A Systematic Literature Review on Military Software Defined Networks

Software Defined Networking (SDN) is an evolving network architecture paradigm that focuses on the separation of control and data planes. SDN receives increasing attention both from academia and industry, across a multitude of application domains. In this article, we examine the current state of obtained knowledge on military SDN by conducting a systematic literature review (SLR). Through this work, we seek to evaluate the current state of the art in terms of research tracks, publications, methods, trends, and most active research areas. Accordingly, we utilize these findings for consolidating the areas of past and current research on the examined application domain, and propose directions for future research.


Introduction
Certain types of application domains rely fully or partially on constrained dynamic networks due to technical, physical or other limitations of financial and regulatory nature. Military and emergency response networks are examples of such application domains, while their study is further motivated due to the nature of the scenarios and areas of their utilization. Four levels of command have been defined across military operations, namely (i) political, (ii) strategic, (iii) operational, and (iv) tactical. The infrastructure serving the three higher levels of command typically relies on comparatively over-provisioned wire-line and wireless networks. Contrary to that, the networks serving the tactical level mainly consist of constrained mobile devices, with self configuring characteristics, and connectivity limitation both locally and towards the infrastructure serving the other levels.
In addition to bandwidth limitations and unstable connections, military networks require tailored security solutions, which consequently create additional overhead for the network and can influence the stability of the connections. The capabilities of the nodes are also often limited by low battery life, low storage capacity and limited CPU power. These networks are characterized as Disconnected, Intermittent and Limited networks (DIL) or disruption-tolerant networks (DTN). Trends of data-centric solutions in the civil domain such as Software Defined Networks (SDN) and Network Function Virtualization (NFV) execute the network control in a centralized manner, while CPU intensive services are distributed. These principles have the potential of satisfying the network constraints of military networks. Hence, the main idea behind this literature review was to discover how these trends of SDN have been adopted to constrained military networks, and how they can contribute to solve their operational challenges.
Although not all types of tactical nodes are constrained, and sections of the network may operate under a non-constrained mode, communication across the tactical network and towards higher levels Jarraya et al. [9] on SDN taxonomies, research directions, challenges, and recomendations for future work, and Mendonca et al. [10] for programmable networks with an emphasis on SDN. Furthermore, Bennesby et al. [11] provided a study on current approaches for reducing BGP (Border Gateway Protocol) appropriate inter-domain routing convergence delay on the Internet, Hu et al. [12] focused specifically on SDN/OpenFlow designs and architectures, while Anderson et al. [13] analysed resilience supporting mechanisms for SDN.

Research Method
For the execution of this study we utilized the method described by Okoli and Schabram [14], for conducting systematic literature reviews of information systems research, adopting additional useful components from the studies presented in Section 2, and particularly articles [4,5]. This method is comprised of the following distinct steps: 1. "Purpose of the literature review:" For our study, the "Purpose of the literature review" has been defined as: to analyze the current state of the art within the topic of military SDN, in terms of research tracks, publications, methods, trends, and to make recommendations for future research. Accordingly the executed tasks seek to satisfy the following explicit goals: (e) To make recommendations for future research.
2. "Searching for the literature:" The identification and extraction of related literature was finalized on 15 August 2018, in the following academic research databases: IEEE Xplore, ACM Digital Library, ResearchGate, Microsoft Academic Search, ScienceDirect, CiteSeerX, Scopus, ProQuest, BIBSYS, and Semantic Scholar. Furthermore, this process has been executed by explicit combination of two groups of key-words, where the first group of terms was related to the technology (i.e., SDN, Software Defined Networks) and the second on the application domain (i.e., Military, Strategic, Tactical), providing a total of six combinations for each database.
Seeking to maximize comprehensiveness and extract the whole of related articles, we transferred the weight of inclusion on the next step (practical screening), by selecting to utilize the majority of academic research databases (accepting the risk of multiple duplicate outputs), and selecting wide terms as key-words (accepting the risk of outputs with limited relevance to the purpose of this literature review).

"Practical screening:"
For the selection of articles and mitigation of the aforementioned risks, we defined several exclusion criteria and rounds, as follows: (a) Articles published in languages other than English have been excluded.
(b) Duplicate articles occurring across the examined scientific databases have been excluded.
(c) Reports, presentations, editorials, and posters have been excluded, while we selected only scientific articles published in conferences, workshops, and journals. Furthermore, we have included PhD, and MSc thesis of significant relevance to the examined topic.
(d) The article must be directly related to SDN or in combination with relevant fields, such as NFV (Network Function Virtualization) or SDR (Software Defined Radio), but not only on related fields without mentioning SDN.
(e) No exclusion criteria have been defined in accordance with the year of publication, publisher, and author affiliation. 4. "Quality appraisal:" The initial database screening, with the search method and exclusion criteria described in the two previous paragraphs, resulted in 927 entries. At this stage, the authors defined and individually applied an application domain related filter, seeking to identify scientific contributions with relevance to the purpose of this literature review. This filter was defined as: "The article must be directed to military networks or clearly mention military networks as a potential application domain for the presented contribution." Consolidating the three individual recommendations resulted in the final list of entries that are presented in this literature review. Consequently, these articles have been independently evaluated in terms of relevance, significance, and impact. Consolidating the three individual recommendations resulted in the significant research contributions (presented in Section 4) and additional contributions (presented in Section 5). Finally, the last evaluation round was related to the categorization of the identified contributions, for facilitating the synthesis of our study and the presentation of results.

"Data extraction:"
The data extraction and analysis of the identified articles have been conducted in accordance with a review form for maintaining completeness and consistency. This form has been established in accordance with official review forms utilized for internationally established scientific conferences, enhanced with suitable components for the extraction of substantial research results and contributions. 6. "Synthesis of studies:" For the synthesis of our study and iterative development of literature mapping, we utilized the qualitative material gathered through steps 5 and 6. Accordingly, the two groups of articles have been further categorized according to their focus areas and analyzed as presented in Sections 4 and 5. Furthermore, we collected quantitative data for the examined articles, allowing the extraction of statistical metrics as presented in Section 6. Finally, combining the results of these sections allowed us to provide an overall analysis of the examined ecosystem, and extract recommendations for future work, as presented in Section 7.

"Writing the review:"
Writing this systematic literature review has been conducted in accordance with the standard principles for writing research articles, utilizing the method described by Okoli and Schabram [14] and by adopting additional useful components from the studies presented in Section 2. Furthermore, this section provides functional details that allow reproducing our results, or updating this study at a later time.
The number of identified entries across the stages of conducting this literature review is as follows:

Identified Significant Research Contributions
The extracted articles which have been identified to provide significant research contributions on the examined topic are presented in Table 1. Furthermore, in this section, we discuss these articles, categorizing them in accordance with their research contributions. The articles have been classified in accordance with their application domain (as mentioned by the articles' authors: aerial, coalition, distributed, heterogeneous, military, mission critical, mobile ad hoc, naval, and tactical networks), their research contribution (as extracted: architectures, basic evaluation, tools, services, control systems), their scope (as extracted: basic evaluation, design and management, monitoring and control, policy based management, resource sharing, security, and simulations), the layer that the contribution is focused on (as extracted: all, application, control, physical), and finally with respect to the extent of their focus on security (as extracted: no, yes, only mentioned).

