Abstract
Middleboxes are widely deployed devices that play crucial roles in today’s networks. Their behavior is commonly determined by policies that are manually set by network administrators, what may be a burden for networks whose connectivity dynamically changes. Recently, with the advent of Software-Defined Networking (SDN), a number of possibilities for handling middlebox policy enforcement have emerged. Even though there have been some contributions in this area, none of them eliminate the necessity of manual configuration of middleboxes for policy enforcement. In this paper, we propose an SDN-based architecture for dynamic middlebox policy enforcement that is able to respond to network events without any manual intervention from the network administrator. The architecture is also based on an interface proposed in this paper that enables the communication between an SDN controller and any middlebox. To evaluate the policy enforcement architecture, a prototype with two types of middleboxes, a firewall and an Intrusion Prevention System (IPS), was implemented in a virtual machine. Hypothesis tests were performed in order to validate the experimental results obtained with the prototype. Results show that the architecture is able to dynamically enforce middlebox policies, allowing network applications to run appropriately with no impact on network performance.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
