Abstract
|
Legacy networks do not have the necessary … Legacy networks do not have the necessary dynamism to follow the evolution
online services have experienced in the past few years. In order to
overcome this problem, the Software Defined Networking (SDN) paradigm
was proposed. The goal of this paradigm is change the way networks are
controlled. In legacy networks, the control plane and the data plane are coupled
together in the network elements. SDN separates the control plane and
the data plane through the use of a standard SDN Application Programming
Interface (API) in the data plane to communicate with the logically centralized
control plane. In order to reap the benefits of SDN, a plan of migration
for legacy networks should be established. For optical networks the migration
to SDN is not easy because optical equipments have their own protocols
to communicate and there are no SDN standardized interfaces prepared to
abstract these type of equipments. In order to solve this problem, organizations
such as China Mobile, China Telecom, Verizon and industry organizations
like the Open Networking Foundation (ONF) have proposed the use of
an abstraction layer between the data plane and the main controller. This
abstraction layer is responsible to convert the optical equipment protocols
into a standard SDN Application Programming Interface (API) to communicate
with the main controller. The abstraction layer can be considered an
optical equipment controller, the Original Equipment Manufacturer (OEM)
controller. With this approach, service providers (SP) (i.e., telecommunication
operators) only need to have a main controller to orchestrate the whole
network through the use of OEM controllers. With this solution the Service
Providers (SP) are able to control the optical network with different optical
equipment from multiple vendors (multi-domain networks).
The OEM controllers are responsible to execute all the operations in the
Network Element (NE) (the NE is the optical equipment) that constitutes
the Data Plane (DP). They also process information that comes from the
NE and translate that information to the main controller. Examples include:
network information and performance of services. The challenge is that if the
OEM controller is compromised, the entire optical network is compromised.
This is the main motivation for this project.
The objective of our work is to develop a solution that can help the
Service Provider (SP) to have confidence in the NEs and respective optical
network connections. To achieve this goal, the system has to guarantee the
availability and integrity of the OEM controller. This component should be
always available to process notifications, be it from the NEs or from the main
controller. It should also be ensured that the integrity of all requests thatare sent by the SP controller to the OEM controllers is guaranteed.
In order to solve these problems, we propose a new security mechanism
for the OEM controller to protect the optical network. The solution consists
in the use of a reverse proxy and a firewall to control the
ow of requests to
the OEM controller. The communication between the SP controller and the
OEM controller is also made secure to assure the integrity of requests. ecure to assure the integrity of requests.
|