Issue%202/0831116.pdf

[5] Horvath. R, Nedbal. D & Stieninger. M. (2015). A Literature Review on Challenges and Effects of Software Defined. Conference on ENTERprise Information Systems / International Conference on Project MANagement / Conference on Health and Social Care Information Systems and Technologies, CENTERIS / ProjMAN / HCist 2015. (Online). Available FTP: https://www.researchgate.net/publication/283170852_A_Literature_Review_on_Challenges_and_Effects_of_Software_Defined_Networking

[6] Thomas. V. (2016). An Introduction to Software Defined Networking and OpenFlow. Geni exploring networks of the future. (Online). Available FTP: https://doc.ilabt.iminds.be/fgre/_downloads/IntroToOF-compressed-1.pdf

[7] Cisco. (2013). Software-Defined Networking: Why We Like It and How We Are Building On It. White paper. (Online). Available FTP: https://www.cisco.com/c/dam/en_us/solutions/industries/docs/gov/cis13090_sdn_sled_white_paper.pdf

[8] Jammal. M, Singh. T, Shami. A, Asal. R & Li. Y. (2014). Software defined networking: State of the art and research challenges. Computer networks. (Online). Available FTP: https://eng.uwo.ca/electrical/faculty/shami_a/docs/2014-Com-Net-SDN-Survey.pdf

[9] Lim. A. (2013). Security Risks in SDN and Other New Software Issues. RSA conference 2015. Available FTP: https://www.rsaconference.com/writable/presentations/file_upload/sec-r01_security-risks-in-sdn-and-other-new-software-apps_copy1.pdf

[10] Dubey. A & Khanna. B (2016). Security in software defined networking: a review. International Journal of Computer Engineering & Technology (IJCET). Available FTP: https://www.iaeme.com/MasterAdmin/uploadfolder/IJCET_07_04_007/IJCET_07_04_007.pdf

[11] Gong. Y, Huang. W, Wang. W & Lei. Y (2015). A survey on software defined networking and its applications. Frontiers of Computer Science. Available FTP: https://link.springer.com/article/10.1007/s11704-015-3448-z

[12] Bakhshi. T. (2017).  State of the Art and Recent Research Advances in Software Defined Networking. Wireless Communications and Mobile Computing. (Online). Available FTP: https://www.hindawi.com/journals/wcmc/2017/7191647/