1 / 29

Network Service Security through software defined networking

Melanie Palmer, Rob Sullivan, John Bilberry. Network Service Security through software defined networking. LA-UR-13-25961. Overview. Introduction Test Method and Materials Results Conclusion Future Work Questions. LA-UR-13-25961. Software Defined Networking.

talasi
Download Presentation

Network Service Security through software defined networking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Melanie Palmer, Rob Sullivan, John Bilberry Network Service Security through software defined networking LA-UR-13-25961

  2. Overview • Introduction • Test Method and Materials • Results • Conclusion • Future Work • Questions LA-UR-13-25961

  3. Software Defined Networking • Separate the data plane and the control plane • Software layer between hardware and admin • Virtual networks within a physical network LA-UR-13-25961

  4. OpenFlow • Open source SDN • Hardware management on a single platform • Exploits a common set of functions found on most switches • OpenFlow Protocol • Flow table • Actions LA-UR-13-25961

  5. Controller • Management software for network • Communicates via a secure channel • Push and remove flows • Determine actions for undefined flows LA-UR-13-25961

  6. Networks for Security Network 1 User Network 2 Switch Controller Security Node Rule 1 Allow access to Network 1 Rule 2 Redirect to Security Node if access to Network 2 is attempted • User job in Node 1 • If User accesses Node 2 • Redirect to Security Node LA-UR-13-25961

  7. Networks for Security Network 1 User Network 2 Switch Controller Security Node Rule 1 Allow access to Network 1 Rule 2 Redirect to Security Node if access to Network 2 is attempted LA-UR-13-25961

  8. Melanie Palmer Materials and Test Methods LA-UR-13-25961

  9. Objective • Performance • Reliability • Scalability LA-UR-13-25961

  10. Materials • Floodlight 0.9 • Open source • Widely used in industry • Java based • Our Cluster • Seven node • CentOS 6.4 • Arista 7050S • OpenFlow 1.0 • EOS 4.10.4 LA-UR-13-25961

  11. Test Suite • Load Test • Performance • Reliability Load Test LA-UR-13-25961 Tests Sections Load Test Tests Sections

  12. Test Suite Traffic Limit • Load Test Timing Limit Tests Sections Load Test LA-UR-13-25961 Tests Sections Load Test Tests Sections

  13. Load Test Controller Node A Rule 1: Connect A and B Rule 2: Drop Anything to C Switch Node B NodeC LA-UR-13-25961

  14. Load Test Controller Node A Rule 1: Connect A and C Rule 2: Drop Anything to B Switch Node B NodeC LA-UR-13-25961

  15. Test Suite • Load Test • Speed Test • Scalability • Performance Load Test LA-UR-13-25961 Tests Sections Load Test Tests Sections

  16. Test Suite • Load Test • Speed Test Load Test LA-UR-13-25961 Tests Sections Load Test Tests Sections

  17. Speed Test Controller Node A Rule 1: Connect A and C Switch NodeC LA-UR-13-25961

  18. Speed Test Controller Node A Rule 1: Drop Node C Switch NodeC LA-UR-13-25961

  19. Test Suite Failure! • Load Test • Speed Test • Analysis Program Expected Behavior LA-UR-13-25961

  20. Test Suite Failure! • Load Test • Speed Test • Analysis Program • Stage 1 - Extracts • Error rate • Flow change speed • Stage 2 - Analyzes • Averages data • Standard deviations LA-UR-13-25961

  21. Rob Sullivan Results LA-UR-13-25961

  22. Load Test Results LA-UR-13-25961

  23. Speed Test Results LA-UR-13-25961

  24. Problems • OpenFlow 1.0 • Volume and nature of data • Human error • Imprecision of some test methods • Meaningful packet redirection Some We Overcame Some We Didn’t LA-UR-13-25961

  25. Conclusion LA-UR-13-25961

  26. Will OpenFlow Work? Pro’s • Allows software reconfiguration of networks • Easy administration • Flows can be reliably pushed up to a measurable rate • Flow push failure is low even at high push rates Con’s • OpenFlowv. 1.0 inadequacies • Hardware specific limits • Potential security issues • Controller can get overwhelmed LA-UR-13-25961

  27. Future Work • OpenFlow 1.1 • Security • Controllers and hardware • Scale LA-UR-13-25961

  28. LA-UR-13-25961 Acknowledgements Instructors – Dane Gardner and Matthew Broomfield (T.A.) Mentors – Kyle Lamb (HPC-3) and Ben McClelland (HPC-5) Special Thanks: Los Alamos National Laboratory – Gary Grider, Josephine Olivas, Carolyn Connor, Scott Robbins and Carol Hogsett New Mexico Consortium – Ann Kuiper PRObE – Andree Jacobson Our Schools: University of Texas at El Paso New Mexico Institute of Mining and Technology Michigan Technological University

  29. Your turn! Questions? LA-UR-13-25961

More Related