Data communication networks provide data services like Internet access, media conferencing, file access, messaging, content delivery, and the like. These data communication networks are made of computer systems and networking components like transceivers, antennas, and cabling. The computer systems include processing circuitry and associated memories that store and execute software.
The data communication networks are implementing Software-Defined Network (SDN) technology to improve service delivery and efficiency. The SDN systems have separate data and control planes that communicate over a southbound data interface. The data plane has router-like devices called flow machines that process user data packet flows based on Flow Description Tables (FDTs). A typical FDT entry may associate an Internet protocol (IP) prefix with a data action such as forwarding, storing, or blocking. The control plane has flow controllers that load and modify the FDTs to control the user data flows. The controllers in the control plane interact with SDN applications in the control plane to transfer and manage the user data flows.
Unfortunately, an SDN data-plane machine may modify an FDT due to a mistake or a malicious act. The corrupted FDT may seriously impact user data services. In addition, the data-plane machine may receive viruses or some other type of bad content. Moreover, the SDN controllers and data-plane machines may be spoofed by criminal elements. Various techniques to implement hardware-trust are available. For instance, public/private key exchanges and digital certificates are used to build hardware-trust between different computer systems and users. Other techniques use random number challenges and hardware-key based answers to build hardware-trust between various computer systems and users.