6 research outputs found
Software Defined Networking Reactive Stateful Firewall
Part 3: Cyber InfrastructureInternational audienceNetwork security is a crucial issue of Software Defined Networking (SDN). It is probably, one of the key features for the success and the future pervasion of the SDN technology. In this perspective, we propose a SDN reactive stateful firewall. Our solution is integrated into the SDN architecture. The application filters TCP communications according to the network security policies. It records and processes the different states of connections and interprets their possible transitions into OpenFlow (OF) rules. The proposition uses a reactive behavior in order to reduce the number of OpenFlow rules in the data plane devices and to mitigate some Denial of Service (DoS) attacks like SYN Flooding. The firewall processes the Finite State Machine of network protocols so as to withdraw useless traffic not corresponding to their transitions' conditions. In terms of cost efficiency, our proposal empowers the behavior of Openflow compatible devices to make them behaving like stateful firewalls. Therefore, organizations do not need to spend money and resources on buying and maintaining conventional firewalls. Furthermore, we propose an orchestrator in order to spread and to reinforce security policies in the whole network with a fine grained strategy. It is thereupon able to secure the network by filtering the traffic related to an application , a node, a subnetwork connected to a data plane device, a sub SDN network connected to a controller, traffic between different links, etc. The deployment of rules of the firewall becomes flexible according to a holistic network view provided by the management plane. In addition, the solution enlarges the security perimeter inside the network by securing accesses between its internal nodes
ReWiFlow: Restricted Wildcard OpenFlow Rules
ABSTRACT The ability to manage individual flows is a major benefit of Software-Defined Networking. The overheads of this fine-grained control, e.g. initial flow setup delay, can overcome the benefits, for example when we have many time-sensitive short flows. Coarse-grained control of groups of flows, on the other hand, can be very complex: each packet may match multiple rules, which requires conflict resolution. In this paper, we present ReWiFlow, a restricted class of OpenFlow wildcard rules (the fundamental way to control groups of flows in OpenFlow), which allows managing groups of flows with flexibility and without loss of performance. We demonstrate how ReWiFlow can be used to implement applications such as dynamic proactive routing. We also present a generalization of ReWiFlow, called MultiReWiFlow, and show how it can be used to efficiently represent access control rules collected from Stanford's backbone network
Analysis of Characteristics and Application of Software Defined Networks
Računalne mreže su se razvile zbog novih trendova i zahtjeva korisnika za što
bržom uspostavom i isporukom usluga. Nefleksibilnost arhitekture računalnih mreža
predstavlja izazov razvijateljima jer se njihovi eksperimenti ne mogu ocijeniti u
stvarnim mrežama. Softverski definirana mreža (SDN) i OpenFlow arhitektura
omogućuju način implementacije programabilnih mrežnih arhitektura koje se mogu
implementirati postepeno u već postojeću mrežu. Kontrola mreže je na vanjskom
uređaju u obliku software-a odvojena od prosljeđivanja paketa i ima mogućnost
direktnog programiranja. SDN omogućuje dinamičku prilagodbu mrežnog okruženja
trenutnim aplikativnim zahtjevima ili potrebama korisnika te znatno pojednostavljuje
upravljanje i povećava skalabilnost mreže. U ovom radu su analizirane
funkcionalnosti i karakteristike softverski definiranih mreža i na temelju usporedbe s
konvencionalnom mrežom utvrđene su bitne razlike, prednosti i nedostaci te koliko
SDN utječe na samo poslovanje jedne organizacije (tvrtke).The new trends and users' demands for fastest setting up and delivering of
new services are the main reasons for computer networks being developed. The
inflexibility in architecture of computer networks represents a challenge for
developers due to the fact that their experiments can not be verified in real networks.
Software Defined Networks (SDN) and the OpenFlow architecture allow
implementation of programmable networks' architectures, which can be gradually
deployed in already existing networks. The network control is on an external device
as a kind of software program (Controller). It is separated from the packet forwarding
(Switch), having the possibility of being directly programmed. SDN enables dynamic
adaptation of networks' environments to the current applications' requests or users'
demands, making the network control easier and at the same time increasing its
scalability. In this thesis, the functionality and characteristics of software defined
networks have been analysed and due to the comparison with conventional
networks, the main differences, advantages and drawbacks have been
determined as well as the answer to the question: How much software defined
networks can influence the core business of an organisation
Analysis of Characteristics and Application of Software Defined Networks
Računalne mreže su se razvile zbog novih trendova i zahtjeva korisnika za što
bržom uspostavom i isporukom usluga. Nefleksibilnost arhitekture računalnih mreža
predstavlja izazov razvijateljima jer se njihovi eksperimenti ne mogu ocijeniti u
stvarnim mrežama. Softverski definirana mreža (SDN) i OpenFlow arhitektura
omogućuju način implementacije programabilnih mrežnih arhitektura koje se mogu
implementirati postepeno u već postojeću mrežu. Kontrola mreže je na vanjskom
uređaju u obliku software-a odvojena od prosljeđivanja paketa i ima mogućnost
direktnog programiranja. SDN omogućuje dinamičku prilagodbu mrežnog okruženja
trenutnim aplikativnim zahtjevima ili potrebama korisnika te znatno pojednostavljuje
upravljanje i povećava skalabilnost mreže. U ovom radu su analizirane
funkcionalnosti i karakteristike softverski definiranih mreža i na temelju usporedbe s
konvencionalnom mrežom utvrđene su bitne razlike, prednosti i nedostaci te koliko
SDN utječe na samo poslovanje jedne organizacije (tvrtke).The new trends and users' demands for fastest setting up and delivering of
new services are the main reasons for computer networks being developed. The
inflexibility in architecture of computer networks represents a challenge for
developers due to the fact that their experiments can not be verified in real networks.
Software Defined Networks (SDN) and the OpenFlow architecture allow
implementation of programmable networks' architectures, which can be gradually
deployed in already existing networks. The network control is on an external device
as a kind of software program (Controller). It is separated from the packet forwarding
(Switch), having the possibility of being directly programmed. SDN enables dynamic
adaptation of networks' environments to the current applications' requests or users'
demands, making the network control easier and at the same time increasing its
scalability. In this thesis, the functionality and characteristics of software defined
networks have been analysed and due to the comparison with conventional
networks, the main differences, advantages and drawbacks have been
determined as well as the answer to the question: How much software defined
networks can influence the core business of an organisation