Integration and performance analysis of OrchSec architecture

AutorBhandari, Prakash; Khondoker, Rahamatullah; Trick, Ulrich; Lehmann, Armin
ArtMaster Thesis
AbstraktSoftware Defined Networking (SDN) provides a logically centralized view of network state and control functions by separating control functions of the network devices into the centralized controller. The OrchSec architecture uses SDN features to develop security applications for SDN. It uses the orchestrator and the network monitor modules to detect and mitigate attacks such as Address Resolution Protocol (ARP) Spoofing/Cache Poisoning, Denial of Service (DoS), and Domain Name System (DNS) Amplification. OrchSec architecture uses POX as the SDN controller which limits it to OpenFlow 1.0 protocol. Newer versions of OpenFlow protocol support multiple flow tables, meter table and group table which are not supported by OpenFlow 1.0. OpenFlow 1.3 supports 40 match fields, whereas OpenFlow 1.0 supports 12 match fields. This thesis work focuses on enhancing the capabilities of the OrchSec architecture to support newer versions of OpenFlow protocol (e.g., OpenFlow 1.3) along with other southbound protocols (e.g., Network Configuration Protocol (NETCONF)) through the integration of Open Network Operating System (ONOS) controller into the OrchSec architecture. This replaces the existing POX controller. The integration is carried out by developing a software module called Orchestrator Agent (OrchAgent) which acts as the bridge for communication between the orchestrator and ONOS. Hardware switches such as HP ProCurve 3500-24G-PoE yl switch (OpenFlow-enabled switch) and Edgecore AS4610-30T switch (whitebox switch) are integrated into the ONOS integrated OrchSec architecture. The switches support hardware flow tables, which make attack detection and mitigation faster. Performance analysis of the architecture with the integrated switches is carried out based on the attack detection and mitigation time which ascertains that there is no degradation in performance through the replacement of POX with ONOS.
Frankfurt, Univ., Master Thesis, 2017