Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Slides:



Advertisements
Similar presentations
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
Advertisements

IP Forwarding Relates to Lab 3.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security.
SDN and Openflow.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
1 K. Salah Module 4.0: Network Components Repeater Hub NIC Bridges Switches Routers VLANs.
Internetworking Devices that connect networks are called Internetworking devices. A segment is a network which does not contain Internetworking devices.
Chapter 9 Classification And Forwarding. Outline.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
CECS 474 Computer Network Interoperability Tracy Bradley Maples, Ph.D. Computer Engineering & Computer Science Cal ifornia State University, Long Beach.
Understanding Networks Charles Zangla. Network Models Before I can explain how connections are made from across the country, I would like to provide you.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Connecting LANs, Backbone Networks, and Virtual LANs
Introduction to networking (Yarnfield) Introduction to routing.
Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing And Switching.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.
InterVLAN Routing Design and Implementation. What Routers Do Intelligent, dynamic routing protocols for packet transport Packet filtering capabilities.
Information-Centric Networks10b-1 Week 13 / Paper 1 OpenFlow: enabling innovation in campus networks –Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru.
Chapter 4: Managing LAN Traffic
NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.
Common Devices Used In Computer Networks
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
Cisco – Chapter 11 Routers All You Ever Wanted To Know But Were Afraid to Ask.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
IP Forwarding.
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
Cisco 3 - LAN Perrine. J Page 110/20/2015 Chapter 8 VLAN VLAN: is a logical grouping grouped by: function department application VLAN configuration is.
Mahindra-British Telecom Ltd. Exploiting Layer 2 By Balwant Rathore.
OpenFlow:Enabling Innovation in Campus Network
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security.
Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Connecting Devices CORPORATE INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL Department of Electronics and.
Configuring VLAN Chapter 14 powered by DJ 1. Chapter Objectives At the end of this Chapter you will be able to:  Understand basic concept of VLAN  Configure.
Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.
Information-Centric Networks Section # 13.2: Alternatives Instructor: George Xylomenos Department: Informatics.
OpenFlow MPLS and the Open Source Label Switched Router Department of Computer Science and Information Engineering, National Cheng Kung University, Tainan,
+ Routing Concepts 1 st semester Objectives  Describe the primary functions and features of a router.  Explain how routers use information.
Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Cisco Networking Training (CCENT/CCT/CCNA R&S) Rick Rowe Ron Giannetti.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Networking Components William Isakson LTEC 4550 October 7, 2012 Module 3.
Coping with Link Failures in Centralized Control Plane Architecture Maulik Desai, Thyagarajan Nandagopal.
CHAPTER -II NETWORKING COMPONENTS CPIS 371 Computer Network 1 (Updated on 3/11/2013)
OpenFlow: Enabling Innovation in Campus Networks Yongli Chen.
Fabric: A Retrospective on Evolving SDN Presented by: Tarek Elgamal.
ROUTING AND ROUTING TABLES 2 nd semester
Instructor Materials Chapter 5: Ethernet
Chapter 4: Routing Concepts
Chapter 5: Inter-VLAN Routing
Chapter 6: Network Layer
Virtual LANs.
Chapter 7 Backbone Network
The Stanford Clean Slate Program
Implementing an OpenFlow Switch on the NetFPGA platform
CCE1030 Computer Networking
Networking and Network Protocols (Part2)
IP Forwarding Relates to Lab 3.
Virtual Private Network
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )

Outline OpenFlow Switch NetFPGA Require Software and Hardware Applications Expected Results

OpenFlow OpenFlow is an open standard to deploy new innovative protocols in the real networking environment. OpenFlow is an open interface for remotely controlling the forwarding tables in network switches, routers, and access points. OpenFlow provides an open protocol to program the flow-table in different switches and routers. An OpenFlow Switch consists of at least three parts: (1) A Flow Table, with an action associated with each flow entry, to tell the switch how to process the flow (2) A Secure Channel that connects the switch to a remote control process (called the controller), allowing commands and packets to be sent between a controller and the switch (3) The OpenFlow Protocol, which provides an open and standard way for a controller to communicate with a switch.

