Journal of Physics: Conference Series

PAPER • OPEN ACCESS

Performance Analysis and Evaluation of Software Defined Networking

Controllers against Denial of Service Attacks
To cite this article: Ahmed F Abdullah et al 2020 J. Phys.: Conf. Ser. 1447 012007

View the article online for updates and enhancements.

This content was downloaded from IP address 190.152.163.11 on 31/07/2020 at 01:59

ICaTAS 2019 IOP Publishing
Journal of Physics: Conference Series 1447 (2020) 012007 doi:10.1088/1742-6596/1447/1/012007

Performance Analysis and Evaluation of Software Defined

Networking Controllers against Denial of Service Attacks

Ahmed F Abdullah1, Fatty M Salem2, Ashraf Tammam3, and Mohamed H Abdel Azeem4
1
Electronics and Communications Engineering, PHI 6 October, Egypt
2
Electronics, Communications and Computers Engineering, Helwan University Cairo, Egypt
3
Computer Engineering, Faculty of Engineering, AASTMT Cairo, Egypt
4
Electronics and Communications Engineering, Faculty of Engineering, AASTMT Cairo, Egypt
1
Eng_ahmed_fathe99@yahoo.com, 2faty_ahmed@h-ng.helwan.edu.eg,
3
ashraf.tammam@aast.edu, 4mhabdazeem@hotmail.com

Abstract. The Software defined networking (SDN) utilization within networking architecture
represents a way of looking at how networks are configured, controlled, and operated.
Managed services such as routing, load balancing, and security can be automated and
centralized dynamically in SDN controllers. Controllers act as the centralized repository of
policy and control instructions for the network that packets are transmitted through it. Any
transmitted packets flooded from an attacker that intends to access the controller will result to
Denial of Service (DoS) attack. Thus, this paper is devoted to simulate and examine the impact
of DoS attack on the bandwidth of two different linked hosts (Server/client) by SDN
controllers as POX, RYU, and Opendaylight (ODL) controllers. The network performance is
tested and emulated by using different testing tools of simulation in Mininet such as Hping3,
iperf, jperf, wireshark and miniedit. Also, the performances of the controllers against DoS
attack proposed by different protocols using user datagram protocol (UDP) and transmission
control protocol (TCP) which will be assess via OpenFlow switch.

Keywords: Software Defined Networking, SDN Controllers, Mininet, DoS Attack

1. Introduction
Software defined networking (SDN) is a new concept in communication networking that has been
winding up rapidly among the evolution of network applications because of its basic setup and simple
administration.SDN makes it simple to get fine-grained data about the moved information and gives
incorporated command over system traffic. Consequently, it can deal with all system traffic with
various conventions protocols, as, internet protocol rendition 6 (IPv6), internet protocol adaptation 4
(IPv4), internet control message protocol (ICMP), transmission control protocol (TCP) and user
datagram protocol (UDP), and so on., from various sources (MAC address, IP address, port number,
and so on.) in different ways [1, 2].What's more, SDN is progressively versatile and adaptable when
contrasted with inheritance systems of different vendors. In SDN, the infrastructure layer (switches
and routers, and so on.) is taking apart from the control layer. The SDN architecture allows a
controller to manage a wide range of data plane resources and offers to simplify their configurations in
a proper manner as shown in “Figure 1. Furthermore, the SDN architecture recommends that common
models and mechanisms should be employed, wherever possible, to reduce the standardization,
integration and validation efforts. In addition, it also implies utilizing existing standards or accepted
best practices [2].

Content from this work may be used under the terms of the Creative Commons Attribution 3.0 licence. Any further distribution
of this work must maintain attribution to the author(s) and the title of the work, journal citation and DOI.
Published under licence by IOP Publishing Ltd 1
ICaTAS 2019 IOP Publishing
Journal of Physics: Conference Series 1447 (2020) 012007 doi:10.1088/1742-6596/1447/1/012007

