Devolving IEEE 802.1X authentication capability to data plane in software-defined networking (SDN) architecture

Software-defined networking (SDN) is a relatively new approach in network management that proposes to separate the network control (Control plane) and the forwarding process (Data plane) to optimize the network infrastructure and improve network performance, controllability, manageability and flexibility. However, like every technology, SDN has brought its own new challenges in terms of security and scalability which are very important aspects that should be considered to design and build a resilient architecture in order to meet carrier grade network requirements. In this paper, we propose a secure SDN architecture with IEEE 802.1X port-based authentication where we also consider the controller's scalability issue by devolving the access control capability to the data plane. In this way, we reduce the high demand and the workload on the SDN controller. Our proposed model presents a novel SDN network architecture and logical network segmentation which provides an optimal and secure network access with low latency. We have implemented and tested our architecture to show its performance (authentication delays). Copyright (C) 2016 John Wiley & Sons, Ltd.