Title | ||
---|---|---|
ACLFLOW: An NFV/SDN Security Framework for Provisioning and Managing Access Control Lists |
Abstract | ||
---|---|---|
Router Access Control Lists (ACLs) are a traditional way to filter traffic on cloud computing selectively. However, a large number of rules may be required, whereas the storage capacity of router Ternary Content Addressable Memories (TCAMs) is scarce and expensive. This paper proposes a Network Functions Virtualization (NFV)/Software-Defined Networking (SDN) security framework, named ACLFLOW. ACLFLOW (i) translates regular ACLs (source/destination IP, source/destination port, and protocol) into OpenFlow filtering rules; (ii) creates and manages large OpenFlow ACLs on distributed software switches, which act as security virtual network functions (named OpenFlow VNF-ACLs), to address the TCAM storage capacity problem; (iii) implements a proposed algorithm to dynamically prioritize the most popular rule to accelerate switching operations; and (iv) orchestrates and accelerates the deployment of NFV/SDN environments into production clouds. We have implemented a framework prototype into the Open Platform for NFV (OPNFV) and evaluated its performance using different tools and scenarios. Results show that OpenFlow VNF-ACL improves maximum throughput by up to 90%, its HTTP request rates are up to 50% better, and it reduces Round Trip Time (RTT) by 70% when its performance is compared with a stateless Iptables running in virtual machines. Moreover, the proposed algorithm dynamically improves HTTP request rate of flows with the highest traffic volume by 15% and reduces RTT by 25% when compared with ACLFLOW without prioritization. |
Year | DOI | Venue |
---|---|---|
2018 | 10.1109/NOF.2018.8598136 | 2018 9th International Conference on the Network of the Future (NOF) |
Keywords | Field | DocType |
switching operations,production clouds,OpenFlow VNF-ACL,virtual machines,OpenFlow filtering rules,distributed software switches,security virtual network functions,TCAM storage capacity problem,NFV security framework,SDN security framework,access control list provisioning,access control list management,router access control lists,cloud computing,router ternary content addressable memories,network functions virtualization security framework,software-defined networking security framework,ACLFLOW,regular ACL,source-destination IP,source-destination port,OpenFlow ACL,HTTP request rate,traffic volume | Virtual network,Virtual machine,Computer science,Computer network,Provisioning,OpenFlow,Access control,Throughput,Router,Cloud computing | Conference |
ISSN | ISBN | Citations |
2377-8652 | 978-1-5386-8504-4 | 1 |
PageRank | References | Authors |
0.36 | 13 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Leopoldo A. F. Mauricio | 1 | 1 | 0.36 |
Rubinstein, M.G. | 2 | 1 | 0.70 |
Otto Carlos Muniz Bandeira Duarte | 3 | 686 | 55.46 |