Architectures
A multitude of articles in this category investigate topics related to network monitoring and control. Nobre et al. [15] proposed a battlefield networking architecture, enabling the deployment of SDN based applications and policies. The article examines in detail the benefits and disadvantages of (i) centralized, (ii) hierarchical, and (iii) federated approaches, comparing the two later and discussing in detail the supported policy based management solutions. Furthermore, the authors briefly discuss security implications and proceed by examining two use cases related to (i) bidirectional video streaming, and (ii) task coordination. Overall, the article is comprehensive and consistent with current research trends, although further evaluation is suggested. Furthermore, Zacarias et al. [16] proposed a joint exploration of the SDN and Delay Tolerant Network (DNT) concepts, in order to address the specific constraints and problems arising at the last-mile Tactical Edge Networking (TEN). The proposed approach takes under consideration the resource constrained devices used by troops in the field, while it benefits from the programmability of SDN, and the ability of DTN to handle link outages. Two use cases are examined in order to highlight the applicability of the proposed architecture. The first sets out a scenario that highlights some of the SDN features within network partitions supporting a non-elastic application. The second use case deals with the management of communication between heterogeneous nodes in the TEN, which spread across different partitions.
Mihailescu et al. [17] suggested a prototype framework for (i) network control, (ii) traffic prioritization management, and (iii) radio/protocol integration, with the use of SDN for emergency response and military networks. Initially, the article contributes with a two-tier hierarchical SDN controller setup, which exposes a modular interface for the management of wireless networks. Furthermore, the authors proposed a framework that allows the integration and interoperability across distinct wireless network technologies. Both frameworks are presented in detail, related to the desired functionalities of (i) traffic prioritization, (ii) remote network management, and (iii) multiple radio integration. Accordingly, the authors present the results of their initial evaluation process, presenting a small scale prototype implementation. The article investigates an interesting research path, but further evaluation and development is required, since the presented validation approach is small in scale for comprehensively highlighting the overall benefits.
Moreover, Phemius et al. [18] described an architectural framework for traffic management in tactical networks, combining elements of Mobile Edge Cloud (MED) and SDN, to allow optimal network reactivity to the wireless link variations. The proposed framework can be decomposed into four layers, namely: the (i) "waveform layer" which consists of the multiple deployed programmable radios, the (ii) "SDN layer" which contains a virtual switch and the SDN controller, the (iii) "application management layer" which is mapped to the MED where the applications run, and the (iv) "mobile edge controller" which is a module that bridges the other three layers. Channel state information are periodically measured and aggregated at the controller, which routes the traffic in accordance with these information and dedicated policies deployed within the "mobile edge controller", in order to detect network saturation or bottlenecks and react accordingly. The authors have implemented the proposed architecture in a test-bed that emulates a platoon level tactical network, abstracting the backbone infrastructure, towards the validation of their results. The utilized test-bed is described in detail within the article, while two distinct scenarios are used for validation purposes that primarily relate to network management. Further validation is proposed, given the limited size of the examined topology, but also limitations related to node mobility and communication patterns, which have not been captured extensively under the realistic characteristics of tactical deployments. Nonetheless, the experimentation method is sound and provides viable insights towards future work, which as the authors suggest will include extended configurations.
White et al. [19] proposed an SND and Network Function Virtualization (NFV) based architecture, within the highly mobile environment of Unamaned Aerial Vehicles (UAV) infrastructures. The proposed architecture aims at (i) improving situational awareness for pilots and payload operators during UAV missions, (ii) increasing continuity of services in deployments with weak backbone infrastructure, (iii) reduction of latency in applications related to situational awareness, and (iv) reduction of the requirements imposed on the backbone infrastructure in cases of outages or traffic spikes. Each UAV is defined as a host, with mobile ground vehicles operating as switches, which route traffic towards the pilots in command and mission payload operators, in accordance with predefined OpenFlow rules. The chained containers hosting the VNFs (Virtual Network Functions) are located in the ground vehicles, while the SDN controller is located at the central command center. The authors implement their architecture with Linux based chained containers for instantiation of the VNFs and the Python SDN controller. Validating their architecture, the authors utilize scenarios that focus on pilot saturation with alerts. The results support an improvement of situational awareness, due to the programmability of reports related to emerging challenges, and an overall improvement in terms of resilience. Furthermore, high mobility patterns are supported through the integrated distributed selection of resilient links with sufficient capacity and availability.
Kumar et al. [20] describe a framework that leverages the benefits of the SDN paradigm, in order to guarantee end-to-end timing constraints in safety critical Real Time Systems (RTS). The advantage of using SDN in such systems is that it provides a centralized mechanism for developing and managing the system. Furthermore, such a global view is useful in providing the end-to-end delay limitation guarantees that are required. As the authors suggest, another advantage is that the hardware/software resources needed to implement the proposed framework are limited. A prototype is implemented as an application that uses the northbound Application Programming Interface (API) for the controller, which accepts a specification of flows that contain a classification, bandwidth requirements, and the delay constraints of each individual flow. The proposed solution is evaluated using the following two methods: (i) a performance exploration of the path layout algorithm design, and (ii) an empirical evaluation using Mininet, which demonstrate the effectiveness of the end-to-end delay guaranteeing mechanisms. As noted, most hardware switches limit the maximum number of queues that can be allocated to flows, while the presented realization mechanism reserves only one queue per port for each flow, leading to the depletion of available queues. Moreover, Spencer and Willink [21] provide a basic evaluation of SDN within coalition networks, and address research challenges related to the dynamic ecosystem of military networks. In particular, the authors focus on dynamic wireless networks and network controller topologies, by presenting the identified challenges and vulnerabilities. The challenges are reflected by the constraints of military networks such as (i) limited bandwidth, (ii) unreliable wireless connectivity, (iii) dependencies of the network controllers, (iv) east-west control plane channels, and (v) data integrity in open networks. Overall, the main contribution of this article, is to present a summary of related challenges identified within the proceedings of a TTCP-C3I (The Technical Cooperation Program-Command, Control, Communications and Information Systems) group. Finally, investigating design and management systems, Elgendi et al. [22] propose a three-tiered SDN architecture of heterogeneous and highly dense low-power femtocells at the tactical edge, aiming to satisfy the increasing capacity demands while simplifying the management overhead and increasing scalability. The proposed architecture consists of (i) the physical layer, based on dense low-power femtocells, (ii) the control layer which acts as a local controller, and (iii) a management layer which acts as a global controller. Routing and Quality of Service (QoS) decisions are made at the control layer in coordination with the management layer, the latter also being responsible for handovers. Furthermore, the authors focus on mobility and session management, describing in detail the developed sequential processes and required subsystems. The authors use the Mininet simulator in order to validate their results and evaluate the suggested architecture. The results suggest that within the utilized scenario, the proposed three-tier architecture reduces the delay, while increasing the throughput. Furthermore, the performance of the suggested architecture is evaluated in different mobility scenarios, suggesting that in low speeds a smooth flow rate among femtocells is achievable, while in speeds over 30 km/h the use of hotspots or macrocells is required in order to enhance connectivity. The utilized simulation scenarios are aligned with the high level architectural requirements of tactical networks, although limitations in terms of the deployed number of nodes and mobility models are visible.