The control layer has the working framework, which directed by application layer to perform various
errands and services, for example, intrusion detection, load balancing, routing, and so forth [3, 4].
Moreover it is associated with the infrastructure layer through a standard protocol called Open Flow
(OF) to move the OF messages (Packet-In, Packet-Out, Flow-Add) via the controller for directing and
the management purposes.
In OF, each switch contains flow tables with additional flow entries managed by controller for a
particular term of forwarding packets. At that point, when a packet lands at a switch, it coordinates the
packet header with flow entries in the flow table to make the convenient move to data layer devices.
The controller includes the decisions to add the flow entries in the switch by sending a Flow-Add
message containing the fitting activity.
There are many types of controllers in SDN such as ODL, POX, and RYU controllers. ODL controller
[7] has a main purpose with Openflow southbound API and provides traffic engineering for big data
application in network.POX controller [8] has a main purpose in providing the QoS of broadband
access network acting for the traffic engineering and enhancing the monitoring and measurement of
QoS parameters. Additionally, it provides network applications in perspective of security and
dependability of Denial-of-Service (DoS) attack mitigation and DoS security specific extensions to
OpenFlow.RYU controller [9] has the functionality and applications of different controllers to utilize
the network applications with different purposes.
In this paper we spotted on how to improve the performance of TCP and UDP packets flow between
different hosts using a new SDN network methodology to oppose the influence of DOS attack upon
the capacity of network connections and the appending of jitter occurred.

Figure 1. Figure SDN Architecture.

DoS attack in OpenFlow of SDN is a type of attack in which an adversary attempts to corrupt the
network to destroy networking resources and make it unavailable to its users. It also strives to setup
illusion tables that unveil data plane nodes therefore; it will be difficult for it to save these tables for
validation packets [10-11]. As a result, switches of the network wouldn’t have the ability to direct
packets as assumed. In this paper, we demonstrate and analyze the impact of Denial of Service attack
on the bandwidth of two different linked hosts (Server/client) by SDN with POX, RYU, and
Opendaylight (ODL) controllers.
The organization of this paper is as follows: Section 2 overviews the related works. In Section 3 we
describe the experimental set-up and tools presented in. Our evaluation and simulation results are
illustrated in section 4. Finally, we conclude the paper in section 5.

2
ICaTAS 2019 IOP Publishing
Journal of Physics: Conference Series 1447 (2020) 012007 doi:10.1088/1742-6596/1447/1/012007

2. Related Works
One of DoS attacks that executed in SDN is the packets that manipulate switches with unreal IP’s.
These ports that used in OpenFlow protocol cannot stop this type of hits. So, transmitted packets from
the switch will impact the controller by occupied its main resources (CPU, bandwidth). The controller
with consumed resources becomes congested. It is clearly that the controller is the core of the network
and when it gets fully occupied, the whole network will paralyze [12].
Many of researchers have proposed several methodologies to exploit wide threats attacks on DoS in
SDN networks. The authors in [13] have pointed the security scheme of SDN networks. For set up a
secured framework in SDN networks, they agree three mandatory roles must be follow. First, a
confined feature presented by an OpenFlow protocol, which assist slinking between control plane and
data plane and how they will be communicate. Second, maintain and monitor the global network view
from one point. Finally, supplemental applications such as middle boxes, network address translation
(NAT) or firewall should suspense the support in hierarchy of SDN, but that it doesn’t mean the
architectures of SDN not include further features as load balancing, routing, and middle boxes through
programmatic interface.
The authors in [14] have illustrated the vulnerability of the Open Floodlight controller to attacks and
presented that an attacker who accesses the network of OpenFlow control can choose to decline or
disable the connection between single forwarding plane and the controller by using data path_id
(dpid). The attacker’s data plane will be connected through the same data path_id (spoof connection)
which already used by a legitimate user, that tends to force the controller to terminate the real
connection.
The framework in [15] has been created to manage SYN flooding attack on SDN. In their research,
three nodes have been used, an infected user, DoS attack user and normal user is being used for attack.
The infected user may send infinite deceived packets injected by random destination IP address to
manipulate the switch. Denial of service user forward extensive faked packets to the switch contains
end-to-end IP addresses that are created randomly. The normal user starts normal communication with
server; whilst, no statistics have been captured to stand on the effect of these attacks. The authors in
[10] have elaborate two kinds of Denial of Service attacks towards OpenFlow: control plane load
attack and flow table attack.
Generally, the timeout rate of a flow table and the bandwidth between a switch and controller had
remarkable influence on switches performance. However, their study has been concentrated on POX
controller and doesn’t comprise rather statistics like switch buffer. Moreover, the effect on bandwidth
between two communicating nodes has not been elaborated if all the attacks performed jointly.
However, the authors in [16] have been examined the impact of DoS attack on bandwidth of two
communicating nodes in SDN network in term of POX and ODL controllers.

