Opened 4 years ago

Closed 4 years ago

#1322 closed (fixed)

Size-based flow management enabling dynamic DMZ

Reported by: xinli1125@ksu.edu Owned by: peter.stickney@bbn.com
Priority: major Milestone:
Component: GPENI Version: SPIRAL7
Keywords: GEC21 Cc: haotianwu@ksu.edu
Dependencies:

Description

Demo description paragraph (three sentence minimum): Problem description: The current networking solutions for cybersecurity adopt static policies. Packets from and to supercomputers go through a DPI (deep packet inspection) device for security inspection before being routed toward their destinations. In a network configuration where the bandwidth of the links is equal to 10 gbps and the speed of the DPI is equal to 3 gbps, this device throughput represents the system bottleneck, bringing the bandwidth of the path down to 3 gbps. The adoption of an OpenFlow router allows us to adapt the cybersecurity policies, by dynamically managing the flow forwarding rules. We divide the flows generated by the supercomputers into two groups based on flow sizes: one group consists of elephant flows (the flow size is larger than a threshold) and the other group contains mice flows (the flow size is smaller than a threshold.) The goals of our dynamic flow management are to achieve higher network performance and to gain higher utilization of the network security mechanism. Demo: The client sends multiple flows to the server. The flows are forwarded by a software switch (OpenFlow switch) to the DPI first. Flows sent to the DPI are inspected for network security purposes. When the software switch detects a legitimate elephant flow, the elephant flow will be forwarded directly to the server bypassing the DPI. In this case, we avoid sending the elephant flow through the network bottleneck of the DPI to achieve higher network performance. By our dynamic flow management, we are able to monitor how the multiple flow entries are set up in the software switch flow table and how the flows are rerouted in the network. Equipment: software switch (OpenVSwitch on Ubuntu), Server (iperf on Windows 7), Client (iperf on Windows 7), DPI(OpenVSwitch on Ubuntu), OpenFlow controller(POX on Ubuntu).

List of equipment that will need AC connections (e.g. laptop, switch, monitor): 6

Just put in the number of connections needed if your demo description already lists equipment.

Total number of wired network connections (sum standard IP and VLAN connections): 0

Number of wired layer 2 VLANs (if any): 0 Specify VLAN number, if known, approximate bandwidth, and whether tagged or untagged.

Number of wireless network connections (include required bandwidth if significant): 0

Number of static addresses needed (if any): 0

Monitor (y/n, specify VGA or DVI): Yes, 2 DVIs. Specify resolution only if your software has resolution restrictions.No.

Number of posters (max size poster boards are 30" x 40"): 1

Special requests: No. Include any specific network connectivity needs (e.g. VLANs to a particular GENI location, projects you'd like to be near, etc.)

Change History (3)

comment:1 Changed 4 years ago by peter.stickney@bbn.com

Status: newaccepted

Thanks for the demo request. We should have no problem getting you space. See you in Indiana!

comment:2 Changed 4 years ago by peter.stickney@bbn.com

Apologies, but at this point, we cannot guarantee you will have 2 LCDs available for demo night. If you want to try to bring your own, you are welcome to, but we do not have enough LCDs to be giving people multiple.

comment:3 Changed 4 years ago by peter.stickney@bbn.com

Resolution: fixed
Status: acceptedclosed

Thanks for joining us in Bloomington this year. We hope everything worked as you expected. Don't hesitate to offer any suggestions.

Please feel free to update / append the wiki page for the Demo Night here:

http://groups.geni.net/geni/wiki/GEC21Agenda/EveningDemoSession

Note: See TracTickets for help on using tickets.