Control Systems
As in the previous subsection, the majority of articles with research contribution related to control systems have a scope that is targeted towards monitoring and control. Nazari et al. [45] proposed an SDN framework for a fleet of ships that relies on multiple satellite communication systems for on-board communications. The SDN framework addresses practical issues in current naval networks, such as sharing and load balancing of multiple communication links, as well as overcoming constraints related to bandwidth limitations. To overcome link intermittence and outage, the authors propose the use of Multi Path Transmission Control Protocol (MPTCP), which improves end-to-end data delivery by creating several sub-flows under a TCP session. The cooperation between MPTCP and the SDN controller leads to an agile, bandwidth efficient, and robust naval network. The authors conducted SDN-SAT performance evaluation tests, using the Mininet emulator on a commodity laptop, where the SDN-SAT controller protocol and the MPTCP Linux kernel run on the same machine. Open vSwitch is used in order to emulate the switches, while the initial results are promising in terms of functionality support and performance, although the performance of SDN and MPTCP is not addressed when the underlying network consists of a large number of ship nodes. Additionally, Du et al. [56] designed and implemented SDN-SAT traffic optimization algorithms and associated SDN protocols on the SDN network emulator Mininet, with focus on naval surface fleets utilizing satelite communication systems. The SDN emulation testbed uses Mininet 2.1.0, Floodlight 1.2 (for the controller), OpenFlow 1.3 Software (for the switch) and MPTCP Linux Kernel Implementation v0.90. The Flow Deviation Method (FDM) is used as a network-wide optimal load-balancing solution that maximizes total throughput and minimizes traffic flow delay and jitter, while this optimization is carried out via a central controller in a Software Defined Networking (SDN) framework. It must be noted that the FDM algorithm convergence time and control overhead (in terms of SATCOM bandwidth) exchanged between SDN switches and their controller are not addressed in this work.
Also focusing on naval networks, Lee et al. [43] proposed an SDN based Naval Ship System (NSS) and an algorithm called "Real-time Transmission via Flow-rate-control" (RTF) for environment specific optimization. With the proposed algorithm, SDN is employed as a new network architecture for the NSS, in order to control the QoS of real-time data over a tactical scenario. An optimization problem in terms of delay and prioritization is formulated, in order to achieve real-time transmission over SDN based NSSs. Consequently, a dual-decomposition method is applied in order to solve the non-convex optimization, while the authors measure the performance of the proposed solution by employing a tailored Floodlight SDN controller. The proposed SDN-based NSS is virtually established using Mininet, in order to verify the efficiency of the algorithm. The network topology used for the executed experiments is composed of 500 nodes and eight gateways, while Floodlight V1.1 and OpenVswitch are utilized for the implementation. Finally, the traffic of each node is generated individually, by utilizing the Hierarchical Multi-level On/Off Source (HMLOS) traffic model.
In respect to coalition operations, McLaughlin et al. [42] proposed an SDN based framework for the mobility management of operational nodes within coalition military environments. The examined problem is analyzed in depth by the authors, providing significant insights in terms of operational, functional, and security constraints and requirements. The proposed framework seeks to implement Protected Core Networking (PCN) utilizing SDN, where PCN separates the transport and information domains, towards multinational networks that provide flexible and secure transport services. The authors describe in detail three logical topologies for the SDN controller, namely: (i) centralized, (ii) partially-meshed, and (iii) extension to static hosts.
Within the same application domain, Pham et al. [31] summarized a set of research challenges related to Content Based Networking (CBN) in military coalition networks. As presented by the authors, in a joint military operation, the key focus is to bring together different partners into a single mission, maintaining the ability to securely share data across the distinct teams. Furthermore, it is required that the network operators are capable of performing analytics and maintain service related situational awareness in a resource constrained network. SDN is promoted by the authors as an enabler for CBN in respect of easing the complexity, and allowing the dynamic discovery of distributed information. However, centralized network control, such as OpenFlow, does not fit with disruptive networks. The paper suggests placing future research focus on: (i) hybrid SDN in order to allow network independence from the controllers, (ii) east-west control plane communication between network controllers, (iii) security implications related to dynamic distributed services, (iv) content aware networking by mapping the service request to the network control, and (v) distributed analysis in order to derive human situational understanding.
Also focusing on coalition networks, Mishra et al. [40] examined how the principles of SDN can be utilized in order to improve cyber situational awareness in coalition environments within military networks. The authors discuss the adaptation of the Observe, Orient, Decide, Act (OODA) loop within SDN in order to improve security awareness. The OODA loop describes a decision-making process and is reflected in an SDN controller application. The authors also suggest that an east-west communication protocol is required for controllers to share what they have learned. The article explains comprehensively the concepts related to the OODA loop but does not provide an extensive discussion over the corresponding requirements and constraint for its adaptation on SDN. Consequently, Mishra et al. [28] examined the application of SDN across military coalition operations, proposing a mechanism for enabling dynamic Communities of Interest (CoI) within these environments, and evaluating such interoperability architectures in accordance with key performance metrics. Furthermore, this article provides a comprehensive overview of tactical communities of interest and the underlying constraints towards their deployment and management. The authors proceed by merging the two, and discussing the topic of Software Defined Coalitions (SDC), as the mechanism that is capable of facilitating the operation of dynamic tactical CoIs. Accordingly, they identify three interoperability levels, namely: (i) network, (ii) network and storage, and (iii) network, storage, and compute. They clarify that (ii) combines mechanisms from SDN and Software Defined Storage, while (iii) builds upon the concept of Software Defined Environments. Consequently, the article proposed three types of architectures, namely: (i) simplification, (ii) brokered, and (iii) federated, comparing the three in terms of complexity, trust, and standardization. The presentation and discussion of the proposed mechanisms is sound and comprehensive, although further scenario based validation/verification can be desirable.
With focus on aerial networks, Iqbal et al. [58] proposed an SDN and SDR architecture that can predict network outage in aerial networks. Under the assumption that aerial flights have fixed orbits, the authors suggest that the radio can inform the centralized controller about its future position, allowing for the flow routes and radio links to be switched in advance and prior to network outege.
Hence, the availability is expected to be increased by the use of predictive SDN. The presented architecture is based on the assumption that the radio link outage can be predicted. Accordingly a corresponding architecture is proposed and tested in a virtual environment with OpenDaylight, Quagga, and OVS. The availability is tested by comparing network convergence for Open Shortest Path First (OSPF), reactive SDN (LLDP) and proactive SDN, where the proactive SDN showed maximum availability. Nevertheless, it must be noted that the proposed solution is not compared with overlay networks such as Multiprotocol Label Switching (MPLS) with segment routing.
Within the application domain of military networks, the majority of articles is focused towards policy based management. Skappel [47] presented a master thesis with the objective of testing how an SDN controller can be used as a tool for controlling traffic in a dynamic environment. This thesis shows that SDN can allow network monitoring, and utilize this input in combination with predefined policies in order to prioritize, police, ensure QoS, and dynamically adjust the flows for different controllers. Wrona et al. presented two consecutive articles withing the same application domain and scope [30,39]. Within these articles, the authors discuss content-based security policies at different levels in the OSI stack, and present a proof of concept implementation in an SDN environment. They base their security concept on content based protection and release policies developed by NATO. The principle is that an information object is not labeled by a sensitivity tag, but it is labeled by a content tag that describes the object. Access control is based on the authentication of both the user and the terminal, while if both policies are accepted then the system release the object to the user. In the SDN context, a network packet header information can also have a content label that defines a security label. Their first article shows a proof of concept implementation of the proposed solution by retrieving information from different network layers, while the second article shows how an SDN controller that calculates the whole path in the network can also make the path itself a security label. The proof of concept implementation showed that the packet forwarding path can be protected in this manner. Hence, different paths can have different security protection levels, and the forwarding path can be decided based on content and access levels.
Nguyen et al. [24] presented a short review of military policy based management methods and suggest a model for verifying, prioritizing and deploying a group of policies based on SDN. The core of the article is a graph model that detects conflicting network polices within the sum of applied network policies. The output of the model is a set of resources that a node can access. In order to detect conflicting policies, the authors suggested a step by step procedure to conform the policy and deploy it in SDN. The authors used a standard SDN controller with virtual switches to deploy policies across SDN. The core of this article relates to network policies and deconflictation, while the validation focuses primarily on policy deployment as OpenFlow rules. Moreover, Armando et al. [29] proposed a method for facilitating the specification of access control policies in accordance with the NATO-Content Based Protection and Release model (CBPR). The CBPR model is built upon the Attribute Based Access Control (ABAC) model, and supports the specification of access control policies in complex organizations and coalitions, with extended variety of deployed resources. Accordingly, the authors propose the replacement of monitor based policy enforcement with cryptographic enforcement, in order to reduce the administrative burden, and enhance performance specifically within cloud and SDNs. The suggested solution relies on Cipher text-Policy Attribute-Based Encryption (CP-ABE), for which as the authors describe "The key idea is that a user should be able to decrypt a ciphertext only if he/she holds a key associated to certain attributes, under the assumption that user keys are issued by some trusted party". Furthermore, the authors propose the adoption of this method to SDNs, for the enforcement of protection policies (during message forwarding decisions) in accordance with specific node and link attributes. The aforementioned statement is promoted as a suggestion by the authors, while deployment and validation is required.
Mulec et al. [32] proposed a distributed flow controller for mobile ad hoc networks, seeking to provide dynamic reconfiguration and to improve security. The functions of the controller are (i) provisioning of AAA (authentication, authorization and accounting) services, (ii) flow management across the network nodes, (iii) centralized network traffic control, and (iv) enforcement of security policy. Unicast, multicast and broadcast communication is supported, while suitable mechanisms are provided for the management of topology changes. A core component of the proposed system is the selection mechanism, which establish the number of required controllers and their prioritization. This mechanism is mathematically analyzed, and tested within a test-bed consisting of seven wireless nodes providing positive initial results. The article provides a small scale validation, while further testing is recommended, primarily related to the size of the network and the tested mobility patterns. Furthermore, Poularakis et al. [55] proposed a set of novel architecture designs for SDN-enabled mobile ad hoc networks in the tactical edge, discussed the challenges raised by the ad hoc and coalition network environment, and presented corresponding solutions. The proposed approaches build on experimental evaluations, utilizing theoretical results from SDN deployments in large backbone networks. The study provides useful insights on the examined environment, yet security related aspects could benefit from further evaluation.
Qing et al. [26] described an optimization algorithm that can be used for prioritizing service requests in military operations. According to the article, when a network does not have enough resources to serve all requests, these can be prioritized based on a predefined policy. To enable service prioritization, a set of resources that are required by the service must be prioritized. In the context of SDN, this primarily concerns prioritization of traffic on network devices. The authors suggest precombining these resources into groups, and proposed an algorithm to optimize this precombination. The authors suggested two models of optimization, where the provided results show that precombination of resource dispatching improves the network performance.
Furthermore, Bouet et al. [33] proposed a DIstributed SDN Control (DISCO) plane which allows handling the distributed and heterogeneous nature of modern mission-critical networks. The proposed approach relies on a per domain organization, where each DISCO controller is in charge of an SDN domain, using a lightweight and manageable publish-subscribe mechanism for sharing aggregated local and network-wide information with neighbor SDN controllers. Furthermore, the authors demonstrate how DISCO dynamically adapts to heterogeneous network topologies, while providing classic functionalities such as end-point migration and being resilient enough to survive disruptions and attacks. The authors implement DISCO on top of Floodlight, an OpenFlow controller, and the Advanced Message Queuing Protocol (AMQP). The network is emulated using Mininet to create topologies and instantiate Open vSwitch switches and virtual hosts. Mininet is hosted on a dedicated VM (Virtual Machine) and the controllers are hosted on separate VMs. To measure performance, the authors show an evaluation of its functionalities on an emulated SDN according to two use cases: (i) inter-domain connectivity disruption and (ii) migration of a virtual machine. The results show how DISCO dynamically adapts to heterogeneous network topologies, while being resilient enough to survive disruptions and attacks, and further being able to provide classic functionalities such as end-point migration.
Additionally, Chen et al. [51] proposed a transmission framework for Software Defined-Airborn Tactical Networks with the aim of providing a fundamental infrastructure for improving the communications capability between the control and data planes. Furthermore, the authors proposed a dedicated communication protocol, aiming at transmitting the non-elastic C/D information in both a reliable and timely manner. The authors conducted a simulation for the purpose of illustrating the performance of their scheme. They built a simplified avionics network in EXata 5.1 for every aircraft, and regarded an avionics network as a node of the SD-ATN. The simplified avionics network, which is considered as the common node, includes two devices that implement the functions of the platform controller and SD-ATN transmission system, respectively. The avionics network that represents the active control node includes one more device that implements the functions of the SD-ATN controller, while the devices within an aircraft are connected through wired links. Finally, Fagervoll [50] explored how SDN can be incorporated, both physically and logically, within heterogeneous tactical networks. Being a Master's thesis, this work provides a comprehensive introduction into the related concepts and underlying requirements, while the main contribution is focused towards the collection of network information for the establishment of topology mapping. The author evaluated three conceptual models and proposed an approach for topology mapping through local legacy routers.

