The SDN Controller is critical to all network operations because it is the component used to build all forwarding paths for the data plane via control-plane processes. It is also instrumental with network management and provisioning functions that keep the SDN-enabled network elements and links available for providing network services. Any disruption to the SDN Controller can result in mission-critical network outages. A DoS attack targeting the SDN Controller can result in excessive CPU and memory utilization. The SDN Controller must be configured to rate-limit control-plane traffic destined to itself to mitigate the risk of a DoS attack and ensure network stability.
Review the SDN controller configuration to determine if it is configured to rate-limit control-plane messages. If the SDN controller is not configured to rate-limit control-plane messages, this is a finding.
Configure the SDN controller to rate-limit control-plane messages.