Clé - Enhancing Security with Programmable Dataplane Enabled Hybrid SDN.

Network security is of paramount importance. However, "legacy" networks fail to provide security mechanisms to protect the network. Recent years have seen the prevalent in Software-defined Networking (SDN), and its programmability simplifies network management and provides possibilities to enhance security. Unfortunately, the full SDN deployment is cost-prohibitive and introduces the performance penalty to the controller due to the heavy traffic analyze workload, and thus influencing the network performance. We argue upgrading only a few legacy switches (LS) to SDN switches can achieve security and management benefits of the full SDN deployment, and implementing certain security network functions on the dataplane can minimize the performance penalty. In this paper, we propose Clé, a programmable dataplane (PD) enabled hybrid SDN security enhancement solution. Clé consists of a smart algorithm to select LSes to upgrade, a unified controller that automatically "attracts" traffic to programmable SDN switches, and the security network functions combined PD that can directly detect and mitigate threats without degrading the performance.