main

SDNSecurity

What’s the Relationship Between Security and SDN Deployment?

April 10, 2015 — by Jim Metzler3

A couple of years ago the discussion of SDN focused primarily on the fact that SDN separated the network control function from the network forwarding function and that separation of functions might require the introduction of new protocols such as OpenFlow. More recently there has been a lot of discussion about the value of an overlay SDN model vs. an underlay SDN model and the role of specialized hardware in either model. All of these discussions are important and they all are focused on key architectural characteristics of SDN.

In my experience architectural discussions begin very early in the adoption cycle of a new technology or architecture. When we get closer to a technology or architecture crossing the chasm and being broadly adopted, we begin to see more of a discussion of operational considerations. The discussion of the operational impact of SDN is happening now as many organizations that are evaluating or trialing SDN are trying to answer a critical question:  Does SDN make providing security easier or does it introduce a host of new security challenges.

The 2015 Guide to SDN and NFV contains recent market research that shows that 35% of network organizations believe that SDN will enable them to implement more effective security functionality.  One example of how SDN can enhance security is that security services can be implemented based on using OpenFlow-based access switches to filter packets as they enter the network.  Another example is that role-based access can be implemented by deploying a role-based resource allocation application that leverages the control information and capability of the SDN controller. Other security related use cases include leveraging the control information and the capability of the SDN controller to provide DDoS protection.

Market research from the 2015 Guide also shows that 12% of network organizations believe that concerns about possible security vulnerabilities is a significant inhibitor to SDN deployment. Some of the security challenges related to SDN are described in SDN Security Considerations in the Data Center

As pointed out in that document:

  • The centralized controller emerges as a potential single point of attack and failure that must be protected from threats.
  • The southbound interface between the controller and underlying networking devices is vulnerable to threats that could degrade the availability, performance, and integrity of the network.
  • The underlying network infrastructure must be capable of enduring occasional periods where the SDN controller is unavailable, yet ensure that any new flows will be synchronized once the devices resume communications with the controller.

Other security-related considerations for IT organizations:

  • Implement measures to deal with possible control flow saturation attacks; i.e., controller DDOS attacks;
  • Harden the SDN controller’s operating system to ensure availability of the controller function;
  • Implement effective authentication and authorization procedures that govern operator access to the controller.

So does SDN make providing security easier or does it introduce a host of new security challenges?  The answer to those questions is yes – SDN has the potential to make providing security easier and at the same time, it has the potential to introduce new security challenges.

Jim Metzler

Jim Metzler is a Distinguished Research Fellow and Co-Founder of Ashton Metzler & Associates and is a featured guest blogger.

3 comments

  • Blank Calendar

    November 22, 2015 at 9:04 am

    Thanks for every other informative site.
    Where else could I get that kind of info written in such a perfect way?

    I have a undertaking that I am just now running on, and I have been at
    the glance out for such information.

    Reply

  • Calendar 2016

    December 12, 2015 at 7:13 am

    Nice response in return of this issue with solid arguments and telling the whole thing regarding that.

    Reply

  • March 2016 Printable Calendar

    February 8, 2016 at 4:54 am

    Hello, all is going perfectly here and ofcourse every
    one is sharing facts, that’s actually fine, keep up writing.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *