vSwitch and software-defined network access control with openFlow

In practice, general purpose network is usually implemented to support a wide range of tasks such as web hosting, administration servers and database, education, finance and many more. This requires the infrastructure to be built in a way which can ensure both reliable normal traffic and a certain l...

Full description

Saved in:
Bibliographic Details
Main Author: Nguyen, Bao Tri
Other Authors: Lee Bu Sung
Format: Final Year Project
Language:English
Published: 2014
Subjects:
Online Access:http://hdl.handle.net/10356/61921
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:In practice, general purpose network is usually implemented to support a wide range of tasks such as web hosting, administration servers and database, education, finance and many more. This requires the infrastructure to be built in a way which can ensure both reliable normal traffic and a certain level of security. However, scientific experiments see this as a hindrance. Science-DMZ (Demilitarized Zone) addresses this problem by having a different design in which a portion of the network – DMZ is separated from the main network. It has different hardware, configuration and security policies; all optimized for high performance scientific purposes. In Science-DMZ design, the DMZ is connected directly to a switch/router which then connects directly to the border router of the organization. Within the DMZ, the network performance is ensured. However, the firewall at the border router exists and it can possibly affect the performance if the DMZ is to be accessed externally. This can be the case when multiple organizations or research institutions want to have a joint research experiment where they share a common DMZ. The objective of this project is to make use of Software-Defined Network (SDN), OpenFlow technology in particular – a hardware-based solution to alleviate this potential firewall bottle neck which presents in wide-area joint Science-DMZs at the same time, providing the necessary access control with a conceptual design. The main idea is to replace the border router with an OpenFlow switch or add an OpenFlow switch as the secondary gateway, becoming the “border switch”. These border OpenFlow switches can then be connected together to form a large scale network of joint Science-DMZs. A system which manages access and controls the OpenFlow switches was proposed in the project. The design consists of three main parts: OpenFlow Controller, Interface and Authentication Server. The proof-of-concept system was developed and deployed on multiple environments, including the international SDN testbed RISE. The system was also able to integrate and make use of NTU’s Microsoft Active Directory User Databases for authentication. Testing results showed the possibility of such system to be implemented in actual application when the need arises for joint Science-DMZs. This conceptual system is scalable, portable, and easy for both management and maintenance thus giving the network designers flexibility in implementation for their applications to serve different needs of the researchers or the organizations.