Death by Babble: Security and Fault Tolerance of Distributed Consensus in High-Availability Softwarized Networks

High-availability softwarized networks, while offering tremendous flexibility, typically require distributed implementations to ensure resilience and scalability. For example, in software-defined networking (SDN), the control plane constitutes the “network brain,” and is implemented in a distributed fashion to avoid a single point of failure, while sophisticated algorithms are used to ensure that the distributed controller instances operate together as a logically centralized entity. Distributed consensus algorithms such as Raft are used in leading open source distributed SDN controller implementations, such as ONOS and ODL, to guarantee strong consistency of critical replicated data and provide resiliency under failures. We demonstrate the vulnerability of SDN distributed controller software (ONOS) to host mobility-based DDoS attacks, and show that (bursty) DDoS attacks and (intermittent) overload in network demands trigger a form of software “babble” that causes SDN to violate key assumptions of Raft, resulting in significant unavailability of critical communication between the control plane and data plane switches due to Raft behaviors. We propose BabbleResistantRaft, a “babble-resistant” variant of Raft that ensures safety, liveness, and stability under these types of attacks and network conditions, and demonstrate the effectiveness of BabbleResistantRaft through our implementation extending the open-source pysyncobj Raft library.