A monitoring-based load balancing scheme for network security functions
| Autor: | Dongjin Hong, Jaehoon Jeong, Daeyoung Hyun, Jinyong Kim |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
business.industry
Computer science Network packet Network security Message format 0102 computer and information sciences 02 engineering and technology Load balancing (computing) Network topology 01 natural sciences Telecommunications network Load management 010201 computation theory & mathematics 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing The Internet business Computer network |
| Zdroj: | ICTC |
| DOI: | 10.1109/ictc.2017.8191063 |
| Popis: | This paper proposes an enhanced Interface to Network Security Functions (I2NSF) framework. To improve the whole packet throughput and manage resource of Network Security Functions (NSFs), the enhanced I2NSF framework monitors NSFs and distributes incoming packets to NSFs efficiently. Even if the legacy framework that provides security services using Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) has the similar NSFs, it is inefficient to be unable to distribute the packets to multiple NSFs. Based on the legacy I2NSF framework, therefore, we add two kinds of communication such as (i) communication between NSFs and security controller to monitor NSFs and (ii) communication between Security Function Forwarder (SFF) and security controller to perform the load balance for the packets to multiple NSFs. For the further communications between NSFs with security controller, we present a message format based on the information model proposed by Internet Engineering Task Force (IETF) I2NSF Working Group. We use capability data model proposed by IETF I2NSF WG, which describes the capability of an NSF. In order to show the feasibility of the proposed framework, we implemented the enhanced framework using IETF standards and open sources. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|