Modeling and verifying SDN under Multi-controller architectures using CSP

Software Defined Networking (SDN) with multiple controllers draws more attention for the increasing scale of the network. Multi-controller architectures can handle what SDN with single controller is not able to address. In order to understand what these architectures can accomplish and face precisely, we analyze them with formal methods. In this paper, we apply Communicating Sequential Processes (CSP) to model the routing service of SDN under multi-controller architectures, in particular the HyperFlow architecture and the Kandoo architecture based on OpenFlow protocol. By using model checker Process Analysis Toolkit (PAT), we verify that the models satisfy three properties, namely deadlock freeness, consistency, and fault tolerance. In addition, for studying the security of those models, some extension is added. We find that the extended models are capable of coping with Denial of Service and may suffer from Information Disclosure. Moreover, a fake path and a tampered message could be present in SDN.