Services
Three articles have a research contribution related to services, and all have a scope related to design and management. In [25], the author proposes an SDN based Network for auto-configuring network services across federated mission networks. Currently, NATO is using standard routing protocols to exchange information about both routes and services. The author suggests interconnecting OpenFlow controllers instead of using routing protocols, while the design and experimental evaluation showed a faster auto deployment of network services using SDN compared with BGP. The article is comprehensive, although not all the requirements of the design become clear. As an example, it is not known how the network controllers exchange information, and what information they have to be preconfigured with. Furthermore, Kroculick [27] discussed opportunities for applying assurance-driven design to validate the correctness of behavioral requirements for network capability insertion in the Army's network, which is becoming increasingly virtualized with extended variation in the type and number of network resources. The author utilized the CertWare tool in order to automate assurance cases, and provided an example using the claim-argument-evidence (CAE) method in the CertWare tool in order to validate the claim. Finally, Zacarias et al. [54] proposed an SDN approach for improving the quality of video streaming for military surveillance, in which multiple Unmanned Aerial Vehicles (UAVs) are employed as data providers through an SDN-enabled network. Experiments were performed considering the application of SDN in UAV-based military surveillance scenarios using Mininet-WiFi, Ryu-SDN Framework and the FFmpeg player. A SDN was used for connecting the ground vehicles, using the SDN architecture to enhance video streaming in dynamic networks with a link capacity of 100 Mbps.

Tools
With a research contribution related to tools, one article provided a basic evaluation related to tactical networks. In this, Spencer et al. [46] assessed the integration of the SDN paradigm across tactical networks, discussing the expected benefits and potential threats. The article provides a comprehensive analysis of the characteristics of tactical networks, in conjunction with an overview of the architectural and operational attributes of SDN, aligning the two by extracting the expected benefits to the tactical user. These relate primarily to enhancements of information dissemination, service delivery, and link utilization. Furthermore, the authors provide an iterative assessment methodology regarding the performance gains by such an integration, the design options in respect to tactical SDN controllers, and challenges that need to be addressed. It must be noted that no extensive validation is provided within the article referring to the proposed methodology. Therefore, it is not clear if the results of the study are exhaustive, mutually exclusive, or if there are any identified interdependencies.
Furthermore, three articles within this sub-category have a scope related to security, either directly related to military or distributed networks. Wrona et al. [44] described an OpenFlow-based test-bed for the validation of SDN security mechanisms-including both the mechanisms for protecting the SDN and the cross-layer enforcement of higher level policies, such as data-centric security policies. Such cross-layer security mechanisms are important in the context of software-defined infrastructure and implementation of new security paradigms, such as data-centric security. Furthermore, the authors demonstrate the functional correctness of the test-bed, as well as its suitability to provide validation and additional insight into the behavior of analytically designed security mechanisms. The authors present a low-cost implementation of a flexible SDN test-bed, specifically focused on security experimentation in respect to security services provided by SDN to both the network and application layer. The test-bed consists of seven switches (annotated S1 to S7), a controller, a server and a typical switch for VPN connection. It can be split into two networks: a control network (connections between the switches and the controller) and a data network (connections between the switches, including the server). There is also a VPN network allowing remote configuration of all test-bed nodes via SSH protocol. All switches use the Ubuntu 16.04 operating system and OpenVSwitch 2.1.1-based (OVS) implementation of OpenFlow protocol in bridge configuration. The test-bed can be also used for the validation of earlier results, obtained analytically or from emulation (e.g., Mininet) and simulation (e.g., ns-3) tools.
Lee et al. [48] proposed a redesigned untraceable Blind Packet Forwarding (BPF) method, based on the Public-key Encryption with Keyword Search for Restricted Testability (PEKS-RT) algorithm, in which the specific host IP address cannot be guessed. The main feature of this approach is that when the source host encrypts the destination host address, it includes the source host's private key, the destination host's public key, and the destination host address as parameters for encryption. Another feature is that the destination host generates the trapdoor value using the destination host address, the source host's public key and the destination host's private key. A centralized SDN controller is used for reducing the overhead of routing data processing of the existing method, increasing this way the operational efficiency. The authors describe a prototype implementation for the blind packet forwarding using PEKS-RT. Their approach is realized in the SDN environment using the Mininet emulator, where Open vSwitch is used as a switch and Floodlight as a controller. The function of the Floodlight controller is expanded to implement the untraceable blind packet forwarding, and it can manage the trapdoor table and control the path using PEKS-RT. Stanford PBC library is used to generate key pairs, trapdoor values and encrypted addresses.
Furthermore, Soule et al. [34] described active defensive deception in the context of distributed systems, and built a prototype that creates an alternate reality in which to trap, learn about, and manipulate adversarial actors without affecting normal and legitimate operations. This prototype, called KAGE, employs SDN and virtualization in order to create a malleable substrate in which deception can occur. The authors demonstrate a preliminary feasibility test of an active deception approach. The test implemented and successfully executed multiple variations of a demonstration scenario that integrates and exercises many of the major KAGE components, in order to orchestrate a brief deception campaign. The demonstration makes use two KAGE plugins: a port scan detector acting as a sensor, and an SQL injection detector adapted to work as both a KAGE sensor and actuator. The distributed nature of KAGEs' building blocks adds complexity, in terms of dynamic distributed composition, and with respect to the timing expectations/challenges regarding interactions with networks, hosts, and services. Furthermore, deviation from expectations can provide indicators to attackers that they are being deceived.
Mishra et al. [38] discuss the Global Environment for Network Innovation (GENI) deployment and research at the US Army Research Laboratory. GENI is a comprehensive test-bed technology to promote rapid network research and application development. It provides sliceable experimental spaces for conducting isolated computational experiment, and supports OpenFlow and other SDN features for conducting comprehensive network research. The Army Research Laboratory (ARL) deploys its own clearinghouse that can act as GENI authority for its own nodes, as well as for all other GENI nodes that come up on the Department of Defense (DOD) network. This customization helps ARL to stand up its node, without delegating its authority to an external entity. Moreover, Jalaian et al. [41] developed a mathematical model in order to realize a unified programmable control plane for heterogeneous wireless networks. The developed framework characterizes the interaction between the physical, link, and network layers for the unified programmable control plane in a heterogeneous wireless network. By applying the framework on a throughput maximization problem, the authors show an application of the model on solving practical issues in a tactical network and gaining some theoretical insights on the optimal behavior of the unified programmable control plane for a heterogeneous wireless network. The authors present numerical results to study the performance of the unified control plane for wireless heterogeneous network. Simulation settings consider a randomly generated multi-hop wireless network with 30 nodes that are distributed in a 100 × 100 area. All units for distance, data rate, bandwidth, and power with appropriate dimensions are normalized, while at the network layer minimum-hop routing is employed. Additionally, Battiati et al. [53] presented a Cyber Security Simulation Service (CSSS) platform, which provides a simulation environment for modeling the impact of cyber-attacks and related countermeasures in tactical networks using SDN. The CSSS integrates a scenario simulator, a network/cyber simulator, a graphical user interface, and a real SDN Controller. Furthermore, the authors showed the functionality of the CSSS in a specific use case, i.e., a black hole attack is performed and the BRAVO (A Black-hole Resilient Ad Hoc on demand distance Vector Routing for tactical communications) approach is utilized as a countermeasure.
Finally, Li et al. [49] presented a hierarchical self-organizing SDN architecture for mobile tactical networks, where the network is dynamically self organized and partitioned into multiple temporary domains, while each domain is assigned with a node that operates as the local SDN controller. A corresponding protocol is proposed by the authors, including (i) a neighborhood discovery mechanism, (ii) a distributed network partition algorithm, and (iii) an abstraction of dynamics. The proposed mechanisms provide strong incentives towards future research and development, although extended verification and proof of concept experiments are recommended.

Basic Evaluation
Five articles provided a basic evaluation in respect to tactical, military, and naval networks with main focus on the control layer. Athmiya et al. [37] demonstrated and evaluated the implementation of an OpenFlow SDN controller within tactical scenarios, seeking to identify how such implementations can enhance agility, scalability, and network management flexibility for the tactical edge. The article provides a comprehensive presentation of OpenFlow, in terms of overall operation, matching criteria and internal messaging between the controller and the switches. Accordingly, the article briefly describes the Mininet prototyping environment, which is further utilized for the development of an experimental setup, towards verifying the capacity of OpenFlow to satisfy the requirements of the tactical environment. The examined test cases refer to (i) diversion networking, (ii) central policy management for access control lists, and (iii) the distribution of SDN controllers. The article is comprehensive, and promotes further evaluation for providing proof that OpenFlow can be aligned with the requirements of the tactical environment.
Dilmaghani and Kwon [35] proposed an SDN based approach for load balancing within naval military scenarios. The authors construct an experimental setup using Mininet, and utilize Floodlight as the protocol for the communication among switches and the controller. The experimental setup consist of five WAN (Wide Area Network) switches, which correspond to three ships and two on-shore data centers. Furthermore, the scenario assumes three types of traffic with distinct priorities. The article offers a detailed presentation of the evaluation scenario details, while the results highlight the benefits of corresponding SDN implementations, in terms of network programmability and management automation, but also in terms of load balancing and reliability.
Additionally, Anderson [52] described an investigation into five open-source controllers using a specific set of criteria based on the characteristics of these networks. A qualitative investigation compared the controllers based on their state handling and failure recovery mechanisms, and resulted in the selection of two controllers for further investigation. Further quantitative tests were performed on these two controllers, in order to determine which was more suitable for deployment in an airborne environment. Fonger et al. [57] proposed an architecture that serves as a guide for current and future experimentation on trust management and protection in tactical SDN when used with mobile nodes in a coalition operation. However, this work does not discuss thoroughly the security of the information transported through the network, focusing on the protection and separation of different data flows. This separation needs to be robust and reliable, but it does not provide security services on the content of the flows. Finally, Spencer et al. [36] identified the key types of messages used in OpenFlow, and how their overhead is influenced by network characteristics in military networks. Furthermore, the authors presented a series of mitigation measures for reducing or eliminating the overheads, some of which are possible to implement within the current SDN standards, while others require further extensions.
The authors perform an experimental validation to quantify and confirm their analysis, where the scenario is implemented using Mininet with OpenVSwitch as the switching element, and netem for performing network simulation.

