An extended SDN architecture for network function virtualization with a case study on intrusion prevention

Author

Ying-Dar Lin ; Po-Ching Lin ; Chih-Hung Yeh ; Yao-Chun Wang ; Yuan-Cheng Lai

Volume

29

Issue

3

fYear

2015

fDate

May-June 2015

Firstpage

48

Lastpage

53

Abstract

In conventional software-defined networking (SDN), a controller classifies the traffic redirected from a switch to determine the path to network function virtualization (NFV) modules. The redirection generates a large volume of control-plane traffic. We propose an extended SDN architecture to reduce the traffic overhead to the controller for providing NFV. The extension includes two-layer traffic classification in the data plane, extended OpenFlow protocol messages and service chaining mechanisms. Network events are analyzed in the data plane instead of the control plane. The efficiency is evaluated with a case study of intrusion prevention. The evaluation shows that only 0.12 percent of the input traffic is handled by the controller, while 77.23 percent is handled on the controller in conventional SDN.

Keywords

computer network security; protocols; software defined networking; telecommunication traffic; NFV module; control-plane traffic; data plane; efficiency evaluation; extended OpenFlow protocol messages; extended SDN architecture; input traffic handling; intrusion prevention; network event analysis; network function virtualization modules; service chaining mechanisms; software-defined networking; traffic overhead reduction; traffic redirection; two-layer traffic classification; Floods; IP networks; Network architecture; Payloads; Routing; Software defined networking; Switches; Telecommunication network management; Virtualization;

fLanguage

English

Journal_Title

Network, IEEE

Publisher

ieee

ISSN

0890-8044

Type

jour

DOI

10.1109/MNET.2015.7113225

Filename

7113225