Does OpenFlow Really Decouple The Data Plane from The Control Plane?

Software Defined Networks (SDNs) offer flexibility to current networks, allowing operators to manage network elements using software on an external server. SDNs are founded on a key feature: the separation of the control plane from the data plane. OpenFlow is the most popular SDN southbound interface today. However, does OpenFlow really decouple the data plane from the control plane? This is the leading question in this work. The literature has sought to quantify the impact of OpenFlow commands from control plane on data plane performance. Particularly, we argue that it is possible to damage the date plane by too many flow updates. Attackers, for instance, can use this effect in a cloud environment to reduce the performance of a collocated virtual network. However, it is not clear what is the exact impact of this coupling on production hardware and software switches. We investigate this through experiments, under representative scenarios, and propose a threshold mechanism to mitigate the effect of malicious administrators. We have observed that both hardware and software switches suffer from this limitation, presenting an average RTT degradation of up to 12.35% in the hardware switch, and 25.9% on the software switch. Finally, the proposed mechanism mitigates the lack of decoupling and malicious behavior.