Figure: Comparison of city driving with and without navigation



Download 2,33 Mb.
bet1/2
Sana09.07.2022
Hajmi2,33 Mb.
#766527
  1   2
Bog'liq
Self study 424-7


Network devices such as a switch Ethernet in the local network of an enterprise, or a router on the network of a telecom operator, consist of two main components: packet switching devices (data plane, DP) and software (software) that controls the transmission of packets from the input to the output of the switch (control plane, CP). This software is sometimes calledfirmwaresince manufacturer only (vendor) of this network device can change it.
Figure: 1. Traditional network architecture with DP and CP control layers in each network device.
When a data packet arrives at the input port of the switch, that port requests firmwarewhat to do with this package next. Firmwaredetermines the next packet transmission address, according to the table of MAC addresses of neighboring network devices that are connected to the switch, and determines the output port where this packet should be sent. This is a very simplified description, but to further understand how SDN works, it is sufficient....
Composition of protocols firmware is the exclusive competence vendorbecause only he has access to the source code. The network operator is forced to acquire, along with the functions he needs, a network device and a lot of unnecessary functions at the moment, just because they are already "wired" into the standardfirmware...
However, this is not the only drawback of traditional network design (networking). A network where each network element has its own "brains" does not work well. As an analogy, you can cite car traffic in a city without using the cloud-based navigation service with traffic jams, which most drivers in large cities are already used to.
Figure: 2. Comparison of city driving with and without navigation.
On the network, each router is similar to an intersection, which is passed by a driver without a navigator. Each time he decides himself where to turn, focusing on the visual workload of the next section.
When driving with a navigator, he does not have such a problem. He not only spends less time deciding on the next leg of the route, but also arrives at his destination much faster, because the navigator suggests the optimal route, taking into account traffic jams, accidents, road works, etc. However, this effect occurs only when most cars (ideally all) use cloud navigation, for example, from Yandex orGoogle... If the majority of cars use optimized routes, the congestion of the streets decreases and the capacity of the entire city street network increases. Could this principle be applied to routing management on a network?
This is exactly the idea that scientists came up with. StanfordUniversity of California. They proposed the concept of separating the "switch brains" (its software in the formfirmware) from the switch equipment (hardware). Moreover, the traditional network splits into two planes - control (Control Plane) and data transmission (Data Plane). At the same time, the first plane goes to centralized servers, and the second remains in the equipment of network elements devoid of redundantfirmware... Moreover, each network and each network element uses only those functions from the control plane that are currently needed. Control plane (Control Plane) is called an SDN controller and is located on standard servers that are located in data processing centers (DC), or data centers.
Figure: 3. The architecture of the SDN network. Source: networklife.net.
SDN, Software Defined Network: programmaticallya definable (or configurable) network. This means not only that network elements are managedprogrammaticallyand can be quickly and efficiently rebuilt, but also the fact that many networks can be deployed on one physical pool of network elements that are logically independent of each other. Such logical networks can carry traffic flows of different business applications without interfering with each other....
Applications requiring different network parameters and network configurations administer the SDN controller using APIs (Application Programming Interface). In such an architecture, each business application can configure a logical network for itself via the SDN controller from the common resources of the network infrastructure of the data transfer layer. And each such network will work independently of other logical networks in the same pool of resources (if they are sufficient).
Figure: 4. Application layer and protocolOpenFlow in SDN-Network Source: Bigswitch.com.
To control the network infrastructure from the SDN controller, an open control protocol is required. Such a protocol, developed by scientists at Stanford, is calledOpenFlow (although, as will be shown, this is not the only possible protocol for this application).
Software-defined network (SDN) radically changes the network architecture by decoupling the network logic from the underlying forwarding devices. This architectural change rejuvenates the network-layer granting centralized management andreprogrammabilityof the networks. From a security perspective, SDN separates security concerns into control and data plane, and this architecturalrecompositionbrings up exciting opportunities and challenges. The overall perception is that SDN capabilities will ultimately result in improved security. However, in its raw form, SDN could potentially make networks more vulnerable to attacks and harder to protect. In this paper, we provide a comprehensive review of SDN security domain while focusing on its data plane, which is one of the least explored but most critical aspects in securing this technology.
We review the most recent enhancements in SDNs, identify the main vulnerabilities of SDNs, and provide a novel attack taxonomy for SDNs. Thereafter, we provide a comprehensive analysis of challenges involved in protecting SDN data plane and control plane and provide an in-depth look into available solutions with respect to the identified threats and identify their limitations. To highlight the importance of securing the SDN platform, we also review the numerous security services built on top of this technology. We conclude the paper by offering future research directions.

Download 2,33 Mb.

Do'stlaringiz bilan baham:
  1   2



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish