HPOFS: A High Performance and Secured OpenFlow Switch Architecture for FPGA

Although Software Defined Networking offers many advantages, it suffers from many security issues due to centralized control. In this paper, we introduce HPOFS (High-Performance and Secured OpenFlow Switching Architecture) for FPGA which is not only able to route packets from sources to destinations according to the OpenFlow protocol but also able to protect the system against different attacks efficiently. Thanks to FPGA technology, the two processes can be scheduled in parallel; thus, the switch can work at very high throughput. We implement the first prototype version on Xilinx xc5vtx240t FPGA device with three different security functions to protect the system against DDoS attack types, including Hop-count filtering, port Ingress/Egress filtering, and SYN Flood attacks defender. While the first two protection techniques are adapted from our previous work, the SYN Flood defender core is designed and implemented with a pipeline model in this work. The core is able to protect the system against SYN Flood attacks at up to 30,000,000 packets per second with only 0.248 ms overhead. The full switch can provide throughput at up to 78.96 Gbps with only 0.0012 percent drop rate.