Simplifying network management using Software Defined Networking and OpenFlow

Abstract

As the complexity of deployments increases, network managers face two problems that we address in this paper. First, the deployment of middleboxes in choke points (between two routers through which all traffic flows), raises concerns regarding robustness, correctness and efficiency. Second, dynamically managing traffic isolation in a network is a very tedious task. In this paper we propose using Software Defined Networks (SDN) and OpenFlow to simplify network management by addressing these two challenges. SDN consists of decoupling the control and data planes of a network. OpenFlow standardizes the way that the controller communicates with the network devices in an SDN architecture. To overcome the challenge faced by deploying middleboxes in choke points, we show how these appliances can be deployed at waypoints. In this architecture, a waypoint is only traversed by traffic that needs further processing. The remaining data flows through the network without being processed by the middlebox. We have developed an application that implements an encryption processing unit that works as a waypoint and we show how OpenFlow can be used to route through the encryption unit only the traffic that requires encryption. To overcome the challenge of dynamic traffic isolation, we show how a network manager can use an application to create, delete and modify virtual local area networks (VLANs) in a dynamic way to achieve traffic isolation. Our implementation provides a GUI to the user so that the administration of the VLANs is greatly simplified.