Additional Contributions
In this section, we discuss the articles that have been identified as additional research contributions. These articles do not precisely match the objectives of the review, but discuss closely related topics that can be aligned with military and tactical networks at large, with respect to SDN related technologies. Such examples are Network Function Virtualization (NFV), Wireless sensor networks (WSN), Satellite Networks (SAT), Underwater Acoustic Network (UAN), Unmanned Aerial Vehicles (UAV) and Software Defined Radio (SDR). Figure 1 shows how associated SDN technologies relate to the ISO reference model. SDN in NFV mostly refers to overlay networks above layer 4, but NFV routing can also be enabled on layers 2, 3 and 4. SDR, on the other hand, is mostly referred to as a piece of virtualized radio software running in a virtualized environment. Similarly, we discuss the articles concerning these associated SDN technologies by categorizing them, and summarizing their research contribution, while additional contributions concerning SDN control plane security are also discussed in this section.

General Software Defined Network Applications
Twenty-six papers  have been found to discuss SDN applications in a context slightly related to military networks. SDN applications can be used to control network traffic, monitor, test, or orchestrate a network. In military networks running SDN, these applications can simplify both operational and administrative tasks in the network. This includes simplifying the management operations such as applying monitoring to network elements [59], but it can also be used in other contexts such as routing network traffic in power grids on a military base [61], or tracking moving base-stations in vehicles [63]. However, the articles that are reviewed in this sections do not apply directly to the military domain, but include general SDN applications that have been identified by the corresponding authors as adoptable to the military domain. The nature of the SDN technology is appealing to military networks, since SDN offers lower complexity and lower cost that allows for fast failovers and network redundancy in low cost networks, without using expensive technologies such as MultiProtocol Packet Label Switching (MPLS).
SDN opens up for a more flexible routing mechanism, where the network routing on switches and routers can be based on more attributes than only the destination IP and MAC address. This flexible forwarding mechanism applies per flow, and therefore it is possible to use SDN to achieve multipath routing [79]. In military networks, load balancing/ multipathing of constrained bandwidth links is a cheaper alternative than overlay networks or BGP. From a security perspective, multipathing also makes it more difficult to do wiretapping, when parts of the network traffic are diverted around the wiretap. An alternative to physical multipathing is to use multiple radio channels or optical channels to split the traffic into multiple virtual frequency channels [73].
The concept of making advanced routing decisions based on alternative headers other than the IP addresses is also reflected through security and content routing. An approach for confusing an attacker is suggested by Chang [62], by randomizing IP addresses and routing according to other attributes such as the IP option field. However, such SDN routing applications are only possible in small and closed networks. A similar approach also applies to content-based networking (CBN) [70], by extending the network devices to also be able to read the data content of a packet and base the routing decisions on content. Currently, no SDN technology is available for CBN, and no standard exists on how the network packet headers and the data content is used for making routing decisions.
Advanced SDN routing can also be enabled by mixing packet header attributes. In order to enable network isolation, it is most common to use one domain identifier in the packet header, such as a VLAN ID for layer 2. Schlesinger [82] presents an abstraction layer for network programming that opens up for utilizing a combination of both layer 2 and layer 3 when making SDN forwarding rules. This enables network isolation within one VLAN when IP addresses do not overlap.
Monitoring applications combined with flow control in SDN can also increase the performance of an SDN network. Due to the dynamics of SDN, network flows can be specified and changed in a per flow, per network device basis. Hence, the controller is capable of calculating the utilization of the network links and performing load balancing and prioritization of flows per link. By calculating the full paths and their bandwidth utilization, spectral graph theory can be used to increase the robustness and the performance of low bandwidth military networks [71]. A similar network performance enhancing application is also suggested in an architecture named WASP [69] that is customized for wireless networks. It shows that less distributed management traffic across nodes, by replacing distributed protocol with SDN, enhances the overall network performance. Another type of an SDN application is a network testbed. Chadha et al. [60] shows the importance of having testbeds in both civil and military contexts to increase the quality and security of an infrastructure. The author shows how using SDN as a networking tool to create a virtual network infrastructure on a server that is used for quality assurance and testing, in order to ease network provisioning. Accordingly, Ficco et al. [83] demonstrated how OpenFlow in test-beds for military use significantly reducing the costs of testing critical infrastructures.

SDN Control Plane Resilience and Security
Machuca et al. [81] presented a survey of disaster resilient SDN networks that is transferable to the military context. The survey points out unresolved issues concerning security considerations and disaster scenarios. To overcome the single point of failure (SPoF) of a network controller, multi-controller and multi-domain topologies have been suggested, but, according to the author, this approach introduces a new security problem on the orchestration and management layers. Trends of cloud computing services also apply to military services, where SDN networks with one network controller often are pointed out as a critical part of the infrastructure [74]. Hai et al. [84] suggests an efficient way to overcome the SPoF problem by putting a redundant load balancer in front of a pair of network controllers. However, multi-controller orchestration is not mentioned in the article. A similar approach was also demonstrated by Dilmaghani et al. [35] (see Section 4.5) that presented an SDN load balancing design for naval networks.
In military networks, it is critical to maintain access to network services, especially under disasters and critical operations. The SPoF problem does not only concern the availability and the load on the controller, but it also applies when the network devices do not have network connectivity to the controller. Distributed content caching in vehicles, can assure that information can be distributed to devices around the vehicles if the vehicles lose up-link network connections. Tabata et al. [67] suggests to use many distributed SDN controllers and to alter the OpenFlow rules during online and offline caching operations. The paper demonstrates the concept, but it introduces a security concern due to operating multiple SDN domains that is not mentioned in the article. However, Macedo et al. [80] presents a survey of the relationship between SDR, SDN and NFV and points out security and inter-domain communication of SDN controllers as the main research challenges, something that is also transferable to the military context. Sorensen et al. [75] showed how SDN in a federated network can enforce network policy control across domain borders in military networks. However, in a multi-domain SDN topology with distributed SDN controllers, the SDN flow rules can come in conflict with each other. In networks such as military networks, security precedence can have higher prioritization than the current OpenFlow specification allows. The authors of an architecture named Brew [64] suggested to extend the OpenFlow specification in order to calculate reconciliations of conflicting SDN rules between controllers. In addition to conflicting rules, the integrity of the rules is also pointed out as a security weakness in multi-domain topologies. This is presented by Beton et al. [72] who is suggesting to use a BGP route reflector with route filtering capabilities based on allocation, reputation and path analysis. SDN with OpenFlow can then contribute to making route filtering policies. However, Porras et al. [76] also show that within a single OpenFlow domain, multiple SDN applications must also meet stringent security requirements. The authors here presented a security framework to handle conflicting SDN rules between different applications. Furthermore, Ahmed et al. [85] focused on mitigating DNS Query-Based DDoS Attacks with machine learning on SDN, and implemented a prototype based on traffic features using Dirichlet process mixture model (DPMM) for clustering traffic applications flow, including those used for DDoS attacks in an unsupervised manner.
Designing a critical infrastructure topology also includes placing network devices strategically, in order to achieve network redundancy and to have backup sites ready when disaster happens. Ashraf et al. [65] suggests utilizing SDN flow-rule parameters combined with monitoring, in order to calculate where it is most efficient to place backup switches to make the network more resilient. Savas et al. [78] suggested a procedure for dynamically setting up a full network on a new site after a disaster, where the use of SDN can accelerate the provisioning time. The procedure includes a recovery provisioning, an upgrade procedure, and a prioritization policy for network resources. Making a resilient SDN network also includes operational management tools to ensure attack protection of the SDN controller. Ionita et al. [66] shows that SDN networks are vulnerable, and that there is a need for additional visual analytics tools for protection against the new threats arising from SDN, such as Denial of Service attacks towards network controllers. Skoin et al. [68] points out a set of physical infrastructure attacks such as wiretapping, electromagnetic pulses (EMP), and critical hub nodes "take-out". The author suggest that centralization of network controllers in OpenFlow introduces new vulnerabilities and makes security even more complex. Correspondingly, Dahan et al. [77] pinpoint that the network controllers must be both secured from passive and active attacks, as well as physical and network attacks.

