Maximizing SDN resilience to node‐targeted attacks through joint optimization of the primary and backup controllers placements

Abstract

In software defined networks (SDN) packet data switches are configured by a limited number of SDN controllers, which respond to queries for packet forwarding decisions from the switches. To enable optimal control of switches in real time the placement of controllers at network nodes must guarantee that the controller‐to‐controller and switch‐to‐controller communications delays are bounded. Apart from the primary controllers that control the switches in the nominal state, separate backup controllers can be introduced that take over when the primary controllers are unavailable, and whose delay bounds are relaxed. In this paper, we present optimization models to jointly optimize the placement of primary and backup controllers in long‐distance SDN networks, aimed at maximizing the network's resilience to node‐targeted attacks. Applying the models to two well‐known network topologies and running a broad numerical study we show that, when compared with the standard approach of using only primary controllers, the use of backup controllers provides significant resilience gains, in particular in case of tight delay bounds.