1

The Smallest Software Defined Network Testbed in

the World: Performance and Security
Song Wang*, Karina Gomez Chavez*, Sithamparanathan Kandeepan* and Paul Zanna
Northbound Networks, Melbourne Australia
∗RMIT University, 124 La Trobe, 3000, Melbourne Australia
Email: {name.surname}@rmit.edu.au, paul@northboundnetworks.com

Abstract—Zodiac-FX is the first OpenFlow switch designed to

sit on a desk, not in a datacenter. In this demo, we present
Zodiac-FX the world’s smallest OpenFlow Software Defined
Network Switch. Our main objective is to showcase the usage
and functionalities of Zodiac-FX in handling OpenFlow protocol.
We will also demonstrate SDN sEcure COntrol and Data Plane
(SECOD), an SDN secure controller algorithm to detect and
defend SDN against DoS attacks. We will demonstrate Zodiac-FX
and SECOD value via experiments within real traffic and Denial-
of-Service (DoS) attacks allowing the audience to interact with
the complete toolkit system.
I. M OTIVATION
There are numerous open source SDN controllers that allow
the prototyping and modelling of a SDN. However a small and
affordable OpenFlow switch has not been previously available.
Therefore, several SDN framework emulators and simula-
tors, such as Mininet or OpenFlowOmnet [1], were the only Fig. 1: Communication peripherals of Zodiac-FX.
way to model and prototype SDN applications. Even though II. Zodiac-FX D ESCRIPTION
simulators are inexpensive, flexible and reasonable accurate,
The Zodiac-FX is a four-port network development board
they cannot capture real hardware equipment interactions and
designed for anyone who requires a low cost SDN develop-
performance. The Zodiac FX is the first OpenFlow switch
ment platform. By providing the firmware source code users
designed to provide all the advantages of a hardware based
are free to create their own versions. The main communication
SDN while keeping the equipment cost affordable [2].
peripherals of Zodiac FX are sketched in Fig. 1. The CLI pro-
We believe Zodiac FX offers the ideal platform to extract
vides the ability to configure setting and monitor the operation
SDN capability of easy-to-configure network control.
of the Zodiac-FX. To simplify operations the CLI uses the
On the other hand, security in SDN is an important re-
concept of a context, this limits the available commands. There
search topic with still several research questions to investigate.
are currently four available contexts: Base, Config, OpenFlow
Related works have been done in SDN security, however
and Debug. Majority of the Zodiac-FX functionalities available
some countermeasures cannot protect both control and data
via CLI are also available via web-interface, which provides
plane [3], or extra interface or device may be required [4],
the ability to configure settings and monitor the operations.
or no real implementation be conducted so far [5]. Thus we
For example, the flows page displays the current flows in the
design and implement SECOD [6], an innovative algorithm,
flow table, along with their configurations. Currently, up to
that detects and blocks DoS attacks in SDN. In this demo, we
eight per-flow meters can be configured, with up to three meter
put forward a solution that attempts to demonstrate:
bands on each. Up-to-date meter statistics are also shown in
• The functionalities of Zodiac-FX, an open source, cost
the web-interface, allowing meters to be monitored.
efficient and programmable OpenFlow switch fully sup-
porting OpenFlow protocol.
• The capabilities of SECOD, a powerful algorithm for III. SECOD D ESCRIPTION
detecting and defending SDN from DoS attacks (Full SECOD algorithm is based on [6] and summarized in Fig. 2,
paper is presented in the main conference). it is running on the controller to protect control and data plane
The aim of this demonstration is to validate the design of SDN without any extra device involved. It uses counters and
choices we have made in conceiving and deploying the Zo- thresholds to determine if the network is under attack, and the
diac FX and SECOD testbed. Furthermore, we will demon- threshold can be updated dynamically. Due to the constraint
strate the capability of hardware & software toolkit to properly of hardware performance and requirement of customer, the
support secure SDN applications. pre-definition of threshold varies from each other. SECOD
978-1-5386-3416-5/18/$31.00 
c 2018 IEEE monitors network and collects statistics which are used to

