Outline
   • Market and SDN
   • Conventional Networks v.s SDN
   • OpenFlow-enabled SDN devices
   • SDN Security Applications
   • SDN Security Challenges
   • Community Debate regarding Security in SDN
                      World-Leading Research with Real- 2
                           World Impact!
                        Market and SDN
   • In 2016, the market research firm IDC 
      predicted that the market for SDN network 
      applications would reach US$3.5 billion by 
      2020.
   • Leading IT companies such as Nokia, Cisco, 
                        Marc C. Dacier, Hartmut Cwalinski , Frank Kargl , Sven Dietrich, Security Challenges and 
      Dell, HP, Juniper, IBM, and VMware have 
                        Opportunities of Software-Defined Networking, Apr 3, 2017
      developed their own SDN strategies.
   • In 2015, AT&T reduced provisioning cycle by 
        “We have taken a process from low automation and weeks to 
      95% with SDN.
        complete to high automation and minutes to complete. We’re turning 
        the industry on its head in an unprecedented way.” John Donovan
                                 AT&T’s analyst conference in August 2015, John Donovan
                         World-Leading Research with Real-       3
                               World Impact!
                                Conventional Networks vs. SDN
                                           Control Plane     Smart                Network         Traffic mngmnt,QoS
                                                                                 Applications     Policy Imp.
                                                                                                  Security services
                             Decoupling
         Control Plane                                                  Open                      Abstract 
                                                                        North-bound API           view
          Data Plane                        Data Plane       Dumb, fast
                                                                                Control Plane           Policy mngmnt
    •Limited visibility                                                 OpenFlow                  Global
    •Vendor-specfic                                                     South-bound API           view
                                             Decentralized Control
    •Missconfiguration
    •Poor responses                                                                    S
    •Policy conflicts                                                          S               S
    •Security breaches 
    •Decentralized.                                                                    S
                                                                                Data Plane
    •Complex
    •Static architecture                                                       Customization
    •Innovation is difficult                                                   Programmability
    •Costly                                   *
    •Yes costly       Conventional Networks                               Software Defined Networks
                                           World-Leading Research with Real-                                   4
      *Figure: Kreutz, Diego, et al. "Software-defined networking: A comprehensive survey." Proceedings of the IEEE 103.1 (2015): 14-76.
                                                     World Impact!
                            OpenFlow-enabled SDN 
                                              devices
           OpenFlow is: Enabler of SDN
              • Protocol between the control plan and data plane
              • Describes how controller and a network forwarding device should 
                 communicate
                                      Packet+ byte Counters
  Match Fields
                         00:2E                                       port3    300
    Switching       *            *     *    *     *   *    *    *    port3    300
     Routing                                     4.5.6.7             port5    250
                    *     *      *     *    *         *    *    *    port5    250
      Firewall                                                  10    drop    500
                    *     *      *     *    *     *   *    *          drop    500
                                      World-Leading Research with Real-                            5
                                               World Impact!
                      SDN security applications
    examples
    •Load Balancer: send each HTTP request over        Routing, Load Balancer, 
                                                       Access Control, monitoring, 
     lightly loaded path to lightly loaded server.     firewall, DDoS Mitigation, 
    •Firewall:  inform Central Controller about        IDS/IPS
     malware’s packets, controller pushes new rules         Application plane
     to drop packets.                                    Abstract Network View
                                                         Network Virtualization
                                                      Up-to-date Global Network View
                                                           Control Plane          Server
                                                          AB drop
                                                                  S
                                                             S             S
                                                                S     S
                                   Incoming packets    S                       S
                                                             S            S
                                                                   R
                                                                                        6
                                  World-Leading Research with Real-                      6
                                          World Impact!