Distributed packet inspection for network security purposes in software-defined networking environments

Distributed packet inspection for network security purposes in software-defined networking environments

연구 분야: Infrastructure

학회: ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

5G networks are foreseen to offer rich ubiquitous communication infrastructure with wide range of high-quality services. However, as they are formed using a mix of modern network technologies ensuring their security is crucial. Currently, Software Defined Networking is envisioned as a key technology to provide security in 5G. However, due to its centralized nature SDN-based systems may suffer from performance issues and are difficult to scale. That is why in this paper, we propose a novel distributed packet inspection method which is easy to scale, migrate and is able to utilize any existing SDN controller software. Instead of running a single instance of SDN controller process we propose to utilize multiple processes and to distribute the traffic in a fair manner across running instances. In result, such a load-balancing solution is able to run independently on multiple machines allowing for highly scalable solution. Performed experimental evaluation proves that such solution is efficient and effective.