SIPAV-SDN: Source Internet Protocol Address Validation for Software Defined Network

SDN technology is becoming every day more popular and big data centers and organizational networks have started deploying for its advantages. Current development of SDN network relies on target host IP address of packet and OFSwitches ignores checking of source host IP. SDN has separated control planes and data planes and OpenFlow protocol enabled switches are used as packet forwarding devices. The SDN controller controls flow of data packet through forwarding devices and when these are turned on, do not have any control and defense. The devices are not able to handle packet arriving from connected host. In this case, data packets of hosts are sent to the controller forwarding device for inspection and control packet creation for data packet and setting up required matching entries in flow table of forwarding device for such type of data packets generated by the hosts. The attackers can generate packets with Spoofed source IP address and perform various types of attacks. In this research paper, we offer a scheme as Source IP Address Validation for Software Defined Network (SIPAV-SDN) to check packet’s source host IP address by binding source host IP Address and MAC address with switch port. It maintains a HostTable at Controller for verification of source host IP and MAC with switch port and only forwards the packets which have valid sources host IP address. We also simulated SIPAV-SDN with hybrid SDN network and experiment results have shown that it achieved 100% packet filtering accuracy for IP spoofed TCP, UDP and ICMP packet attacks. We used python programming language for RYU controller in Mininet network emulator.