3. Experimental set-up
The topology of our network is shown in Figure 2, and the methodology flowchart of the simulation is
shown in Figure 3. According to the implementation and test of the performance, the following tools
would be used:
 VMware workstation [17] is used as platform to implement virtual network. It is used to setup
Mininet VM.
 Mininet2.2.1 [18] is a network emulator used to create realistic virtual SDN network topology.
 Opendaylight (ODL), POX and RYU controllers, each supports the OpenFlow protocol.
 Iperf simulation tool is used to measure the bandwidth and the quality of service parameters.
 Hping3 emulator [19] is used to trigger DoS attack to SDN controller. Hping3 used to create
and analyze the TCP/IP, UDP and ICMP protocols.

3
ICaTAS 2019 IOP Publishing
Journal of Physics: Conference Series 1447 (2020) 012007 doi:10.1088/1742-6596/1447/1/012007

Figure 2. Network Model. Figure 3. Methodology.

The experiment was performed with VMware workstation to deploy virtualization. We set up a Virtual
Machine (VM) and run Mininet over ubuntu 14.04 OS. Mininet emulator has been used to build
network topology. A python code “aast.py’’ has been used to build particular network topology. The
“aast.py” topology is created by setting up one remote controller (ODL/ POX or RYU controller), two
OVS Kernel switches in which each is connected with three hosts as shown in Figure 3.To set up our
experiments, we use Mininet 2.2.1 simulator that allows creating a topology contain a remote
controller (ODL/ POX or RYU controller) and two OVS Kernel switches connected to three hosts. We
created up our links between hosts and switch by 100 Mbps. Host H3-client and H6-server was used
especially for analyzing bandwidth by iperf.
In our work, Hping3 is used to perform DoS attack toward SDN controller. Hping3 is a command-line
oriented TCP/IP packet assembler/analyzer. We will able to perform test firewall rules, advanced port
scanning and test net performance using different protocols using hping3. As seen in Figure 2, node
H1 added overflow of packets containing a random source directed to node H5 with targeting a flood
flow upon the controller with a stack of packets using packet-in event. These packets are received by
switch and dynamically directed to the controller, resulting to high flooding packets with loss of the
legitimate data flow.

4. Evaluation and Simulation Results

Regarding to evaluate the performance of SDN controllers, we measure some metrics using some
commands as follows:
 Ping is used to measure Round Trip Time (RTT).
 Iperf is used to measure latency (jitter), bandwidth and throughput.

4.1 TCP Test

In this section, we will provide the results obtained from the experimentation of the previous of the
related work [16]. In this paper authors tried to add some of scalability features over different
controllers (POX,ODL and RYU) to present our contribution by implementing the impact of DOS
attack upon the controllers which captured by examine a TCP flow bandwidth between H3 as a client
and H6 as a server via port 5001 by iperf simulator. We launched hping3 traffic jam after starting iperf
command with H3-client, H6-server.
By utilizing ODL we setup a real default flow tables in the control plane, but these flow tables cannot
bypass flooded packets to reach the controller as in Fig.4. accordingly we obtained results that clarify
the bandwidth between the nodes which will be degraded with the number of attacks, whenever the
response time between the server and clients, moreover the acknowledgment time will be larger than
the actual time.

4
ICaTAS 2019 IOP Publishing
Journal of Physics: Conference Series 1447 (2020) 012007 doi:10.1088/1742-6596/1447/1/012007

Figure 4. TCP Bandwidth during ODL controller.

By using POX Controller, no default flow table entries are setup by controller except if it detects them
when packet_in event is launched. Figure5 shows that TCP bandwidth between hosts H6-hostH3 will
be significantly higher with no attack than more than one attack applied. Figure 5 show clearly that the
bandwidth totally affected between hosts whenever flooding attack increases towards these hosts.

Figure 5. TCP Bandwidth during POX controller.

RYU Controller: Using simple switch of OpenFlow version 1.3 applications in RYU controller, no
default flow table is installed by controller unless the controller learns them when Packet_In event is
triggered.
In Figure 6 result shows that a TCP bandwidth between H3 and H6, when no attack and with one host
attack, we observed very tiny variation ensure that no change almost occurred on bandwidth, but with
two hosts attack just 1Mbps varied over others which explain to us how much RYU is the most helpful
controller against DoS attack to protect bandwidth realization. RYU has positive impact on DoS attack
to the bandwidth point of view.

