Size-based flow management prototype for dynamic DMZ

The dynamic demilitarized zone (DMZ) model considers both network performance and security, and dynamically responds to traffic demands in real-time. We realize this dynamic DMZ model based on an OpenFlow-enabled switch and controller. In our approach, the controller detects flows with bit rate greater than a given threshold (elephant flows) and controls the switch in order to reroute elephant flows bypassing the security device. Extensive experiments are performed to verify the feasibility of this approach and test how the threshold value influences network performance. Results indicate that our approach effectively increases network performance but does not significantly influence flow security. Finally, we perform theoretical calculation on the deep packet inspection (DPI) input data rate in order to guide selection of the threshold value with a given traffic flow distribution and maximum DPI processing rate.

[1]  Aiko Pras,et al.  Self-management of hybrid networks: Can we trust netflow data? , 2009, 2009 IFIP/IEEE International Symposium on Integrated Network Management.

[2]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[3]  George Varghese,et al.  New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice , 2003, TOCS.

[4]  Minghua Chen,et al.  Joint VM placement and routing for data center traffic engineering , 2012, 2012 Proceedings IEEE INFOCOM.

[5]  Dhabaleswar K. Panda,et al.  Wide-area overlay networking to manage science DMZ accelerated flows , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[6]  H. Jonathan Chao,et al.  Load balancing for multiple traffic matrices using SDN hybrid routing , 2014, 2014 IEEE 15th International Conference on High Performance Switching and Routing (HPSR).

[7]  Y. Ebihara Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[8]  Amin Vahdat,et al.  Hedera: Dynamic Flow Scheduling for Data Center Networks , 2010, NSDI.

[9]  Boi Faltings,et al.  Abstraction and constraint satisfaction techniques for planning bandwidth allocation , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[10]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[11]  Mounir Hamdi,et al.  CheetahFlow: Towards low latency software-defined network , 2014, 2014 IEEE International Conference on Communications (ICC).

[12]  Konstantina Papagiannaki,et al.  A pragmatic definition of elephants in internet backbone traffic , 2002, IMW '02.