Scientific knowledge map · Paper #29
Byzantine Fault Tolerant Software-Defined Networking (SDN) Controllers
2016 · IEEE COMPSAC, MidCCI workshop
- Theory
- Applied
- protocol
Research question
What does the paper try to establish?
Can an SDN controller avoid being a single point of malicious failure by replicating control decisions with Byzantine state-machine replication while retaining usable flow-setup performance?
Central answer
What is the proposed answer?
The paper integrates OpenFlowJ and Beacon with BFT-SMaRt through a per-switch proxy, producing SimpleBFT and BeaconBFT controllers that tolerate f faulty controller replicas among 3f+1 under the stated model; a four-replica Mininet prototype demonstrates feasibility but substantial and architecture-dependent throughput cost.
Evidence profile
Six dimensions, kept separate
The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.
LowMediumHighN/A = not assessed
A smaller value means less documented support for that dimension, not that the paper is false or unimportant.
- Epistemic evidence Medium
-
The paper gives a concrete architecture, threat model, security analysis, two prototypes, and comparative performance measurements. No fault injection, code artifact, independent reproduction, or formal proof audit was available.
Security analysis and quorum reasoning Mininet experiment and flow-setup results - Auditability High
-
The complete author-hosted paper is mirrored locally with page count and SHA-256, making design, assumptions, and reported data inspectable; implementation source and experiment package are not public in this map.
Proxy architecture and two controller prototypes Mininet experiment and flow-setup results - Production provenance Medium
-
Named authorship, affiliations, an author copy, and an IEEE record establish baseline provenance. Code version, contributor roles, and experimental artifact lineage are not documented.
Problem, contribution, and headline prototype result Official IEEE publication record - External scrutiny Medium
-
The work has an IEEE workshop publication record, but reviews, independent replication, and subsequent adversarial evaluation were not inspected.
Official IEEE publication record - Reception High
-
OpenAlex reports 43 located citations as of 2026-07-11, meeting the site's 11+ high threshold. Citation count alone does not establish correctness or deployment.
Dated OpenAlex citation snapshot - Contribution significance Medium
-
The paper demonstrates an early BFT SDN-controller integration with concrete measurements, but scale, fault-injection validation, priority, and long-term operational influence were not independently assessed.
Problem, contribution, and headline prototype result Future work, scale boundary, and conclusion
Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.
Top-down and bottom-up view
Hierarchical knowledge map
Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.
Byzantine Fault Tolerant SDN Controllers
A replicated SDN control architecture and Java prototype that applies BFT-SMaRt to OpenFlowJ and Beacon controllers.
Problem, contribution, and headline prototype result-
question Research question
research questionCan the logically centralized SDN control plane tolerate malicious controllers and switches without a new centralized fault point and without prohibitive flow-setup cost?
Problem, contribution, and headline prototype result -
contribution Central answer
implementedReplicate deterministic controller logic with BFT-SMaRt, place a service proxy beside each switch, and require f+1 identical replica replies before installing a flow rule.
Proxy architecture and two controller prototypes Security analysis and quorum reasoning -
scope Threat and system model defined
The system contains 3f+1 controller replicas plus switch-side clients/proxies, with authenticated replica messages and BFT-SMaRt's total-order execution.
BFT-SMaRt protocol and assumptions Controller and switch adversary model-
threat model Byzantine control and data planes
definedThe adversary actively corrupts up to f controller components and arbitrarily many switches, allowing message injection, replay, modification, arbitrary requests/replies, or silence.
Controller and switch adversary model -
assumption Replication assumptions
assumedCorrectness relies on BFT-SMaRt's communication and quorum assumptions, deterministic replicas, authenticated messages (MACs in the prototype), direct client-to-replica communication, and at most f faulty replicas.
BFT-SMaRt protocol and assumptions Security analysis and quorum reasoning
-
-
method Proxy-mediated replicated controller implemented
A per-switch proxy translates OpenFlow Packet_In requests into BFT client requests and translates the agreed response back into Packet_Out or Flow_Mod messages.
