Qi Li,Xiaoyue Zou,Qun Huang,Jing Zheng,Patrick P. C. Lee

DOI: https://doi.org/10.1109/tdsc.2018.2810880

2018-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Like traditional IP networking, the emerging Software-Defined Networking (SDN) technology is vulnerable to sophisticated attacks against packets and their forwarding behaviors. However, existing proposals of packet forwarding verification for IP networking cannot be directly applied to the current SDN deployment due to the limited functionalities and resources in commercial off-the-shelf (COTS) SDN switches. We propose DynaPFV, a dynamic packet forwarding verification mechanism that is capable of detecting various sophisticated attacks against packet forwarding. DynaPFV leverages the controllability of SDN to examine both packets and flow statistics across a network of switches to detect violation of packet integrity and forwarding behaviors. To mitigate the verification overhead, DynaPFV dynamically adjusts the rates of packet sampling and flow statistics collection based on the prior detection results in order to preserve the verification accuracy. Furthermore, DynaPFV makes changes to the SDN controller only, and is directly deployable atop COTS SDN switches without modifications. We conduct theoretical analysis on the trade-off between performance and accuracy in our dynamic verification approach. We further prototype DynaPFV using the open-source Floodlight controller, and evaluate our DynaPFV prototype using Mininet simulations and hardware testbed experiments. DynaPFV achieves over 97 percent of verification accuracy only with less than 5 percent of throughput degradation and less than 10 percent of additional forwarding delays.

Shou-Yi WANG,Qi LI,Yun ZHANG

DOI: https://doi.org/10.11897/SP.J.1016.2019.00176

2019-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:Software-Defined Networking (SDN) simplifies network management by separating control and data planes, and has been received much attention recently.However, SDN cannot ensure correctness of packet forwarding in the networks, e.g., the packets in SDN can be dropped, tampered with, or faked, which may be incurred by false forwarding rule enforcement or attacks.SDN has a simple packet forwarding mechanism in its data plane so that the forwarding verification techniques in the traditional IP networks cannot be applied in SDN.Therefore, it is challenging to verify packet forwarding and ensure correctness of packet forwarding in SDN.The existing studies verify packet forwarding in SDN by verifying packets hop-by-hop or periodically comparing flow statistics of all flows, which incurs significant computation and communication overhead.In this paper, we present LPV (Lightweight Packet Forwarding Verification), a system provides the ability of verifying SDN data plane forwarding.The goal of LPV is to provide a reliable and practical mechanism to detect and defend against wrong packet forwarding.To this end, we develop a lightweight forwarding verification approach to detecting forwarding anomalies and locating malicious switches by leveraging the Packet-in mechanism and the flow statistics maintained in switches.LPV samples packets delivered by ingress and egress switches according to dedicated flow rules, and reports the message authentication code (MAC) values of packets and the statistics of the corresponding flows by Packet-in messages.Thereby, the controllers can detect malicious forwarding behaviors by comparing the MAC values of the packets and the statistics of the flows.Moreover, LPV can locate the switches that perform the malicious packet forwarding behaviors, e.g., malicious packet modification and packet dropping, by analyzing the correlations of the information, i.e., the Packet-in messages and flow statistics.By enforcing the sample mechanism, LPV significantly reduces the computation cost, and communication and storage overheads, which incurred by packet processing in switches and controllers.In particular, by randomly sampling packets according to the flow rules, LPV ensures the consistency of packet processing performed by different switches.Adversaries cannot easily infer which packets are sampled so that they cannot interfere with the verification.We implement a prototype of LPV with open source OpenFlow controllers, i.e., Floodlight, and open source OpenFlow switches, i.e., ofsoftware13, and evaluate the performance by Mininet experiments.The experimental results show that LPV detects various forwarding anomalies, while introducing negligible overhead, i.e., around 10％average delays in packet forwarding and less than 10％communication overhead.

