DDoS Protection System for SDN Network Based on Multi Controller and Load Balancer

Abstract

Read online

DDoS attacks on SDN networks can create a single point of failure that has the potential to disrupt the overall network performance. In a single controller scheme, there is a potential risk of experiencing buffer overload, leading to traffic congestion as switches must wait for responses from the controller before forwarding network packets. To address this challenge, this research implements security measures using a multi-controller and load balancer approach, aiming to enhance SDN network resilience against DDoS attacks. The system operates by distributing the workload from the main controller to a backup controller through a load balancer when indications of a DDoS attack are detected. These attack indications are determined based on the miss rate value of unique forwarding requests exceeding a specific threshold. The results of this approach have proven effective in improving the reliability, responsiveness, and quality of SDN network traffic during DDoS attacks. The testing parameters involved in this research include controller response time and network traffic quality, comprising latency, bandwidth, throughput, and jitter. Based on the test results, the multi-controller and load balancer-based approach successfully enhanced network quality and controller responsiveness by 66.51% compared to the longer single controller scenario, specifically 202.49% during DDoS attacks. In terms of controller responsiveness, there is a very slight increase of around 0.01% in latency between the two. While Multi Controller demonstrated a remarkable 43.21% increase in throughput compared to Single Controller, this improvement in throughput is accompanied by a significant 204% increase in jitter.