Presentation is loading. Please wait.

Presentation is loading. Please wait.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Published bySheila Horton Modified over 9 years ago

Similar presentations

Presentation on theme: "Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)"— Presentation transcript:

1 Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

2 Outline OpenFlow Switch NetFPGA Require Software and Hardware Applications Expected Results

3 OpenFlow OpenFlow is an open standard to deploy new innovative protocols in the real networking environment. OpenFlow is an open interface for remotely controlling the forwarding tables in network switches, routers, and access points. OpenFlow provides an open protocol to program the flow-table in different switches and routers. An OpenFlow Switch consists of at least three parts: (1) A Flow Table, with an action associated with each flow entry, to tell the switch how to process the flow (2) A Secure Channel that connects the switch to a remote control process (called the controller), allowing commands and packets to be sent between a controller and the switch (3) The OpenFlow Protocol, which provides an open and standard way for a controller to communicate with a switch.

4 IP Router vs. OpenFlow Switch In a classical router or switch, the fast packet forwarding (data path) and the high level routing decisions (control path) occur on the same device. An OpenFlow Switch separates these two functions. The data path portion still resides on the switch, while high-level routing decisions are moved to a separate controller, typically a standard server.

5 Idealized OpenFlow Switch The OpenFlow Switch and Controller communicate via the OpenFlow protocol, which defines messages, such as packet-received, send- packet-out, modify-forwarding-table, and get-stats.

6 How OpenFlow Switch works? When an OpenFlow Switch receives a packet it has never seen before, for which it has no matching flow entries, it sends this packet to the controller. The controller then makes a decision on how to handle this packet. It can drop the packet, or it can add a flow entry directing the switch on how to forward similar packets in the future.

7 OpenFlow Protocol The data path of an OpenFlow Switch presents a clean flow table abstraction – each flow table entry contains a set of packet fields to match, and an action. Open Flow Type 0 switch – Three required actions: Forward to a specific set of output ports Encapsulate and send to the controller Drop

8 Advantages of OpenFlow OpenFlow allows you to easily deploy innovative routing and switching protocols in your network. Amenable to high-performance and low-cost implementations. Capable of supporting a broad range of research. Assured to isolate experimental traffic from production traffic. Consistent with vendors’ need for closed platforms.

9 NetFPGA The NetFPGA is a low-cost platform, primarily designed as a tool for teaching networking hardware and router design. NetFPGA consist of three parts – Hardware (Components of PCI card) Xilinx Virtex-II Pro 50 4x 1 Gigabit Ethernet ports 2x 18MB Static RAM (SRAM) 64 MB DDR DRAM – Gateware ( Hardware description source code) IPv4 router or 4-port NIC – Software (Device drivers, utilities, router control packages)

10 NetFPGA

11 Software and Hardware Software – CentOS – NetFPGA Package – Openflow Package VLAN Tag Handler Traffic Monitor – Packet Generator Hardware – NetFPGA – PCI card – PCs

12 Applications Traffic Management – To block or monitor the malicious traffic – To avoid VLan Hopping Attack

13 Monitoring Malicious Traffic In this application we will monitor the incoming traffic to take into account the traffic information (Protocol Assign Number, source IP address, and a packet counter of any packed dropped through). This data would be verified with the Black listed IP list Based upon the internal policies we can drop the traffic or generate alerts

14 What is a VLAN hopping attack? This is computer security exploit, a method of attacking networked resources on a VLAN A double tagging attack, an attacking host prepends two VLAN tags to packets that it transmits. The first header (which corresponds to the VLAN that the attacker is really a member of) is stripped off by a first switch the packet encounters, and the packet is then forwarded. The second, false, header is then visible to the second switch that the packet encounters. This false VLAN header indicates that the packet is destined for a host on a second, target VLAN. The packet is then sent to the target host as though it were layer 2 traffic. By this method, the attacking host can bypass layer 3 security measures that are used to logically isolate hosts from one another.

15 VLAN HOPPING ATTACK

16 Avoid VLan Hopping Attack We intend to configure a VLAN setup and analyze the packets that flow between two hosts in the same VLAN Need to uniquely identify the host that are communicating based upon the packets transmitted Based upon the identifier drop packets if we discover any VLAN hopping attack.

17 FLOW TABLE ENTRIES The below schemes could be used to evade the VLAN hopping attack. We would be using the fields captured in the flow table or identify fields that would uniquely identify the hosts We could be using Squash Authentication scheme to authenticate the source before initiating the VLAN connection avoid hopping.

18 Result Making a switch to act as a basic firewall Prevent VLAN hopping attack

19 Ref-Flow Entry 1. Forward this flow’s packets to a given port (or ports). This allows packets to be routed through the network. In most switches this is expected to take place at line rate. 2. Encapsulate and forward this flow’s packets to a controller. Packet is delivered to Secure Channel, where it is encapsulated and sent to a controller. Typically used for the first packet in a new flow, so a controller can decide if the flow should be added to the Flow Table. Or in some experiments, it could be used to forward all packets to a controller for processing. 3. Drop this flow’s packets. Can be used for security, to curb denial of service attacks, or to reduce spurious broadcast discovery traffic from end-hosts. 4. Forward this flow’s packets through the switch’s normal processing pipeline.

20 OpenFlowSwitch-NetFPGA- TrafficMgmt http://openflowswitch-netfpga-trafficmgmt.wikispaces.asu.edu/

Download ppt "Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)"

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
IP Forwarding Relates to Lab 3.

IP Forwarding Relates to Lab 3.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
SDN and Openflow.

SDN and Openflow.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.

1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.
1 Version 3.0 Module 10 Routing Fundamentals and Subnetting.

1 Version 3.0 Module 10 Routing Fundamentals and Subnetting.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
Networking Components

Networking Components
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Understanding Networks Charles Zangla. Network Models Before I can explain how connections are made from across the country, I would like to provide you.

Understanding Networks Charles Zangla. Network Models Before I can explain how connections are made from across the country, I would like to provide you.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Connecting LANs, Backbone Networks, and Virtual LANs

Connecting LANs, Backbone Networks, and Virtual LANs
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Similar presentations

Ads by Google