> a network should have logically centralized control, where the control software has network-wide visibility and direct control across the distributed collection of network devices.
Including a backdoor for wiretapping in SDN-enabled routers.
> a network should have logically centralized control, where the control software has network-wide visibility and direct control across the distributed collection of network devices.
Including a backdoor for wiretapping in SDN-enabled routers.
Is it really a “back door” when it’s controlled by the network owner? It feels like we need a different term for that since it’s increasingly common on large networks.
The question is who can send commands as network owner. The basic idea of SDR is that when A wants to talk to B, a message is sent to some control point to determine the path. The path is then sent down to the routers along the path. Packets which ordinarily would go nowhere near eavesdropping point C can be redirected to go through C, on a per A/B pair basis.
Unless the goal of the backdoor is to redirect traffic flows through packet inspection devices that the attacker also controls, the decoupling of the control and data plane in SDN deployments requires a more creative, intricate solution to allow for wiretapping compared to traditional routers.