Proposed Protocol and Architecture of SDN Data Center System

Verified

Added on 2019/09/27

AI Summary

This chapter discusses the methodology of a SDN data center system, including its architecture and protocol structure. The proposed system uses a centralized architecture with three levels of controllers: source controller, head controller, and domain controller. The protocol exchanges packets between controllers and contains four sections: data section, signature section, time section, and miscellaneous section. The detection algorithm is implemented through two ways: first detection node connected to the head controller, and second utilization of SDN programmability of head controller and embedded detection algorithm within. The system uses Mininet environment for simulation purposes, examining various parameters such as preservation of evidence, action, absolute speed, accuracy, processing delay, throughput, CPU utilization, and memory utilization.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Chapter Three: Methodology

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

3.1Introduction
In this chapter, the proposed protocol and architecture of the
SDN data center system, and the forensic details will be explained. The
forensic algorithm builds in main concepts as following:
- SDN architecture
- Centralized architecture
- Preserved the packet source IP address and Data section
- Decision making by centralized
- Detection functions implemented through two ways: first
detection node connected to the head controller, second utilization the
SDN programmability of head controller and embedded the detection
algorithm within.
- Backward flow once the attacks detected
The detection will be examined once the controller is not domain
controller.
However, the chapter further evaluated the proposed system
adopting Mininet environment to stimulate the datacenter protocol
structure and various parameters will be determined such as
preservation of evidence, action, absolute speed, accuracy, delay,
throughput, CPU utilization for the controllers.
3.2Proposed Architecture of the SDN network
The proposed architecture of the data center will be
accommodate the SDN architecture, where the controller of the system
will be divided in two three level called respectively the source
controller, head controller and domain controller.

The source controller is the controller which the message or
information induced from.
The Head controller has the same concept of centralized
controller, or in other words; it is the controller which only response is
to forward the packets of data to the next controller. The controller will
be head controller if it is not a source and not the destination.
The destination controller, which is the last controller in the
scheme and the target of packet to reside in.
These controllers exchange packet in term of proposed protocol,
where the extra or addition node embedded informed the head
controller of attacks through deploying various detection system or
algorithm such as the proposed Niyaz et al. study [28] which detects
the DDos attacks that consider the common attacks that datacentre
exposure. Additional algorithm will be used the Tang et al. [29], which
detect the IDS attacks. The main idea of the detection algorithm
implementation in the architecture gained based the programmability
feature of the SDN controllers or Node, which the detection node can
be added as extra node in the architecture or as embedded in the
controller functions. In the last case, many parameters have to be
concerned as CPU utilization, storage, processing time, and
throughputs.
The main parameter must be guarantee in both detection
implementation cases; the processing time must be less than the time of
data center's switches forwarding packets, where decision must be
taken before the packets reach the destination SDN network. The
processing time can be adjust based the detection algorithm chosen.
Further, the trade off between detection accuracy and time processing
must be achieved.

3.3Proposed Protocol structure
The proposed protocol exchanges between controllers, and
contains three sections the data sections, Signature section, time section,
and miscellaneous section.
Data Section: is the section, which contains the decision taken by
head controllers regards the packet if it is attacks packets. The data
contains the IP of the attacks packet and detection either by block it or
mitigate its packets. This decision is sent to the Source controller. The
data contained will be represented by JSON format; which used due to
its self-descriptive characteristic.
Signature Section: is the section, which contains the private key.
Private key is the authentication and the signature among controller. The
private key and the corresponding public key generation is conformed
the Hadoop Identity Authentication which introduced in [35].
The time stamp in the [35] is saved in the time section, thus the
time section can be grouped with signature section.
In meanwhile, the routing of the packet in the SDN network of the
controller paused the routing; and the packet saved in network until
acknowledge of source received to back forwarded the packet to source
controller network for preserving it as evidence. That mean the
evidences saved in the source controllers. Further, the head controller
only preserve the block IP lists.
miscellaneous section is the section that contains the other normal
or ordinary parts of the packet of the controller.
3.4Evolution

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

The Mininet is the tool used for evolution purposes of the
proposed protocol and SDN architecture. However, the Mininet [36]
enables the user to build a realistic virtual network, and adopt real
kernel, switch and application code with an easy and simple commands.
Its is facilitate the interaction with created network using the command
line in software CLI, and adjust the components using the API
parameters.
The stimulate network in Mininet corresponding to real state
conditions, where all instance of the mininet connected via GRE
tunneling.
In the simulation of the proposed real conditions were examined.
The test will consider the both cases: case of normal clean packet, the
DDOs attack packets, and IDS attack packets generated from the source
controller network.
Also both detection implementation cases will be examined.
Various parameters will be determined such as preservation of evidence,
action, absolute speed, accuracy, processing delay, throughput, Latency,
CPU utilization and Memory utilization for the each controller.
Also the research will discuss the payload (protocol structure)
effects.
3.5References

[35] R. Tabassum and N. Tyagi, "Hadoop Identity Authentication
using Public Private Key Concept", International Journal of
Engineering Trends and Technology, vol. 45, no. 9, pp. 436-442,
2017.
[36]M. Team, "Mininet: An Instant Virtual Network on your
Laptop (or other PC) - Mininet", Mininet.org, 2018. [Online].
Available: http://mininet.org/. [Accessed: 25- Jul- 2018].

1 out of 6

Proposed Protocol and Architecture of SDN Data Center System

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Related Documents

Forensic Based SDN in Data Centers | Report

Security and Risk Management in Banking Industry

+13062052269

info@desklib.com