• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권7호
• /
• pp.1894-1915
• /
• 2023

Software-Defined Networking (SDN) offers several advantages in dynamic routing, flexible programmable control and custom application-driven network management. However, the programmability of the data plane in traditional SDN is limited. A network operator cannot change the ability of the data plane and perform complex packet processing on the data plane, which limits the flexibility and extendibility of SDN. In the paper, AP-SDN (Action Program enabled Software-Defined Networking) architecture is proposed, which extends the action set of SDN data plane. In the proposed architecture, a modified Open vSwitch is utilized in the data plane allowing the execution of action programs at runtime, thus enabling complex packet processing. An example action program is also implemented which transparently encrypts traffic for terminals. At last, a prototype system of AP-SDN is developed and experiments show its effectiveness and performance.

• 융합보안논문지
• /
• 제20권5호
• /
• pp.3-10
• /
• 2020

최근 인터넷 그리고 네트워크는 사회를 구성하는 필수적인 인프라로 여겨짐과 동시에 이에 대한 보안 위협 상황이 지속적으로 증대되고 있다. 그러나 네트워크에서 실제 패킷을 전송하는 스위치 단에서는 기본적으로 고정적인 룰에 의한 방화벽 혹은 네트워크 접근 제어를 통해서만 보안 위협을 대응할 수 있어, 보안 위협에 대한 효과적인 대응은 네트워크 자체에서는 극히 제한적이며, 능동적으로 대처하지 못하고 있다. 본 논문에서는 네트워크 데이터 평면 프로그래밍 언어인 P4(Programming Protocol-independent Packet Processor)를 통해 네트워크 내 모든 플로우를 P4 스위치 단에서 실시간으로 모니터링하고, 특정 보안 공격 패킷을 스위치 단에서 처리함으로써, 네트워크 단에서 분산 DDoS 공격, IP Spoofing 공격 등을 대응할 수 있는 인-네트워크 (In-Network) 보안 관리 방법을 제안한다. 또한 네트워크 사용자 혹은 보안 관리자의 운영 정책을 SDN (Software-Defined Networking) 제어기를 통해 P4 스위치에서 적용함으로써, 다양한 네트워크 응용 환경에서의 보안 요구 사항을 반영할 수 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권6호
• /
• pp.2735-2751
• /
• 2020

The emergence of Software Defined Networking (SDN) overcomes the limitations of traditional networking architectures. There are some advantages in SDN which are centralized global network view, programmability, and separation of the data plane and control plane. Due to the limitation of data plane storage capacity in SDN, it is necessary to process the redundancy rules of switch. In this paper, we propose a method for active detection and processing of redundant rules. We use the result generated by the customized probe package to detect redundant rules. And by checking the forwarding behavior of probe packets in the data plane, the redundancy rules are further processed. Furthermore, in order to quickly check the dynamic networks, we propose an incremental algorithms for rapidly evolve the network strategies. We conduct simulation experiments on Matlab to verify the feasibility of the algorithm. The influence of some parameters on the result are discussed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권10호
• /
• pp.4902-4932
• /
• 2016

The popularity of network virtualization has recently regained considerable momentum because of the emergence of OpenFlow technology. It is essentially decouples a data plane from a control plane and promotes hardware programmability. Subsequently, OpenFlow facilitates the implementation of network virtualization. This study aims to provide an overview of different approaches to create a virtual network using OpenFlow technology. The paper also presents the OpenFlow components to compare conventional network architecture with OpenFlow network architecture, particularly in terms of the virtualization. A thematic OpenFlow network virtualization taxonomy is devised to categorize network virtualization approaches. Several testbeds that support OpenFlow network virtualization are discussed with case studies to show the capabilities of OpenFlow virtualization. Moreover, the advantages of popular OpenFlow controllers that are designed to enhance network virtualization is compared and analyzed. Finally, we present key research challenges that mainly focus on security, scalability, reliability, isolation, and monitoring in the OpenFlow virtual environment. Numerous potential directions to tackle the problems related to OpenFlow network virtualization are likewise discussed.