Mitigation of Controller induced DDoS Attack on Primary Server in High Traffic Scenarios of Software Defined Networks

One of the major constraint of a Software Defined Network (SDN) is the limited size of the flow table in the switch. These flow tables are required for forwarding packets to the desired destination. To deliver a packet in SDN, the controller installs flow table rules on the source switch i.e. the switch which connects to the source host, multiple intermediate switches through which the packet will be transmitted, and the destination switch which connects to the destination host. In high traffic scenarios, the flow tables of these switches become full and the flow rules must be repeatedly replaced by the controller. Hiep T. Nguyen Tri et al. proposed a solution for the same, by using an OpenDaylight controller feature that forwards packets to the destination switch directly and install a flow table rules only on it. In this paper we show how a DDoS attack can be instigated on a primary server i.e. the server providing important services like web server, file server etc., present in SDN which uses the abovementioned solution during high traffic scenarios. The attack is instigated by generating huge number of packets with destination IP addresses such that it compels the controller to always choose the switch which connects the primary sever to the rest of the network as the destination switch. The flow table rules are repeatedly installed by the controller into this switch, leading to exhaustion of its flow table space. This blocks the genuine traffic between the primary server and its clients as the flow rules that would service legitimate clients get replaced by flow rules that process this attack traffic.