Load distribution of an OpenFlow controller for role-based network access control

Network attacks have been coming from not only outside of an organization but also internal networks in recent years due to malware infected clients and malicious insiders. Therefore, a firewall on the network boundary is insufficient for preventing such attacks. To prevent the attacks, we have developed a network access control system using OpenFlow. The system monitors whole internal networks and performs access control on the basis of Role Based Access Control (RBAC) on OpenFlow architecture. In the system, however, one problem is that the controller may become a performance bottleneck of the system for large scale network, because the controller monitors and controls all traffics in the network. In this paper, we propose an architecture which evaluates RBAC rules at OpenFlow switch side for load distribution. Furthermore, we evaluate its feasibility and performance, and show that the architecture can reduce the size of dynamically distributed rules by 93% in an ideal case.