Network Function Virtualization
Network Function Virtualization (NFV) refers to the concept of moving network services into a cloud environment. A characteristic networking feature in NFV is Service Function Chaining (SFC) that enforces end-user data traffic to traverse data-center services also known as middleboxes. SDN is a technology that can be used to enable such routing, where the SDN controller is responsible for steering the traffic through a chain of such NFV services. Eight articles have been found to discuss NFV in a military context [86][87][88][89][90][91][92][93].
An NFV and SDN survey by Cox et al. [86] presents both civil and military application domains by coupling NFV with SDN. Content-centric networking, on-demand virtual networks, and cloud services are examples of how NFV can contribute to make a more reliable, faster and secure network. NFV contributes to solve the multi-domain SDN controller problem by abstracting the inter-domain communication to a standardized NFV orchestration level. However, orchestration, interoperability, portability, integration, management, automation and resiliency are new research challenges that must be solved.
Rametta et al. [87] presents an architecture of how drones can transmit video in rural areas with the support of an NFV/SDN enabled backbone. This is an example of a military application in a distributed NFV topology, where distributed Virtual Network Functions (VNFs) are used as distributed video storage and network overlay routing. By re-encoding video, the distributed NFV services can then adapt the video quality based on bandwidth constraints, while Service Function Chains (SFC) can be used in order to select the most appropriate network path. A similar overlay network application is suggested by Li et al. [88], where distributed NFV services are used in order to route the network traffic based on an overlay network with SFCs instead of plain destination IP routing. Distributed QoS algorithms can then ensure QoS in the overlay network, based on bandwidth requirements and policies. Their results are also reflected through a paper of satellite SDN networks [90], a survey [89] of NFV in military networks and an NFV-based satellite architecture of distributed NFV.
All authors state that distributed NFV is a new way to distribute routing, enable security policies by overlay networks, and increase network performance. Shi et al. [91] also presents challenges with the management and orchestration of such typologies in the context of space-ground networks and cross-domain applications. However, all the papers suggest future work to be focused around the orchestration of the NFV services, and how to translate the security policies across the domain boundaries. It is noted that none of the reviewed papers discuss or give an example of control plane to control plane protocols of the overlay NFV networks in a military context. This corresponds to the NFV approach of using the orchestration layer for inter-domain communication. However, Carey et al. [93] suggests an SDN approach for an inter-domain control plane protocol, in order to increase the performance in heterogeneous military networks. They indicate that the use of API based control plane to control plane communication is enhancing the network performance compared with traditional BGP communication.

Software Defined Satellite Network Applications
Future military space operations are expected to become more complex and operate further from Earth. Hence, there is a need for autonomous networks that can configure themselves with minimal human intervention. Automation through SDN principles is a promising technology for overcoming this need. A survey of satellite communication systems by Radhakrishnan et al. [94] states that, for the OSI layer 1, Software Defined Radio (SDR) is expected to enable radio frequency sharing jamming detection, while traditional SDN enables flexible routing based on layers 2 and 3. Two papers have been found that discuss SDR in the satellite context [95,96], while SDR is further discussed in Section 5.6.
Operationally Responsive Space (ORS) is a satellite technology defined by the US Department of Defense. It is suggested to base the network on SDN, but only two papers concerning the military application domain and Software Defined satellite Networks have been found in the literature review. The two research challenges that are pointed out are orchestration and available resources. SDN in space differs from ground SDN, due to the distinct mobility patterns, and the fact that satellites can come out of reach due to their mobility patterns. However, their location can be predicted if they come out of reach [97]. Hence, an abstract network model is needed, in order to make an application that can make such predictions. Space networks have a long transport delay and limited resources that result in a flow table management problem. Hence, making small SDN flow tables is preferable, without having too many table-misses. Li et al. [98] suggested an algorithm to balance flow table size and table misses, but does not discuss any security implications about reducing the table size.

Software Defined Wireless Sensor Network
Modieginyane et al. [99] highlighted application challenges faced by WSNs for monitored environments, as well as opportunities that can be realized on applications of WSNs using SDN. The authors also proposed a method of implementing simple state rules on the sink node, as an effort to improve the Software Defined Wireless Sensor Network (SDWSN) programmability, as well as to offload the controller of such low-level computational tasks. Aleksander et al. [100] presented a model that uses SDN in Wireless Sensor Networks. Wenxiang et al. [101,102] studied a model and method for applying SDN to Wireless Sensor and Actor Networks (WSAN), with the objective of improving communication efficiency and expandability. The detailed model includes a three-layer architecture with a new control plane, relevant system entities, and enhanced protocol stack for cooperative communication and task execution. Furthermore, the authors explored the challenges and mechanisms for effective system management for aspects related to mobility, security, heterogeneity, topology construction and controlling the load of the SDN controllers. Kahjogh et al. [103] presented a novel approach utilizing a Mixed Integer Programming (MIP) optimization to extend network lifetime and reduce latency in WSNs. The authors also explained how such an approach is made viable for WSNs via new wireless SDN architectures and protocols.
Furthermore, survey papers on general SDWSN aspects and requirements have been identified [99,104]. Ndiaye et al. [104] highlighted work on traditional WSN management, and reviewed SDN-based techniques for WSNs in detail, while focusing on the advantages that SDN offers. Furthermore, the authors discussed open research challenges across mechanisms for SDN-based WSN configuration and management. Modieginyane et al. [99] highlighted application challenges faced by WSNs for monitored environments, as well as opportunities that can be realized on applications of WSNs using SDN. The authors also proposed a method of implementing simple state rules on the sink node, as an effort to improve the SDWSN programmability, as well as to offload the controller of such low-level computational tasks. Furthermore, Aleksander et al. [100] presented a model that uses SDN in Wireless Sensor Networks.
Other research directions in the area of SDWSN include software defined mobile sensor networks [105], software-defined sensor networks [106,107], resource optimization using SDN for smart grid WSN [108], SDN based QoS provisioning in WSN technologies [109], and others [110]. Yuan et al. [105] introduced a novel mobile sensor networking architecture for a swarm of micro unmanned vehicles (MAVs) using SDN technologies. Additionally, the proposed networking architecture provides potential applications for advanced routing policies for a swarm of MAVs with highly dynamic topologies. Sayyed et al. [108] discussed the concept of SDN in WNS where OpenFlow is the controller part of the network. Letswamotse et al. [105] proposed improving QoS provisioning by introducing SDN principles into WSN technologies, while Zeng et al. [107] considered a minimum-power activation and scheduling problem in multi-task SDSNs with quality-of-sensing guarantee. The authors derived the effective sensing rate that can be achieved by collaborative sensing from multiple sensors in closed-form. Zeng et al. [106] introduced the concept of SDSNs and outline several pioneering related work and enabling technologies for the realization of SDSNs. Furthermore, Fortino et al. [111] identified motivations and challenges for the integration of body area networks (BANs) and Cloud computing. The authors presented a general reference architecture, based on purposely elicited requirements for supporting cloud-assisted BANs, from sensor data collection to workflow-oriented data analysis: (1) sensor stream efficient collection, (2) effective sensor stream management, (3) scalable sensor stream processing framework, (4) persistent sensor data storage, (5) workflow-oriented decision making, (6) advanced visualization services, and (7) multi-layer security. Finally, Junli et al. [112] designed an efficient energy routing algorithm based on SDWSN, where the algorithm is operated in a controller that establishes distance queue, based on the information collected from the nodes, and computes the closest node to transmit data.
SDN is also used in the Internet of Things [113][114][115][116]. Gonzalez et al. [113] presented their preliminary study that is focused on the understanding of an effective approach to build a cluster network using SDN. The proposed approach is a new method for a new type of IoT network based on SDN in cluster environments. The system is able to handle the communications between clusters by means of an SDN cluster head, managed by an SDN controller. Tortonesi et al. [116] presented an SDN-based middleware solution to mitigate the IoT information explosion. Abels et al. [110] discussed future proof IoT concepts including composable semantics, security, QoS, reliability, and software defined IoT (SD-IoT) that controls and updates for any hardware, anywhere, anytime, including edge and WSN. Ionita et al. [114] proposed an infrastructure based on custom locally installed agents which communicate with a central AlienVault deployment for event correlation. The agents are based on a neural network which takes actions based on a risk assessment inspired by the human immune system. The proposed implementation can successfully be implemented in an IoT scenario, with added security for the "brownfiled" devices. Singh et al. [115] proposed a semantic Edge based network model, which plays a significant role for communicating tactical and non-tactical pieces of information over the network. Furthermore, the exchange of information and subsequent data analysis on the military health service (MHS) makes the system intelligent.