Fig. 2: High-level description of SECOD algorithm showing the different functions for detecting and stopping DoS attacks.
Fig. 3: Architecture to showcase Zodiac-FX and SECOD.
generate threshold. By comparing counters with the threshold,
SECOD is able to detect a DoS attack. While drop rules
help SECOD to localize the source of attacker and block the
incoming packets to protect legitimate users in the network.
IV. D EMONSTRATION S CENARIOS
This demo aims at i) showing the capability of hard-
ware&software Zodiac-FX toolkit to properly deploy SDNs,
ii) showing the effect of DoS attacks in SDN, and iii) showing
the ability of SECOD to protect SDN. The relevant network
setup is sketched in Fig. 3:
• One Raspberry Pi (Rpi) will act as the SDN controller
(running RYU controller) and host SECOD algorithm,
operations will be displayed in the monitor.
• Zodiac-FX will be connected to controller, CLI (displayed
in the monitor) will be used to show the creation of flow
tables and different functionalities of Zodiac-FX.
• Legacy switch is connected to the Zodiac-FX to allow
multiple Rpis running under the same port of Zodiac-FX.
• There are four physical Rpi hosts connected to Zodiac-
FX switch. Three hosts run legitimate TCP stream (Using
iPerf traffic generator), two hosts are the sender and the
other one is the receiver. While the fourth host is the
attacker who generates malicious UDP streams.
The following application scenarios will be involved:
1) Zodiac-FX functionalities: Firstly, Zodiac-FX function-
alities in terms of a) base, b) config, c) OpenFlow, and
2
d) debug will be explained and demonstrated. Zodiac-
FX CLI and web-interface will be used to explore the
flow tables and other configurations.
2) Effect of DoS Attacks in SDN: Using the attacker to
initialize DoS attacks (low, medium and high intensity
attacks) while monitoring the network performance. This
will allow us to visualize the impact of DoS attacks on
the network performance.
3) SECOD in Action: SECOD will be activated and DoS
attack will be executed again while monitoring the
network performance. This will allow the visualization
of SECOD ability to detect and block the attacks while
maintaining a good network performance.
4) Platform Functionalities: Finally, conference attendees
will be able to explore the Zodiac-FX platform by con-
figuring Zodiac-FX themselves and exploring SECOD’s
different functions as well.
We hope that our Zodiac-FX software and hardware toolkit
will be considered as the platform to test innovative SDN
solutions and SECOD algorithm will be used to detect and
mitigate DoS attacks in SDN.
In order to demonstrate, we will prepare 1 Zodiac FX
switch, 1 traditional switch, 5 Rpis and 1 notebook. While
we would like to request 8 power sockets, 1 external monitor,
1 table to accommodate the demo equipment and space to
display the demo-poster. Estimated preparation time is 1 hour.
R EFERENCES
[1] D. Klein and M. Jarschel, “An OpenFlow extension for the OMNeT++
INET Framework,” in Proceedings of the ICST Conference on SimuTools,
ICST, Brussels, Belgium, Belgium, 2013, pp. 322–329.
[2] Zodiac. (2017) Northbound Networks Pty. Ltd. [Online]. Available:
http://northboundnetworks.com/collections/zodiac-fx/products/zodiac-fx
[3] M. Kuerban, Y. Tian, Q. Yang, Y. Jia, B. Huebert, and D. Poss, “FlowSec:
DoS attack mitigation strategy on SDN controller,” in IEEE Networking,
Architecture and Storage, 2016, pp. 1–2.
[4] T. Xing, Z. Xiong, D. Huang, and D. Medhi, “SDNIPS: Enabling
software-defined networking based intrusion prevention system in
clouds,” in IEEE Network and Service Management, 2014, pp. 308–311.
[5] R. Kandoi and M. Antikainen, “Denial-of-service attacks in OpenFlow
SDN networks,” in IEEE Integrated Network Management, 2015.
[6] S. Wang, K. Gomez, and S. Kandeepan, “SECO: SDN sEcure COntroller
algorithm for detecting and defending denial-of-service attacks,” in IEEE
International Conference on ICT, 2017.