Use SDN to smash tier one 'oligarchy', hacker says

Toss DoS, stem MitM

David Jorm / Darren Pauli

AusCERT IIX security bod David Jorm is urging users and organisations to adopt software-defined networking (SDN) to break up the 'tier one networking oligarchy'.

The former Red Hat security bod said SDN establishes peer-to-peer interconnects without the expense and complexity of traditional models, using projects including OpenDaylight, ONOS, Cumulus, and the CloudRouter Project on which he works.

In the SDN primer given at the AusCERT conference on the Gold Coast last week Jorm says SDN can increase security postures, provided the SDN controller is properly protected, by eliminating threats such as man-in-the-middle and denial of service attacks.

"You end up with not only the tier one club … which is an oligarchy that you can't join and are strongly disincentivised to let you join because it undermines their business, but there is nothing stopping you forming your own club," Jorm says.

"So what are the security benefits of SDN? Yeah it's cool, it's lower latency, it's probably cheaper … but routers could share information on active DDoSes (distributed denial of service attacks) meaning you no longer need volumetric defence.

"With a man-in-the middle attack … that's still a problem for any traffic traversing transit but for any traffic traversing between directly-connected peers it has no effect at all."

Readers can listen to Jorm's AusCERT presentation here, and read his blog on SDN security. He also discusses his talk on the Risky.Biz podcast from the 24 minute mark.

Jorm says mesh networks are emerging where users are bypassing transit points altogether, and points out that carriers including PacNet are using it for production, while AARNET uses ONOS for its 15,000 route connections to the United States.

The technology separates the data and control network planes that are typically converged in routers such that the latter is factored out so that data plane devices do little else but forward packets.

Jorm's CloudRouter Project offers a SDN kit launched April catering for Fedora, Docker, and OSv. ®




Biting the hand that feeds IT © 1998–2019