Title :
An extended SDN architecture for network function virtualization with a case study on intrusion prevention
Author :
Ying-Dar Lin ; Po-Ching Lin ; Chih-Hung Yeh ; Yao-Chun Wang ; Yuan-Cheng Lai
Abstract :
In conventional software-defined networking (SDN), a controller classifies the traffic redirected from a switch to determine the path to network function virtualization (NFV) modules. The redirection generates a large volume of control-plane traffic. We propose an extended SDN architecture to reduce the traffic overhead to the controller for providing NFV. The extension includes two-layer traffic classification in the data plane, extended OpenFlow protocol messages and service chaining mechanisms. Network events are analyzed in the data plane instead of the control plane. The efficiency is evaluated with a case study of intrusion prevention. The evaluation shows that only 0.12 percent of the input traffic is handled by the controller, while 77.23 percent is handled on the controller in conventional SDN.
Keywords :
computer network security; protocols; software defined networking; telecommunication traffic; NFV module; control-plane traffic; data plane; efficiency evaluation; extended OpenFlow protocol messages; extended SDN architecture; input traffic handling; intrusion prevention; network event analysis; network function virtualization modules; service chaining mechanisms; software-defined networking; traffic overhead reduction; traffic redirection; two-layer traffic classification; Floods; IP networks; Network architecture; Payloads; Routing; Software defined networking; Switches; Telecommunication network management; Virtualization;
Journal_Title :
Network, IEEE
DOI :
10.1109/MNET.2015.7113225