Gao Wen,Zhou Boyang,Wu Chunming,Zhou Haifeng,Jiang Ming,Hong Xiaoyan

DOI: https://doi.org/10.1049/cje.2015.07.035

IF: 1.019

2015-01-01

Chinese Journal of Electronics

Abstract:In the Software-defined networking（SDN）,when multiple control domains are used in control services,the transient state problem can occur causing the service flow interruption when border switches are updated asynchronously. We analyze the uniqueness of this problem for SDN, and propose a light-weight protocol for safe reconfiguration of the border switches in order to improve the availability of the services running in SDN. Our solution is designed as a generic supervision layer added in the control plane to support different types of services. To demonstrate the benefits, we implement a prototype of Informationcentric networks（ICN） with the protocol, and conduct experiments using Planet Lab. The results show the ICN service can continuously serve high volume requests for contents despite the congestions built by the heavy background traffic. The performance gains in terms of the mean and standard deviation of the content retrieve delay are40.5% and 21.56%.

Boyang Zhou,Wen Gao,Chunming Wu,Bin Wang,Ming Jiang,Yansong Wang

DOI: https://doi.org/10.1007/978-3-319-13326-3_39

2014-01-01

Abstract:The Software-Defined Networking (SDN) separates the control plane from the data plane to increase the flexibility. In the data plane, the unavailability of data forwarding is a common problem preventing a switch from configuring a new arrival flow into its flow table. When the burst flows arrived at the switch, the flow table can be consumed, causing the unavailability occurred. However, the problem is more complicated than in Internet due to the limited channel bandwidth for detecting the table usage. Hence, we propose a transparent core layer in the controller. The mechanism of the layer improves the availability in such way, configuring switches adapting to arrival patterns of flows to prevent the resource of switch exceeding its limit. This paper introduces the design and mechanisms of the layer as well as their algorithms. We further use a real flow trace from a Internet core router to evaluate the performance of layer. By emulating on on miniNet-HiFi, the results demonstrate that the layer can smooth the burst flows without making the flow table exceeding its size, without the layer, the switch lost 8% ingress flows. Meanwhile, the control throughput is lowered by 25.8% than before.

Kai Bu,Yutian Yang,Zixuan Guo,Yuanyuan Yang,Xing Li,Shigeng Zhang

DOI: https://doi.org/10.1016/j.comnet.2021.108099

IF: 5.493

2021-01-01

Computer Networks

Abstract:Software-Defined Networking (SDN) greatly simplifies middlebox policy enforcement. Middleboxes need tag packet headers to avoid forwarding ambiguity on SDN switches. In this paper, we present a new attack, called middlebox-bypass attack, to breach SDN-based middlebox policy enforcement. Such an attack manipulates a compromised switch to locally tag attacking packets without handing them over to the attached middlebox for inspection. Existing SDN security solutions, however, cannot detect the middlebox-bypass attack under practical constraints of efficiency, robustness, and applicability. We design and implement FlowCloak, the first protocol for per-packet real-time detection and prevention of middlebox-bypass attacks. FlowCloak enables middleboxes to generate tags that are probabilistically unknown to an attacker and confines it to only random guessing. We propose a multi-tag verification technique to address the tradeoff between FlowCloak robustness and TCAM usage by tag verification rules on the egress switch. Experiment results show that dozens of verification rules can confine the attacking probability under 0.1%. We further explore implementation techniques of packet looping and field swapping that can enable a flow table pipeline on a single TCAM and mitigate packet correlation, respectively. FlowCloak imposes only a 0.01 ms packet processing delay on middleboxes and no obvious delay on the egress switch.

Junjie Xie,Deke Guo,Xiaozhou Li,Yulong Shen,Xiaohong Jiang

DOI: https://doi.org/10.1109/jsac.2018.2815358

IF: 16.4

2018-01-01

IEEE Journal on Selected Areas in Communications

Abstract:To enable the network softwarization, network function virtualization (NFV) and software defined networking (SDN) are integrated to jointly manage and utilize the network resource and virtualized network functions (VNFs). For a network flow resulting from any NFV application, an associated switch would send a routing request to the controller in SDN. The controller then generates and configures a routing path to dynamically steer the flow across appropriate VNFs or service function chains. This process, however, exhibits a skew distribution of response latency with a long tail. Cutting the long-tail latency of response is critical to enable the network softwarization, yet difficult to achieve due to many factors, such as the limited capacities and the load imbalance among controllers. In this paper, we reveal that such flow requests still experience the long-tail response latency, even using the up-to-date controller-to-switch assignment mechanism. To tackle this essential problem, we first propose a light-weight and load-aware switch-to-controller selection scheme to cut the long-tail response latency under the simple scenario of homogeneous controllers, and then design a general delay-aware switch-to-controller selection scheme to fundamentally cut the long-tail response latency for the more complicated heterogeneous controller scenario with performance fluctuations. The comprehensive evaluations indicate that our two new switch-to-controller selection schemes can significantly reduce the long-tail latency and provide higher system throughput.

