vSwitch and software-defined network access control with openFlow

In practice, general purpose network is usually implemented to support a wide range of tasks such as web hosting, administration servers and database, education, finance and many more. This requires the infrastructure to be built in a way which can ensure both reliable normal traffic and a certain l...

Full description

Saved in:
Bibliographic Details
Main Author: Nguyen, Bao Tri
Other Authors: Lee Bu Sung
Format: Final Year Project
Language:English
Published: 2014
Subjects:
Online Access:http://hdl.handle.net/10356/61921
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-61921
record_format dspace
spelling sg-ntu-dr.10356-619212023-03-03T20:35:10Z vSwitch and software-defined network access control with openFlow Nguyen, Bao Tri Lee Bu Sung School of Computer Engineering SingAREN, Japan NICT Centre for Multimedia and Network Technology DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks In practice, general purpose network is usually implemented to support a wide range of tasks such as web hosting, administration servers and database, education, finance and many more. This requires the infrastructure to be built in a way which can ensure both reliable normal traffic and a certain level of security. However, scientific experiments see this as a hindrance. Science-DMZ (Demilitarized Zone) addresses this problem by having a different design in which a portion of the network – DMZ is separated from the main network. It has different hardware, configuration and security policies; all optimized for high performance scientific purposes. In Science-DMZ design, the DMZ is connected directly to a switch/router which then connects directly to the border router of the organization. Within the DMZ, the network performance is ensured. However, the firewall at the border router exists and it can possibly affect the performance if the DMZ is to be accessed externally. This can be the case when multiple organizations or research institutions want to have a joint research experiment where they share a common DMZ. The objective of this project is to make use of Software-Defined Network (SDN), OpenFlow technology in particular – a hardware-based solution to alleviate this potential firewall bottle neck which presents in wide-area joint Science-DMZs at the same time, providing the necessary access control with a conceptual design. The main idea is to replace the border router with an OpenFlow switch or add an OpenFlow switch as the secondary gateway, becoming the “border switch”. These border OpenFlow switches can then be connected together to form a large scale network of joint Science-DMZs. A system which manages access and controls the OpenFlow switches was proposed in the project. The design consists of three main parts: OpenFlow Controller, Interface and Authentication Server. The proof-of-concept system was developed and deployed on multiple environments, including the international SDN testbed RISE. The system was also able to integrate and make use of NTU’s Microsoft Active Directory User Databases for authentication. Testing results showed the possibility of such system to be implemented in actual application when the need arises for joint Science-DMZs. This conceptual system is scalable, portable, and easy for both management and maintenance thus giving the network designers flexibility in implementation for their applications to serve different needs of the researchers or the organizations. Bachelor of Engineering (Computer Engineering) 2014-12-05T07:04:21Z 2014-12-05T07:04:21Z 2014 2014 Final Year Project (FYP) http://hdl.handle.net/10356/61921 en Nanyang Technological University 72 p. application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks
spellingShingle DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks
Nguyen, Bao Tri
vSwitch and software-defined network access control with openFlow
description In practice, general purpose network is usually implemented to support a wide range of tasks such as web hosting, administration servers and database, education, finance and many more. This requires the infrastructure to be built in a way which can ensure both reliable normal traffic and a certain level of security. However, scientific experiments see this as a hindrance. Science-DMZ (Demilitarized Zone) addresses this problem by having a different design in which a portion of the network – DMZ is separated from the main network. It has different hardware, configuration and security policies; all optimized for high performance scientific purposes. In Science-DMZ design, the DMZ is connected directly to a switch/router which then connects directly to the border router of the organization. Within the DMZ, the network performance is ensured. However, the firewall at the border router exists and it can possibly affect the performance if the DMZ is to be accessed externally. This can be the case when multiple organizations or research institutions want to have a joint research experiment where they share a common DMZ. The objective of this project is to make use of Software-Defined Network (SDN), OpenFlow technology in particular – a hardware-based solution to alleviate this potential firewall bottle neck which presents in wide-area joint Science-DMZs at the same time, providing the necessary access control with a conceptual design. The main idea is to replace the border router with an OpenFlow switch or add an OpenFlow switch as the secondary gateway, becoming the “border switch”. These border OpenFlow switches can then be connected together to form a large scale network of joint Science-DMZs. A system which manages access and controls the OpenFlow switches was proposed in the project. The design consists of three main parts: OpenFlow Controller, Interface and Authentication Server. The proof-of-concept system was developed and deployed on multiple environments, including the international SDN testbed RISE. The system was also able to integrate and make use of NTU’s Microsoft Active Directory User Databases for authentication. Testing results showed the possibility of such system to be implemented in actual application when the need arises for joint Science-DMZs. This conceptual system is scalable, portable, and easy for both management and maintenance thus giving the network designers flexibility in implementation for their applications to serve different needs of the researchers or the organizations.
author2 Lee Bu Sung
author_facet Lee Bu Sung
Nguyen, Bao Tri
format Final Year Project
author Nguyen, Bao Tri
author_sort Nguyen, Bao Tri
title vSwitch and software-defined network access control with openFlow
title_short vSwitch and software-defined network access control with openFlow
title_full vSwitch and software-defined network access control with openFlow
title_fullStr vSwitch and software-defined network access control with openFlow
title_full_unstemmed vSwitch and software-defined network access control with openFlow
title_sort vswitch and software-defined network access control with openflow
publishDate 2014
url http://hdl.handle.net/10356/61921
_version_ 1759857864843722752