Network Security Enhancement Using Software Defined Networking Technologies

amid this configuration we tend to look for guidance from them as data, control, and application planes. At base, the data plane is included system segments, whose SDN Data ways uncover their abilities through the Control-Data-Plane Interface (CDPI) Agent. On top, SDN Applications exist inside of the application plane, and impart their needs by means of northward Interface (NBI) Drivers. inside of the centre, the SDN Controller interprets these needs and applies low-level administration over the SDN Data ways, while giving pertinent data up to the SDN

* Opengear supports the OpenFlow/SDN Interoperability Lab. This Software Defined Networking (SDN) technology from the Open

Brocade is fully invested in making SDN completely modular to deliver New IP networks based on an open ecosystem. The Brocade SDN Controller is continuously built from the OpenDaylight code, with a virtuous cycle of contributions back to the OpenDaylight community. Physical and virtual networks from multiple vendors can be managed within the Brocade SDN Controller, and organizations can gradually introduce ever-larger portions of their existing networks into the controller domain with single-source technical support for the entire

Before going further on this document, first we need discuss some basics of networking, so that it would be easy to understand the topics easily.

As this demand for dynamic and unpredictable data grows, more and more devices have to be added to existing networks and configured accordingly. The need of the hour is to regulate networks centrally and as a whole rather than configure individual network devices and gain more control to achieve flexibility in existing networks.

Software Defined Networking (SDN) is a way to construct networks virtually with software that can be hosted on one machine. These software can solve issues such as cost, scalability, and security.

The project focusses on using the advantages and applications of the Software Defined Networking (SDN) technology. By implementing security measures in SDN, one can develop a network that will be free from several network attacks like ping attack, TCP SYN attack, probing, Denial of Service, Distributed Denial of Service and several other scanning attacks. Another point to mention is that if an administrator had to implement all these security measures in a traditional network, he would have to configure all the networking equipment separately with the required security measures. On top of that. if

The influence of Software Defined Networking on network industry is immense. “SDN industry is expected to surpass 35 billion in next five years” concluded by SDNcentral after conducting a market research on the impact of SDN on network industry. Clearly the impact is huge. Why? Because the concept of decoupling data plane from the control plane and making networks programmable is a powerful one. If deployed in large scale, replacing the legacy networks architecture, it will empower service providers and operators to deploy new services, provide freedom from proprietary vendor-specific network solutions while providing greater control over the network. However, this future vision of networks and SDN cannot be realized if one of the criteria of large scale acceptance is overlooked, i.e. how secure is networking the SDN way. In this paper, I have analyzed the various vulnerabilities which an attacker can exploit if SDN architecture is deployed on a large scale.

Software Defined Networking (SDN) is a rapidly growing technology which has received lot of attention. It addresses some of the long-standing challenges in the field of computer networks. It simplifies and makes it easier to management network. The core idea behind SDN is to pull out the intelligence from network devices like switch and router so that entire network can be controlled from a centralized single controller. The SDN controller has the global view of entire network devices. The controller can be customized by the network administrators or by the engineers as per the need of the business. The SDN technology makes the network programmable, agile, dynamic, scalable, flexible and centrally controlled. This paper initially focuses on the need of SDN. In the later part consists of architecture of the SDN enabled network, its different applications, challenges in implementing SDN.

Network Security is a very dynamic and technical field dealing with all aspects of scanning, hacking and securing systems against intrusion. It is more than just encrypting user data, virtual private networks or installing firewalls. Network security consists of the provision, policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources (Xie, 2013).

Software-Define Network (SDN) has emerged as a very promising network architecture in recent years. It largely simplifies the network logic and makes the network traffic more controllable by decoupling data plane and control plane out of the traditional network architecture, and having centralized controllers to control network switches. The significant difference from the traditional network architecture is that the network traffic routing is centralized into controllers such that network switches are only need to perform forwarding, instead of complicated routing protocols. The centralized controlling scheme of SDN has many novel and important capabilities such as global view of the network, software-based traffic analysis, and dynamic reconfiguring of network forwarding rules. The SDN has attracted the interests of many attackers due to the use of centralized controlling architecture and many security flaws are remained to be addressed yet. Distributed Denial of Service (DDoS) attack is one of the most frequent network attack that no effective countermeasure is acknowledged in traditional network. Fortunately, the characteristics of SDN bring us new chances to effectively against DDoS attacks. In this paper, we are going to discuss the classifications and characteristics of DDoS, analyze the advantaged capabilities of SDN architecture, and present a survey of the methods to detect and prevent DDoS attacks using SDN, and review the studies of SDN as a victim of

The primary objective of a network security system is to, in a cost effective manner, balance convenient access to legitimate users and inaccessibility to attackers. In a nutshell, the goal is to prevent connectivity to anyone intending to cause harm to the network. The harm to which this paper refers can come in the following forms:

Today, the technology VPN (Virtual Private Network) has established strong recognition among IT people and every administrator is committed to organize VPN-channels for employees working outside the office.

Abstract—The evolution of MPLS networks have made them critically important for ISPs for the various functions of traffic engineering, efficient network utilization and for providing L2 and L3 enterprise VPN services. All these functions are supported by complex, energy hungry and expensive core routers with support for a wide variety of control protocols carefully combined with data plane mechanisms. It is observed that the MPLS data-plane handles simpler functions of pushing, popping-off and swapping labels and are mostly un-affected by any changes to the control-plane functionalities. This paper discusses the possibility of using the standard MPLS data-plane in combination with a simple extensible control-plane using OpenFlow, SDN and its applications.

Within this context, we conducted our graduation project . We make use in this work of packet processing challenges in regards with OpenFlow/SDN requirements to build a framework for an optimal packet classification . Our framework pre-processes OpenFlow rules by investigating the relation between rules and then generates a packet classification schemes which are aware of the underlying hardware architecture and also network services priorities . Added to that , the framework communicates with the target physical platform in order to map the computed classification structure and place the the OpenFlow rules .