Developing a traffic classification platform for enterprise networks with SDN: Experiences & lessons learned

Software Defined Networking (SDN) is an innovative approach to networking architecture that opens up avenues to create a whole new class of networking functionality. While data centre networks are steadily adopting the SDN approach with considerable success, other areas of networking such as network access control, load balancing and traffic classification remain nascent. Traffic classification in SDN is relatively experimental and attempts for SDN traffic classification to become a viable solution for enterprise networks require additional investigation. This paper reports on the practical experiences and lessons learned while developing an SDN based traffic classification platform for an enterprise network. We use the platform to demonstrate the feasibility of SDN based traffic classifiers by evaluating against a set of desired outcomes. We make note of the design choices using the currently available technologies that may be helpful to networks operators considering deploying their own solution. We conclude the paper with suggested changes to better address limitations for software traffic classification that will remove the need for workarounds with future versions of OpenFlow.

[1]  Jason Lee,et al.  A first look at modern enterprise traffic , 2005, IMC '05.

[2]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.

[3]  Burkhard Stiller,et al.  AAA: a survey and a policy-based architecture and framework , 2002 .

[4]  Amit P. Sheth,et al.  METEOR-S WSDI: A Scalable P2P Infrastructure of Registries for Semantic Publication and Discovery of Web Services , 2005, Inf. Technol. Manag..

[5]  Kang-Won Lee,et al.  Policy-based automated provisioning , 2004, IBM Syst. J..

[6]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[7]  Artemis Moroni,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[8]  Antonio Pescapè,et al.  Issues and future directions in traffic classification , 2012, IEEE Network.

[9]  Abraham Bernstein,et al.  Toward intelligent assistance for a data mining process: an ontology-based approach for cost-sensitive classification , 2005, IEEE Transactions on Knowledge and Data Engineering.

[10]  George M. Gross,et al.  GSAKMP: Group Secure Association Key Management Protocol , 2006, RFC.

[11]  Guillaume Urvoy-Keller,et al.  A first look at traffic classification in enterprise networks , 2010, IWCMC.

[12]  Benjamin Fuller,et al.  GROK: A Practical System for Securing Group Communications , 2010, 2010 Ninth IEEE International Symposium on Network Computing and Applications.

[13]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[14]  Jacob Sacolick,et al.  THE ROLE OF OPERATIONS RESEARCH IN SYSTEMS ANALYSIS , 1980 .

[15]  Maurizio Tomasella,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[16]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.

[17]  David L. Black,et al.  Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers , 1998, RFC.

[18]  Sakir Sezer,et al.  Sdn Security: A Survey , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).

[19]  Kuang-Ching Wang,et al.  Thoughts on the Internet architecture from a modern enterprise network outage , 2012, 2012 IEEE Network Operations and Management Symposium.