TY - GEN
T1 - A monitoring-based load balancing scheme for network security functions
AU - Hong, Dongjin
AU - Kim, Jinyong
AU - Hyun, Daeyoung
AU - Jeong, Jaehoon Paul
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/12/12
Y1 - 2017/12/12
N2 - This paper proposes an enhanced Interface to Network Security Functions (I2NSF) framework. To improve the whole packet throughput and manage resource of Network Security Functions (NSFs), the enhanced I2NSF framework monitors NSFs and distributes incoming packets to NSFs efficiently. Even if the legacy framework that provides security services using Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) has the similar NSFs, it is inefficient to be unable to distribute the packets to multiple NSFs. Based on the legacy I2NSF framework, therefore, we add two kinds of communication such as (i) communication between NSFs and security controller to monitor NSFs and (ii) communication between Security Function Forwarder (SFF) and security controller to perform the load balance for the packets to multiple NSFs. For the further communications between NSFs with security controller, we present a message format based on the information model proposed by Internet Engineering Task Force (IETF) I2NSF Working Group. We use capability data model proposed by IETF I2NSF WG, which describes the capability of an NSF. In order to show the feasibility of the proposed framework, we implemented the enhanced framework using IETF standards and open sources.
AB - This paper proposes an enhanced Interface to Network Security Functions (I2NSF) framework. To improve the whole packet throughput and manage resource of Network Security Functions (NSFs), the enhanced I2NSF framework monitors NSFs and distributes incoming packets to NSFs efficiently. Even if the legacy framework that provides security services using Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) has the similar NSFs, it is inefficient to be unable to distribute the packets to multiple NSFs. Based on the legacy I2NSF framework, therefore, we add two kinds of communication such as (i) communication between NSFs and security controller to monitor NSFs and (ii) communication between Security Function Forwarder (SFF) and security controller to perform the load balance for the packets to multiple NSFs. For the further communications between NSFs with security controller, we present a message format based on the information model proposed by Internet Engineering Task Force (IETF) I2NSF Working Group. We use capability data model proposed by IETF I2NSF WG, which describes the capability of an NSF. In order to show the feasibility of the proposed framework, we implemented the enhanced framework using IETF standards and open sources.
KW - Interface to Network Security Functions
KW - Load Balancing
KW - Monitoring
KW - Network Functions Virtualization
KW - Software Defined Networking
UR - https://www.scopus.com/pages/publications/85046891850
U2 - 10.1109/ICTC.2017.8191063
DO - 10.1109/ICTC.2017.8191063
M3 - Conference contribution
AN - SCOPUS:85046891850
T3 - International Conference on Information and Communication Technology Convergence: ICT Convergence Technologies Leading the Fourth Industrial Revolution, ICTC 2017
SP - 668
EP - 672
BT - International Conference on Information and Communication Technology Convergence
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 8th International Conference on Information and Communication Technology Convergence, ICTC 2017
Y2 - 18 October 2017 through 20 October 2017
ER -