Proxy architecture and two controller prototypes-
component SimpleBFT and BeaconBFT
implementedThe authors integrate OpenFlowJ and Beacon with BFT-SMaRt, respectively, and evaluate both as learning-switch controllers with four replicas for f=1.
Proxy architecture and two controller prototypes Mininet experiment and flow-setup results
-
-
claim group Principal claims mixed
The paper combines quorum-based fault-tolerance reasoning with performance evidence from a proof-of-concept prototype.
Security analysis and quorum reasoning Mininet experiment and flow-setup results-
claim Single-fault tolerance in tested configuration
analytically supported conditionalWith four controller replicas, no one compromised replica can make a client accept an unsolicited or incorrect action because the client requires two identical replies and consensus quorums remain available.
Security analysis and quorum reasoning -
claim Measured flow-setup cost
experimentally supportedSimpleBFT reports 59.3 flow modifications/s versus OpenFlowJ's 106.9 (about 1.8× slower); BeaconBFT reports 87.0 versus Beacon's 550.6 (about 6.3× slower).
Mininet experiment and flow-setup results
-
-
evidence group Evidence chain documented
Evidence consists of architecture diagrams, quorum analysis inherited from BFT-SMaRt, two implementations, and comparative Mininet flow-setup measurements.
Proxy architecture and two controller prototypes Security analysis and quorum reasoning Mininet experiment and flow-setup results-
evidence Mininet proof-of-concept
reported not reproducedThe test uses 64 hosts and 63 switches in a binary tree, a reactive empty-table workload, four controller replicas, and flow setup duration, delay, and rate metrics; no fault-injection result is reported.
Mininet experiment and flow-setup results
-
-
limitation group Boundaries and limitations material
The source explicitly treats the implementation as a proof of concept and says it is not ready for large-scale networks with tens of thousands of flow changes per second.
Problem, contribution, and headline prototype result Future work, scale boundary, and conclusion-
limitation No adversarial or large-scale validation
evaluation limitationThe reported experiment measures benign throughput in Mininet; it does not inject Byzantine faults, test recovery/view change, measure geographic distribution, or demonstrate production traffic scale.
Mininet experiment and flow-setup results Future work, scale boundary, and conclusion -
limitation Proxy and serialization costs
implementation limitationEach switch depends on a paired proxy, and BFT-SMaRt's total ordering removes much of Beacon's parallel advantage; the paper proposes integrated switches, batching, and speculative/coarser consensus as future work.
Proxy architecture and two controller prototypes Mininet experiment and flow-setup results Future work, scale boundary, and conclusion
-
-
artifact group Artifacts and resources
full text availableThe complete author copy is mirrored locally with fixity metadata and linked to the IEEE record; no source-code repository or experiment package was identified.
Problem, contribution, and headline prototype result Official IEEE publication record -
scrutiny External scrutiny
publication recordedThe paper was published at the IEEE COMPSAC MidCCI workshop; reviews, independent replications, and later security evaluations were not audited.
Official IEEE publication record -
lineage Research lineage
documentedThe design adapts general BFT state-machine replication to the SDN control plane while contrasting data-plane fault-tolerance systems and separate fault-tolerant data stores.
BFT-SMaRt protocol and assumptions Future work, scale boundary, and conclusion
Audit trail
Source index
Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.
- Problem, contribution, and headline prototype result Abstract and Section I, PDF pages 1-2
- BFT-SMaRt protocol and assumptions Section II.B, PDF pages 2-3
- Controller and switch adversary model Section II.C, PDF page 3
- Proxy architecture and two controller prototypes Section III and Figures 2-3, PDF pages 3-4
- Security analysis and quorum reasoning Section IV, PDF pages 4-5
- Mininet experiment and flow-setup results Section V and Table I, PDF page 5
- Future work, scale boundary, and conclusion Sections VII-VIII, PDF pages 6-7
- Official IEEE publication record COMPSAC Workshops 2016
- Dated OpenAlex citation snapshot cited_by_count = 43, accessed 2026-07-11