Abstract

Software-defined wide area networking (SD-WAN) enables dynamic network policy control over a large distributed network via network updates. To be practical, network updates must be both consistent, i.e., free of transient errors caused by updates to multiple switches, and secure, i.e., free of errors caused by faulty or malicious members of the control plane. Besides, these properties must incur minimal overhead to controllers and switches.
We present Cicero: a ConsIstent seCurE pRactical cOntroller for SD-WAN updates. Consistency is provided through a novel update scheduler in conjunction with a distributed transactional protocol while security is preserved by replicating the control plane and authenticating updates with an adaptive threshold cryptographic scheme. We ensure practicality by providing a mechanism for scalability through the definition of independent network domains and exploiting parallelism …

Date

2020

Authors

James Lembke, Srivatsan Ravi, Pierre-Louis Roman, Patrick Eugster

Book

Proceedings of the 21st International Middleware Conference

Pages

149-162