An Extended SDN Architecture for Value-added Services with a Case Study on Intrusion Prevention
碩士 === 國立交通大學 === 網路工程研究所 === 102 === Providing value-added services under current OpenFlow-based SDN architecture makes huge traffic of OpenFlow message be generated to the controller for traffic classification because the simplicity of the switches in the data plane. For relieving this problem, we...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | en_US |
| Published: |
2014
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/70672237563859138677 |
| Summary: | 碩士 === 國立交通大學 === 網路工程研究所 === 102 === Providing value-added services under current OpenFlow-based SDN architecture makes huge traffic of OpenFlow message be generated to the controller for traffic classification because the simplicity of the switches in the data plane. For relieving this problem, we proposed an architecture which is extended from OpenFlow-based SDN and design the corresponding mechanism in this architecture. We design the two-layer traffic classification mechanism in the data plane. Also, we extended the OpenFlow protocol message types and formats. By our design, network events can be analyzed in data plane but control plane. In the case of the implementation of the intrusion prevention system using value-added services, we reduced the traffic generated to the controller under the OpenFlow-based SDN. We also discuss the ratio of the traffic generated to particular network nodes of the extended architecture designed. We qualify our design by the results from the campus network traffic.
|
|---|