Title :
Size-based flow management prototype for dynamic DMZ
Author :
Haotian Wu ; Xin Li ; Scoglio, Caterina ; Gruenbacher, Don ; Andresen, Daniel
Author_Institution :
Electr. & Comput. Eng., Kansas State Univ., Manhattan, KS, USA
Abstract :
The dynamic demilitarized zone (DMZ) model considers both network performance and security, and dynamically responds to traffic demands in real-time. We realize this dynamic DMZ model based on an OpenFlow-enabled switch and controller. In our approach, the controller detects flows with bit rate greater than a given threshold (elephant flows) and controls the switch in order to reroute elephant flows bypassing the security device. Extensive experiments are performed to verify the feasibility of this approach and test how the threshold value influences network performance. Results indicate that our approach effectively increases network performance but does not significantly influence flow security. Finally, we perform theoretical calculation on the deep packet inspection (DPI) input data rate in order to guide selection of the threshold value with a given traffic flow distribution and maximum DPI processing rate.
Keywords :
computer network management; computer network security; local area networks; telecommunication network routing; telecommunication traffic; OpenFlow-enabled controller; OpenFlow-enabled switch; bit rate; campus networks; deep packet inspection input data rate; dynamic DMZ model; dynamic dynamic demilitarized zone model; elephant flow rerouting; flow detection; maximum DPI processing rate; network performance; network security; security device; size-based flow management prototype; threshold value selection; traffic demands; traffic flow distribution; Communication networks; Mice; Packet loss; Security; Servers; Switches; DMZ model; OpenFlow; elephant flow; security;
Conference_Titel :
Design of Reliable Communication Networks (DRCN), 2015 11th International Conference on the
Conference_Location :
Kansas City, MO
DOI :
10.1109/DRCN.2015.7149012
