Design problems towards reliable SDN Networks Carmen Mas Machuca 1 , Petra Vizarreta 1 , Raphael Durner 1 , Dorabella Santos 2 , Amaro de Sousa 3 1 Chair of Communication Networks, Technical University of Munich, Germany e-mail {cmas, petra.stojsavljevic, r.durner}@tum.de 2 Institute of Telecommunications, Portugal e-mail dorabella@av.it.pt 3 Institute of Telecommunications, University of Aveiro, Portugal e-mail asou@ua.pt Abstract: Software Defined Networking offers many advantages such as cost reduction, higher flexibility and network programmability by decoupling the control from the data plane. In order to also increase reliability, several design problems are presented. OCIS codes: (060.4257) Networks, network survivability; (060.4250) Networks Software Defined Networking (SDN) architecture is based on a logically centralized network control, which is separated from the data plane. SDN promises several advantages such as cost reduction, fast provisioning, scalability and load balancing. However, reliability has to be considered in order to guarantee the expected network behavior in case of single and/or multiple failures or attack occurrence. For the remaining of this summary, the term failures will also cover attacks, since they can be considered as targeted and/or intentional failures. The basic SDN architecture [1] consists of three planes as depicted in Fig. 1: (i) the application plane (at the top), (ii) the controller plane (in the middle) and (iii) the data plane (at the bottom) which corresponds to the infrastructure layer (i.e., the interconnected set of network elements able to forward and process data with minimum management and control functionalities). The control layer consists of a set of one or more SDN controllers which is responsible to translate the application requirements into control actions towards the network elements and to inform the applications about any relevant notify from the data plane. The architecture also includes a Management plane in parallel to the three previous planes to provide all the required management functions (e.g., configuring the SDN controller assigned to each network element, configure controller policies). Fig. 1 SDN Architecture [1]: This summary focuses on the controller and data planes as well as on the control flows between them Fig. 2 Resilient profile parameters In order to increase the reliability of the network, the potential failures should be identified and modelled in terms of occurrence, impact and dependency with other failures. The failures addressed in this summary cover failures that can occur (i) at the data plane, (ii) at the controller plane, and/or (iii) at the control flows between controller and network elements.  Data Plane: Failures at the network infrastructure such as link failures (e.g., cable cut) and network element failures (e.g., card failure, power cut) may occur interrupting any data flow using that failed component. Existing mechanisms such as protecting data flows with disjoint paths or precomputing potential restoration paths for configured data flows can be used. Protecting data flows is a proactive recovery solution useful mainly in case single failure occurs [2, 3]. However, if multiple failures occur, reactive recovery solutions aiming at restoring the interrupted flows are most suitable since it allows finding restoration paths (if the network is still connected) but it is executed at the control plane [2].