Software Defined Radio
Moy et al. [117] discussed Software Defined Radio, emphasizing the fact that SDR is a major evolution of radio technologies, and a convergence of different pre-existing fields. Ulversoy [118] discussed SDR challenges and opportunities, while Kacpura et al. [119] presented SDR architecture contributions for next generation space communications. Sigholm et al. [120] presented a best-effort approach to Data Leakage Prevention (DLP) for inter-organizational Re-configurable Radio Systems (RRS)-based networks. The proposed architecture makes use of data mining techniques, and an efficient n-dimensional clustering algorithm which has previously been successfully used for real-time anomaly detection in critical infrastructure protection. Cormier et al. [121] explored automated, dynamic large-scale radio reconfiguration, through the implementation and characterization of three alternative re-configurable radio designs. These implementations seek to quantify the impacts of implementing large-scale radio re-configuration through SDR application management, enabled by SDR architectures. Androlewicz et al. [122] presented selected research activities at the Air Force Research Laboratory's Space Vehicles Directorate (AFRL/RV), in the arena of software-defined and cognitive radio technology for military space-based applications. Current efforts include development of SDR controlled satellite ground-stations, networked ground station operations for increased efficiency, as well as research into new radio control algorithms and methods of dynamic waveform reconfiguration for satellite applications. Moessner et al. [123] focused on ubiquitous wireless network accessibility, and described the necessary research directions for advancing the SDR technology as a facilitator of ubiquitous access.
SDR is used in different applications. Noble et al. [124] described a methodology for jamming traditional combat net radios using commercial SDR mounted on unmanned aerial vehicles, while the authors proposed tactics, techniques, and procedures for employing this system within an infantry battalion. North [125] explained recent changes to the JTRS (Joint Tactical Radio System) program, and its new approach to delivering wireless networking capabilities to the warfighter. All JTRS products are based on SDR technologies, in order to enable a more scalable and extensible radio system in comparison to a system composed of dedicated hardware. Wei et al. [126] investigated received signal strength indicator (RSSI) based localization, which attracts a lot of interest because of its simplicity. In order to improve the performance of RSSI based localization, the authors proposed a bias reduction algorithm. Wang et al. [127] described the networking usage requirements for MANET over legacy narrowband tactical waveforms. First, the authors discussed the common characteristics of legacy tactical radio waveforms and the implications of such characteristics for the MANET implementation. Then, an actual MANET implementation over a legacy tactical radio waveform on an SDR is presented with the results of actual field tests.
Almoualem [128] presented a resilient wireless communication architecture based on Moving Target Defense (MTD), and Software Defined Radios (SDRs). The approach achieves resilient operation by randomly changing the runtime characteristics of the wireless communications channels between different wireless nodes, aiming to make it extremely difficult to successfully launching attacks. Enrico et al. [129] overviewed the NATO initiative to develop tactical waveform specifications for VHF and UHF communications that are free of intellectual property. These waveforms are for multinational interoperability between NATO nations and coalition users, and can be implemented on SDR platforms in tactical radios. The security architecture has been included in the design from the beginning, and the performance is targeted to be vastly improved over legacy waveforms.
Other research efforts of SDR are presented in [130][131][132][133][134][135]. Kaur et al. [132] discussed SDR and different routing protocols for MANET. The MANET Reactive protocol (i.e., AODV) is implemented for SDR by using CSMA/CA, with some modifications. Singh et al. [130] provided a review of the motivation, workflow and results of the NATO Research and Technology Organization (RTO)/Information Systems Technology (IST) Research Task Group (RTG) on SDR, which works on the issues concerning Software Communications Architecture (SCA) based implementations of waveforms on SDRs. The authors presented the SCA-based implementation results of STANAG 4285 waveform, and the effect of increasing the granularity of the SCA waveform application on the system overhead. Mahasamudram et al. [133] envisioned that the Agile Cognizant Transceiver (ACT) platform built helps faster prototyping of defence systems and paves the way for faster product induction cycles in defence automation. ACT is a complete indigenous solution developed with SDR, in order to support wide band requirements and multi technology waveforms. Moura et al. [135] presented case studies of attacks aimed at tactical SDR, based on a classification with the most common sources of vulnerabilities, classes of attacks, and types of intrusions that military radio sets may suffer. The authors also described how attack mitigation strategies can impact the development of SDR infrastructures.
Amjad et al. [136] presented a comprehensive survey of full-duplex (FD)-cognitive radio networks (CRNs) communication. The authors covered the supporting network architectures and the various antenna designs. The authors also surveyed major advances in full-duplex medium access protocol (FD-MAC) protocols as well as open issues, challenges, and future research directions to support the FD operation in CRNs. Chandrasekharan et al. [137] reported the detailed account of the design and implementation challenges of an aerial network consisting of LTE-Advanced (LTE-A) base stations. In particular, the authors reviewed achievements and innovations harnessed by an aerial network composed of Helikite platforms. Helikites can be raised in the sky, while they carry battery, antenna, and RRH (Remote Radio Head) equipment to bring Internet access during special events and in the aftermath of an emergency. Cao et al. [138] described the rapid development of a P25 waveform on a surrogate Joint Tactical Radio System (JTRS) SDR platform. The JTRS program is enabling communications within the military, by implementing different military radio waveforms on SDR platforms. Furthermore, the authors presented the design and implementation of a three way voice bridge among P25, the future multiband multiwaveform modular tactical radio (FM3TR), and Voice over Internet Protocol (VoIP), with software communication architecture (SCA) compliant implementation for both the P25 and FM3TR waveforms. Favraud et al. [139] surveyed possible public safety use cases with the induced network topologies, discussed the current status of the 3GPP standards, and highlighted future challenges. The authors further elaborated on the need to support mobile backhauling in moving-cell scenarios, and describe two LTE-based solutions to enable dynamic meshing among the base stations.
Lal et al. [140] surveyed the existing security attacks along with their state-of-the-art countermeasures and respective limitations. The authors also proposed new security paradigms for detecting and counteracting malicious activities, both from a generic perspective and within specific scenarios in Underwater Acoustic Networks (UANs). The main research challenges related to the cooperation of mobile and static nodes in a distributed and ad hoc way have been addressed, together with the investigation of multi-metric accurate reputation systems, secure deployment and adaptive monitoring techniques. Baldini et al. [141] discussed a range of issues that have been identified thus far within the European Commission Seventh Framework Programme project known as EULER, which seeks to demonstrate the benefits of software defined radio technology to support the resolution of natural disasters of significant stature. In particular, the perceived pan-European interoperability of public safety, and coordination with military devices and networks. Aspects of interoperability are also extended to the three dimensions of platform, waveform, and information assurance. Adrat et al. [142] analyzed if an added value can be provided to the operators, by SDRs hosting an "enhanced" legacy waveform, where this is introduced in a way that guarantees the interoperability with the legacy equipment. While the legacy waveform acts as base-layer, some enhancement-layers offer an extra budget for the transmission of additional information. This spare budget can be exploited in order to increase the data rate (i.e., throughput), the error robustness (and with this communication range), or both. Bader et al. [143] presented mobile ad hoc networks in latency-and bandwidth-demanding mission-critical applications, while the authors analyzed and validated efficient and low-complexity remedies to those issues, and validated their results based on field experiments carried out using SDR platforms. Compared with the classical Mobile ad hoc network (MANET) routing schemes, autonomous cooperative routing (ACR) was shown to offer up to two times better throughput and more than four times reduction in end-to-end latency. Finally, Bor-Yaliniz et al. [144] studied the opportunistic utilization of low-altitude unmanned aerial platforms equipped with base stations (i.e., drone-BSs) in future wireless networks. In particular, the authors envisioned a multi-tier drone-cell network complementing the terrestrial HetNets. Furthermore, they investigated the advancements promised by drone-cells, and discussed the challenges associated with their operation and management.

Unmanned Aerial Vehicles' Applications
A survey of Gupta et al. [23] focused on the research potential of Unmanned Aerial Vehicles (UAV), where SDN can contribute to lowering cost and increasing availability in both public and military UAVs. The UAV networks need to support dynamic nodes with frequent change of network topologies, where nodes have a high network outage rate. Due to the need for OpenFlow network controller availability in dynamic networks, this requires a distribution of network controllers where balance and cooperation between network controllers must be addressed. However, the authors state that hybrid SDN with delegated packet processing is the most promising SDN technology for UAV. The current protocols for network routing in UAV have high latency, while the fast, flexible routing and multipath selection in SDN are assumed to out-perform current UAV routing protocols. Correspondingly, Mahmoud et al. [145] presented an architecture based on SDN, where UAV sensors controlled by OpenFlow are expected to increase reusability, scalability and modularity in the UAV network. The UAV papers refer to hardware security, management and orchestration as research challenges.

Underwater Acoustic Networks Applications
Underwater acoustic networking (UAN) is a technology that enables new SDN applications for both commercial and military use. This includes underwater surveillance and data collection of ocean characteristics. Normally, the acoustic channel for underwater communication is characterized by noise, multipath, delay and path loss, while SDN can enable a more intelligent routing mechanism in such environments. This is reflected by two UAN papers [146,147] that adopt the principles from OpenFlow to underwater networks. The authors present two examples of SDN architectures in order to achieve a more flexible routing, based on OpenFlow principles in the UAN domain. Demirros et al. [148] also emphasized the need for low energy consuming sensors and presented an architecture of an underwater sensor network with hardware sensors running on a hardware chip with customized SDN software.

Statistical Analysis and Metrics
This section presents a statistical analysis of the reviewed articles. All articles have been sorted and categorized in respect of authors, affiliations, citations, publication attributes and their relation to SDN technologies. The articles are also divided into significant research contributions and additional research contributions. This is reflected through the previous sections and summarized here. Table 2 shows the distribution of the types of articles. In total, 134 reviews were conducted, with 51 journal articles, 78 conference papers and five other types of contributions. Ten of the journal papers and 31 of the conference papers were identified as articles with significant research contributions (Section 4), while 30 of the journal papers were published in an IEEE journal, and all other journal papers had no significant channel commonalities. Out of the conference papers the Military Communications Conference (MILCOM), the International Conference on Military Communications and Information Systems (ICMCIS) and the Military Communications and Information Systems Conference (MilCIS) were the only common conferences with more than one contribution within the field of military SDN (Table 3). This indicates that the relevant work within the topic is mostly presented at military oriented conferences. All of these military conferences were published with IEEE. For all other articles, IEEE also clearly contributes with the most publications related to military SDN, as our literature search found 74.6% of all articles to be published by IEEE (Table 4). It is noted that no PhD thesis was considered to fit the military application domain, while 20% of the extracted articles originate from institutions directly connected to the military.

