Software-Defined Networking (SDN), network security virtualization, capacity-based routing, security-oriented routing, dynamic routing reconfiguration
Software-Defined Networking (SDN) decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However, traditional routing mechanisms in SDN, based on the Dijkstra shortest path, do not take the capacity of nodes into account, which may lead to network congestion. Moreover, security resource utilization in SDN is inefficient and is not addressed by existing routing algorithms. In this paper, we propose RouteGuardian, a reliable security-oriented SDN routing mechanism, which considers the capabilities of SDN switch nodes combined with a Network Security Virtualization framework. Our scheme employs the distributed network security devices effectively to ensure analysis of abnormal traffic and malicious node isolation. Furthermore, RouteGuardian supports dynamic routing reconfiguration according to the latest network status. We prototyped RouteGuardian and conducted theoretical analysis and performance evaluation. Our results demonstrate that this approach can effectively use the existing security devices and mechanisms in SDN.
Tsinghua University Press
Mengmeng Wang, Jianwei Liu, Jian Mao et al. RouteGuardian: Constructing Secure Routing Paths in Software-Defined Networking. Tsinghua Science and Technology 2017, 22(4): 400-412.