IP Router vs. OpenFlow Switch In a classical router or switch, the fast packet forwarding (data path) and the high level routing decisions (control path) occur on the same device. An OpenFlow Switch separates these two functions. The data path portion still resides on the switch, while high-level routing decisions are moved to a separate controller, typically a standard server.

Idealized OpenFlowSwitch The OpenFlow Switch and Controller communicate via the OpenFlow protocol, which defines messages, such as packet-received, send- packet-out, modify-forwarding-table, and get-stats.

How OpenFlow Switch works? When an OpenFlow Switch receives a packet it has never seen before, for which it has no matching flow entries, it sends this packet to the controller. The controller then makes a decision on how to handle this packet. It can drop the packet, or it can add a flow entry directing the switch on how to forward similar packets in the future.

OpenFlow Protocol The data path of an OpenFlow Switch presents a clean flow table abstraction – each flow table entry contains a set of packet fields to match, and an action. Open Flow Type 0 switch – Three required actions: Forward to a specific set of output ports Encapsulate and send to the controller Drop

Advantages of OpenFlow OpenFlowallows you to easily deploy innovative routing and switching protocols in your network. Amenable to high-performance and low-cost implementations. Capable of supporting a broad range of research. Assured to isolate experimental traffic from production traffic. Consistent with vendors’ need for closed platforms.

NetFPGA The NetFPGA is a low-cost platform, primarily designed as a tool for teaching networking hardware and router design. NetFPGAconsist of three parts – Hardware (Components of PCI card) Xilinx Virtex-II Pro 50 4x 1 Gigabit Ethernet ports 2x 18MB Static RAM (SRAM) 64 MB DDR DRAM – Gateware ( Hardware description source code) IPv4 router or 4-port NIC – Software (Device drivers, utilities, router control packages)

NetFPGA

Software and Hardware Software – CentOS – NetFPGA Package – Openflow Package VLAN Tag Handler Traffic Monitor – Packet Generator Hardware – NetFPGA – PCI card – Multiple PCs

Applications Traffic Management – To block or monitor the malicious traffic – To prevent VLan Hopping Attack

Monitoring Malicious Traffic In this application we will monitor the incoming traffic to take into account the traffic information (Protocol Assign Number, source IP address, and a packet counter of any packed dropped through). This data would be verified with the Black listed IP list Based upon the internal policies we can drop the traffic or generate alerts

What is a VLAN hopping attack? This is computer security exploit, a method of attacking networked resources on a VLAN A double tagging attack, an attacking host prepends two VLAN tags to packets that it transmits. The first header (which corresponds to the VLAN that the attacker is really a member of) is stripped off by a first switch the packet encounters, and the packet is then forwarded. The second, false, header is then visible to the second switch that the packet encounters. This false VLAN header indicates that the packet is destined for a host on a second, target VLAN. The packet is then sent to the target host as though it were layer 2 traffic. By this method, the attacking host can bypass layer 3 security measures that are used to logically isolate hosts from one another.

VLAN HOPPING ATTACK

Prevent VLan Hopping Attack The below schemes could be used to evade the VLAN hopping attack. We would be using the fields captured in the flow table or identify fields that would uniquely identify the hosts in the VLAN We could be using Squash Authentication scheme to authenticate the source before initiating the VLAN connection

Prevent VLan Hopping Attack We intend to configure a VLAN setup and analyze the packets that flow between two hosts in the same VLAN Need to uniquely identify the host in a VLAN based upon the packets transmitted Based upon the identifier drop packets if we discover any VLAN hopping attack. Flow Header Entry

Squash Algorithm Lower Power consumption Good Security Speed ADDVANTAGE

Result Making a switch to act as a basic firewall Prevent VLAN hopping attack

Wiki Link OpenFlowSwitch-NetFPGA-TrafficMgmt

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.