Kai Bu,Yutian Yang,Zixuan Guo,Yuanyuan Yang,Xing Li,Shigeng Zhang

DOI: https://doi.org/10.1109/infocom.2018.8486230

2018-01-01

Abstract:Software-Defined Networking (SDN) greatly simplifies middlebox policy enforcement. Middleboxes need tag packet headers to avoid forwarding ambiguity on SDN switches. In this paper, we present a new attack, called middlebox-bypass attack, to breach SDN-based middlebox policy enforcement. Such an attack manipulates a compromised switch to locally tag attacking packets without handing them over to the attached middlebox for inspection. Existing SDN security solutions, however, cannot detect the middlebox-bypass attack under practical constraints of efficiency, robustness, and applicability. We design and implement FlowCloak, the first protocol for per-packet real-time detection and prevention of middlebox-bypass attacks. FlowCloak enables middleboxes to generate tags that are probabilistically unknown to an attacker and confines it to only random guessing. We propose a multi-tag verification technique to address the tradeoff between FlowCloak robustness and TCAM usage by tag verification rules on the egress switch. Experiment results show that dozens of verification rules can confine the attacking probability under 0.1%. FlowCloak imposes only a 0.3 ms packet processing delay on middleboxes and no obvious delay on the egress switch.

Qizhao Zhou,Junqing Yu,Dong Li

DOI: https://doi.org/10.1016/j.comnet.2021.108075

IF: 5.493

2021-07-01

Computer Networks

Abstract:<p>We consider the problem of source address validation implementation (SAVI) in a Software-Defined Network (SDN) environment. The integration of SAVI and SDN can further address the challenges in a typical architecture such as the complexity of SAVI's deployment and the acquisition of security data in the access layer. A key aspect of this campaign consists of filtering forged packets and verifying the authenticity of the source address. A common strategy is to create bindings between the IP address of a node and a property of the host's network attachment. However, problem still accompany with the deployment of SAVI, including the performance cost of the SDN controller caused by the redundant validation process, especially in the case of an overflow of the flow table and other anomalous conditions in the network. Our contribution in this paper is to design and implement a dynamic framework for lightweight SAVI based on SDN (D-SAVI), which is an enhancement of SDN setups to allow proper source address validation on downstream network ingress ports, without incurring a large performance overhead. Initially, we proposed a fine-grained dual-level structure to match flow entry flexibly to complete the dynamic deployment of SAVI. A priority-based validation mechanism was added for further efficiency optimization. We then designed a state partition and transition module to optimize network performance under anomalous conditions, especially the communication performance between the controllers and switches in the SDN-based networks with a global view. Consequently, under the premise of network security, D-SAVI could filter out, with better packet forwarding efficiency, packets that do not match existing binding relationships. The experimental results demonstrate that our implementation provides source address verification with less resource consumption than existing methods.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Kai Bu,Kaiwen Zhu,Yi Zheng,Yuanyuan Yang,Yutian Yang,Linfeng Cheng

DOI: https://doi.org/10.1016/j.comnet.2018.10.006

IF: 5.493

2018-01-01

Computer Networks

Abstract:Software-Defined Networking (SDN) has greatly boosted the productivity of data center networking and cloud computing. It introduces a central controller to take over most functions that otherwise reside in distributed forwarding devices. Such a centralized design, however, tends to make the control channel a bottleneck due to bandwidth fatigue. Only when this bottleneck is addressed can SDN greater benefit networking and computing infrastructures. Existing work saves control channel bandwidth at the expense of losing flow visibility. This paper designs and implements FastLane, a framework for bandwidth-efficient yet throughput-boosting SDN flow setup without sacrificing global flow visibility. FastLane informs only one on-path switch of a flow’s forwarding path while switches themselves cooperate to complete flow setup. FastLane thus keeps minimum traffic for flow setup in the control channel and leaves the rest to the data plane. We optimize the switch selection toward minimizing flow setup latency. To leverage the saved bandwidth for setting up more flows and therefore achieving higher throughput, we propose delegating certain flow setups from ingress to en-route switches. We prototype FastLane by modifying FloodLight controller and Open vSwitch. The results demonstrate FastLane’s benefits to higher SDN throughput with limited switching fabric overhead.