5
ICaTAS 2019 IOP Publishing
Journal of Physics: Conference Series 1447 (2020) 012007 doi:10.1088/1742-6596/1447/1/012007

Figure 6. TCP Bandwidth during RYU controller.

4.2 UDP Test

In this section, the impact of DoS attack on SDN controllers are noticed by recording UDP latency
(jitter) between two nodes (H3 as a client and H6 as a server listening on port 5001) using iperf
command. The jitter is the rate of variation in delay to transmit data form a source to destination. We
launch Hping3 Dos attack tool after starting iperf command between H3-client and H6-server, results
to obtain the discussed below.
ODL Controller: Figure 7 shows that UDP latency (jitter) between host H3 and host H6. We
investigated with no attack for 100 sec interval of time that jitter delay peak value is 0.25 msec
compared with the one attack impact value which evaluated by 4.5 m sec for variation of delay,
hereby, when one attack takes place a significant high jitter occurred rather than when there is no host
attack happened.

Figure 7. UDP: Output of ODL controller.

POX Controller: Figure 8 shows that UDP latency (jitter) between host H3 and host H6 under the
infection of one attack and the severe impact of it which had been observed 2.1msec higher than no
host attack case which has no jitter effect as shown below.

6
ICaTAS 2019 IOP Publishing
Journal of Physics: Conference Series 1447 (2020) 012007 doi:10.1088/1742-6596/1447/1/012007

Figure 8. UDP: Output of POX controller.

RYU Controller: Figure 9 shows that UDP latency between host H3 and host H6 when no host attacks,
almost no latency variations fluctuated but with one host attack a very small ones occurred but in
general comparing with all other controllers (ODL, POX), we observed that RYU controller is the
most protective controller in its entire network against DoS attacks in perspective to the delay
variation and is better compared to other controllers in TCP and UDP tests that tends to no change in
jitter and high throughput and high QoS performance accordingly.

Figure 9. UDP: Output of RYU controller.

As Table 1[20] shows a comparison among three different types of controllers through well-known
attributes. It has the summary attributes that reflects a variety tend for each cited controller and
explains the way of SDN infrastructure is laid out.
Table 1. SDN Controllers Summary.
Controller
Attribute ODL RYU POX
Platform Support Linux, mac and Windows Linux Linux, mac. and Windows
Consistency weak no No
Distributed yes no No
Northbound API REST, RESTCONF ad-hoc API ad-hoc API
GUI Web based Java yes No
Open Flow 1.0/1.3 1.0 to 1.5 1.0
Prog. Language Java python Python

7
ICaTAS 2019 IOP Publishing
Journal of Physics: Conference Series 1447 (2020) 012007 doi:10.1088/1742-6596/1447/1/012007

Response time it is the time duration between sending a packet and receiving acknowledgment
from destination. Response time is calculated by pinging test, by transmitting 50 packets of ICMP
from host H3 to H6. The round-trip time (RTT) [21] is measured for each packet, and the
minimum, average and maximum values are determined and illustrated in Table 2.

Table 2. Ping Test Results.

SDN Controller Min RTT [ms] Avg RTT [ms] Max RTT [ms]
POX 0.077 0.766 31.768
ODL 0.421 5.612 55.823
RYU 0.094 0.114 0.587

The obtained results in the previous Figures 4, 5, 6, 7, 8 and 9 showed that, the bandwidth and latency
(jitter) varied with different nature relating to the utilized tests and used controllers. This variation can
be statistically measured via some mathematical metrics such as the mean and standard deviation. The
obtained numerical values in Table 3 and Table 4 clarify that RYU controller is better in applying the
two tests (UDP/TCP test).

Table 3. Bandwidth Measurement H3 to H6 TCP Bandwidth (Mbps).

RYU ODL POX
Mean No Attack 89.0800 79.3500 87.2300
One Attack 89.7200 70.7000 57.6200
Two Attack 90.7350 50.6800 55.2850
Standard No Attack 3.5387 3.3127 2.5639
Deviation One Attack 2.2468 3.4150 40.9156
Two Attack 2.2361 5.2878 40.3439

Table 4. Jitter Measurement UDP jitter (ms) (H3-->H6).

