Abstract
Currently, different kinds of security devices are deployed in the cloud datacenter environment and tenants may choose their desired security services such as firewall and IDS (intrusion detection system). At the same time, tenants in cloud computing datacenters are dynamic and have different requirements. Therefore, security device deployment in cloud datacenters is very complex and may lead to inefficient resource utilization. In this paper, we study this problem in a software-defined network (SDN) based multi-tenant cloud datacenter environment. We propose a load-adaptive traffic steering and packet forwarding scheme called LTSS to solve the problem. Our scheme combines SDN controller with TagOper plug-in to determine the traffic paths with the minimum load for tenants and allows tenants to get their desired security services in SDN-based datacenter networks. We also build a prototype system for LTSS to verify its functionality and evaluate performance of our design.
Similar content being viewed by others
References
Jain S, Kumar A, Mandal S et al. B4: Experience with a globally-deployed software defined WAN. In Proc. the ACM SIGCOMM, August 2013, pp.3-14.
Benson T, Akella A, Shaikh A et al. CloudNaaS: A cloud networking platform for enterprise applications. In Proc. the 2nd ACM Symposium on Cloud Computing, October 2011, pp.353-365.
Shin S, Song Y, Lee T et al. Rosemary: A robust, secure, and high performance network operating system. In Proc. the 21st ACM Conference on Computer and Communications Security (CCS), November 2014, pp.78-89.
Shin S Gu G. CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks. In Proc. NPSec12, November 2012.
Sherry J, Hasan S, Scott C et al. Making middleboxes someone else’s problem: Network processing as a cloud service. In Proc. the ACM SIGCOMM, August 2012, pp.13-24.
Qazi Z A, Tu C, Chiang L et al. Simple-fying middlebox policy enforcement using SDN. In Proc. ACM SIGCOMM, August 2013, pp.27-38.
Fayazbakhsh S K, Chiang L, Sekar V, Yu M L et al. Enforcing network-wide policies in the presence of dynamic middlebox actions using FlowTags. In Proc. the 11th USENIX Symposium on Networked Systems Design and Implementation, April 2014, pp.543-546.
Hari A, Niesen U, Wilfong G. Optimal path encoding for software-defined networks. In Proc. IEEE International Symposium on Information Theory, June 2015, pp.2361-2365.
Hari A, Lakshman T V, Wilfong G. Path switching: Reduced-state flow handling in SDN using path information. In Proc. CoNEXT, December 2015.
Shin S, Wang H, Gu G et al. A first step toward network security virtualization: From concept to prototype. IEEE Transactions on Information Forensics and Security, 2015, 10(10): 2236-2249.
Shin S, Yegneswaran V, Porras P, Gu G. AVANT-GUARD: Scalable and vigilant switch flow management in software-defined networks. In Proc. the 20th ACM Conference on Computer and Communications Security (CCS), November 2013, pp.413-424.
Shin S, Porras P A, Yegneswaran V, Fong M W, Gu G, Tyson M. Fresco: Modular composable security services for software-defined networks. In Proc. the 20th Annual Network and Distributed System Security Symposium (NDSS2013), February 2013.
Du X K, Lu Z H,Wu J,Wu C R, Chen S. PDSDN: A policydriven SDN controller improving scheme for multi-tenant cloud datacenter environments. In Proc. the 13th IEEE International Conference on Services Computing (SCC), June 2016, pp.387-394.
Erickson D. The beacon OpenFlow controller. In Proc. ACM SIGCOMM, August 2013, pp.13-18.
John W, Pentikousis K, Agapiou G et al. Research directions in network service chaining. In Proc. Software Defined Networks for Future Networks & Services, November 2013.
Cao Z Z, Kodialam M, Lakshman T V. Traffic steering in software defined networks: Planning and online routing. In Proc. the 2014 ACM SIGCOMM workshop on Distributed Cloud Computing (DCC), August 2014, pp.65-70.
Pfaff B, Pettit J, Koponen T et al. The design and implementation of Open vSwitch. In Proc. the 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15), March 2015, pp.117-130.
Heorhiadi V, Reiter M K, Sekar V et al. New opportunities for load balancing in network-wide intrusion detection systems. In Proc. ACM CoNEXT, December 2012, pp.361-372.
Zhang W, Rajasekaran S, Wood T et al. MIMP: Feadline and interference aware scheduling of Hadoop virtual machines. In Proc. the 14th ACM International Symposium on Cluster, Cloud and Grid Computing, May 2014, pp.394-403.
Rao B T, Sridevi N V, Reddy V K, Reddy L S S. Performance issues of heterogeneous Hadoop clusters in cloud computing. Global Journal of Computer Science and Technology, 2011, XI(VIII): 80-87.
Author information
Authors and Affiliations
Corresponding author
Electronic supplementary material
Below is the link to the electronic supplementary material.
ESM 1
(PDF 51 kb)
Rights and permissions
About this article
Cite this article
Du, XK., Lu, ZH., Duan, Q. et al. LTSS: Load-Adaptive Traffic Steering and Forwarding for Security Services in Multi-Tenant Cloud Datacenters. J. Comput. Sci. Technol. 32, 1265–1278 (2017). https://doi.org/10.1007/s11390-017-1799-7
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11390-017-1799-7