Kai Bu

DOI: https://doi.org/10.1109/INFCOMW.2015.7179433

2015-01-01

Abstract:Software-Defined Networking (SDN) has greatly enriched the flexibility of network management. It introduces a central controller to take over most network functions that otherwise reside in distributed forwarding devices. Such a centralized design, however, tends to make control channel a bottleneck due to bandwidth fatigue. Existing work saves control channel bandwidth at the expense of losing visibility of most or mice flows. This paper proposes FastLane, a framework for bandwidth-efficient SDN flow setup without sacrificing global flow visibility. FastLane advocates that the controller inform only a flow's ingress switch of the flow's forwarding path while switches themselves cooperate to complete flow setup. This way, FastLane keeps minimum traffic for flow setup in control channel and leaves the rest to data plane. The analytical results validate FastLane's higher bandwidth efficiency over traditional SDN, especially for relatively long forwarding paths. For a 3-switch path, FastLane can already save more than a half of bandwidth. The saved bandwidth can embrace more flow setups and thus reduces flow latency.

Yongzhe Jia,Lei Xu,Yuwang Yang,Xiaoling Zhang

DOI: https://doi.org/10.1109/lcomm.2019.2956033

IF: 3.5529

2020-01-01

IEEE Communications Letters

Abstract:In Software Defined Networking (SDN), it is crucial for the controller to manage the data plane and provide basic services with creating and maintaining a real-time abstract topology view for the application plane. Currently, most serious challenge for the topology discovery services is the efficiency of the topology discovery protocol. In this letter, we propose an automatic topology discovery protocol to collect and update the topology information efficiently and securely, which is without unnecessary modifications on the standard OpenFlow protocol or extra hardware logic on switches. We also design a novel probe frame structure for the proposed protocol to reduce the traffic overhead and the controller burden. Finally, the performance of the proposed protocol is evaluated for its efficiency, security, and scalability. The experimental results show that the proposed protocol outperforms the state-of-the-art OpenFlow-based topology discovery protocols.

Qun Huang,Xin Jin,Patrick P. C. Lee,Runhui Li,Lu Tang,Yi-Chao Chen,Gong Zhang

DOI: https://doi.org/10.1145/3098822.3098831

2017-01-01

Abstract:Network measurement remains a missing piece in today's software packet processing platforms. Sketches provide a promising building block for filling this void by monitoring every packet with fixed-size memory and bounded errors. However, our analysis shows that existing sketch-based measurement solutions suffer from severe performance drops under high traffic load. Although sketches are efficiently designed, applying them in network measurement inevitably incurs heavy computational overhead. We present SketchVisor, a robust network measurement framework for software packet processing. It augments sketch-based measurement in the data plane with a fast path, which is activated under high traffic load to provide high-performance local measurement with slight accuracy degradations. It further recovers accurate network-wide measurement results via compressive sensing. We have built a SketchVisor prototype on top of Open vSwitch. Extensive testbed experiments show that SketchVisor achieves high throughput and high accuracy for a wide range of network measurement tasks and microbenchmarks.

Qi Li,Yunpeng Liu,Zhuotao Liu,Peng Zhang,Chunhui Pang

DOI: https://doi.org/10.1109/icc.2016.7510990

IF: 5.3

2021-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Packet forwarding anomaly is an abnormal network state where flows are forwarded along wrong paths. Current practice of forwarding anomaly detection in Software Defined Networks (SDN) is achieved by sending probing packets or analyzing flow statistics. However, these approaches are not effective and efficient. For example, the probing approaches cannot capture all attacks, and the statistics approaches induce high communication overheads since they collect statistics of all flows. In order to address these issues, we propose a novel scheme called FADE. FADE detects forwarding anomalies by accurately analyzing flow statistics of a minimal set of flows. It generates a small number of dedicated flow rules associated with these flows to accurately measure their statistics. Moreover, it controls the installing and timeout of these dedicated flow rules so that all dedicated flow rules generated for the same flow operate on the same set of packets. Therefore, it achieves high efficiency and accuracy in anomaly detection. We prototype FADE and implement it as an application in Opensource controller, Floodlight, and evaluate the performance by Mininet experiments. The experiment results show that FADE can detect almost all forwarding anomalies and only reduces the throughput by 4%.

