id summary reporter owner description status priority milestone component version resolution keywords cc dependencies 1322 Size-based flow management enabling dynamic DMZ xinli1125@ksu.edu peter.stickney@bbn.com "Demo description paragraph (three sentence minimum): Problem description: The current networking solutions for cybersecurity adopt static policies. Packets from and to supercomputers go through a DPI (deep packet inspection) device for security inspection before being routed toward their destinations. In a network configuration where the bandwidth of the links is equal to 10 gbps and the speed of the DPI is equal to 3 gbps, this device throughput represents the system bottleneck, bringing the bandwidth of the path down to 3 gbps. The adoption of an OpenFlow router allows us to adapt the cybersecurity policies, by dynamically managing the flow forwarding rules. We divide the flows generated by the supercomputers into two groups based on flow sizes: one group consists of elephant flows (the flow size is larger than a threshold) and the other group contains mice flows (the flow size is smaller than a threshold.) The goals of our dynamic flow management are to achieve higher network performance and to gain higher utilization of the network security mechanism. Demo: The client sends multiple flows to the server. The flows are forwarded by a software switch (OpenFlow switch) to the DPI first. Flows sent to the DPI are inspected for network security purposes. When the software switch detects a legitimate elephant flow, the elephant flow will be forwarded directly to the server bypassing the DPI. In this case, we avoid sending the elephant flow through the network bottleneck of the DPI to achieve higher network performance. By our dynamic flow management, we are able to monitor how the multiple flow entries are set up in the software switch flow table and how the flows are rerouted in the network. Equipment: software switch (OpenVSwitch on Ubuntu), Server (iperf on Windows 7), Client (iperf on Windows 7), DPI(OpenVSwitch on Ubuntu), OpenFlow controller(POX on Ubuntu). List of equipment that will need AC connections (e.g. laptop, switch, monitor): 6 Just put in the number of connections needed if your demo description already lists equipment. Total number of wired network connections (sum standard IP and VLAN connections): 0 Number of wired layer 2 VLANs (if any): 0 Specify VLAN number, if known, approximate bandwidth, and whether tagged or untagged. Number of wireless network connections (include required bandwidth if significant): 0 Number of static addresses needed (if any): 0 Monitor (y/n, specify VGA or DVI): Yes, 2 DVIs. Specify resolution only if your software has resolution restrictions.No. Number of posters (max size poster boards are 30"" x 40""): 1 Special requests: No. Include any specific network connectivity needs (e.g. VLANs to a particular GENI location, projects you'd like to be near, etc.)" closed major GPENI SPIRAL7 fixed GEC21 haotianwu@ksu.edu