Summary
APNOMS (Asia-Pacific Network Operations and Management Symposium)
2013
Session Number:TS9
Session:
Number:TS9-1
Load Distribution of an OpenFlow Controller for Role-based Network Access Control
Takayuki Sasaki, Yoichi Hatano, Kentaro Sonoda, Yoichiro Morita, Hideyuki Shimonishi, Toshihiko Okamura,
pp.-
Publication Date:2013/09/25
Online ISSN:2188-5079
Summary:
Network attacks have been coming from not only outside of an organization but also internal networks in recent years due to malware infected clients and malicious insiders. Therefore, a firewall on the network boundary is insufficient for preventing such attacks. To prevent the attacks, we have developed a network access control system using OpenFlow. The system monitors whole internal networks and performs access control on the basis of Role Based Access Control (RBAC) on OpenFlow architecture. In the system, however, one problem is that the controller may become a performance bottleneck of the system for large scale network, because the controller monitors and controls all traffics in the network. In this paper, we propose an architecture which evaluates RBAC rules at OpenFlow switch side for load distribution. Furthermore, we evaluate its feasibility and performance, and show that the architecture can reduce the size of dynamically distributed rules by 93% in an ideal case.