RYU ODL POX
Mean No Attack 0.0285 0.1125 0.0230
One Attack 0.0257 2.3230 0.1661
Standard No Attack 0.0260 0.0745 0.0101
Deviation One Attack 0.0414 0.9433 0.4427

5. Conclusion
In this paper, we conducted an investigation into the DoS attack impact on RYU. POX and ODL
controllers and how it can affect the bandwidth and latency (jitter) between two different linked hosts
(Server/client) in SDN architecture. RYU can resist DoS attack to the bandwidth point of view.
Bandwidth degradation graph is shown from the figures on POX and ODL controllers after trigger
DoS attack. Even after establishing a connection with a server by legitimate user, DoS attack still has
an impact on nodes. This consequence is because of shortage of memory resources to add the entries
of flow table for an authorized user after reaching the flow timeout. DoS attack affects the controller
causing flood of packets. Accordingly, the controller will be susceptible to congestion in flow of
packets that occurred at packet-in/out event between the controller and switch connection to their
hosts. In addition, it leads to negative effect in installing and import of the entries of flow tables of
legitimate network terminals.

8
ICaTAS 2019 IOP Publishing
Journal of Physics: Conference Series 1447 (2020) 012007 doi:10.1088/1742-6596/1447/1/012007

6. References
[1] Imran, Muhammad, et al. "Reducing the effects of DoS attacks in software defined networks
using parallel flow installation." Human-centric Computing and Information Sciences 9.1
(2019): 16.
[2] OpenFlow Switch Specification, Version 1.5.1.; 2015. https://www.opennetworking.org/
software-defined-standards/specifications/. Accessed 04 Sept 2018.
[3] Kreutz D, Ramos FMV, Verissimo PE, Rothenberg CE, Azodolmolky S, Uhlig S (2015)
Software-defined networking: a comprehensive survey. Proc IEEE 103:14–76.
[4] Schaller S, Hood D (2017) Software defined networking architecture standardization. Comput
Stand Interfaces 54:197–202.
[5] Karakus M, Durresi A (2018) Economic viability of software defined networking (SDN).
Comput Netw 135:81–95.
[6] Kandoi R, Antikainen M (2015) Denial-of-service attacks in OpenFlow SDN networks. In: 2015
IFIP/IEEE international symposium on integrated network management (IM). IEEE, New York
[7] “Opendaylight,” https://www.opendaylight.org/, December2018.
[8] “POX controller”, http://www.noxrepo.org/pox/about-pox/, accessed December2018.
[9] “Ryu,” https://osrg.github.io/ryu/, December2018.
[10] Kandoi, Rajat, and M. Antikainen. "Denial-of-Service Attacks in OpenFlow SDN Networks."
In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on, pp.
1322-1326. IEEE, 2015.
[11] Shin, Seungwon, and Guofei Gu. Attacking Software-Defined Networks: A First Feasibility
Study.In Proceedings of the second ACM SIGCOMM workshop on hot topics in software
defined networking, pp. 165-166. ACM, 2013.
[12] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, J.
Turner. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Computer
Communication Review. Vol. 38, no. 2, pp. 69-74, 2008.
[13] K. Cabaj, J. Wytrebowicz, S. Kuklinski, P. Radziszewski, K. T. Dinh. SDN Architecture Impact
on Network Security. In FedCSIS position papers, pp. 143-148, 2014.
[14] J. M. Dover. A Denial of Service Attack against the Open Floodlight SDN Controller. Dover
Networks, Tech. Rep. 2013 December.
[15] P. P. CharuP, M. John. A Framework for Design and Simulation of DoS Attacks on SDN
Network. International Journal of Innovative Research in Computer and Communication
Engineering. Vol. 4, no. 2, 2016.
[16] H. Polat, O. Polat. The Effects of DoS Attacks on ODL and POX SDN Controllers. In
Information Technology (ICIT), 2017 8th International Conference on, IEEE, pp. 554-558, 2017.
[17] VMware, 2016. Products. [Online]
[18] “Mininet,” http://www.mininet.org/, December2018.
[19] Sanfilippo, S., n.d. man: hping3. [Online] Available at: https://linux.die.net/man/8/hping3,
December 2018.
[20] Semenovykh, Anna A., and Olga R. Laponina. "Comparative analysis of SDN
controllers." International Journal of Open Information Technologies 6, no. 7 (2018): 50-56.
[21] Stancu, L. Alexandru, S. Halunga, A.Vulpe, G. Suciu, O. Fratu, and E. C. Popovici. A
comparison between Several Software Defined Networking Controllers. In Telecommunication
in Modern Satellite, Cable and Broadcasting Services (TELSIKS), 2015 12th International
Conference on, IEEE, pp. 223-226, 2015.