vSwitch and software-defined network access control with openFlow
In practice, general purpose network is usually implemented to support a wide range of tasks such as web hosting, administration servers and database, education, finance and many more. This requires the infrastructure to be built in a way which can ensure both reliable normal traffic and a certain l...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Final Year Project |
Language: | English |
Published: |
2014
|
Subjects: | |
Online Access: | http://hdl.handle.net/10356/61921 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-61921 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-619212023-03-03T20:35:10Z vSwitch and software-defined network access control with openFlow Nguyen, Bao Tri Lee Bu Sung School of Computer Engineering SingAREN, Japan NICT Centre for Multimedia and Network Technology DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks In practice, general purpose network is usually implemented to support a wide range of tasks such as web hosting, administration servers and database, education, finance and many more. This requires the infrastructure to be built in a way which can ensure both reliable normal traffic and a certain level of security. However, scientific experiments see this as a hindrance. Science-DMZ (Demilitarized Zone) addresses this problem by having a different design in which a portion of the network – DMZ is separated from the main network. It has different hardware, configuration and security policies; all optimized for high performance scientific purposes. In Science-DMZ design, the DMZ is connected directly to a switch/router which then connects directly to the border router of the organization. Within the DMZ, the network performance is ensured. However, the firewall at the border router exists and it can possibly affect the performance if the DMZ is to be accessed externally. This can be the case when multiple organizations or research institutions want to have a joint research experiment where they share a common DMZ. The objective of this project is to make use of Software-Defined Network (SDN), OpenFlow technology in particular – a hardware-based solution to alleviate this potential firewall bottle neck which presents in wide-area joint Science-DMZs at the same time, providing the necessary access control with a conceptual design. The main idea is to replace the border router with an OpenFlow switch or add an OpenFlow switch as the secondary gateway, becoming the “border switch”. These border OpenFlow switches can then be connected together to form a large scale network of joint Science-DMZs. A system which manages access and controls the OpenFlow switches was proposed in the project. The design consists of three main parts: OpenFlow Controller, Interface and Authentication Server. The proof-of-concept system was developed and deployed on multiple environments, including the international SDN testbed RISE. The system was also able to integrate and make use of NTU’s Microsoft Active Directory User Databases for authentication. Testing results showed the possibility of such system to be implemented in actual application when the need arises for joint Science-DMZs. This conceptual system is scalable, portable, and easy for both management and maintenance thus giving the network designers flexibility in implementation for their applications to serve different needs of the researchers or the organizations. Bachelor of Engineering (Computer Engineering) 2014-12-05T07:04:21Z 2014-12-05T07:04:21Z 2014 2014 Final Year Project (FYP) http://hdl.handle.net/10356/61921 en Nanyang Technological University 72 p. application/pdf |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks |
spellingShingle |
DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks Nguyen, Bao Tri vSwitch and software-defined network access control with openFlow |
description |
In practice, general purpose network is usually implemented to support a wide range of tasks such as web hosting, administration servers and database, education, finance and many more. This requires the infrastructure to be built in a way which can ensure both reliable normal traffic and a certain level of security. However, scientific experiments see this as a hindrance. Science-DMZ (Demilitarized Zone) addresses this problem by having a different design in which a portion of the network – DMZ is separated from the main network. It has different hardware, configuration and security policies; all optimized for high performance scientific purposes. In Science-DMZ design, the DMZ is connected directly to a switch/router which then connects directly to the border router of the organization. Within the DMZ, the network performance is ensured. However, the firewall at the border router exists and it can possibly affect the performance if the DMZ is to be accessed externally. This can be the case when multiple organizations or research institutions want to have a joint research experiment where they share a common DMZ.
The objective of this project is to make use of Software-Defined Network (SDN), OpenFlow technology in particular – a hardware-based solution to alleviate this potential firewall bottle neck which presents in wide-area joint Science-DMZs at the same time, providing the necessary access control with a conceptual design.
The main idea is to replace the border router with an OpenFlow switch or add an OpenFlow switch as the secondary gateway, becoming the “border switch”. These border OpenFlow switches can then be connected together to form a large scale network of joint Science-DMZs. A system which manages access and controls the OpenFlow switches was proposed in the project. The design consists of three main parts: OpenFlow Controller, Interface and Authentication Server.
The proof-of-concept system was developed and deployed on multiple environments, including the international SDN testbed RISE. The system was also able to integrate and make use of NTU’s Microsoft Active Directory User Databases for authentication. Testing results showed the possibility of such system to be implemented in actual application when the need arises for joint Science-DMZs. This conceptual system is scalable, portable, and easy for both management and maintenance thus giving the network designers flexibility in implementation for their applications to serve different needs of the researchers or the organizations. |
author2 |
Lee Bu Sung |
author_facet |
Lee Bu Sung Nguyen, Bao Tri |
format |
Final Year Project |
author |
Nguyen, Bao Tri |
author_sort |
Nguyen, Bao Tri |
title |
vSwitch and software-defined network access control with openFlow |
title_short |
vSwitch and software-defined network access control with openFlow |
title_full |
vSwitch and software-defined network access control with openFlow |
title_fullStr |
vSwitch and software-defined network access control with openFlow |
title_full_unstemmed |
vSwitch and software-defined network access control with openFlow |
title_sort |
vswitch and software-defined network access control with openflow |
publishDate |
2014 |
url |
http://hdl.handle.net/10356/61921 |
_version_ |
1759857864843722752 |