Please use this identifier to cite or link to this item:
Title: vSwitch and software-defined network access control with openFlow
Authors: Nguyen, Bao Tri
Keywords: DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks
Issue Date: 2014
Abstract: In practice, general purpose network is usually implemented to support a wide range of tasks such as web hosting, administration servers and database, education, finance and many more. This requires the infrastructure to be built in a way which can ensure both reliable normal traffic and a certain level of security. However, scientific experiments see this as a hindrance. Science-DMZ (Demilitarized Zone) addresses this problem by having a different design in which a portion of the network – DMZ is separated from the main network. It has different hardware, configuration and security policies; all optimized for high performance scientific purposes. In Science-DMZ design, the DMZ is connected directly to a switch/router which then connects directly to the border router of the organization. Within the DMZ, the network performance is ensured. However, the firewall at the border router exists and it can possibly affect the performance if the DMZ is to be accessed externally. This can be the case when multiple organizations or research institutions want to have a joint research experiment where they share a common DMZ. The objective of this project is to make use of Software-Defined Network (SDN), OpenFlow technology in particular – a hardware-based solution to alleviate this potential firewall bottle neck which presents in wide-area joint Science-DMZs at the same time, providing the necessary access control with a conceptual design. The main idea is to replace the border router with an OpenFlow switch or add an OpenFlow switch as the secondary gateway, becoming the “border switch”. These border OpenFlow switches can then be connected together to form a large scale network of joint Science-DMZs. A system which manages access and controls the OpenFlow switches was proposed in the project. The design consists of three main parts: OpenFlow Controller, Interface and Authentication Server. The proof-of-concept system was developed and deployed on multiple environments, including the international SDN testbed RISE. The system was also able to integrate and make use of NTU’s Microsoft Active Directory User Databases for authentication. Testing results showed the possibility of such system to be implemented in actual application when the need arises for joint Science-DMZs. This conceptual system is scalable, portable, and easy for both management and maintenance thus giving the network designers flexibility in implementation for their applications to serve different needs of the researchers or the organizations.
Rights: Nanyang Technological University
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
  Restricted Access
Main article - amended FYP report12.88 MBAdobe PDFView/Open

Page view(s)

checked on Oct 1, 2020


checked on Oct 1, 2020

Google ScholarTM


Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.