Zhang Peng,Chen Xiangning,Ge Yun,Jin Lin

DOI: https://doi.org/10.1049/cje.2016.06.004

IF: 1.019

2016-01-01

Chinese Journal of Electronics

Abstract:After studying the routing and forwarding process of network stream and the implementation of SDN, we propose a retractable management model for flow table. A structure with parallel tables and synthesis processing is proposed according to the feature of SDN and traditional network. The parallel tables share the same storage resources. Thanks to the separation of data plane and control plane, control plane owns more computing resources than traditional device. It evaluates the role of nodes and the action of network flows, makes adjustment according to the historical and current information and streamlines flow tables by consolidating and simplifying old flow entries. Through simulation, it is proved that the realized method can defend offensive traffic while ensuring the safety of accessing and forwarding, especially existing blocking attack.

Yangyang Wang,Jun Bi,Keyao Zhang

DOI: https://doi.org/10.1007/s11432-015-1057-7

2017-01-01

Science China Information Sciences

Abstract:SDN provides an approach to create desired network forwarding plane by programming applications. For a large-scale SDN network comprised of multiple domains and running multiple controller applications, it is difficult to measure and diagnose the problems of flow tables in data plane. Tracing the forwarding path of SDN is one of effective way for data plane state measurement. Previously proposed methods for debugging SDN were applied to a single administrative domain. There is less effort to trace the flow entries of the data plane in large-scale multi-domain SDN networks. In this paper, we propose a method of software defined data plane tracing in large-scale multi-domain SDN networks. Our method can trace forwarding paths, and get the matched flow entries and other customized trace information. We present the designs compatible with OpenFlow 1.0 and 1.3 switches. The performance and deployment effect are evaluated by simulation test and analysis. It shows that our method has better performance than traditional IP traceroute, and its deployment at about 20% of AS nodes can enable 70% of AS paths to be traceable.

Kai Lei,KeKe Li,Junlin Huang,Weichao Li,Jie Xing,Yi Wang

DOI: https://doi.org/10.1109/icc.2018.8422613

2018-01-01

Abstract:Software Defined Networking (SDN) simplifies network management by separating the control plane from the data plane in performance networks. However, the actual packet behaviors, conforming to the rules in the data plane flow tables, may violate the original policies in the controller due to the inconsistency between the data plane and control plane. To address this problem, we propose 2MVeri, a new framework for measuring the control-data plane consistency, defined as the consistency between the control plane policies and data plane rules. 2MVeri uses a Bloom filter and a two-dimensional vector as a tag which is inserted in the packet header and is updated in each switch that the packet traverses. By exploiting path information compressed in the tag, 2MVeri can verify the control-data plane consistency. Moreover, when verification fails, 2MVeri can localize the faulty switch. Evaluations conducted on a datacenter network with the fat tree topology k=4 demonstrate that 2MVeri achieves 100% accuracy in consistency verification and high fault localization performance.

Laurent Patrice,Ramadhani Sinde,Judith Leo

DOI: https://doi.org/10.1109/access.2024.3409679

IF: 3.9

2024-06-15

IEEE Access

Abstract:Address Resolution Protocol (ARP) spoofing has been a long-standing problem with no clear remedy until now. The attacks can be launched easily utilizing an enormous number of publicly available tools on the web; however, they are extremely tough to counterattack due to ARP's stateless nature for not authenticating ARP replies for a subsequent request. Previous studies have demonstrated significant efforts to counterattack these assaults in Software-Defined Networks (SDN); however, much effort has been focused solely on detecting the assaults, with little effort being made to address performance bottlenecks, scalability, and Single Point of Failure (SPOF) issues in large-scale networks. In this study, we focus on developing ARP spoofing attacks detection mechanism in large-scale SDN that is immune to SPOF and provides enhanced network performance and scalability. The main purpose is to enable controllers to intercept and analyze all incoming ARP packets, learn address mappings, and store them in the application's memory to be used as a basis for ongoing ARP cache comparisons while maintaining a global cache in a controller. To achieve the goal of this study, a simulation experiment in a closed network environment was undertaken to precisely monitor network traffic and result patterns. Mininet and the Open Network Operating System were used to implement the data plane and OpenFlow controllers. The results show that, the proposed solution is resistant to ARP spoofing attacks, with an average detection and mitigation time of 4.3 and 26.19 milliseconds, respectively. Further significant improvements have been observed in alleviating SPOF and performance bottlenecks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Liang Xie,Zhifeng Zhao,Yifan Zhou,Gang Wang,Qianlan Ying,Honggang Zhang

