Software Defined Networking and OpenFlow can Provide Real Security
Page 1 of 1
At last week's Interop conference in Las Vegas, Software Defined Networking (SDN) was a dominant topic during keynotes and sessions alike. While many vendors were talking about the promise of SDN and the OpenFlow protocol, Matt Davey, Chief Network Architect at Indiana University is actually deploying the technology to help service the need of the 120,000 users he supports.
While OpenFlow started out as a university research effort, Davey stressed that OpenFlow isn't just for university research any more. For his network, he noted that the Indiana University campus has a large footprint that includes hospitals, medical labs, hotels, conference centers and police.
"We need to be able to give control of some of the network to departments, but we need a converged infrastructure," Davey said. "We now have groups that built applications on top of OpenFlow controllers and deployed them into production."
One of those applications is the Intrusion Detection System (IPS) that the university uses which is based on the open source SNORT project. There was a need to scale up the IPS deployment, which involved the use of a load balancer.
"We needed basic load balancing capabilities to take all of our spam port traffic into one location and then spread that across a large number of IPS servers," Davey said. "We were able to go in on top of an open source OpenFlow controller that we built, that turns a basic top-of-rack switch into a load balancer."
As such, the network now has a 64-port 10 Gbps load balancer with a few dozen x86 servers attached to handle IPS traffic. Davey noted that his team spent $20,000 in developer time to turn the switch into a load balancer using OpenFlow.
Going a step further, Davey and his team are now looking at leveraging OpenFlow to help push rules that will mitigate attacks across the network. Managing security policy across a network is a key use case for OpenFlow overall.