Overcoming the Loch Ness Monster that is Secure SDN

IT organizations in a variety of industries recognize the need for a new paradigm like SDN to deal with explosive growth of network traffic. However the risks seem daunting for some. In fact,34 percent of IT pros surveyed by Cisco at Interop said “they were more likely to see Elvis, Bigfoot, or the Loch Ness Monster than an actual SDN deployment,” according to Inbar Lasser-Raab, senior director of marketing for enterprise networking at Cisco.

This skepticism is almost certainly excessive, as SDN has established considerable industry momentum and holds great promise in providing enhanced network manageability and scalability. That said, the SDN paradigm represents a significant shift in the networking landscape as we know it, and the security implications of this shift merit careful consideration.

So, the question is: How viable an option is SDN for most organizations?

In “traditional” networks, switches provide control over traffic routing using a wide range of networking protocols to define behavior. Once configured, a switch learns traffic-routing policies from its surrounding network in response to discovery traffic broadcasted through the network, which has been projected to take up to 30 percent of the overall network bandwidth.

In contrast, SDN separates control and forwarding planes. Switches implement the forwarding plane (also called the data plane) but control for multiple switches can be centralized. A standardized software interface between the control and forwarding planes, such as the OpenFlow protocol, provides a common programming platform for centralized management of the network’s traffic across multiple switches. With this approach, SDN is intended to provide optimized, network-wide dynamic control over all network traffic. It can adapt over time to temporal demands, with hooks provided for applications to influence network behavior.

In a sense, the SDN concept resembles a smartphone or computer platform in which an operating system provides a standard, abstract representation of the hardware with which apps interact—SDN provides an abstract representation of the network and applications in the control plane implement different networking solutions.

Sounds great, right? However, now that centralized control of the traffic management is supported over an open programming layer, some companies are concerned about the implications of hacking the network through this layer. While I would agree that programmability does indeed open the door to malicious behavior, it also puts the power to lock down networks into the hands of those best suited to address a particular threat: the network operator. Similar to the situation with smartphones and computers, there needs to be a security infrastructure. Here all the traditional techniques can be applied to SDN including encrypted channels, virtualized runtime environments and threat management such as firewalls.

Processors play an essential role in enabling network security. For example, communications processors can provide offloaded security acceleration, such as encryption and deep-packet inspection, across its processing platforms to maximize security performance without taxing CPU bandwidth. Devices enabled with application-level networking software packages optimized for the architecture can also deliver features like next-generation firewall capabilities. Failure to employ these kinds of measures will compromise the integrity of the network, even a traditional network, just like an unprotected computer on the internet.

While there are risks associated with securing any network, SDN provides a new level of threat management not previously available in traditional networking schemes. First, SDN offers consolidated visibility across all network behavior, rather than an isolated view for each individual switch, or forcing all traffic through a security-appliance choke point. Second, this centralized control function has fine-grain control over malicious traffic anywhere in the network, with a dynamic response. Finally, given its highly programmable nature, SDN provides more flexibility for network operators to adapt to new threat models yet to be conceived, by modifying the network control “app” on the fly during network operation.

While OpenFlow offers new levels of flexibility to address tomorrow’s threats, it is limited to a Layer 3 switching model. Moving OpenFlow coverage up to Layer 7 would provide the opportunity to embed new application-aware network functions into the forwarding plane. With the current solution, traffic must be steered to the controller or to Layer 7 appliances to handle functions like deep-packet inspection or next-generation firewalling. This can create bottlenecks in the network. The ability to embed these functions into the forwarding plane allows them to be provisioned dynamically, anywhere in the network, for a period of time to neutralize a temporal localized threat, so that the performance impact of these higher order functions can be enabled only when and where needed in the network.

The current momentum behind SDN has provided the motivation to ensure an adequate security infrastructure is in place. An example of this is the current efforts of the Open Networking Foundation (ONF), whose members are contributing to the development of OpenFlow protocol. With top experts in secure networks and secure transactions (such as representatives from Google, Verizon, and Goldman Sachs, to name a few), the security and flexibility advantages of SDN show a lot of promise for many industries and organizations.

As mentioned earlier, SDN offers a new level of threat management for networks. While it is beneficial to take a network-wide approach to threat management, implementing everything in the control plane can have performance implications. To improve the responsiveness of a centralized threat management approach, accelerating virtualization and security functions in the control plane, as well as accelerating encryption from the communication channel to the forwarding plane, is critical.

To further enhance the real-time behavior, the SDN paradigm must evolve to enable Layer 4-7 threat management at the forwarding plane. In doing so, the needed flexibility to provide localized real-time threat mitigation anywhere in the network Loch can help to keep Nessie a legend rather than becoming a reality!