DOI: https://doi.org/10.1109/wcsp.2014.6992181

2014-01-01

Abstract:Software Defined Network (SDN) is undergoing an increasingly high popularity among various schemes of networking deployment. The main advantage of SDN lies in its flexibility in controlling network traffic, which arises from decoupling the control plane and the data plane of network devices. However, despite of the valuable merits of SDN, the outage of data forwarding should not be ignored. The drawback mainly results from the length limitation of switch flow tables, the congestion between controllers and switches, and the deficiency of the controller capacity, which are all closely related to the timeout mechanism of flow table. In our study, the deficiency of SDN system will be analyzed explicitly. Moreover, we propose an adaptive control mechanism aiming at optimizing the idle timeout reset of flow tables and cooperation between controllers and switches. Our mechanism achieves higher matching ratio of flow tables as well as alleviates the congestion in the control channel, enabling more fluent data forwarding in SDN.

Menghao Zhang,Guanyu Li,Lei Xu,Jiasong Bai,Mingwei Xu,Guofei Gu,Jianping Wu

DOI: https://doi.org/10.1109/tnet.2020.3040773

2020-01-01

IEEE/ACM Transactions on Networking

Abstract:Software-Defined Networking (SDN) continues to be deployed spanning from enterprise data centers to cloud computing with the proliferation of various SDN-enabled hardware switches and dynamic control plane applications. However, state-of-the-art SDN-enabled hardware switches have rather limited downlink message processing capability, especially for Flow-Mod and Statistic Query, which may not suffice the huge need of dynamic control plane applications. In this paper, we systematically study the interactions between the control plane applications and the data plane switches, and present two new attacks, namely Control Plane Reflection Attacks, to exploit the limited processing capability of SDN-enabled hardware switches. The reflection attacks adopt direct and indirect data plane events to force the control plane to issue massive expensive downlink messages towards SDN switches. Moreover, we propose a two-phase probing-triggering attack strategy, which makes the reflection attacks much more efficient and powerful. Experiments on a testbed with 3 different physical OpenFlow switches demonstrate that the attacks can lead to catastrophic results such as hurting the establishment of new flows and even disruption of connection between SDN controller and switches. To mitigate such attacks, we present several countermeasures from different perspectives. In particular, we propose a novel, systematical defense framework, SwitchGuard, to detect anomalies of downlink messages and prioritize these messages based on a novel monitoring granularity, i.e., host-application pair (HAP). Implementations and evaluations demonstrate that SwitchGuard can effectively reduce the latency for legitimate hosts and applications under the control plane reflection attacks with only minor overheads.

Guolong Chen,Guangwu Hu,Yong Jiang,Chaoqin Zhang

DOI: https://doi.org/10.1109/iscc.2016.7543774

2016-01-01

Abstract:Current Internet packet forwarding only relies on destination IP address and thus neglects the validation of packet's IP source address for Internet accountability, which incurs many cyber-security threats. State-of-the-art solutions either have issues in spoofing packet filtering accuracy, e.g., false positive and false negative, or encounter scalability and deployment problems, i.e., end-host TCP/IP stack or router modification. In this article, we propose SAVSH, a practical IP source address validation scheme for Software Defined Networking (SDN) hybrid networks. SAVSH takes advantage of the SDN architecture which possesses global topological view and central control pattern, so that it can locate nodes for the SDN switch replacement and deploy filtering rules onto them with desirable IP prefix-level filtering accuracy. In the meantime, SAVSH also takes network dynamics (e.g., topology changes) into account. Finally, the established prototype experiment and typical topology simulations demonstrate SAVSH not only possesses desirable performance, but also owns the capability that trades the maximal validation effect with the minimal SDN switch deployment cost, which is up to more than 90% prefix coverage benefit to 15% deployment cost on average.