Author and Affiliation Contribution
In this subsection, statistical information about the authors and their affiliations are summarized, both for the significant and additional research contributions. Tables 5 and 6 present the distribution of authors and affiliations among the selected articles. Only the affiliation of the main author is counted in respect to the affiliations (Table 6), while all contributing authors are taken into account for the metrics related to the authors (Table 5).
A correlation is visible between the most contributing authors and their affiliations, meaning that it is the authors and not the affiliations that contribute primarily to the ranking of the affiliations. The University of California, Hague University and the US Army have the most contributing authors for military SDN related articles, while these authors also contributed to common articles. From an SDN categorization perspective, the affiliations have no clear contribution within any subtopic of military SDN. Within the different research fields of military SDN, the University of Wuhan contributes the most within Wireless Sensor Networks, while Colombia University contributes the most within Unmanned Aerial Vehicles. Furthermore, for research contributions within SDN security applications, the US Army and Hague University rank as the most significant contributors.

Citations and Publication Year
All reviewed articles were organized with respect to the year of publication. Table 7 shows that most of the significant articles within military SDN are published after 2015. The year of publication table shows an exponential growth of articles for the last four years. It is not clearly known why there is a drop in the number of articles for 2017, but this can be attributed to the time of the literature review and a possible delay in publishing processes. However, the increasing number of articles indicates the relevance and requirements for a systematic literature review on the topic. Registered citations from Google Scholar were used as the data source for the number of citations. The distribution of the number of citations (Table 8) shows that the number of the most cited articles is low for the significant articles. This also reflects the increase in significant research contributions in recent years and indicates that the reason for a low citation number can be due to the publication year. Accordingly, it becomes clear that an initial knowledge base has already been established in the field, allowing for crucial contributions to emerge.  0  13  13  1-2  13  14  3-4  12  16  5-9  5  13  10-14  0  9  15-29  0  8  30-49  0  10  50-99  0  5  100+  0  3   Tables 9 and 10 show the most cited articles collected in the review. It is noted that the significant research contributions concern primarily SDN in wireless and mobile networks (Table 10). Furthermore, the additional research contributions also relate mostly to wireless technologies, potentially indicating a lack of research contributions on military network control applications with SDN.

Discussion and Recommendations for Future Work
Although SDN appears to have many potential benefits for tactical military networks, including rapid reconfigurability and improved network situational awareness, it faces certain challenges that could hinder its performance and implementation in tactical military networks [40]. In particular, the low bandwidth and unreliability that characterize military communication links necessitate a highly resilient control plane, and the exposure of the control plane on the wireless medium presents new attack vectors. In the following subsections, we discuss directions for future research covering SDN architecture, controller, services, tools, and basic evaluation in tactical military networks.

Architecture
Most of the proposed SDN architectures in tactical military networks follow the key ideas of the SDN paradigm. For instance, the SDBN architecture considers four planes: forwarding, control, application, and management [15]. However, the current realizations of SDN technologies are still far from fully addressing the realistic requirements and constraints of dynamic tactical networks, and in extending military networks. Many challenges in SDN architectures require further research effort, with the main focus areas for future research being: • Development of prototype for East-West communication between network controllers and nations.
In the case of a multi-controller-based architecture, the East-West interface protocol manages interactions between the various controllers.

•
Resilience of network controllers as they currently present a single point of failure.
• Standardization of Northbound and Southbound interfaces to the SDN controller. The Northbound and Southbound interfaces are currently poorly defined, presenting a barrier to integration with management systems and peer-level networks.
• Data offloading techniques at the physical layer in order to reduce delay and congestion of the network.

•
Mechanisms to migrate the SDN controller between nodes connected by restricted bandwidth wireless links.
• Control of network polices and how to share network policies across nations and network controllers.
• Exposure of the control plane traffic over wireless media introduce security vulnerabilities.
• Development of a suite of protocols and applications specifically designed for SDN architectures in tactical, and in extend military networks.
• Targeted study on the functions of SDN that can guarantee the routing QoS for specific operational groups, according to the urgency level of the task, and the scalability of the controller, extending to switches that can be applied to large scale networks.
• Development and testing an architecture dedicated to heterogeneous networks.
• Development of sophisticated schemes for ingress/egress filtering at each real-time SDN-enabled switch. This can help to better identify the properties of each flow (priority, class, delay, etc.) and then develop scheduling algorithms to meet their requirements.
• Enhancement of the SDN paradigm on battlefield networking (SDBN) architecture and the operational scenarios in which the architecture could be deployed. For example, the utilization of high-level policies to operate the SDBN as a whole, could be addressed by intent-based management (i.e., Autonomic Management) or service abstractions for policies (i.e., Simplified Use of Policy Abstractions-SUPA).

Control Systems
The traditional SDN architecture requires a node to contact the centralized SDN controller whenever it encounters a new request in which it needs to make a decision for a data plane operation, and for which it does not have the required control plane information. However, this centralized architecture is not suitable for military tactical networks with high levels of dynamism and frequent network failures that can result in slow network updates as well as significant controller overhead. The areas for further exploration include, but are not limited to:

•
Investigating SDN controller fail-over mechanisms to automatically take the control of the switches when a neighbour controller fails.
• Describing a distributed SDN controller network architecture that can meet reliability requirements through the use of multiple remote SDN controllers with integrated redundancy features.
• Exploring Software Defined Coalitions (SDCs) which share assets at increasing granularity, allowing a better sharing of the network, storage and application level services available in each of the partners.
• Identifying the required and appropriate abstractions which should be exposed to the partners, in respect to the policies of the coalition members.
• Creating the right interfaces for OODA (Observe, Orient, Decide and Act) based control of individual elements.

•
Developing appropriate routing, security, information and asset sharing mechanisms for coalition operations.

•
Optimizing the policy constructs for coalition missions.
• Defining the interaction between controllers of different nations across interoperability points of a Protected Core (PCore).
• Developing approaches to distribute control where necessary-for example, at the level of individual network functions such as mobility-without sacrificing the benefits of programmability that come from centralization in other areas.

•
Examining fault types beyond SDN controller faults, e.g., attacks that aim to exhaust resources in typical SDN switches, with resulting delays in the packet forwarding.

•
Recovering from faults using SDN. It is interesting to study whether and how SDN may help speed up recovery from faults in a communication network that supports tactical military networks.

Tools
Validation and evaluation of performance, resilience and security solutions for complex systems like military networks remain difficult problems. Simulators, emulation platforms and test-beds are useful for proving the efficiency and feasibility of new network architectures/designs and algorithms, and evaluate their capability to address specific challenges of military networks. Future research directions include: • Designing experiments to study SDN-enabled multi-domain heterogeneous networks, non-IP protocol innovations, and building SDN network exchange (SDX) to act as policy based SDN network peering point for connecting various SDN network prefixes.
• Simulating/experimenting developed mathematical models for realizing a unified programmable control plane, with support of a realistic number of nodes for wireless heterogeneous network.
• Testing the content-based security concept in network exchange points such as Software Defined Exchange.
• Examining the performance of operational aspects of Software Defined Coalitions (SDC) in an emulated test-bed.

•
Implementing an operational military Network with SDN where management links are suffering from variances.
• Implementing an operational military Network by including third-party platforms such as Pyretic to the applications code, in order to explore the advantages of the policy enforcement approach.
• Conducting experimentation on an at-scale real SDN testbed for large-scale military networks.
• Extending the testbed setups to be able to demonstrate enforcement of security policies in respect to all three dimensions of security goals, i.e., confidentiality, integrity and availability, and performing experiments involving a combination of cross-layer and network-specific (e.g., network intrusion detection mechanisms)

Service
Traditional networks are designed for static environments with cabled connections, hence there are some challenges when deploying IP networks in dynamic military operations. To cope with some of the challenges, Tactical Communications (TACOMS) have defined a set of services; two services which solve similar task but have different dependencies are the Autoconnectivity and Service Announcement (SA) and Border Gateway Protocol (BGP) service. Federated Networking Service Engine (FNSE) is a more generic approach for adding network services to NATOs Federated Mission Network (FMN) [25]; however, there are still many areas that require further invstigation, these include:

•
Evaluation of alternative East-West protocols; • How to add anonymity to the authentication phase; • Measurements of the overhead for secure channel establishment; • Investigation of how management across Autonomous System (AS) borders can be achieved.

Basic Evaluation
Software-defined networking has the potential to offer significant advantages over conventional networks in military networks. However, there are still open issues that need to be evaluated before usage in a production environment: • Evaluation of the SDN control plane performance in large-scale heterogeneous networks, and its ability to respond to failures; • Evaluation/investigation of the number and placement of controllers. A centralized management miles away from the forwarding devices in an operational scenario is challenging, and the number and placement of controllers is a research problem in military networks; • Evaluation of extensions to OpenFlow that include features for fine-grained control of wireless access points in a similar manner to OpenRadio; • Development of a comprehensive methodology to evaluate the performance of SDN load balancers.

Conclusions and Limitations
Our objectives with this systematic literature review have been ( The initial literature search provided a total of 927 articles, which have been filtered in accordance with their relevance with the investigated topic down to 134 articles. Accordingly, the quality appraisal phase allowed the extraction of 43 articles with significant and targeted research contributions, while 91 more articles have been identified to be highly relevant to the scope of this review (Steps 3, 4 and 5: Section 3). Furthermore, the data extraction and synthesis steps allowed us to reach the aforementioned objectives (Steps 6 and 7: Section 3), as presented in the corresponding sections. According to the findings of our analysis, it becomes apparent that there is a community of interest within the field of military SDN, while many topics within this area remain largely unexplored. Furthermore, these seem to exist a consensus within the community, in respect to the maturity levels of the distinct focus areas, and that the expected benefits from applying SDN within military networks justify the intensification of research effort in the future.