Mechanism to Prevent ARP Spoofing and Broadcasting in SDN


New technologies have emerged during the last decade, including cloud computing, the Internet of Things, voice over IP,

multimedia, big data, etc., all of which have stringent requirements for bandwidth, scalability, accessibility, and dynamic administration. To ensure compliance with established policies, network administrators must configure each network device independently, frequently according to low-level instructions that vary by manufacturer. Users can only submit these commands from the command line or GUI; therefore, it’s up to them to do it manually. Automatic reconfiguration and reaction mechanisms are necessary in the case of a network breakdown or a change in demand, but they are difficult to implement in preexisting IP networks. Contemporary, vertically integrated network devices increase the complexity of network design and administration. Without a central command node, modern dispersed control networks may be a nightmare to administer. Due to the complexity of the initial configuration, various inaccuracies, security issues, and network failures occur. Properly developing and implementing new protocol architectures may require a considerable amount of time. Consequently, it is seen as difficult and impossible to replace the present IP network with a new network architecture based on a different paradigm. In addition, the expenses involved in maintaining an IP network have increased in tandem with the network’s expansion and user base. Existing network infrastructures have been plagued by issues, but Software-Defined Networking (SDN) has proposed a solution. By using a different approach to networking, SDN may be able to avoid the drawbacks of older methods. It alters the traditional concept of networks into a programmable, secure, and open system that can be used by anybody.


Address Issues According to Protocol b. Problems with ARP spoofing and other forms of network insecurity persist in traditional infrastructures. Software-defined networking (SDN) is helping with some of these issues (SDN). This article extends the functionality of the SDN controller by including a new module that actively looks for and blocks any suspicious ARP packets in the network. The weakness of this approach will become more apparent as network size and traffic increase. This causes the controller round-trip time to increase and increases CPU use. The issue was resolved by modifying the extended module to process ARP traffic. This grants proxy ARP capabilities to the controller.


We will explain a responder strategy for decreasing the CPU overhead brought on by the mitigation mechanism and the long latencies in responses brought on by the ARP broadcast behavior. It takes much less time for ARP to reply, and the controller overhead has been greatly reduced.


The rebuilt SDN controller makes use of the proposed technique in the L2r learning component. ARP spoofing is a security risk, and ARP broadcasting is a scalability problem; the proposed solution is to alter L2 learning to prevent both behaviors. Nothing new must be installed on the hosts or added to the network in order to make use of this. It does not propose any modifications to the existing OpenFlow or ARP protocols. The controller can immediately respond to any ARP request since the OpenFlow protocol provides access to and control over the whole network.

The suggested system features both a novel response to and prevention of ARP attacks. The Main table is queried for the IP-MAC address of the intended recipient before the cleaned packet is broadcast to the network at large. In order to prevent an attack, the host may respond to an ARP request with a spoofed address instead of the true r destination.


The proposed approach is secure against ARP spoofing attacks, prevents ARP broadcast messages in big networks, and reduces response times by centrally managing ARP enquires.


This study investigates technical solutions for addressing ARP poisoning attacks and ARP broadcast issues in very large-scale networks. Both the ARP spoofing protection method and the ARP broadcast prevention algorithm are now part of the virus controller’s built-in module. According to the test findings, the system is both fast at detecting and blocking ARP assaults, and effective in fending them off. Still, in a busy network, the controller’s CPU became overworked from inspecting so many ARP packets. For this reason, the ARP took much longer to transmit than the standard controller. In addition, the modified L2 with the mitigation approach functions similarly to the original plain L2 when it comes to broadcast ARP packets. Therefore, the time required to respond increases along with the size of the tree structure. In order to reduce the computational burden of the ARP broadcast behavior mitigation technique, a responder approach was developed. The controller’s workload was much reduced, as was the ARP response time. The existing system has a potential for a single point of failure due to its centralized nature and its dependence on a single controller environment. As such, this method is best implemented in a system where several controllers cooperate to divide and conquer tasks and guarantee each other’s safety in the event of a catastrophic failure. An attack may cause the controller to fail if a large number of legitimate ARP packets were sent to it by the attacker. DDoS attacks against controllers may be stopped by keeping an eye on incoming ARP packets using port monitoring.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top