gupdated the discussed items

parent 77324788
No preview for this file type
......@@ -71,6 +71,7 @@ CNAC Interface also controls the Campus SDN Controller to enable the tap
points and install/delete flows based upon the CNAC commands to help monitor
the traffic or mitigate the attack.
\section{Architecture Diagram 1.0}
\centerline{\includegraphics[width=1.1\textwidth]{ElasticIdsArch.jpg}}
\section{Implementation}
......@@ -114,7 +115,7 @@ wherever possible. Terminologies for the traffic : Inbound, Outbound, Hybrid.
\begin{itemize}
\item Tapping Issues in Current Network: Mirror costs is very high.
\item If span ports are used, the first thing that is taken down when the
traffic increases are these ports. [+SDN : can be selective on what we
traffic increases are these ports. [+ SDN : can be selective on what we
monitor rather than the whole traffic]
\item To have a fully secure network the cost will be multiple times the
actual network setup cost with monitors, taps etc. for it.
......@@ -151,6 +152,8 @@ wherever possible. Terminologies for the traffic : Inbound, Outbound, Hybrid.
\item RYU SDN Controller : \url{http://osrg.github.io/ryu/}
\item FOAM : aggregate manager for GENI
\url{https://openflow.stanford.edu/display/FOAM/Home}
\item TestON: SDN Testing suite
\url{https://github.com/Paxterra/TestON}
\end{itemize}
\section{Security Onion}
......@@ -209,12 +212,106 @@ interface.
%\section{Conclusions}\label{conclusions}
%We worked hard, and achieved very little.
\bibliographystyle{abbrv}
\bibliography{main}
\section{Current Promising Approach}
\subsection{Things TO-DO}
\begin{itemize}
\item Tapping mechanism using inbound approach.
\item How to tap without disrupting existing network operations.
\item Add SDN as a visible cloud resource.
\item Cloud resource for IDS instantiation.
\item inter domain SDN between cloud and core network.
\item Extend Model to Multi-side/Multi-domain.
\end{itemize}
\section{Architecture Diagram 2.0}
This is followed by openstack which uses SDN in its underlying network.
\centerline{\includegraphics[width=1.0\textwidth]{Cloud_SDN_Explained.jpg}}
\section{FlowVisor}
FlowVisor enforces isolation between each slice, i.e., one slice cannot
control another user's traffic. FlowVisor creates rich ''slices'' of network
resources and delegates control of each slice to a different controller.
\section{FOAM : OpenFlow aggregate manager}
FOAM uses GENI v3 rspecs, with the OpenFlow v3 extensions which GENI use to
allow experimenters to allocate OpenFlow resources. And uses FlowVisor to
keep the isolation of flowspaces between slivers.
\section{Foam and FlowVisor architecture}
\centerline{\includegraphics[width=1.0\textwidth]{foam_architecture.png}}
\section{Literature Survey}
\subsection{Playing Nice (TO-DO:2)}
Idea is to use flowvisor when pushing rules so that the existing network
doesn't get affected with our rules. Though our rules are important any
violation to the existing network is not desired and hence a rule which is
denied by our CNAC controller is legit and failure have to handled.
\subsection {Add SDN as a visible cloud resource (TO-DO:3)}
\subsubsection{OpenStack Neutron}
For creating virtual networks between cloud tenants in the cloud. This is
achieved using SDN which are used in two places.
\begin{itemize}
\item For the TOR control to connect physical machines using internal network.
\item Physical Machine runs openvswitch to connect to different VMs.
\end{itemize}
The current API's provided by OpenStack uses SDN to achieve the network,
subnet and port abstraction. These also provide firewall rules to handpick the
traffic type to the VMs.\\
This allows tenants to create private network inside the cloud. These are achieved
using OpenFlow rules using VLANS and GRE tunneling.\\
Though it uses SDN controllers we can't get our hands directly on the controller.
These are controlled by REST APIs from OpenStack Quatum Server based upon
the requests. If we are to make these SDN controller accept rules based on our
needs, OpenStack must be tailored to allow custom flows. Hopefully these kind of
debug possibilities should be there. I have to look into it.\\
\textbf{Example. Deliver all traffic with signature (tuple 5 match) to the this VM.
This must be done in a controlled way as other VM traffic might be
sucked in. [think through]}
Note : OpenStack has neat documentation for the all the services :)\\
Of the options we have in Open Source Cloud like Eucalyptus, Emulab,
OpenNebula, OpenStack is by far the best option we have.
\subsubsection{Amazon Virtual Private Cloud}
These also try to provide the user with the same functionality but the
underlying architecture is a closed one. This again the network is with the cloud
between the same administrative tenants.
\subsubsection{Related Work}
\textbf{SDN in Cloud}\\
The paper talks about using OpenFlow to create a virtual network
abstraction for the tenants. This is what OpenStack Neutron does.
\begin{itemize}
\item An OpenFlow based Network Virtualization Framework for the
Cloud\\
Link : \url{http://ieeexplore.ieee.org/xpls/abs\_all.jsp?arnumber=6133213\&tag=1}
\item Cloud orchestration with SDN/OpenFlow in carrier transport
networks\\
Link : \url{http://ieeexplore.ieee.org/xpls/abs\_all.jsp?arnumber=6602984}
\item Cloud computing networking: challenges and opportunities for
innovations\\
Link : \url{http://ieeexplore.ieee.org/xpls/abs\_all.jsp?arnumber=6553678}
\end{itemize}
\textbf{Multi-Site Work}
\begin{itemize}
\item Cloud Service Delivery Across Multiple Cloud Platforms Work in progress infrastructure to connect multi site tenants. This
is achieved by OpenFlow switches connecting the site and installing flows based on
the connectivity requirements of the services.
Link: \url{http://ieeexplore.ieee.org/xpls/abs\_all.jsp?arnumber=6009336}
\end{itemize}
\bibliographystyle{abbrv}
\bibliography{main}
\end{document}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment